Last modified: November 22, 2023

We appreciate your interest in our website https://ideapayments.com/ (“Website”) and our services. We respect the privacy of our prospects, business partners, and Website visitors. That is why we developed this Privacy Notice. It describes how we collect, use, share, protect, store and transfer your personal data. Please take a moment to read and understand our Privacy Notice. If you have any questions, do not hesitate to ask us.

1. Data Controller

References to “we”, “us”, or “our” specifically pertain to Ideapayments, which owened and operated by TechnologeLoop Limited.

Country of incorporation: Hong Kong

Registration number: 76231205

Registered address: Flat A 8/F, Kingswell Commercial Tower, 171, Lockhart Road Wan Chai, HK

For questions about personal data processing, reach out to us at [email protected].

2. Collection of Personal Data

Sharing your personal data with us is not mandatory. However, certain data is essential for the delivery of our services in a manner that fulfills your requirements best. For instance, if you do not give us the Legally Required Data, we may not be able to provide you with our services at all. We will collect and process all or some of the following personal data about you:

Identity Data: When contacting us, we will ask for personal data, such as: your name, e-mail address and your message itself in order to stay in contact with you. To better tailor our services to your needs, we might also inquire about details regarding your websites, business industry, markets, and offerings.

Legally Required Data: When engaging with us for the provision of our services and/or entering into a contract, you may be required to provide KYC data by completing the relevant form(s). This information may include personal data of directors and ultimate beneficial owners (UBOs), evidence of beneficial ownership, the source of funds, number of shares held, title, etc.

Transaction Data: Your payment details are processed through the secure server of the payment gateway. However, to provide you with our services we may collect basic transaction information such as transaction date, amount of transaction, currency, etc.

Technical Data: Information that is automatically recorded when you visit our Website and/or official landing pages (if any), such as your IP address, device approximate location, type of device, operating system, referrer URL, etc.

Statistics:We monitor the services and features utilized by you, performance metrics, your comments, and feedback, along with any other information pertinent to the provision of services.

3. Purposes and legal basis for personal data processing

We will process your personal data for the following purposes:

Provision of services: This includes concluding the contract with you, operating, maintaining, and improving our services, and personalizing your experience.

Personal data: Identity Data, Legally Required Data, Transaction Data.

Legal basis: Contract with you; our legitimate interests (e.g., running our business).

Compliance and risk management: We process your personal data to comply with our legal (e.g., anti-money laundering obligations) and risk management obligations.

Personal data: Identity Data, Legally Required Data.

Legal basis: Legal obligations; our legitimate interests (e.g., minimizing legal risks to our business).

Customer support: We use your data to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the services.

Personal data: Technical Data, Statistics.

Legal basis: Our legitimate interests (e.g., responding to support-related requests, ensuring smooth connection of the Website).

Safety and security: We use your data to detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other malicious, deceptive, fraudulent or illegal activity, including violations of services policies.

Personal data: Identity Data, Legally Required Data, Technical Data.

Legal basis: Our legitimate interests (e.g., upholding the Website’s integrity and security, and safety of the services).

Research and development: We are always looking for ways to make our services better. We use information about how people use our services to troubleshoot, identify trends, usage, activity patterns, and areas for integration and to improve our services and to develop new products, features, and technologies that benefit our customers and the public.

Personal data: Transaction Data, Technical Data, Statistics.

Legal basis: Our legitimate interests (e.g., improving our Services, better integrating the services you use).

Marketing and promotion: We may use your contact data and information about how you use the services to send promotional communications that may be of specific interest to you.

Personal data: Identity Data, Technical Data, Statistics.

Legal basis: Our legitimate interests (e.g., informing our customers about similar services); Consent.

Cookies: We use cookies on our Website. These are small files that your browser automatically creates and that are stored on your device when you visit our Website. To find out more about our cookie usage practices, please read our Cookie Notice.

4. Disclosure of personal data

We may share your personal data in the following cases:

Service providers: We work with business partners, suppliers, and subcontractors to provide Website and application development, hosting, maintenance, backup, storage, payment processing, data analysis, marketing, and other services for us.

