Joint Controller Agreement
What is the purpose of this Agreement?
The Joint Controller Agreement (hereinafter – the Agreement) of the Paysera network is made between Paysera Ltd (hereinafter — the Coordinator) and other participants of the Paysera network (hereinafter — the Partners). The list of Partners is constantly updated and is provided here. Under this Agreement, the Coordinator and the Partners also agree to jointly process the Personal data of Paysera clients provided to the Coordinator and (or) Partners by Data subjects when applying for the Paysera services (hereinafter — the Personal data).
What is the purpose of this Agreement?
This Agreement is made for the purposes of ensuring compliance with the Data Protection Legislation, inter alia, Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation 2016/679) (hereinafter — GDPR). The Coordinator and the Partners by jointly using the Paysera system have access to the client data in the Paysera network processed in the Paysera system which is used on an “as is” basis. The Personal data is available to the Coordinator and the Partners on a regular basis to allow the proper provision of the Paysera services and proper fulfilment of obligations of the Coordinator and the Partners determined in mutual agreements regarding the usage of the Paysera system and the provision of the Paysera services. The Coordinator and the Partners have agreed that they are Joint controllers as defined in Article 26 of the GDPR because the Coordinator and the Partners jointly determine the purposes and means of processing of the Personal data.
Why do the Joint controllers process Personal data?
Data processing is undertaken for the purposes of the provision of the Paysera services in an efficient manner, such as:
- Registration in the Paysera system, payment account opening;
- “Know your customer” principles and Customer due diligence implementation;
- Anti-money laundering and (or) terrorism financing prevention;
- Provision of payment services;
- Distribution of information to Paysera clients;
- Distribution and management of payment cards;
- Registration in the Paysera Tickets system, customer identification;
- Management of the ticket procurement process;
- Ensuring confidential data security, information integrity, asset availability, and protection from breaches, data theft, and malware, which can have a negative effect on company assets.
- SMS transmission over the Internet and management of statistical information;
- Cell phone number linking with an IBAN account and provision of payment services;
- Paysera client support and quality assurance;
- Direct marketing;
- Collection and management of statistical information;
- Linking of payment cards with the Paysera mobile application;
- Credit rating assessment, credit risk management, and automated decision making.
The Coordinator and the Partners jointly process the personal data of Paysera clients directly related to the implementation of the above objectives. The personal data of Paysera clients cannot be processed for anything other than the indicated purposes.
What rights do Data subjects have under this Agreement?
Regardless of different national regulations applicable to the activity of the Coordinator and the Partners, they have agreed to guarantee the following rights of the Data subject for Paysera clients:
- The Coordinator shall provide the Data subject with a copy of their Personal data stored in the Paysera system as required under Article 15 of the GDPR (Right of Accessing Personal Data).
- The Data subject may request rectification of any inaccurate Personal data held by the Joint controller under Article 16 of the GDPR (Right of Rectification of Personal Data Provided by the Data subject). The data shall be rectified by the Coordinator.
- The Data subject may request erasure of the Personal data held by the Joint controller under Article 17 of the GDPR (Right of Erasure of Personal Data). The Coordinator shall delete the data (with the exception of the data that must be retained due to the state regulation applicable to the Partners and/or the Coordinator) and inform other Partners thereof.
- The Coordinator shall administer requests to restrict processing of data under Article 18 of the GDPR (Right of Restriction of Processing) and, should restriction of processing proceed, the Coordinator shall inform the Partners thereof. Where this request relates to Joint Controller Agreement processes conducted solely by the Partners or data held solely by the Partners, this request shall be forwarded directly to these Partners.
- The Coordinator shall administer any requests for data portability under Article 20 of the GDPR 20 str. (Right of Data Portability). Where this request relates to processes conducted solely by the Partners or data held solely by the Partners, the relevant request shall be forwarded directly to these Partners.
The Data subject may exercise their rights against each of the controllers as stated in Article 26(3) of the GDPR. The Coordinator and the Partners shall provide the Data subject with the information required under articles 13 and 14 of the GDPR by means of a notice on their websites.
Under which country‘s laws is the joint data processing undertaken?
This Agreement is governed by the law of the Republic of Lithuania. The State Data Protection Inspectorate of the Republic Lithuania is the supervisory authority competent to act as the lead supervisory authority.
Please note that this Agreement may be amended or supplemented without any prior notice to the Data subjects, and therefore, the information on the latest and the relevant Agreement is always provided here.
Information required when personal data is collected from the data subject:
- The Joint controllers for your personal data are the Coordinator and Partners, the relevant list of which is provided here.
- The Data Protection Officer appointed by the Coordinator can be contacted by the email address email@example.com and/or by a letter to 38 Ridding Lane, Greenford, England, UB6 0JY. The person for contact with the Partner: firstname.lastname@example.org.
- The processing of your data shall take place in the offices of the Coordinator and any Partners that you enter into a service agreement with.
- The Coordinator could transfer your Personal data to other organisations within the Paysera network. These transfers are normally required for the purpose of the provision of Paysera services to you. The exact nature and purpose of such transfers shall be listed on the Coordinator’s website.
- Your data may be transferred to a third country or international organisation. In case of transfers referred to in Article 46 or 47, or Article 49(1) of the GDPR, the appropriate required safeguards shall be undertaken in cases of personal data transfer.
This information is required under Article 14 of the GDPR for all organisations from which the Coordinator and the Partners have received Personal data that has not been provided directly by the Data subject.
Detailed information on collected Personal data, purposes of collection of the Personal data, providers of this Personal data, main groups of recipients, retention periods and other conditions are provided in the Privacy policies of Paysera and/or the Partners.
Joint Controller Agreement version until 20/07/2020