Privacy Policy

 

1.       Introduction

This Privacy Policy is intended to inform you about how Appletree Payments collects and uses your Personal Data, as well as your rights in terms of the protection of personal data under applicable Zimbabwean national legislation. 

The entity processing your data is Appletree Digital Commerce, registered in Zimbabwe and governed by Zimbabwean law.

Appletree Payments has designated a data protection officer, a “DPO”. You may contact the latter at the following email address: dpo@appletreepayments.com.

2.       How this privacy policy affects you

Appletree Payments provides payment and electronic money services through its Partners. Appletree Payments was approached by these Partners to include Appletree Payment Solutions on their websites through which they run e-commerce stores, marketplaces and participative funding (e.g. crowdfunding).

When you register with these Partners, you may also be asked to register with the services provided by Appletree Payments which allow you to transfer funds or receive payments via the site of the Partner. In this case, Appletree Payments collects and processes your Personal Data in order to provide the services. This Privacy Policy applies if you have registered to Appletree Payments’ services in the capacity of a physical person.

This Privacy Policy may also affect you if you are a physical person related to a Partner of Appletree Payments, or to a legal person having registered to Appletree Payments’ services. In effect, all Partners as well as all legal persons that register with the services are asked to transmit information regarding physical persons i.e. their legal representative, the physical persons that have the authority to use the services on behalf of the legal person, or the beneficial owners of the legal person whereby the beneficial owners are physical persons who hold, directly or indirectly, more than 25% of capital or voting rights of the company, or exercise, by any other means, supervisory power over the company.

Furthermore, if you have made a payment by card on a Partner site using an Appletree Payments payment page, the Privacy Policy applies to the Personal Data processed for the purposes of carrying out the transaction. 

Regarding Personal Data relating to web browsers on the website www.appletreepayments.com please refer to: https://www.appletreepayments.com/cookies.html

 

3.       Collection and Processing of Personal Data

3.1. If you have registered with Appletree Payments’ services

When you register with Appletree Payments’ services through a Partner, you accept that your Personal Data necessary to provide the services is processed by Appletree Payments. This mainly pertains to your identifiers on the Partner Site (allowing you access to Appletree Payments’ services), as well as your identification data (specifically your last name, first name, address, date and place of birth, and an identity document as well as any document of proof that may be required to use the services. This data is transmitted to Appletree Payments from your personal online area on the Partner site through Appletree Payments’ API.

Obligatory data is indicated on the collection forms on the Partner site and your subscription to the services may be refused or the services may be suspended if obligatory data is not provided. 

Furthermore, Appletree Payments processes payment data, account activity data and data used to manage and monitor payment fraud.

Additionally, Personal Data related to you is collected and processed:

       ·       When you register with Appletree Payments’ services and open an account (payment account or electronic money account);

       ·       When you use the services and the account is managed;

       ·       For managing your personal online area;

       ·       During authentication to access your account or transmit instructions for payment;

       ·       For managing your requests for help or claims and

       ·       To carry out the obligations in terms of the fight against money laundering and the financing of terrorism and for fraud management.

3.2. If you make a payment on an Appletree Payments payment page

When you make a payment by card on a Partner’s website, you must indicate your last name, first name and card data. In order to guarantee the highest level of security in processing payment data, this Data is never accessible to the Partner. Only Appletree Payments, has access to this Data in order to carry out the transaction. The Data is transmitted in an encrypted and secured manner in order to guarantee confidentiality. We inform you that Appletree Payments is PCI-DSS compliant.  The PCI-DSS standard serves as a reference for the technical and operational conditions for protecting the data of cardholders.

4.       For what purposes is your Personal Data processed?

Your Personal Data is processed in the framework of performing the contract that you have entered into with Appletree Payments. This includes the following:

       ·       Registering with the services and opening your account (payment account or electronic money account) on Appletree Payments’ books;

       ·       Managing these accounts and carrying out payment operations;

       ·       Managing payment orders;

       ·       Managing client relations (for example, providing statements of operations);

       ·       Handling your questions and your potential claims;

       ·       The methods for online access of your account (and managing the authentication procedures) and

       ·       Making payments by card on the Partner’s site

 

Appletree Payments also processes your Personal Data in the framework of legitimate interests, deemed necessary to their activity as a provider of payment services. This includes the following:

  • The fight against identity fraud;
  • The fight against external fraud;
  • The fight against card payment fraud;
  • The General Maintenance of the security of the Appletree Payments API and services.

