Privacy Policy
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes Apata's policies and practices regarding its collection and use of your Personal Data, and sets out your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new Personal Data practices or adopt new privacy policies.
In this notice, Personal Data means any information that relates to an identifiable natural person.
Apata Services
Apata provides a 3D Secure solution for its clients' Mastercard and Visa cards to facilitate the authentication of e-commerce transactions by their direct or indirect customers.
Processing Personal Data
Apata processes Personal Data for the following categories of data subjects and purposes.
| Data Subjects | Personal Data Processed | Purpose |
|---|---|---|
| Holders of Apata clients' Visa and Mastercard cards | Name, account information, account number, account identifier, billing address, email address, home phone number, mobile phone number, work phone number, transaction time and date. | Authenticating cardholders' payments. |
| Holders of Apata clients' Visa and Mastercard cards | Shipping address, browser IP address and functional details, card/token expiry date, device channel and information, DS details (including reference number, transaction ID and URL), EMV payment token indicator, instalment payment data, merchant details, message version number, notification URL, purchase details (including amount, currency, currency exponent, date and time), SDK details (including app ID, encrypted data, ephemeral public key, maximum timeout, reference number, transaction ID and transaction type). | Tracking payment trends of individuals for risk profiling and fraud prevention purposes. |
| Users of Apata's secure portal | Name, email address, work organisation. | Providing authorised access to Apata's secure portal to support use of Apata services. |
| Clients and prospective clients | Name, email address, work organisation, position. | General business purposes including fraud management, sales, account management, customer support, compliance, escalation, business continuity, administration and contract management. |
| Recipients of newsletters and mailings | Name, email address, work organisation, position. | Contact details for receipt of Apata newsletters or direct mailings. |
| Job applicants | Name, email address, home phone number, mobile phone number, social media handles, education details and professional qualifications or credentials, employment history, right to work information, professional and personal interests, references. | Facilitating employment or contracting relationships with Apata, including HR and compliance purposes. |
From time to time, Apata receives Personal Data about individuals from third parties. This typically includes further details about your employer or industry. We may also collect your Personal Data from third party websites (e.g. LinkedIn).
Sharing Information with Third Parties
We do not sell Personal Data to anyone and only share it with third parties who are facilitating the delivery of our services. In order to provide Apata Services, we may share your data with trusted third party service providers (e.g. data hosting providers) as necessary. Prior to sharing any Personal Data with third party service providers we ensure their commitment to protecting the security and confidentiality of your Personal Data.
We do not otherwise reveal your Personal Data to third parties unless:
- You request or authorise it.
- The information is required to comply with the law (for example, in response to a search warrant, subpoena, or court order), to enforce an agreement we have with you, or to protect our rights, property, or safety, or the rights, property, or safety of our employees or others.
- The information is provided to our agents, vendors, or service providers who perform functions on our behalf.
- It is necessary to address emergencies or acts of God.
- It is necessary to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
Data Subject Rights
The European Union's General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and other applicable privacy laws provide certain rights for Data Subjects.
Request access to the Personal Data we hold about you.
Request correction of any inaccurate Personal Data we hold about you.
Request that we erase your Personal Data, subject to certain limitations.
Request that we restrict processing of your Personal Data in certain circumstances.
Object to the processing of your Personal Data in certain circumstances.
Request the transfer of your Personal Data to another organisation.
To exercise any of these rights, please contact us at [email protected].
Data Storage and Retention
Personal Data is stored by Apata on the servers of third-party cloud-based infrastructure located in the EU.
- Service data is retained for the duration of the client's business relationship with Apata and for a period of time thereafter, for operational analysis and archiving purposes.
- Prospect data is retained until it no longer has business value and is purged from Apata systems.
- All Personal Data controlled by Apata may be deleted upon verified request from Data Subjects or their authorised agents.
For more information on where and how long your Personal Data is stored, or to exercise your rights of erasure and portability, contact us at [email protected].
International Transfers
We may transfer your Personal Data outside the country of your residence to countries where our service providers operate. Where we do so, we comply with applicable laws and contractual obligations in relation to such transfers. To the extent that your Personal Data is subject to GDPR, such transfers will only be made in accordance with GDPR and any other applicable EU privacy regulations.
Children's Data
We do not knowingly attempt to solicit or receive information from children.
Cookies
This section describes how Apata uses cookies and other similar technologies in connection with our site and services.
What is a cookie?
Cookies are small text files stored in a computer's browser directory. They help site providers with things like understanding how people use a site, remembering a user's login details, and storing site preferences.
Does Apata use cookies?
Yes. We use cookies in accordance with this Privacy Policy to:
- Ensure that our services function properly.
- Detect and prevent fraud.
- Understand how visitors use and engage with our site.
- Analyse and improve our services.
Who sets cookies when I use Apata's site?
There are two main types of cookies that may be set:
| Type | Description |
|---|---|
| First-party cookies | Placed and read by Apata directly when you use our services. |
| Third-party cookies | Set by other companies, such as Google or Facebook, for analytics purposes. |
How Apata uses cookies
Cookies play an important role in helping us provide effective and safe services.
Necessary Cookies
Essential to the operation of our site and services. They enable basic functions including:
- Authentication - remembering your login state as you navigate through our site.
- Fraud Prevention and Detection - identifying unusual behaviour and preventing fraudulent transactions.
- Security - protecting user data from unauthorised access.
- Functionality - ensuring our site and services work correctly.
Preference Cookies
Used to remember your preferences and recognise you when you return to our services.
Analytics Cookies
Help us understand how visitors interact with our services, including:
- Remembering how you prefer to use our services to avoid reconfiguring settings on each visit.
- Analysing how people reach our site and identifying improvements to our services.
- Pixel tags (web beacons) used to track user actions, measure marketing campaign success, and compile usage statistics.
Can I opt out?
Yes. You can opt out of non-essential cookies through our Cookie Settings Dashboard. Your web browser may also allow you to manage, delete, and disable cookies through its settings.
If you choose to disable cookies, some features of our site or services may not operate as intended. Necessary cookies cannot be opted out of, as they are required to provide our services.
Changes to this Privacy Policy
We review and update our Privacy Policy from time to time. The most current version will always appear on our website.
Questions, Concerns, or Complaints
If you have questions, concerns, or complaints, or would like to exercise your data subject rights, please contact us at [email protected].
Updated 24 days ago