Catalyst s.r.o.
01/02/2022
This Privacy Policy applies to the personal data that We at Catalyst s.r.o. collect and process acknowledging and understanding that Your privacy is important to You and that You care about how Your personal data is collected and processed.
We are Catalyst s.r.o. and We are a company incorporated in the Czech Republic with registration number 13963554 and registered office at Bilkova 855/19, Old Town, 110 00 Praha 1, Czech Republic.
We at Catalyst s.r. are dedicated to safeguarding and preserving Your personal data and privacy when visiting Our Websites, utilising Our services, products or communicating electronically with Us.
For the purposes of the data protection laws that apply to us, including the GDPR which is the European General Data Protection Regulation and Czech Data Protection Law, We act as the Data Controller for the personal data that We collect and process to enable You to make use of Our Services.
The purpose of this Privacy Policy is to transparently provide You with an explanation as to the legal basis for Us collecting and processing Your personal data, the categories of personal data that We may collect about you, what happens to the personal data that We may collect, where We process Your personal data, how long We are required to retain Your personal data, who We may share Your personal data with and to also explain Your rights as a data subject.
We do update this Privacy Policy from time to time and will post all updates to Our Website as and when issued. Please do review this policy regularly on Our Website for any changes.
In this Privacy Policy the following terms shall have the following meanings:
"Cookie" means a small text file placed on Your computer or device by Our Websites when You visit certain parts of Websites.
"GDPR" means the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 06 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced or superseded and in force from time to time and as transposed into member-state legislation. "Privacy Policy" means how we collect, process and keep your date safe. Privacy Policy updated from time to time and made public on Our Websites.
"Personal Data" means any information which relates to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Website" means the website https://payeasy.io/, which is owned by the Company.
"Services" means all Our products: Website or other.
"You" ("your") - You, as User or Guest, depending on your status at the Website.
"We" ("us" or "our") refers to Catalyst s.r.o.
Under the GDPR you, as a data subject, have certain rights over the personal data that We hold and process.
At Catalyst s.r.o., We are committed to make it easy for You to exercise these rights in the most transparent manner possible. You can exercise any of Your rights in relation to the data that Catalyst s.r.o. holds about you, by contacting Our data protection officer through the email address provided at the end of this section or through Your personal user cabinet.
The following are the specific rights You have over Your personal data We hold and process, namely:
The right to access Your personal data We collect about you, commonly referred to as "Subject Access Requests", which provides you, as the data subject, the right to obtain a copy of Your personal data that We are processing for You.
Pursuant to GDPR We are required to respond without undue delay to all Subject Access Requests in practice this means We have to respond within 1 month of receipt of the Subject Access Request.
Ordinarily Subject Access Requests are free of charge.
We may extend the time period for responding to a Subject Access Request by a further two months and may charge a reasonable fee if We deem the request to be manifestly unfounded or excessive, however, We are required to advise You of Our intention to do this within 1 month of Your subject access request.
Should You wish to make a Subject Access Request this can be done by contacting the Company using the contact details in Section 9.
| Data Subject Request | Timescale |
|---|---|
| The right to be informed | When data is collected |
| The right of access | 2 weeks |
| The right to rectification | 2 weeks |
| The right to erasure | Without undue delay |
| The right to restrict processing | Without undue delay |
| The right to data portability | 2 weeks |
| The right to object | On receipt of objection |
| Rights in relation to automated decision making and profiling. | 2 weeks |
If You wish to exercise any of the aforementioned rights, please contact Us. We request that in the first instance You contact Our data protection officer at any time Our on ______________.
We promise to promptly consider Your request and to respond to You in accordance with the requirements of the Czech Data Protection Act and GDPR.
Complaints to the Czech Data Protection Inspectorate should be made by using the appropriate forms provided in the Czech Data Protection Inspectorate Website.
During collecting and processing the personal data, the Company adheres the principles as follows:
a) Lawfulness, fairness and transparency
Lawfulness – the controller identifies a lawful basis before processing the personal data (for example consent).
Fairness – in order to process fairly, the controller has to make certain information available to the data subjects as practicable. This applies whether the personal data was obtained directly from the data subjects or from other sources.
Transparency – any information and communication relating to the processing of the personal data be easily accessible and easy to understand, and that clear and plain language be used.
b) Purpose limitation
The personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
c) Data minimization
The personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
d) Accuracy
The personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
e) Storage limitation
The personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if only are implemented appropriate technical and organisational measures required by governing law in order to safeguard the rights and freedoms of the data subject.
f) Integrity and confidentiality
The personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Catalyst s.r.o. by law are obliged to establish an Anti-Money Laundering/Countering of Financing of Terrorism framework for the purpose of forestalling, preventing and detecting illegal activities such as money laundering and financing of terrorism (the AML/CFT framework).
