1.
Introduction
This Privacy Policy is intended to inform you about how Appletree
Payments collects and uses your Personal Data, as well as your rights in terms
of the protection of personal data under applicable Zimbabwean national
legislation.
The entity processing your data is Appletree Digital Commerce,
registered in Zimbabwe and governed by Zimbabwean law.
Appletree Payments has designated a data protection officer, a “DPO”.
You may contact the latter at the following email address: dpo@appletreepayments.com.
2.
How this privacy policy affects you
Appletree Payments provides payment and electronic money services
through its Partners. Appletree Payments was approached by these Partners to
include Appletree Payment Solutions on their websites through which they run
e-commerce stores, marketplaces and participative funding (e.g. crowdfunding).
When you register with these Partners, you may also be asked to register
with the services provided by Appletree Payments which allow you to transfer
funds or receive payments via the site of the Partner. In this case, Appletree
Payments collects and processes your Personal Data in order to provide the
services. This Privacy Policy applies if you have registered to Appletree
Payments’ services in the capacity of a physical person.
This Privacy Policy may also affect you if you are a physical person
related to a Partner of Appletree Payments, or to a legal person having
registered to Appletree Payments’ services. In effect, all Partners as well as
all legal persons that register with the services are asked to transmit
information regarding physical persons i.e. their legal representative, the
physical persons that have the authority to use the services on behalf of the
legal person, or the beneficial owners of the legal person whereby the
beneficial owners are physical persons who hold, directly or indirectly, more
than 25% of capital or voting rights of the company, or exercise, by any other
means, supervisory power over the company.
Furthermore, if you have made a payment by card on a Partner site using
an Appletree Payments payment page, the Privacy Policy applies to the Personal
Data processed for the purposes of carrying out the transaction.
Regarding
Personal Data relating to web browsers on the website www.appletreepayments.com please refer to: https://www.appletreepayments.com/cookies.html
3.
Collection and Processing of Personal Data
3.1. If
you have registered with Appletree Payments’ services
When you register with Appletree
Payments’ services through a Partner, you accept that your Personal Data necessary
to provide the services is processed by Appletree
Payments. This mainly pertains to your identifiers on the Partner Site (allowing
you access to Appletree Payments’
services), as well as your identification data (specifically your last name,
first name, address, date and place of birth, and an identity document as well
as any document of proof that may be required to use the services. This data is
transmitted to Appletree Payments from your
personal online area on the Partner site through Appletree
Payments’ API.
Obligatory data is indicated on the collection forms on the Partner site
and your subscription to the services may be refused or the services may be
suspended if obligatory data is not provided.
Furthermore, Appletree Payments processes
payment data, account activity data and data used to manage and monitor payment
fraud.
Additionally, Personal Data related to you is
collected and processed:
·
When you register with Appletree Payments’ services and open an account (payment account
or electronic money account);
·
When you use the services and the account is
managed;
·
For managing your personal online area;
·
During authentication to access your account
or transmit instructions for payment;
·
For managing your requests for help or claims
and
·
To carry out the obligations in terms of the
fight against money laundering and the financing of terrorism and for fraud
management.
3.2. If you make a payment
on an Appletree Payments payment page
When you make a payment by card on a Partner’s website, you must indicate
your last name, first name and card data. In order to guarantee the highest
level of security in processing payment data, this Data is never accessible to
the Partner. Only Appletree Payments, has access to this Data in order to carry
out the transaction. The Data is transmitted in an encrypted and secured manner
in order to guarantee confidentiality. We inform you that Appletree Payments is
PCI-DSS compliant. The PCI-DSS standard serves as a reference for
the technical and operational conditions for protecting the data of
cardholders.
4.
For what purposes is your Personal Data processed?
Your Personal Data is processed in the
framework of performing the contract that you have entered into with Appletree Payments. This includes the following:
·
Registering with the services and opening
your account (payment account or electronic money account) on Appletree Payments’ books;
·
Managing these accounts and carrying out
payment operations;
·
Managing payment orders;
·
Managing client relations (for example,
providing statements of operations);
·
Handling your questions and your potential
claims;
·
The methods for online access of your account
(and managing the authentication procedures) and
·
Making payments by card on the Partner’s site
Appletree Payments also
processes your Personal Data in the framework of legitimate interests, deemed
necessary to their activity as a provider of payment services. This includes
the following:
- The fight against identity fraud;
- The fight against external fraud;
- The fight against card payment fraud;
- The General Maintenance of the security of the Appletree Payments API and
services.