Finally, Appletree Payments manages your data for legal purposes. This includes but is not limited to:

       ·       Respecting the legal and regulatory obligations imposed on Appletree Payments in their capacity as a provider of payment services, and specifically in terms of the fight against money laundering and the financing of terrorism;

       ·       Cooperating with public authorities and any authority in charge of applying the law or prudential supervision, in the event of oversight or inquiry.

5.       How long is your Personal Data kept? 

Appletree Payments will keep your Personal Data during the term of the contractual relationship. When you terminate using the services, all of your Personal Data will be definitively erased, with the exception of data that must be kept for legal reasons. The following time limits for keeping the data specifically apply:

  • For reasons regarding the obligations in terms of the fight against money laundering and the financing of terrorism, Appletree Payments will keep documents and information regarding your identity for five years from the time services are terminated.  Documents and information regarding payment operations, as well as the documents indicating the characteristics of operations identified as particularly complex or pertaining to an unusually high amount or that do not seem to have economic justification or legal intents will also be kept for five years after termination of services.
  • Data necessary for handling potential contestations or disputes will be kept for a time frame of five years, pursuant to the legal provisions in force (specifically but not exclusively those established in the Code of Commerce, the Civil Code and the Consumer Code).
  • Contractual documents will be kept for a time frame of five years from the end of the contract.
  • In the event of an objection to a means of payment, notification regarding the objection will be kept for a time frame of 18 months from the time of the objection.
  • Communications with customer support may also be recorded. If that is the case, they will be kept for a time frame of five years from the time they are received or recorded.

6.       Where is Personal Data stored?

The servers used by Appletree Payments to store your Personal Data are located in Zimbabwe.

Furthermore, Appletree Payments will transmit some of your Data to its subcontractors and/or service providers necessary for carrying out the services. Some of these subcontractors store your Data on servers situated outside of the territory of Zimbabwe, particularly in the European Union. In this case, Appletree Payments ensures that this third-party country or entity in question has been subject to the decisions of the European Commission establishing an adequate level of protection of personal data (compliance with Privacy Shield). Otherwise, Appletree Payments will implement appropriate guarantees in order to ensure the protection of your Data.

7.       Who are the recipients of Personal Data? Is it transferred to third parties?

7.1 Authorised Appletree Payments’ Services

Only Appletree Payments’ collaborators that are specifically authorised may access your Personal Data, in the framework of carrying out their missions. All collaborators of Appletree Payments having access to your Data are subject to strict confidentiality obligations, as well as professional secrecy concerning payment data.

7.2 The appropriate authorities

Appletree Payments may be required to transfer Personal Data to the certain authorities, such as public authorities, organisations for the fight against money laundering and the financing of terrorism, or the authorities for banking oversight.

7.3 Subcontractors

Appletree Payments uses the services of subcontractors to provide payment services and services that you request for example, hosting an information technology system, Partner credit institutions for protecting funds or carrying out payment operations, etc. The subcontractors process your Personal Data only on Appletree Payments’ instruction and exclusively in the framework of the latter’s activities. Barring express agreement on your part, the subcontractors are not authorised to access your Personal Data for their own use.

Subcontractors are contractually obligated to comply with the obligations of security and confidentiality, to implement appropriate technical and organisational measures so that data processing is carried out in a manner that complies with applicable regulations and guarantees the protection of your rights. By a request sent to Appletree Payments, you may obtain a detailed list of the categories of subcontractors involved in processing your Data.

8.       Your rights concerning your Personal Data

8.1 Right of access

You have the right to access Data pertaining to you. If you exercise this right, Appletree Payments will send you a copy of the characteristics of the processing of your Data i.e. the purposes of data processing, the categories of Data in question, etc. This information will be provided to you in a currently used electronic format. However, you may request that this information be provided to you in another format, provided that Appletree Payments is technically capable of providing you the information in the format requested.

You are informed that Appletree Payments may require the payment of fees based on the administrative costs incurred due to requests for additional copies.

8.2 Right of rectification

If you are aware that the Data pertaining to you is inexact or incomplete, you have the right to request that this Data be rectified or updated.

