Privacy Statement of Funanga Ltd
The protection of your personal data is of utmost important to Funanga Ltd. In this Privacy Statement, we give clear and transparent information about how we handle your personal data. In parts of this privacy statements you will be referred to (in reference to the GDPR terminology and meaning) and Data Subject.
I. General information
We will always safeguard your privacy and handle your personal data with care. At any time, Funanga Ltd will comply with all applicable laws and regulations, including the European General Data Protection Regulation. This ensures that we will at least:
Process your personal data in accordance with the purpose for which you submitted them, or it was submitted to us by a third party authorised by you. These purposes and types of personal data are described in this Privacy Statement further below; Limit the processing of your personal data to such data that are strictly necessary for the purposes for which they are processed; Ask your explicit permission, if we need such permission, to process your personal data. Take appropriate technical and organizational measures to safeguard the protection of your personal data. Refrain from passing personal data on to third parties, unless this is necessary for the performance of the purposes for which they were submitted, or required by applicable laws or regulations; Be aware of your rights regarding and to your personal data, inform you about them, and respect them. Funanga Ltd is responsible for processing your personal data. In case you have any questions about our Privacy Statement after reading it, or you wish to contact us about it, please do not hesitate to do so using the contact details at the bottom of this document.
II. Processing Purposes
Funanga AG processes personal data of customers for the following purposes: To process payment transactions associated with you and submitted by any of our partnering online merchants; Administrative purposes; Verification purposes for the prevention of fraud, money laundering, and terrorist financing; To send newsletters to interested persons; To gather website statistics via Google Analytics; To offer customer support if requested by you or a requirement by Funanga Ltd to contact you.
The personal data are processed based on the following authorisations: Processing is required and requested for the execution and authorisation of a payment request submitted by the data subject via any of our accepting online merchants. Data Processing is necessary to comply with a legal obligation, e.g. money laundering and terrorist financing prevention act; By the data subject’s authorisation and consent through signing up for our (Funanga or CashtoCode) newsletters; The data subject has given their consent for placing Google Analytics' (tracking) cookies referred to in the cookie bar.
IV. Categories of personal data
Funanga Ltd may process the following personal data for the aforementioned purposes: Data Subject’s first and last name; Data Subject’s phone number; Data Subject’s email address; IP address. Additionally, but only after obtaining your permission (by accepting the cookie settings on our website, with such acceptance being not required to use our services), we may use Google Analytics to collect information about interests, web pages visited or to be visited, peripheral equipment used, software settings, and referrer URL.
V. Data Retention periods
Funanga Ltd will retain your personal data for the aforementioned processing for the following periods: For 5 years after processing a payment transaction for the Data Subject; For as long as legally required by applicable laws and regulations; For as long as Data Subject remains signed up for the newsletter; For 5 months if it concerns information obtained through (tracking) cookies from Google Analytics.
VI. Data-sharing with third parties
The data you provided to us may be disclosed to third parties if this is necessary for the purposes described below. Funanga Ltd uses third parties for:
- Providing telephone support directly to customers, via an outsourced call-center service. The call-center Funanga uses is based in Germany and therefore also bound by the European General Data Protection Regulation (GDPR).
- If accepted by data subject we collect data with the help of Google Analytics' (tracking) cookies and share them with third parties. More information about this is provided at https://policies.google.com/privacy.
In any instance, we will only disclose personal information to third parties with whom we have signed a processing agreement and which are based and operating out of the European Economic Area (EEA). Of course, the processing agreement contains the necessary arrangements to safeguard the security of your personal data. Other than this, we will not disclose the personal data you provided us with to third parties, unless this is legally required and permitted.
We have taken appropriate technical and organisational measures to protect your personal data against unlawful processing and unauthorised access. These measures include (but are not limited to) the following:
- All persons who have access to your personal data on behalf of Funanga Ltd are bound to data protection and privacy requirements; - Our systems are protected by a user name and a complex password policy;
- The transfer of personal data is managed via secure (SSL256) transfer methods and VPNs. - Only a small number of employees are authorised to access the parts of the Funanga system that contain personal data;
- Only a small number of employees are authorised (and only under a 4-eyes principle) to physically access the servers or any of the main data storage hardware systems, holding personal data. - We make backups to be able to recover data in case of physical or technical incidents, with such backups being held for a period of 31 days and then renewed (and therefore previous ones overwritten).
- We regularly test and evaluate our systems and measures;
- Our employees are informed and trained about the importance of the protection of personal data.
VIII. Rights regarding your data
You have the right to inspect the personal data we received from you and to have them rectified or, subject to Funanga’s legal and regulatory data rentention requirements, erased. You may also object against the processing of your personal data (or part thereof) by us or by one of our employees. You also have the right to 'be forgotten' and to have the data you provided transferred to you or directly to a third party of your choice. You have the right of limitation and the right to object. For further explanation, please contact us or refer to the European or your local Data Protection Authority for information. We may ask you to identify yourself before handling your data request.
If we are processing your personal data based on your permission, you have the right to withdraw that permission at all times.
Should you have any complaint about the processing of your personal data, please contact us directly. If we are unable to reach a mutual agreement, that is, of course, most regrettable. You always have the right to file a complaint with the Data Protection Authority. This is the supervisory authority in the field of privacy protection.