Personal data processing policy
NOTICE ON PERSONAL DATA PROCESSING
1.2 Upay commits to protecting and not violating the privacy of the Client/User's personal data.
1.3 This Policy on the processing of personal data serves as a notification to Users about the intention to process personal data as defined by the Law of the Republic of Armenia "On the Protection of Personal Data." It is an integral part of the "General Terms and Conditions" (hereinafter referred to as "GTC"), the policy, and the personal data processing form/order adopted by Upay.
1.4 This notification specifies the surname, first name, patronymic of the data subject, the legal basis and purpose of personal data processing, the list of personal data to be processed, the list of actions to be performed with personal data, the range of persons to whom personal data can be transferred, the name and location or place of registration of the processor requesting consent or its representative, information on the correction and destruction of personal data by the data subject, requesting the termination of data processing or performing other processing-related actions, the period of validity of the requested consent, as well as the procedure for withdrawing consent and its consequences.
2. Your personal data is processed in accordance with the requirements of RA legislation, this policy, the Agreement concluded with you, the General Terms and Conditions (integral to the Agreement), and your consent given upon accepting the notification.
2.1 In accordance with point 2, the User is informed about the legal bases and purposes of processing their personal data, the list of personal data subject to processing, the actions to be taken with their personal data, the parties with whom their personal data may be shared, the process of correcting and deleting personal data, the procedure for requesting the cessation of data processing, and other actions related to data processing, the duration of the consent's validity, as well as the steps for withdrawing consent and its consequences.
3. In the case of clients who are natural persons, the Company collects the personal data specified in this Policy. This data is provided by the Client during registration on the Company's website, mobile application, or other actions requiring the submission of personal data. This may include the following personal data, supported by relevant documents:
a) Data from the individual's identity document, including name, surname (patronymic), place and date of birth, and residential address (either registration or actual),
b) Phone number and email address.
You are responsible for the accuracy, timeliness, and reliability of the information you provide.
3.1 To maintain data reliability and minimize the involvement of individuals in personal data processing, to make inquiries about the Client/User, to receive and process personal data, as well as to remotely identify individuals using the Company's software applications, and to store and transfer data for the services provided by Upay or the operations performed by Upay to enhance the quality of service to Customers/Users and assess customer solvency, Upay is entitled to refer to secondary sources. Specifically, this may include public databases and other organizations authorized to process personal data under state or regulatory legal acts (referred to as Public Databases). Additionally, Upay may contact organizations that collect credit information or perform credit assessments (credit bureaus) to obtain the following personal data from Public Databases: as well as organizations that collect credit information or conduct credit assessments (credit bureaus) to obtain the personal data mentioned below from the following sources (hereinafter referred to as Public Databases): data from identity documents (valid or invalid), social security numbers, and registration and residential addresses,
3.1.1 Identity document data (subdivision that issued the document, document number, type of document, date of issue of the document, validity period of the document, number/designation of the SS, first name, last name, patronymic, date of birth, gender, deceased (date of death), not deceased, civil service number, registration number and address of registration place, photo)
3.2 Data related to the individual in the enforcement service: the existence of enforcement proceedings, the existence of a restraining order, the date, the amount of restrained property, and the amount of liability,
3.3 Information on real estate tax and vehicle property tax debts and the transfer of rights
to community-owned property,
3.4 Credit reports or credit information from credit bureaus.
4 The Company may carry out personal data processing, including any action or group of actions related to collecting, recording, inputting, organizing, storing, using, transforming, restoring, transmitting, correcting, blocking, or destroying personal data, regardless of the form and method of implementation (including using automated or technical means), for the following purposes:
§ Providing information related to its activities or sending notifications and SMSes based on them,
§ Communicating and collaborating with Customers/Users,
§ Complying with laws, regulations, guidelines, other legal acts, and international obligations, including those related to anti-money laundering, anti-terrorism, anti-corruption, and international sanctions schemes,
§ Investigating and taking action against illegal or harmful behavior,
§ Improving daily operations and services,
§ Using personal data for internal purposes, including auditing, data analysis, reporting, and research, as well as maintaining the Company's hardware, software, security, and other systems,
§ Monitoring and analyzing trends, usage, and activities related to the Services,
§ Assessing the solvency of the Client/User, including in case of bankruptcy,
§ Confirming identity (identification),
§ Correcting or updating personal data.
5 The Company regularly reviews the terms of personal data retention in accordance with the requirements of the current legislation of the Republic of Armenia and the policies adopted by the Company. Your personal data will be stored in our systems for the duration specified by Upay's procedures and RA legislation.
6 For the purposes defined in section 4 of this policy, and only to the extent necessary to justify those purposes, the Company may provide your personal data to:
6.1 Receive data about you as defined in this Policy, based on the data you provided through public databases,
6.2 Third parties who, based on the relevant contract concluded with the Company, provide services to Upay or receive services from Upay that require personal data processing,
6.3 State bodies of the Republic of Armenia, in cases and according to the procedures established by the legislation of the Republic of Armenia.
7 To protect your personal data from loss, misuse, or alteration, we take steps to ensure their security, including aligning the Company's operations with international technical standards.
8 Access to personal data is limited, and they are available only to employees who require such access to perform work aimed at achieving the goals outlined in this policy. Archived documents are stored in locked areas specially designed for archiving, where access and exit rights are granted only to employees whose responsibilities include work related to this data.
9 To protect your personal data, the contracts concluded with all our partners receiving information containing personal data must include clauses prohibiting the disclosure of confidential information, including personal data.
10 Furthermore, Upay ensures that all employees working with personal data are consistently aware of personal data protection, information security, and confidentiality processes.
11 Customers/Users are responsible for safeguarding their passwords and preventing unauthorized access to their computers, phones, or other devices.
12 The Company is not liable for unauthorized access to the Customer's/User's account and personal data, which may result from computer viruses or other threats.
13 The user has the right to:
13.1 Request access to their Personal Data held by the Company,
13.2 Request corrections, termination of processing, or restrictions on their Personal Data,
13.3 Withdraw consent to the processing of their Personal Data,
13.4 Receive information about the basis and purposes of processing Personal Data,
13.5 Submit a complaint to the competent authority for the protection of Personal Data if their privacy rights have been violated or if they have suffered due to illegal processing of Personal Data.
14 If the User objects to the processing of Personal Data or decides to request the removal or termination of the Processing of Personal Data after giving consent, then:
14.1 The Company may cease providing services to the User,
14.2 This may not always be possible due to legal requirements, other obligations, and various factors.
16 If Customers/Users do not wish to receive cookies while visiting websites/mobile applications, they can adjust their browser and/or mobile device settings to restrict or block cookies.
17 Data generated by cookies on the Upay website or mobile application can serve various purposes, including the following:
17.1 These cookies are crucial as they enable Customers/Users to navigate the website or mobile application and use its features, such as accessing secure areas of the website or mobile application. They are used to enhance the performance of future versions of the website or mobile application.
17.2 Upay cannot control advertisers authorized by Internet Service Providers whose advertisements are displayed when Customers/Users use the Internet.
17.3 Disabling cookies by Clients/Users may impede the full functionality of Upay websites or applications.
Phone: +374 11 444 448
Address: Republic of Armenia, Yerevan 0014, Davit Anhaght 8/4
"UPAY" Closed Joint Stock Company