Privacy Policy

May 2018

Welcome to www.epscards.com/www.europeanpaymentsolutions.com (the "site", "website"). This privacy policy includes the terms "we" and "us" for European Payment Solutions B.V. - EPS Card. We respect the privacy of visitors to the website and ensure that the personal information you provide us is treated confidentially. Processing of personal data is done in a manner that complies with the legal requirements. This privacy policy provides insight into the steps we take to ensure that your information is treated on a safe and confidential basis. This gives you insight into what we do to protect your privacy and to comply with our obligations under the European General Data Protection Regulation (GDPR) 2018 that came into effect on 25 May 2018. If you have any questions or want to know exactly what data we keep of you, you can contact EPS Cards.

Introduction

The EPS prepaid Mastercard and related services are issued by Prepaid Financial Services Limited (PFS). PFS is a fast-growing technology company and e-money payments institution with offices in the UK, Malta and Ireland. PFS is authorised and regulated by the Financial Conduct Authority in the UK, as an electronic money institution, under reference number 900036.
They are the organization with which you enter into the agreement (general terms and conditions) when you buy a card, purchase an e-wallet or use the IBAN number that is linked to your card. They are also primarily responsible for processing your personal data. This means that they determine which personal data are processed, why, how and by whom it is processed (or: they are the controller). It is therefore important that you know how they handle your data. You can find the privacy statement of PFS with the explanation of how they deal with your data here.
Prepaid Financial services has selected us, EPS Cards, to manage the EPS Prepaid Mastercard program. This means that they also determine how EPS Cards processes your data.

What does EPS Cards do? The fact that PFS issues the card and we manage the program means that you can buy the card from us, and for example, we also provide customer service. As a processor, we can also process personal data from you if, for example, we have to answer a question for you or solve a problem. You can read more about this below.

The information we collect from you

  • First name and Surname with title
  • Address
  • Date of birth
  • Sex
  • E-mail
  • Bank details
  • Proof of address documents
  • Phone number
  • ID documents
  • Information regarding your transactions
  • Other personal information such as telephone recordings; security questions, user ID

Data processing purposes

  • Providing prepaid card services to you as per our contractual obligations with you and PFS
  • Providing e-wallet services to you as per our contractual obligations with you and PFS
  • Providing IBAN Account services to you as per our contractual obligations with you and PFS
  • Processing your account information as per our contractual obligations with you and PFS
  • To comply with our legal obligations for the prevention of fraud, money laundering, counter terrorist financing or misuse of services
  • Verifying your identity as per our contractual obligations with you and PFS
  • Contacting you regarding our service to you
  • Where requested by law enforcement for investigation of crime

For example:

When you use the iDEAL charging function, you enter your card number and e-mail address. If there are problems with the iDEAL charge, we can contact you to ensure that the problem is solved with your load so that we can comply with the agreement. We also keep your IBAN account number and IP address in order to prevent fraud which is also called "a legitimate interest".

As a financial institution, PFS and we must therefore also comply with various laws and regulations to combat money laundering, fraud and terrorist financing, among other things. It follows from this that customer due diligence must be performed. In short, this means that PFS can sometimes request a copy of your proof of identity, proof of your address or origin of the money you have loaded on your card. The same legislation prescribes how long the data must be retained. You can read more about this in the privacy statement of PFS. Delivering the documents to PFS can be done safely via your MY EPS Account. Do you still experience a problem and are you approaching us for help? After we have submitted your documents to PFS, they are immediately removed from our own systems.

In order to execute the agreement as best we can, we can send e-mail messages to you. For example regarding maintenance of the systems, other opening hours or a malfunction. Such mail messages are necessary to properly execute the agreement.

We can also remind you by e-mail to activate your card if you have not already done so, to remind you that your card is about to expire or to inform you about upgrading your card. You can always unsubscribe from this type of e-mails via a link at the bottom of the e-mail if you do not want to receive messages.

Have you asked us a question or submitted a problem by mail, phone on chat? Then we can email you to answer your question or solve your problem. We will only mail you until we are sure that you are satisfied with our response. Sporadically we can approach you to participate in a survey to improve our customer service.

In order to provide you as a customer with a good service, we also offer customer service via the chat. You can choose whether you want to use this. Chat messages are kept for 3 months and then removed from all systems.

Our legal basis for processing the personal data:

  • receipt of your consent (even if you have given it to PFS)
  • execution of a contract in which you are a party (whether or not contracted with PFS or EPS);
  • legal obligations that PFS or EPS Cards must meet;
  • national legislation
  • a legitimate interest: the prevention of: fraud, money laundering, financing of terrorist financing or misuse of services.

Permission

By agreeing to this privacy statement, you give us permission to process your personal data specifically for the above purposes. Where we ask you for sensitive personal information, we will always tell you why and how the information will be used.

