September 27, 2023
KEEPING YOUR DATA SAFE
We are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations. This privacy notice is applicable to visitors to our website, existing and prospective business customers of Aurora Pay, their customers (businesses and individuals), who may use Aurora Pay platform, our third-party service providers and banking partners. It sets out in detail the purposes for which we process personal data, who we share it with, what rights you have in relation to that data and everything else we think is important for you to know. If you represent an organisation that wants to use our services, you and your organisation shall ensure that your customers and employees are made aware of this privacy notice.
WHO’S IN CONTROL OF MY PERSONAL DATA?
Aurora Pay is made up of different legal entities, details of which can be found here. This privacy notice is issued on behalf of the Aurora Pay Group so when we mention ”Aurora Pay”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Aurora Pay Group responsible for processing your data. We will let you know which entity will be the controller for your data when you sign up for products or services with us. Aurora Pay Holdings Limited is responsible for this website and, unless otherwise notified to you is the controller.
WHAT DATA DO YOU COLLECT?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data which were anonymised via a technique which will irreversibly prevent your re-identification.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Contact Data: includes address, email address and telephone numbers.
Identity Data: includes first name, maiden name, surname, username or similar identifier, marital status, title, date of birth, ID number, nationality, place of birth, tax registration number, role/position.
Marketing and Communications Data: includes your contact details, such as your name, business email address, job title, phone number, country, your preferences in receiving marketing from us and other third parties and your communication preferences.
Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, the Aurora Pay platform or other Aurora Pay applications. This is done by using Javascript or Cookies. Please see our Cookies Policy for more information about how we use Cookies.
Usage Data: includes information about how you use our website, platform, products and services.
Security Information: When you register for an Aurora Pay account you will be required to create a password and provide answers to security questions.
Payment Information: To enable you to make or receive payments we collect your bank account details, such as your sort code, account number, IBAN and/or Swift code (the details we ask for will vary depending on where you are located).
KYC/ KYB Information: When we need to verify your identity we will ask you to provide one or more of the following:
a copy of your identity card (such as a driving licence) or passport together with a photo of yourself;
proof of address (such as a utility bill or bank statement);
business information (such as, to the extent that this information is required locally, a certificate of incorporation, memorandum & articles of association, share certificate, register of directors, authorised signatory list, position, and identification documents for shareholders, directors and authorised signatories); and/or
PEP declaration;
your image in photo or video form, and facial scan data extracted from
your photo or video (known as ‘biometric data’), to verify your identity during onboarding as part of our KYC/KYB checks, to detect and
prevent fraud;information about other people (such as associated account individuals) to comply with our obligations under KYC/KYB, anti-money laundering and other laws and to assist with fraud monitoring.
Transaction screening and monitoring data: includes information for Aurora Pay customer’s or their clients; transactions information, such as client name, transaction ID, status, sender details or beneficiary details; potential sanction hits and relevant information, or results from checks for suspicious transactions (e.g. volume of transactions, etc.).
EDD information: Sometimes we need to ask you for information to verify the source of your funds or wealth, or to conduct enhanced due diligence in accordance with our legal requirements (EDD Information). This will depend on the situation and we will make it clear to you at the time what information we require from you.
Voluntary Information: We will collect any other personal data that you voluntarily provide to us if you communicate with us, for example by corresponding with us (by phone, email, post or social media) or by taking part in competitions, promotions or surveys.
We do not collect any information about criminal convictions and offences from users of this website. We strongly discourage you from providing any such information to us when you submit a request via our contact form or in any other correspondence or communications with us. However, if you are a customer or prospective customer of Aurora Pay, to the extent permitted by applicable laws we may be required to collect and process information about criminal convictions and offences from directors, shareholders and controlling persons of your company and users of your account with us for the purposes of preventing money laundering or terrorist financing.
For customers and prospective customers, we refer to all of the data and information stated in this section as “Account Information”. We collect Account Information from directors, shareholders and controlling persons of your business and users of your business Aurora Pay account.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.
Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
HOW IS MY PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
apply for, or use our products or services,
submit forms on our website,
subscribe to a newsletter,
request marketing to be sent to you,
enter a competition, promotion or survey, or
give us feedback or contact us.
