Privacy policy
Last updated: 08.11.2024Preamble
This Privacy Notice, along with our Terms of Service, describes how we collect, process, use, and disclose your personal data that you provide to us while using our website e.pn.
When you register with E.PN, log in, use your wallet to make payments, contact customer support, fill out any forms on the website or submit any data through the ticketing system, we will collect, use and store your data in the same way as described in this Privacy Notice.
Definition of the personal data
Personal data shall be defined as any information relating to an identified or identifiable natural person (data subject), expressly or impliedly through reference to an identifier such as a name, identification number, location data or online identifier. In other words, personal data is any information about you that allows you to be identified.
How we collect and use personal data is described in this Privacy Notice.
Personal data we collect and process
We obtain certain personal data from you directly:
Information that you provide when you sign up
-
First and last name;
-
Email address;
-
Hashed password;
-
Telegram account (if provided);
-
Skype ID (if provided).
Information required to verify your account
-
Mobile phone number;
-
Identity document photo/scan and data, such as document type, issuing country, number, expiry date, information embedded into document barcodes (may vary depending on the document), security features;
-
Facial image data, such as photos of the face (including selfie images) and photo or scan of the face on the identification document, videos, sound recordings;
-
Biometric data, such as facial features.
Information required to initiate or receive a bank transfer
-
Proof of address document;
-
Document confirming your citizenship/residence permit;
-
Documents required to prove the source of funds;
-
Details of your bank account, including the account number, sort code, IBAN, comment on your payment;
-
Payment-related details (amount, currency, time, etc.).
Information required to prevent fraud and misuse of your account
-
Information required to prove the source of funds (for example, bank statements, verbal explanations, screenshots);
-
Information needed to indicate the purpose and economic sense of the challenged transaction;
-
The information you fill out on the questionnaire to show that you are acting of your own free will and understand what you are doing.
Information required to communicate with E.PN
-
Your contact email;
-
Content of your communication, messages, and files you attach to your messages;
-
Unique ticket system identifier;
-
Technical data related to your messages (including date, time zone, environment, etc.).
Transaction information
-
Details of your wallets, unique identifier in the E.PN System;
-
Payments performed within your account, including date, time, amount, currencies, participants associated with the transaction, messages sent and received with the payment, merchant information, payment methods used, technical usage data, and geolocation information;
-
Bank card details that you may connect to your E.PN account, such as cardholder name, expiry date, first 6 and last 4 digits of the card number.
The way we use your personal data
We use your personal data for various purposes, including:
-
To provide ourservices and maintain your account;
-
To process transactions and send notices about your transactions;
-
To verify your identity and prevent fraud, money laundering, and other illegal activities;
-
To improve ourservices and customize your experience;
-
To communicate with you and respond to your inquiries, feedback, and complaints;
-
To comply with legal and regulatory requirements.
Sharing your personal data with third parties
We may disclose your personal data to third parties in limited circumstances:
-
With service providers who help us operate our business and provide our services;
-
With law enforcement agencies, regulatory bodies, and other authorities when required by law or to protect our rights and the rights of others;
-
With other users of our services, when necessary to facilitate transactions or resolve disputes;
-
In the event of a merger, acquisition, or sale of our business or assets.
Data security
We take appropriate technical and organizational measures to ensure the security of your personal data, including encryption, access controls, and regular security audits.
Your rights
You have the right to access, correct, delete, or restrict the processing of your personal data. You also have the right to object to the processing of your personal data, request data portability, and withdraw your consent at any time.
Amendments
We may update this Privacy Notice from time to time to reflect changes in our practices or applicable laws and regulations. We will notify you of any significant changes and update by publication on official site.
Information from your device
-
Tabs: Permission is needed to determine when a user is in the Facebook advertising cabinet (https://facebook.com/) and display the corresponding buttons within the extension.
-
Storage: Access to storage is needed to use browser-level caching and save general data used in various components of the extension (e.g., token).
-
Cookies: Access to cookies is necessary to automatically authorize a user if they are logged in on the E.PN platform (https://e.pn/). Only the cookie token is read from this platform.
-
Scripting: Permission is needed to directly and automatically insert card data in the Facebook advertising cabinet (https://facebook.com/).
-
Host permissions: Permission is needed so that the extension can read and interact with cookies and tabs on E.PN (https://e.pn/) and Facebook (https://facebook.com/) resources.
Remote code execution
-
Remote code: The extension uses a separate script, which is located inside the extension and is responsible for ensuring that the user's card data can be automatically inserted into the appropriate fields in the Facebook advertising account (https://facebook.com/) for quick and convenient payment for an advertising campaign. This functionality streamlines the user experience and minimizes the time spent on manual data entry.
Information we may receive from third parties
-
Information from payment systems (Visa, Mastercard, UnionPay), payment service providers;
-
Information received from card schemes, card program managers;
-
Information from public authorities and law enforcement agencies;
-
Information received via public sources (for example, company registers and enhanced due diligence services).
