Your privacy is important to us. It is SPECTRA Merchant Services Limited’s policy to respect your privacy regarding any information we may collect from you via our app, SoePay, and its associated services.
1. Information we collect
When you access our servers via SoePay, we may automatically log the standard usage data provided by your device. This data may include your device’s Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details.
Additionally, when you encounter certain errors while using the app, we automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information that may have contributed to the problem.
Our app may also access and collect data via your device’s in-built tools, including but not limited to:
- Your identity;
- Location data;
- Storage, photos and/or media;
- Background data refresh;
- Mobile data;
- Device/app history; and
What we collect can depend on the individual settings of your device and the permissions you grant when you install and use the app.
We may ask for personal information, including but not limited to your:
- Date of birth;
- Phone/ mobile number;
- Work address;
- Payment information; and
- Business registration number/ bank statement.
Business data refers to data that accumulates over the normal course of operation on our platform,including but not limited to transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
2. Legal bases for processing
We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.
These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:
- it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
- we need to process your data to comply with a legal obligation.
Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. SPECTRA Merchant Services Limited shall not in any circumstances be liable in contract tort or otherwise, to you or any other person or entity whomsoever in respect of any loss or damage to person or property or life or loss of profit whatsoever sustained by you or any other person caused by or through leakage of your information. If necessary, we reserve the right to retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
3. Collection and use of information
We may collect, hold, use and disclose information for the following purposes. Personal information will not be further processed in a manner that is incompatible with these purposes:
- for technical assessment, including to operate and improve our app, associated applications and associated social media platforms;
- to provide you with our app and platform’s core features;
- to process any transactional or ongoing payments;
- to enable you to access and use our app, associated platforms and associated social media channels;
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, including to operate and improve our app, associated applications and associated social media platforms;
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you; and
- to comply with our legal obligations and resolve any disputes that we may have.
4. Disclosure of personal information to third parties
We may disclose personal information to:
- Google Play Services
- Google Analytics for Firebase
- Firebase Crashlytics
- our employees, contractors and/or related entities.
5. International transfers of personal information
The personal information we collect is stored and processed in Hong Kong and Singapore, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws. SPECTRA Merchant Services Limited shall not in any circumstances be liable in contract tort or otherwise, to you or any other person or entity whomsoever in respect of any loss or damage to person or property or life or loss of profit whatsoever sustained by you or any other person caused by or through international transfers of your information.
6. Your rights and controlling your personal information
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our app or products and services.
Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will as soon as practicable investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
A cookie is a small piece of data that an app may store on your device, typically containing a unique identifier that allows the app servers to recognize your device when you use the app; information about your account, session and/or device; additional data that serves the purpose of the cookie, and any self-maintenance information about the cookie itself.
8. Business transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.
9. Limits of our policy
Our app may link to external sites that are not operated by us. You acknowledge that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
10. Children’s Privacy
Our app do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we will as soon as practicable delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
11. Changes to this policy
SoePay Data Controller
Mobile Payment Team
This policy is effective as of October 1, 2020.