Effective: May 2021
Last Updated: January 2022
If you are a resident of California, California law may provide you with additional rights regarding our use of your personal information. To learn more about our data collection practices and your California privacy rights, visit the California Consumer Privacy Act (CCPA) Notice.
AptPay, Inc. at 121 Bloor Street East, Suite 410, Toronto, Ontario, M4W 3M5, Canada will be the data controller in relation to any personal data provided to AptPay directly via email, phone, direct mail or via aptpay.com (“website”), or through AptPay’s Mobile application(s) (“app”). This means that AptPay is responsible for deciding how your data will be held and how your personal data about you will be used.
The AptPay Data Protection Officer can be contacted:
1. By email at: [email protected].
2. By post to: AptPay Data Protection Officer, 121 Bloor Street, Suite 410, Toronto, Ontario, M4W 3M5, Canada.
2. DATA PROTECTION PRINCIPLES
“Personal data” means any information that enables AptPay to identify you or the beneficiary of your transaction, directly or indirectly, such as name, email, address, telephone number, date of birth, tax ID number and any form of identification or identification number.
AptPay is committed to complying with applicable data protection laws and will ensure that personal data is:
1. Used lawfully, fairly and in a transparent way;
2. Collected only for valid purposes that AptPay has clearly explained to you and not used in any way that is incompatible with those purposes;
3. Relevant to the purposes AptPay has told you about and limited only to those purposes;
4. Accurate and kept up to date;
5. Kept only as long as necessary for the purposes AptPay has told you about;
6. Kept securely.
3. PERSONAL DATA WE COLLECT AND HOW ITS COLLECTED
PESONAL DATA YOU PROVIDE
AptPay may collect personal data when you provide it, including when you indicate that you would like to receive any of our Services, when you register with us, when you complete forms online, when you speak with us over the telephone, when you write to us, when you visit the website or app. We will also collect details of your transactions carried out through the website or app and of the fulfilment of such transactions.
AptPay may collect and process the following personal data:
1. Personal details, such as data which may identify you, may include:
Your name, title, residential and/or business address, email, telephone and other contact data, date of birth, gender, images, government issued identification details, signature, IP address and country details, such as destination country. (“Identifiable Personal Data”).
2. If you have provided your consent for AptPay to collect such information and not withdrawn such consent, non-identifiable GPS-based location details while using AptPay’s website or app (“Location Data”).
3. Information from which you may be indirectly identified, such as a client identification number (“Indirectly Identifiable Personal Data”).
4. Financial details, such as data relating to your and your beneficiary’s payment data and bank account information obtained for the purposes of disbursements and/or payments (“Transaction Personal Data”).
5. Additional details requested by law enforcement or requested pursuant to AptPay’s compliance procedures in connection with efforts to prevent money laundering, terrorist financing and criminal activity, such as relationship to parties of the transaction, the purpose of the transaction and proof of funds (“Compliance Personal Data”).
We may also receive information in connection with transactions you carry out with us, such as the last four digits of the payment card you used to make or receive a payment. (“Payment Data”).
When you use our website or app we collect information via cookies and similar technologies, in the IP address of visitors, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
We may use this data for the following purposes:
1. To measure the use of our website, app and services, including number of visits, average time spent on a website, pages viewed, page interaction data (such as scrolling, clicks and mouse-overs), etc., and to improve the content we offer;
2. To administer the website, app and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
3. As part of our efforts to keep the website and app safe and secure.
Due to the core role of enhancing and enabling usability or site processes, disabling cookies may prevent you from using certain parts of our website or app. It will also mean that some features on our website or app will not function if you not allow cookies.
4. HOW WE USE YOUR PERSONAL DATA
Personal data collected through AptPay’s website or app is typically stored and processed in Canada; however, in some instances, it may be transferred, stored, and/or processed outside of Canada (see section 5 for further details).
Below is a summary of the ways in which AptPay may use your personal data and our basis for such usage:
Whenever possible, AptPay uses data from which you cannot be identified directly (such as IP addresses and anonymous demographic and usage data) rather than personal data. This non-identifiable data may be used to tailor your experiences with AptPay’s Services by showing content in which AptPay thinks you will be interested in and displaying content according to your preferences. Non-identifiable data may also be used to improve AptPay’s internal processes or delivery of services.