8.3 Right to be forgotten

In compliance with applicable regulations, you may request erasure of your Data in the following cases:

       ·       When it is no longer necessary for the purposes for which it has been collected or processed;

       ·       When your Data has been subject to illegal processing or when it must be erased to comply with a legal obligation.

However, you may not have the right to erasure of your Data when processing it is necessary to exercise a right regarding the freedom of expression and information, of recognition, of the exercise or defence of legal rights, or for complying with a legal obligation imposed on Appletree Payments.

8.4 Right to restrict data processing

You have the right to request that data processing be restricted in the following cases:

·       If you contest the accuracy of your Personal Data;

·       If processing it is illegal and you wish that this processing of your personal data be restricted rather than erased;

·       If Appletree Payments no longer needs your Personal Data but it is still necessary for recognition or in the exercise of defence of a legal right.

8.5 Right to object to data processing

If you have a legitimate reason, you may object to your Data being processed. When you object to data processing, your Data will no longer be processed for these purposes.

8.6 Right of portability of Data

You have a right of portability of the Data that you have transmitted. You may also receive the Data in a structured format, currently used and readable by machine. You also have the right to request that this Data be transmitted to another data processor, when this is technically possible.

9.       How to exercise your rights

You may exercise your rights by contacting the Partner of Appletree Payments with which you are in a relationship according to the terms indicated on their website, or by directly contacting Appletree Payments at the following address: legal@appletreepayments.com. 

For any request to exercise your rights, Appletree Payments may request you provide an official identity document in order to verify that you are the individual to whom the Data subject to the request relates. 

Responses to your requests will be communicated to you electronically, unless you request otherwise. In this case, you must include in your request the form you wish your response to take.

Appletree Payments undertakes to respond to all requests immediately. You will receive a response in a maximum time frame of one month from the receipt of your request. However, we inform you that this time frame may be extended to two months if your request is particularly complex or has multiple requests. In this case, you will be informed of such an extension and the reasons thereof in a maximum time frame of one month from the receipt of your request.

If Appletree Payments is not able to respond to your request, you will be informed at the latest in a time frame of one month from the receipt of your request, including the reasons for this. You will then have the possibility of filing a claim with a supervisory authority and to initiate legal proceedings.

You are informed that in the event of manifestly unfounded or excessive requests, specifically in terms of their repetitive nature, we may refuse to respond to your requests or require that fees be paid that take into account the administrative costs borne by responding to your requests.

10. How is your Personal Data secured?

Appletree Payments implements the appropriate security measures in order to guarantee the protection and confidentiality of your Data, and specifically, to prevent its destruction, loss, alteration, unauthorised disclosure of Data, or unauthorised access of this Data. These security measures specifically consist of encrypting or creating a pseudonym of the Data, as well as implementing measures that allow for guaranteeing their confidentiality, integrity, availability and constant resiliency in terms of data processing services. You will be notified as soon as possible of any violation of security that has an impact on your Data which may lead to a heightened risk to your rights and freedoms by the Partner with which you are in a business relationship.

11. What is the relationship between Appletree Payments and its Partners for managing your Personal Data?

Each Partner jointly assumes the responsibility of managing Data carried out in the framework of the following activities:

  • Registering with the services and opening your account (payment account or electronic money account) on Appletree Payments’ books;
  • Managing payment orders;
  • Managing client relations (for example, providing statements of operations);
  • Handling your questions and your potential claims;
  • The methods for online access of your payment account (and managing the authentication procedures);
  • Making payments by card (when you make a payment by card on the Partner’s site);
  • Respecting the legal and regulatory obligations in terms of the fight against money laundering and the financing of terrorism.

This joint responsibility is contractually established between each Partner and Appletree Payments. For any request to exercise your right or any claim relating to the above-mentioned data processing, you may first directly address the Partner with which you are in a relationship according to the methods indicated on their site. Appletree Payments cooperates with each Partner in order to ensure the protection of your Personal Data. You are informed that each of the parties, in their capacity as a data processor, is required to respect the applicable regulation regarding the protection of your Data. Furthermore, Appletree Payments cooperates with each Partner in order to ensure the highest level of security of your Data and to respond as efficiently as possible to each of your requests.

12. Modification of the Privacy Policy

Modifications to the Privacy Policy are published on Appletree Payments website with an indication of the last update. Modifications to data processing managed and jointly assumed with a Partner will also be communicated to you according to the terms established in this document.