Permission for children under the age of 16

If you give your consent on behalf of a child younger than 16, eg due to a partner (secondary) card, you must take into account that children need specific protection with regard to their personal data because they are less aware of the risks, consequences and guarantees, and also of their rights in connection with the processing of personal data for the use of these services. By giving consent to this privacy statement on behalf of a minor, you consent to their data being used for the purposes described above.

Conditions for withdrawal of consent

You can almost always withdraw given permission. Please note that if you have consented to your data being used for conducting financial transactions, the right to withdraw permission does not exist. As a payment service provider, PFS is obliged to retain data on financial transactions for 6 years in accordance with national legislation with the aim of preventing, detecting and investigating by the FIU or other competent authorities, possible money laundering or terrorist financing. You can find the privacy statement of PFS with the explanation of how they deal with your data here.

Disclosure of information about you

EPS can pass on your personal data to third parties, including internationally. Some of our service providers are located outside of the EEA. When we give permission for the processing or transfer of your personal information outside the EEA, we must protect your personal data according to data protection standards and ensure that there are sufficient safeguards for data protection. The GDPR prohibits the transfer of personal data outside the European Economic Area to a third country that does not have adequate data protection. If transfer takes place outside the EEA, the following mechanisms are present at these third parties:

  • Data protection clauses in our contracts and agreements with third parties
  • EU-US privacy shield
  • Personal Data Protection and Electronic Documents Act (PIPEDA)

Examples of third parties are:

  • The provider of the chat service
  • The provider of our 088 telephone number
  • The service provider with whom we send our service e-mails.
  • Service providers to take a survey with you.

Retention period

As far as not mentioned above, the following retention periods apply:

  • Data relating to the purchase of a product or the loading via iDEAL are stored until your order / loading is completed and 7 years afterwards to comply with the legal obligation to retain (Article 52AWR).
  • Mail traffic or chat traffic from you or to you with your personal data is stored for 3 months and then deleted.
  • Prepaid financial services uses a retention period of 6 years for certain data in order to comply with their legal obligations. You can read more about this in the privacy statement of PFS.

Cookies

Cookies are small files on your computer that can store information that you pass on your access to the Internet. They are sent via the web browser to the hard drive of the computer. Cookies can not send information from a computer system. Instead, they help make a next visit to the site as simple and user-friendly as possible. Some cookies remain on the hard disk of the computer, so that we, PFS, or the chat service recognize your computer on a subsequent visit. Our chat system places cookies as soon as you visit our website so that we can improve our services via the chat. In some emails we send, we also use cookies to collect general statistics (eg to determine how many people have opened the mail eventually) so that we can optimize our e-mail messages.

You can change your browser options at any time to deactivate cookies, although this may limit the functionality and ease of use of the website. (Some functions, such as logging into your MyEPS account, are only accessible if cookies are enabled and therefore we recommend allowing cookies.)

Links

If our website shows links to other sites, we advise you to be aware that we are not responsible for the privacy policy of these other sites. This privacy policy only applies to this site

Your rights as a data subject

At any time while we are in possession of, or are in the process of processing your personal data, you, the data subject, have the following rights:

  1. Right of access - you have the right to request a copy of the information we hold about you.
  2. Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.
  3. Right to be forgotten - in certain circumstances you may request that the data we have kept about you from our records will be erased. Your data relating to financial transactions, accounts or cards cannot be deleted due to national legislation relating to the prevention of fraud, money laundering, financing of terrorist financing or misuse of services for crime.
  4. Right to restriction of processing- if certain conditions apply to request a right to limit the processing, you can request this.
  5. Right of data portability - you have the right to request us to transfer the data that we have about you to another organization.
  6. Right to object - you have the right to object to certain types of processing, such as direct marketing.
  7. Right of objection against automated processing, including profiling - you also have the right to object to, and therefore not be subject to, the legal consequences of automated processing or profiling.
  8. Right to judicial review, in the event that EPS refuses your request under the right of access, we will give you a reason why. You have the right to complain as set out below.

All above requests will be forwarded if a third party is involved in the processing of your personal data. Please note that you always clearly state who you are so that we can be sure that we do not modify or delete data from the wrong person. We may request extra verification, such as the last 8 digits of your EPS Card and your date of birth.

Contact

Do you want to exercise one of the above rights with us?

Please contact us at: support@epscards.com under reference of “privacy request” or:

European Payment Solutions B.V.
Attn.The Privacy section
IJburglaan 634A
1087CE Amsterdam

To file a complaint

If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervisor. This is called the Authority Personal Data (Autoriteit Persoonsgegevens). On www.autoriteitpersoonsgegevens.nl  you can read how to file a complaint.

Customize privacy statement

We reserve the right to change this privacy statement. Changes will be published on this website.