Automated technologies or interactions. As you interact with our website or the Aurora Pay Platform, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies policy for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below.
WHAT DO YOU USE MY PERSONAL DATA FOR?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into to provide our services.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
Each section below describes specific scenarios that we will use your personal data for.
Providing Aurora Pay to you and allowing you to use Aurora Pay
We use your personal data to provide our services to you and your business. For example, we use your personal data to set up and administer your accounts. We also use your personal data to enable you to log into your account and use Aurora Pay applications and features.
We use your Identity Data, Contact Data and Technical Data to contact you with transactional and service messages (including by push notifications), to provide you with information such as password reminders or to let you know if Aurora Pay is experiencing technical issues.
We use your Payment Information to carry out your instructions to add and/or save a card or bank account to your account, upload funds to (or withdraw funds from) your account and allow you to make and receive payments through Aurora Pay.
Identity verification and due diligence
We use your personal data to comply with our legal and regulatory obligations. This includes verifying your identity; conducting anti-money laundering checks; transaction monitoring; sanctions and politically exposed persons screening; fraud prevention, detection and reporting; and cooperating with external investigations where required.If you fail one of our identity verification or screening checks as set out above, we may not be able to open an account for you or continue providing services to you.
Corresponding with you
We use your personal data to enable us to respond to your queries, complaints, or comments and to make sure that these are appropriately dealt with. We also use this information to enable you to participate in any competitions or promotions that you enter and to collate responses to surveys that you have responded to.
Analysing and improving Aurora Pay
We use your personal data to help us improve and develop our business, platform, website, products, and services. This helps us to make sure that we are providing you with the best possible service.
Marketing and promotional offers from us
We may use and analyse your personal data in the form of aggregated statistics to form a view on what we think you and your business may want or need, or what may be of interest to your business. This is how we decide which products, services and offers may be relevant for you as a decision maker (we call this marketing).
We will inform you of our direct marketing processing and offering you the possibility to object to this processing.In this context, our use of your personal data will be justified by our legitimate interests to organise the promotion of our products and services via marketing and advertising campaigns.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
Managing risks and enforcing our rights
We use your personal data to manage and enforce our rights, terms of use or any other contracts with you (and/or your business), including to manage any circumstances where payments are disputed; to investigate and resolve complaints; or to recover debts owed to us.
We also use your personal data to manage and mitigate our credit risks, financial exposure and terms of business. If you apply for one of our financial products, we may assess your financial position (and / or the financial position of your business), to the extent this is provided for in the applicable terms of use. This credit check will also affect any linked parties such as directors, shareholders and principals. If you are a director or shareholder, we may seek confirmation from credit reference agencies that the residential address that you provide is the same as that held by the relevant companies’ registry (where applicable). If you do not repay any monies in full and on time, credit reference agencies will record the outstanding debt and may share this information with other organisations that perform checks similar to ours (where applicable). Records generally remain on file at such agencies for 6 years after they are closed, whether settled by you or defaulted, although the retention period may differ across different agencies and territories. If you would like further information on our use of credit reference agencies, please contact us.
Prevention and detection of illicit activity
We use your personal data to prevent and/or detect financial crime, terrorism and other illicit (e.g. criminal, unlawful or illegitimate) activities to comply with our legal and regulatory obligations, manage our risk exposure and protect our business, customers and the integrity of the financial system.
Compliance with applicable laws and regulations
Where required we will use your personal data to comply with applicable laws and regulations, requests from law enforcement bodies and regulatory authorities and tax reporting obligations. For customers of Aurora Pay Financial Services Malta Ltd, this includes FATCA reporting.
Where required we will also use your personal data to establish, exercise or defend legal claims, or to protect your vital interests or those of other persons, for example to help those authorities or other organisations in the fight against crime and terrorism.
WHAT IS YOUR LEGAL BASIS FOR USING MY PERSONAL DATA?
Data protection law says that we have to tell you the “legal basis” that we rely on to process your personal data for the purposes that we have notified to you. The table below tells you what that legal basis is in relation to each of the purposes set out above.