Compliance with applicable laws and statutory requests: We may share your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or otherwise permitted under law to do so, or in order to enforce or to protect the rights, property, or safety of us, our customers, or others.

Affiliated companies: We share your personal data with affiliated companies. Affiliated companies are those owned or operated by us. The protections outlined in this Privacy Notice apply to the data disclosed in these circumstances.

Business transactions: We may disclose or transfer personal data we process under this Privacy Notice in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will make reasonable efforts, as required by applicable laws, to notify you of any transfer of personal data in these circumstances.

Links to third-party websites: The Website may contain links that redirect you to other websites or services with privacy practices that may differ from ours. If you provide personal data to any of those third-party sites, your data is subject to their privacy notices, not this one. We recommend carefully reading the privacy policy/notice of any website you visit.

5. Automated Decision-Making

Automated decision-making involves making decisions using computer algorithms and automated systems without direct human intervention (e.g., profiling). We do not utilize any algorithms or automated systems to make decisions that would have a significant impact on you without the opportunity for human review. If we decide to implement such processes in the future, we will notify you accordingly.

6. International Transfers of Personal Data

We primarily store and process personal data within the European Economic Area (“EEA”). Nevertheless, it may at times be necessary that your personal data is transferred to and stored at a destination outside the EEA. It may also be processed by data processors operating outside the EEA. For example, we may transfer your personal data based on:

Adequacy decision:A formal decision made by the relevant regulator that recognizes that another country, territory, sector, or international organization provides an adequate level of protection for personal data. The list of countries recognized as offering an adequate level of data protection can be found here.

Standard data protection clauses: The pre-approved standardized contracts issued by the relevant regulators to ensure an adequate level of protection in cases where personal data are sent outside of the EEA. Find out more about the EU Standard Contractual Clauses here. Where necessary, we may sign the UK’s International Data Transfer Addendum (“IDTA”). Find out more about the IDTA here.

Other mechanisms: Other legal grounds as may be permitted under applicable data protection law (e.g., your explicit consent, or when the transfer is necessary for the establishment, exercise or defense of legal claims).

7. Retention and deletion of Personal data

We will use your personal data for no longer than necessary based on why we collected it and what we use it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In general terms, we will retain your personal data for the duration of your involvement/engagement with us and for as long as reasonably necessary afterwards.

We delete or destroy all Personal as soon as possible where it has been confirmed that there is no longer a need for us to retain it.

8. Data Protection Rights

You may, at any time, exercise the following rights with respect to our processing of your personal data:

Right to access:You are entitled to ask us if we are processing your personal data and, if so, for a copy of the personal data we hold about you, as well as obtain certain other information about our processing activities.

Right to rectification: If any personal data we hold about you is incomplete or inaccurate, you can require us to correct it, though we may need to verify the accuracy of the new data you provide to us.

Right to erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

Right to object: Where our reason for processing your personal data is legitimate interest you may object to processing as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.

Right to withdraw consent: Where our reason for processing is based on your consent, you may withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Right to the restriction of processing: You can contact us with a request to restrict the processing of your personal data.

Right to portability of your personal data: You can contact us with a request to receive personal data concerning you which you have provided to us in a structured, commonly used, and machine-readable format, also you can submit a request for us to transmit your personal data to another controller to the extent this is technically possible.

Right to file a complaint: If you believe that we process your personal data in breach of data protection legislation, we ask you to always contact us at first. If you are not satisfied with the problem solution offered by us or, in your opinion, we have not taken actions that are necessary based on your request, you have a right to file a complaint with the competent authority.

You can submit requests to exercise these rights by emailing us at [email protected].

We will respond to all legitimate requests promptly and, in any event, within any timeframes prescribed by applicable law. In general, we must respond to requests within 1 (one) month from the receipt of the request.

9. Security of personal data

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

10. Children’s data

Our Website is not directed at children. We do not knowingly collect data from children under the age of 18.

11. Changes to this Privacy Notice

We reserve the right to modify this Privacy Notice at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make changes to this Privacy Notice, we will notify you by updating the date of this Privacy Notice and posting it on our Website.