Finally, Appletree
Payments manages your data for legal purposes. This includes but is not limited
to:
·
Respecting the legal and regulatory
obligations imposed on Appletree Payments in their
capacity as a provider of payment services, and specifically in terms of the
fight against money laundering and the financing of terrorism;
·
Cooperating with public authorities and any
authority in charge of applying the law or prudential supervision, in the event
of oversight or inquiry.
5.
How long is your Personal Data kept?
Appletree Payments will keep
your Personal Data during the term of the contractual relationship. When you
terminate using the services, all of your Personal Data will be definitively
erased, with the exception of data that must be kept for legal reasons. The
following time limits for keeping the data specifically apply:
- For reasons regarding the obligations in terms of the fight against
money laundering and the financing of terrorism, Appletree
Payments will keep documents and information regarding your identity for
five years from the time services are terminated. Documents and
information regarding payment operations, as well as the documents
indicating the characteristics of operations identified as particularly
complex or pertaining to an unusually high amount or that do not seem to
have economic justification or legal intents will also be kept for five
years after termination of services.
- Data necessary for handling potential contestations or disputes
will be kept for a time frame of five years, pursuant to the legal
provisions in force (specifically but not exclusively those established in
the Code of Commerce, the Civil Code and the Consumer Code).
- Contractual documents will be kept for a time frame of five years
from the end of the contract.
- In the event of an objection to a means of payment, notification
regarding the objection will be kept for a time frame of 18 months from
the time of the objection.
- Communications with customer support may also be recorded. If that
is the case, they will be kept for a time frame of five years from the
time they are received or recorded.
6.
Where is Personal Data stored?
The servers used by Appletree Payments to store
your Personal Data are located in Zimbabwe.
Furthermore, Appletree Payments will
transmit some of your Data to its subcontractors and/or service providers
necessary for carrying out the services. Some of these subcontractors store
your Data on servers situated outside of the territory of Zimbabwe, particularly
in the European Union. In this case, Appletree Payments
ensures that this third-party country or entity in question has been
subject to the decisions of the European Commission establishing an adequate
level of protection of personal data (compliance with Privacy Shield).
Otherwise, Appletree Payments will implement appropriate guarantees in order to
ensure the protection of your Data.
7. Who are the recipients of
Personal Data? Is it transferred to third parties?
7.1 Authorised Appletree
Payments’ Services
Only Appletree Payments’ collaborators that are
specifically authorised may access your Personal Data, in the framework of
carrying out their missions. All collaborators of Appletree
Payments having access to your Data are subject to strict confidentiality
obligations, as well as professional secrecy concerning payment data.
7.2 The appropriate
authorities
Appletree Payments may be required to
transfer Personal Data to the certain authorities, such as public authorities,
organisations for the fight against money laundering and the financing of
terrorism, or the authorities for banking oversight.
7.3 Subcontractors
Appletree Payments uses the
services of subcontractors to provide payment services and services that you
request for example, hosting an information technology system, Partner credit
institutions for protecting funds or carrying out payment operations, etc. The
subcontractors process your Personal Data only on Appletree
Payments’ instruction and exclusively in the framework of the latter’s
activities. Barring express agreement on your part, the subcontractors are not
authorised to access your Personal Data for their own use.
Subcontractors are contractually obligated to comply with the
obligations of security and confidentiality, to implement appropriate technical
and organisational measures so that data processing is carried out in a manner
that complies with applicable regulations and guarantees the protection of your
rights. By a request sent to Appletree Payments, you may
obtain a detailed list of the categories of subcontractors involved in
processing your Data.
8.
Your rights concerning your Personal Data
8.1 Right
of access
You have the right to access Data pertaining to you. If you exercise
this right, Appletree Payments will send you a copy of
the characteristics of the processing of your Data i.e. the purposes of data
processing, the categories of Data in question, etc. This information will be
provided to you in a currently used electronic format. However, you may request
that this information be provided to you in another format, provided that Appletree Payments is technically capable of providing you the
information in the format requested.
You are informed that Appletree Payments may
require the payment of fees based on the administrative costs incurred due to
requests for additional copies.
8.2 Right of rectification
If you are aware that the Data pertaining to you is inexact or
incomplete, you have the right to request that this Data be rectified or
updated.