AptPay may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of the Services. AptPay also may use the data collected to evaluate and improve the Services and analyse traffic to the Services. In some circumstances AptPay may anonymise your personal data so that it can no longer be associated with you, in which case AptPay may use such data without further notice to you.
|Using Your Personal Data||Basis on Which AptPay Uses Your Personal Data|
Registration and Administration
AptPay may use Identity Personal Data and/or Compliance Personal Data to enable you to register with us. Once your registration is complete, AptPay may use Identity Personal Data and/or Compliance Personal data for the administration of your account, to contact you, to update our records about you, and to respond to and process your queries and requests.
Requesting Access to Tools and Information
You may wish to have access to certain tools and information made available on AptPay’s website or app, before or after you decide that you would like to register to use AptPay’ Services. AptPay may collect and use Identity Personal Data as part of this access and use Identity Personal Data before or after you decide that you would like to register to use the Services.
Supply of AptPay’s Services
AptPay may use Identity Personal Data, Transaction Personal Data and/ or Compliance Personal Data (and where it is collected, Payment Data) so that we can supply you with our Services which you use or have requested and to meet our contractual obligations to you.
If you have given your consent for AptPay to do so and not withdrawn such consent, AptPay may collect and use Location Data to provide you with a tailored experience on AptPay’s website or app related to your location.
AptPay may use Identity Personal Data and/or Transaction Personal Data to notify you about changes or developments relating to AptPay’s Services which you used or have requested.
AptPay may use Identity Personal Data, Transaction Personal Data and/or Compliance Personal Data for compliance purposes, including the prevention and detection of money laundering, terrorist financing, crime, tax evasion or fraud.
Recording of telephone calls
AptPay may monitor and record telephone calls with you (which may involve Identity Personal Data, Transaction Personal Data and/or Compliance Personal Data and AptPay may use any transcripts of these calls so we can be sure we understand the instructions you give us and so we have a clear record of any discussions with you.
AptPay may use your Identity Personal Data to contact you with marketing communications in relation to AptPay’s Services.
AptPay may combine Indirectly Identifiable Personal Data with other information generated during the user of our Services to create individual profiles for customers through automated processes.
5. DATA SHARED WITH OR COLLECTED BY THIRD PARTIES
AptPay may share your personal data with AptPay’s Companies in order to enable or facilitate us to provide you with any of the Services you have requested, for AptPay’s compliance purposes and where you have consented and not withdrawn your consent, for AptPay’s direct marketing purposes (see section 11 below).
AGGREGATED STATISTICAL ANALYSIS
AptPay may use statistical analysis of aggregate data to inform advertisers of aggregate user demographics and behaviour, as well as the number of users that have been exposed to or clicked on their advertising banners. AptPay will provide only aggregate data from these analyses to third parties.
THIRD PARTY SERVICE PROVIDERS
AptPay may share personal data collected with third party service providers to manage, enable or facilitate certain aspects of the Services AptPay provides and if we do, we will have safeguards in place with such third party service providers requiring them to protect personal data.
AptPay uses advertising services suppliers on our website and app, who, along with their advertising partners, may collect and use personal data when you interact with our website or app. Further details are set out at section 6 below.
Aptpay may transfer your personal data to a third party as a result of a sale, acquisition, merger, or reorganisation involving AptPay. In these circumstances, AptPay will take reasonably appropriate steps to ensure that your information is properly protected.
LEGAL AND REGULATORY
AptPay may also disclose your personal data in special cases if required or requested to do so by law, court order, or other governmental authority, or when AptPay believes in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to, or interfering with, AptPay’s rights or property, AptPay’s services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).
SHARING PERSONAL DATA
The nature of AptPay’s products and services means that we may need to share your personal data with recipients based outside of the country you reside. As explained above, we may share your personal data within affiliates of AptPay, which may involve transferring your data outside of your country. Where we do so, we will ensure a similar level of protection afforded to you in your country.
If AptPay shares personal data with third party service providers based outside of your country, we will ensure a level of protection and safeguarding of your personal data.
You may sometimes ask AptPay about, or AptPay may sometimes ask you if you are interested in, products or services which we are unable to provide but which someone else we know (a “Contact”) may be able to provide. AptPay will never pass your information to a Contact unless you have asked us to do so. Please note that AptPay is not responsible for and cannot be liable to you for any products or services of any Contact or any acts or omissions of any Contact.
In addition, where AptPay has received your contact details and other personal data as a result of a referral, we may pass your personal data back to the relevant referrer for the specific purpose of commission reporting.