Pursuant to the AML/CFT framework, Catalyst s.r.o. is legally obliged to:
As part of the AML/CFT framework during Your lifecycle as a User You may also be requested to provide additional personal data to enable Us to verify Your identity (information such as Government issued ID card or passport, Driving Licence etc.).
Catalyst s.r.o. will also process Your personal data based on other legal bases such as:
A summary of the Personal Data that We process, when We collect it, how We use it and why We use it (i.e. the legal basis for processing) is listed below:
| Personal Data | When We collect | How We use | Why We use |
|---|---|---|---|
| login, password | In registration procedure | We use Your personal and contact information to register You as a User and identify You in Our Services. Login and password You can use to log in | Necessary for the performance of a contract with you |
| information about your date of birth, place of birth | In registration procedure | We need to make sure that Your use of Our services is legal | Necessary to comply with a legal obligation |
| In registration procedure | Use email to restore Your account. We use it to notify You about changes to Our Terms or Privacy Policy; to communicate with you, to send you information about your transactions. | Necessary for the performance of a contract with you | |
| Information about your transaction (asset, wallet, currensy, hash id, payment method) | In transaction procedure | We use this to enable Us to undertake transactions | Necessary to comply with a legal obligation |
| name, surname, patronymic (if any), registration address, residential address, | In KYC procedure | We use Your personal data as part of Our due diligence / KYC procedure on Our “Know Your Customer” KYC portals and to identify You in Our Services | Necessary to comply with a legal obligation |
| Passport ID, photo with passport | KYC | We need to make sure that Your use of Our services is legal. We have to check whether You are permitted user of Our services subject to applicable legislation | Necessary to comply with a legal obligation |
| Copies of “proof of identity” and “proof of residence” documents, phone number, Your profession, email | KYC | We need to make sure that Your use of Our services is legal. We have to check whether You are permitted user of Our services subject to applicable legislation | Necessary to comply with a legal obligation |
| Source of Funds, Source of Wealth, nationality, tax residency | KYC | Data may be requested additionally during the KYC procedure if the minimum data is insufficient | Necessary to comply with a legal obligation |
| All KYC personal data | When You use Our services | We will use all of Your personal data to carry out Our ongoing monitoring process for the purposes of identifying and dealing with potential money laundering, financing of terrorism and fraudulent activities. This is also necessary to assist in making Your transactions secure, enabling Us to protect Your digital assets. | Necessary to comply with a legal obligation |
We use, store and process Your personal data on Catalyst s.r.o. servers which are located in Latvia.
By filling a “consent application” You agree to this conditions of collection, processing, transfer and storing Your personal data. When We process Your personal data for one of the legal bases specified in this Privacy Policy, We will take all steps reasonably necessary to ensure that Your Personal Data is treated securely and in accordance with this Policy.
Catalyst s.r.o. protect Your Personal Data under internationally acknowledged standards, using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure, and alteration. Some of the safeguards Catalyst s.r.o.use are firewalls and data encryption, physical access controls to Our data centres, and information access authorization controls. Catalyst s.r.o. also authorise access to Personal Data only for those employees or contractors who require it to fulfil their job or service responsibilities. The Catalyst s.r.o. staff is trained on procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to those members of Our staff and contractors whose work requires such access. Catalyst s.r.o. conducts periodic reviews to ensure that proper information management policies and procedures are understood and followed. All of Our physical, electronic, and procedural safeguards are designed to comply with applicable laws and regulations. All communications in which individuals share their personal data with Catalyst s.r.o., the communication is protected by a SSL secure log protocol technology.
When You provide Your personal data through Our Website, KYC portals, this information is transmitted across the internet securely using industry standard encryption. Your personal data will be held encrypted on secure servers.
Where any third parties process Your personal data on Our behalf, We require that they have appropriate technical and organisational measures in place to protect this personal data and We will also ensure that a GDPR compliant. Data Processing Agreement is in place between EstChange OU and the third party so that both parties understand their responsibilities and liabilities pursuant to GDPR. Your payment card data is not requested and is not used for any purpose other than payment for goods and services. Your payment card data is not stored on the server.
When You create Your account, choose a strong password that is unique to this account. Do not share Your password with other people. Using the same password across Your different accounts will increase the risk of Your data being compromised if Your password is accidentally or unlawfully accessed by unauthorized persons. If You suspect that someone else has got access to Your password, make sure that You change it immediately.
When using Our wallets, ensure You keep Your passphrases and keys in a secure device isolated from devices You use regularly. Do not share the device containing Your passphrases and keys with friends, family members or even people You trust
Your personal data will be retained for as long as necessary to satisfy the purposes We received it for, this includes regulatory and business purposes.