8.3 Right to be forgotten
In compliance with applicable regulations,
you may request erasure of your Data in the following cases:
·
When it is no longer necessary for the
purposes for which it has been collected or processed;
·
When your Data has been subject to illegal
processing or when it must be erased to comply with a legal obligation.
However, you may not have the right to erasure of your Data when
processing it is necessary to exercise a right regarding the freedom of
expression and information, of recognition, of the exercise or defence of legal
rights, or for complying with a legal obligation imposed on Appletree Payments.
8.4 Right to restrict data
processing
You have the right to request that data
processing be restricted in the following cases:
·
If you contest the accuracy of your Personal
Data;
·
If processing it is illegal and you wish that
this processing of your personal data be restricted rather than erased;
·
If Appletree Payments no
longer needs your Personal Data but it is still necessary for recognition or in
the exercise of defence of a legal right.
8.5 Right to object to data
processing
If you have a legitimate reason, you may object to your Data being
processed. When you object to data processing, your Data will no longer be
processed for these purposes.
8.6 Right of portability of
Data
You have a right of portability of the Data that you have transmitted.
You may also receive the Data in a structured format, currently used and
readable by machine. You also have the right to request that this Data be
transmitted to another data processor, when this is technically possible.
9.
How to exercise your rights
You may exercise your rights by contacting the Partner of Appletree Payments with which you are in a relationship
according to the terms indicated on their website, or by directly contacting Appletree Payments at the following address: legal@appletreepayments.com.
For any request to exercise your rights, Appletree
Payments may request you provide an official identity document in order to
verify that you are the individual to whom the Data subject to the request
relates.
Responses to your requests will be communicated to you electronically,
unless you request otherwise. In this case, you must include in your request
the form you wish your response to take.
Appletree Payments undertakes
to respond to all requests immediately. You will receive a response in a
maximum time frame of one month from the receipt of your request. However, we
inform you that this time frame may be extended to two months if your request
is particularly complex or has multiple requests. In this case, you will be
informed of such an extension and the reasons thereof in a maximum time frame
of one month from the receipt of your request.
If Appletree Payments is not able to respond to
your request, you will be informed at the latest in a time frame of one month
from the receipt of your request, including the reasons for this. You will then
have the possibility of filing a claim with a supervisory authority and to
initiate legal proceedings.
You are informed that in the event of manifestly unfounded or excessive
requests, specifically in terms of their repetitive nature, we may refuse to
respond to your requests or require that fees be paid that take into account
the administrative costs borne by responding to your requests.
10. How is your Personal Data secured?
Appletree Payments implements the appropriate
security measures in order to guarantee the protection and confidentiality of
your Data, and specifically, to prevent its destruction, loss, alteration,
unauthorised disclosure of Data, or unauthorised access of this Data. These
security measures specifically consist of encrypting or creating a pseudonym of
the Data, as well as implementing measures that allow for guaranteeing their
confidentiality, integrity, availability and constant resiliency in terms of
data processing services. You will be notified as soon as possible of any
violation of security that has an impact on your Data which may lead to a
heightened risk to your rights and freedoms by the Partner with which you are
in a business relationship.
11. What is the relationship between Appletree
Payments and its Partners for managing your Personal Data?
Each Partner jointly assumes the
responsibility of managing Data carried out in the framework of the following
activities:
- Registering with the services and opening your account (payment
account or electronic money account) on Appletree
Payments’ books;
- Managing payment orders;
- Managing client relations (for example, providing statements of
operations);
- Handling your questions and your potential claims;
- The methods for online access of your payment account (and managing
the authentication procedures);
- Making payments by card (when you make a payment by card on the
Partner’s site);
- Respecting the legal and regulatory obligations in terms of the
fight against money laundering and the financing of terrorism.
This joint responsibility is contractually established between each
Partner and Appletree Payments. For any request to
exercise your right or any claim relating to the above-mentioned data
processing, you may first directly address the Partner with which you are in a
relationship according to the methods indicated on their site. Appletree Payments cooperates with each Partner in order to
ensure the protection of your Personal Data. You are informed that each of the
parties, in their capacity as a data processor, is required to respect the
applicable regulation regarding the protection of your Data. Furthermore, Appletree Payments cooperates with each Partner in order to
ensure the highest level of security of your Data and to respond as efficiently
as possible to each of your requests.
12. Modification of the Privacy Policy
Modifications to the Privacy Policy are published on Appletree Payments website with an indication of the last
update. Modifications to data processing managed and jointly assumed with a
Partner will also be communicated to you according to the terms established in
this document.