Advertisements that appear on AptPay’s website or app or otherwise in the Services are generally delivered directly to you by third party advertisers. These third-party advertisers have no access to the information you have provided directly to AptPay.
If you have provided your consent by accepting “Targeted Cookies” through the Website cookie consent manager or enabled “Targeting” and “Location” on the app, the advertisements that are served may be personalised to you.
ADVERTISING ON APTPAY’s WEBSITE
Advertisements on AptPay’s website and app may be served by third-party advertisers or their advertising partners.
1. Website: If you have provided your consent by accepting Targeted Cookies, third-party advertisers could automatically receive your IP address. Third-party advertisers or their advertising partners may also download cookies and similar technologies such as pixel tags/beacons and scripts downloaded to your computer to measure the effectiveness of their ads and to personalize advertising content. Doing this allows them to recognize your computer each time they send you an advertisement in order to measure the effectiveness of their ads and to personalize advertising content. In this way, they may compile information about where individuals using your computer or browser saw their advertisements and determine which advertisements were clicked.
2. App: If you have provided your consent by enabling “Targeting” and “Location” for the app, third-party service providers will collect and use the personal data to serve you personalised advertising. Depending on where you live and your privacy choices on AptPay’s app, the personal data collected in the app may include device identifiers and information, app usage information, (if you have enabled Location Services) geo-location, information about interests to make ads served more relevant and information about interactions with ads. Your device may be recognized over time and across apps.
3. Cookies and Location Tracking: If you do not accept Targeting Cookies on AptPay’s website, third party advertisers will not receive your IP address or download any cookies to your computer through AptPay’s website. However, advertisements that are not specific or personalised to you or your device may still be served to you on our website.
If you do not enable Targeting and Location for AptPay’s app, you will not receive personalised advertisements and thirdparty service providers will not collect and use personal data for such purposes.
REMARKETING ON APTPAY’S WEBSITE AND MOBILE APPLICATION
7. PERSONAL DATA RETENTION
Personal data is used for different purposes and is subject to different standards and regulations. In general, personal data will be retained for as long as necessary to provide you with services you request, to comply with applicable legal, accounting or reporting requirements, and to ensure that you have a reasonable opportunity to access your personal data.
To determine the appropriate retention period for personal data, AptPay considers the applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which AptPay processes your personal data and whether we can achieve those purposes through other means. For example:
1. Legal and regulatory requirements. AptPay will retain your personal data if required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods. We will retain your personal data for a period after closure of your account with AptPay or the last transaction AptPay carried out for you or disbursement paid to you.
2. Customer service. If you provide AptPay with your personal data but do not have an account with us, we will (subject to any legal or regulatory considerations) retain your personal data for as long as necessary to deal with your query (for example, to address your questions in the event of an unsuccessful application).
3. Marketing. Personal data provided to AptPay for marketing purposes may be retained until you opt out or until AptPay becomes aware the data is inaccurate.
8. CORRESPONDING WITH APTPAY
If you send correspondence to AptPay, including e-mails, AptPay may retain such data along with any records of your account.
AptPay may also retain customer service correspondence and other correspondence involving you, AptPay and any AptPay affiliate, our partners, and our suppliers. AptPay will retain these records in line with our data retention policy.
9. DATA SECURITY
AptPay is committed to maintaining the security of your personal data and has measures in place to protect against the loss, misuse, and alteration of the data under AptPay’s control.
AptPay employs modern and secure techniques to protect our systems from intrusion by unauthorised individuals, and regularly upgrade our security as better methods become available.
AptPay’s datacentres and those of our partners utilise modern physical security measures to prevent unauthorised access to the facility. In addition, all personal data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access.
All AptPay employees who have access to, or are associated with, the processing of personal data are contractually obligated to respect the confidentiality of your data and abide by the privacy standards AptPay has established.
Please be aware that no security measures are perfect or impenetrable. Therefore, although AptPay uses industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of personal data.
AptPay’s website or app may offer chat rooms, forums, message boards, or news groups to users. It is important to remember that any information disclosed in these areas becomes public information. Accordingly, as with any public forum, you should exercise extreme caution when deciding whether to disclose your personal information.
10. OTHER WEBSITES
AptPay is not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third party administrators or webmasters prior to providing any personal data.
AptPay may permit third parties to offer subscription or registration-based services promoted through our own Services. In some instances, these other services may be co-branded or use AptPay’s trademarks under license; however, other’s services have their own respective privacy policies.