In determining the necessary personal data retention period, the following factors are considered:
You may find links to third party Websites on Our Website or chats of users contained on Our Website. These Websites should have their own privacy policies which You should check. We do not accept any responsibility or liability for their policies whatsoever as We have no control over them.
We do not share Your Personal Data to third Parties, except cases that are mentioned in this Privacy Policy.
We will share information with companies, organizations or individuals outside of Catalyst s.r.o. when We have Your explicit consent.
We may share information in response to a request for information if We believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process or governmental request, including, but not limited to, meeting national security or law enforcement requirements. To the extent the law allows it, We will attempt to provide You with prior notice before disclosing Your information in response to such a request.
We may share information if We believe that it's necessary to protect the vital interests of the data subject (i.e. to prevent imminent serious physical harm or death to a person.)
We may share information if We believe Your actions are inconsistent with Our user agreements, rules, or other Catalyst s.r.o. policies, or to protect the rights, property, and safety of ourselves and others.
We may share information between and among Catalyst s.r.o. and any of Our parents, affiliates, subsidiaries, and other companies under common control and ownership.
We may share information with vendors, consultants, and other service providers (but not with advertisers and ad partners) who need access to such information to carry out processing activities for us. The partner's use of personal data will be subject to appropriate confidentiality and security measures.
We engage service providers to perform functions and provide services to us. For example, We use third-party services for KYC procedure. We may share Your private personal data with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use Your private personal data only on Our behalf and pursuant to Our instructions.
We may share Your private personal data with our partners for checking and monitoring transactions, provide KYC and AML procedures.
Where any third parties process Your personal data on Our behalf, We require that they have appropriate technical and organizational measures in place to protect this personal data and We will also ensure that a GDPR compliant .Data Processing Agreement is in place between Catalyst s.r.o. and the third party so that both parties understand their responsibilities and liabilities pursuant to GDPR.
GDPR applies to controllers and processors located in the European Economic Area (“the EEA) and countries that the EU has deemed to provide adequate protection to data subjects from a data protection perspective. Czech is a country in EU and it has been recognised by the EU as being an “adequate” country from a data protection perspective.
Data Subjects risk losing the protection of GDPR if personal data is transferred outside of the EEA or countries holding adequacy status and accordingly GDPR restricts such transfers, unless the rights of data subjects in respect of their personal data is protected by appropriate safeguards or one of a limited number of exceptions applies (such exceptions include Your explicit and informed consent). Catalyst s.r.o. will not make any international transfers of Your personal data to countries outside the EEA (or a country holding adequacy status) unless it has a) Your explicit and informed consent or b) it has put in place the appropriate safeguards or c) the international transfer is covered by an exception.
We may share aggregated or pseudonymous information (including demographic information) with partners, such as publishers, advertisers, measurement analytics, apps, or other companies. For example, We may tell an advertiser how its ads performed or report how many people installed an app after seeing a promotion. We do not share information that personally identifies You (personally identifiable information is information like name or email address) with these partners, such as publishers, advertisers, measurement analytics, apps, or other companies.
Other information that does not personally identify You as an individual is collected by Catalyst s.r.o. (such as, by way of example, patterns of use) and is exclusively owned by Catalyst s.r.o.. We can use this information in such a manner that Catalyst s.r.o., in its sole discretion, deems appropriate.
We may share specific aggregated, non-personal information with third parties, such as the number of users who have registered with us, the volume and pattern of traffic to and within the site, etc. That information will not identify you, the individual, in any way.
We shall not use Your email or other contact information for sending of commercial proposal, other marketing needs, without Your prior consent.
In the light of the above, when You send Us messages, We can keep them for administering of Your inquiries, for improving of Our services. We shall not transfer information from such messages to third parties.
To enhance the quality of Our services, provide You with relevant content as well as understanding how You use Our Website, We use technologies, such as Cookies. Cookies do not typically contain any information that personally identifies you, but personal information that We store about You may be linked to the information stored in and obtained from Cookies.
We use Strictly Necessary Cookies - these are required for the operation of Our Website. They include User session key, browser language. This is a temporary key issued to the User after the successful logging in. This cookies are used to enable You to log into secure areas of Our Website.
We welcome any queries, comments or requests You may have regarding this Privacy Policy. If You wish to make a subject access request.
Please do not hesitate to contact Us at [email protected]
Any changes that We make to Our Privacy Policy in the future will be posted on Our Website.
Where appropriate, We will notify You of the changes when You next visit Our Website.
This Privacy Policy was last updated on 1st February 2022.