11. DIRECT MARKETING
AptPay may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services. Such marketing communications will only be sent to you if you gave your consent (when you registered for AptPay’s Services or at another point) and you have not withdrawn such consent or if there is another basis to send such communications to you (for example, in certain circumstances, AptPay may send marketing communications solely about our Services to existing customers using contact details we have obtained directly from the customer during the course of registration or the provision of our Services to them, provided they have not previously unsubscribed from such communications).
All marketing e-mails you receive from AptPay will include specific instructions on how to unsubscribe and you may unsubscribe at any time.
Additionally, you can unsubscribe from marketing by contacting us in writing at AptPay Inc., 121 Bloor Street E, Suite 401, Toronto, Ontario, M4W 3M5 or email [email protected] or by amending your marketing preferences within your account.
You should note that AptPay is opposed to third-party spam mail activities and does not participate in such mailings, nor does AptPay release or authorise the use of customer personal data to third parties for such purposes.
Through automated processes AptPay may create individual profiles for customers based on a combination of Indirectly Identifiable Personal Data and other information gathered through our customer’s interaction with our Services. AptPay may use such profiles to better understand the ways in which you use AptPay’s Services. In addition, AptPay may send personalised communications to you based on a profile (inc
e have a basis to send such communications in accordance with this Privacy Notice (see Section 11 above).
13. DATA PROTECTION RIGHTS
Under California privacy law, you have certain privacy rights including the right to access information AptPay holds about you, and delete your personal information held by AptPay, limited to certain exceptions. If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about AptPay’s data collection practices and your California privacy rights, visit the CCPA Privacy Notice.
EUROPEAN ECONOMIC AREA (EEA) & UNITED KINGDOM
In certain circumstances (for example, if you are a “data subject” in the EEA or UK), and subject to verification of your identity, you may request access to and have the opportunity to update and amend your personal data. You may also exercise any other rights you enjoy under applicable data protection laws.
Data subjects in the EEA and UK have the right to:
1. Request access to any personal data AptPay holds about them (“Subject Access Request”) as well as related data, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making;
2. Obtain without undue delay the rectification of any inaccurate personal data AptPay holds about them;
3. Request that personal data held about them is deleted provided the personal data is not required by AptPay for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;
4. Under certain circumstances, prevent or restrict processing of their personal data, except to the extent processing is required for the establishment, exercise or defence of legal claims;
5. Under certain circumstances, request transfer of personal data directly to a third party where this is technically feasible.
You can find your National Data Protection Authority in the EU online at: https://edpb.europa.eu/about-edpb/board/members_en
The Data Protection Authority in the UK is the Information Commissioner’s Office: https://ico.org.uk/
14. COMPLAINTS PROCEDURE
We want to deal with your concerns fairly, effectively and promptly. However, some complaints are more complex than others and may take some time to investigate.
1. We will acknowledge your complaint promptly after receiving it
2. We will keep you informed throughout any investigation
In order to assist in the speedy resolution of any complaint you may have, it’s important that we understand your complaint fully. Sometimes this means AptPay may ask you to address your concerns to us in writing. This can be either by email or post to the addresses in section 15 below. AptPay has established internal procedures for investigating any complaint, which may also involve experienced members of staff from AptPay considering or investigation the complaint. Where appropriate, the complaint will be dealt with by someone who was not directly involved in the matter which is the subject of your complaint.
The member of staff will either have authority to settle your complaint or will have ready access to someone who has the authority. AptPay’s response will fully address the subject matter of your complaint and, if appropriate, will offer redress. If you phone us during our investigation and the member of staff handling your complaint is not available, then another member of our team will try to assist you.
Unless applicable data protection laws require responses within shorter timescales, AptPay will try to resolve any privacy complaints you have within 15 business days of receiving your complaint and in exceptional circumstances, within 35 business days (AptPay will let you know if this is the case).
Within the timelines noted above and after conclusion of the investigation, our DPO will inform you of:
As noted above, if you are not satisfied with AptPay’s reply/outcome, or otherwise with the handling of the complaint, you may have the right to lodge a claim before a relevant Data Protection Authority or the courts.
15. CONTACTING US
If you have a question, request or concern about privacy, confidentiality or the personal information handling practices of Apt Pay, our employees or service suppliers, please contact us at:
ATTN: Data Protection Officer
121 Bloor Street E, Suite 401
Toronto ON, M4W 3M5
email: [email protected]