Legal basis and use of your personal data
We only process your personal data where a lawful basis exists. We may rely on the following:
-
Performance of a contract we enter with you;
-
Our legal obligation;
-
Our legitimate interests, taking into consideration your rights, interests, and expectations;
-
Your consent.
A) Performance of a contract we enter with you
We process your personal data to provide you with E.PN services based on the Terms of Service that you accept when you sign up in our system. We collect your data to set up and administer your E.PN account.
Moreover, we also process your data to ensure secure access to your E.PN account when we send you a one-time password or other access codes.
We use your data to process transactions you make with your E.PN account, such as transferring funds, making payments, adding money to a wallet, or withdrawing funds.
We process your data when you obtain an IBAN. To achieve this, we share data with third parties who provide such services.
We may send you important information about the system, login confirmation, suspicious authorization attempts and completed transactions notifications, as well as provide technical and customer support.
We process personal data to assist you in resolving issues related to the use of E.PN when you contact customer support via ticket, email, or phone.
B) Our legal obligation
We process your personal data to comply with our legal obligations, in particular the requirements of anti-money laundering and terrorist financing legislation, to verify and confirm your identity as part of the KYC procedure.
When you request an IBAN or initiate a bank transfer, we also send your data to the providers of these services to meet AML requirements and follow KYC rules.
We may use your data to assist any law enforcement authority with their investigation or disclose data required by a court order as we may be obliged by law.
C) Our legitimate interests
We may use anonymized and aggregated data to analyze how customers use our services and evaluate the quality and convenience of our product, site operation, and functionality.
Likewise, we may also use your data to notify you about changes to our policies or new features of E.PN.
We take a risk-based approach to assess both the profile of users and the transactions they make, as well as to detect and prevent fraudulent and other illegal activities. We collect, use, and store personal data for these purposes.
When you contact the support service, we keep a record of the conversation. We do this to improve the quality of our services and products, protect our interests in case of disputes, evaluate the quality of the work of the support staff, and train them.
D) Your consent
You may opt in to receive emails about our products and services, and allow us to measure the performance of marketing emails and analyze product use. You may withdraw your consent at any time.
To verify your account, we ask you to go through the liveness test to make sure that you are a living person and the documents submitted really belong to you. To achieve this, you will need to turn on the camera and turn your head so that the neural network can analyze the individual features of your face. Such analysis constitutes the processing of a special category of personal data and can only be carried out based on your consent.
The term of the consent is limited to the achievement of the purpose of the liveness check, so the data processing is terminated immediately once it is completed. The data collection and processing are carried out by a third party, acting as a data processor on our behalf. You can read more about this in the “Disclosure of personal data to third parties” section.
Automated decision-making
We use an automated risk assessment system to analyze the risk profile of users and ongoing transactions to prevent illegal and fraudulent activities. However, any significant decisions that may impact you will be taken by our employees based on a manual review.
Cookies and browser permissions
-
Tabs: Permission is needed to determine when the user is in the Facebook Ads Manager (https://facebook.com/) and display the corresponding buttons within the extension.
-
Storage: Access to storage is needed to use browser-level caching and save general data used in various components of the extension (e.g., the token).
-
Cookies: Access to cookies is necessary to automatically authorize the user if they are logged in on the E.PN platform (https://e.pn). Only the cookie token is read from this platform.
-
Scripting: Permission is required to directly and automatically insert card data in the Facebook Ads Manager (https://facebook.com/).
-
Host permissions: Permission is needed for the extension to be able to read and interact with cookies and tabs on E.PN resources (https://e.pn/) and Facebook (https://facebook.com/).
How we keep your data secure
We are committed to ensuring that your personal data is protected. We take a variety of security and organizational measures to ensure the safety of your data when you enter it on the site or otherwise provide it to us.
Furthermore, we use data encryption techniques and authentication procedures to prevent unauthorized access to our system and your data. Only authorized employees are granted physical access to the premises where data is processed and stored. The premises are being monitored.
All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology. Card payment information encryption is compliant with PCI DSS.
We authorize access to your personal data only for those employees who need it based on their job requirements (for example, customer support staff). All employees who access personal data are bound by a non-disclosure agreement. We implement continual training for our employees in regard to ensuring the security and confidentiality of personal data.
We continuously improve our security procedures to comply with the best industry standardsand maintain a high level of personal data protection.
We recommend you also adhere to some simple rules that will help ensure your safety. Never use the same password for multiple accounts on different sites and always use a strong password with mixed case letters, numbers, and symbols. Do not tell anyone your E.PN wallet password. Please remember that our employees never ask for user passwords. If someone pretending to be an E.PN employee asks you for your password or other login information, do not give it to them and notify us immediately by email at [email protected]
How long we store your data
Your personal data will be retained as long as necessary for the specific purpose for which it was collected.
The data we collect for AML compliance and anti-fraud purposes will be kept for 5 years after you close the account. All data will be deleted when the statutory retention period is over and the purposes of using the collected information are achieved.
Disclosure of personal data to third parties
To provide our services, we may need to share your information with third parties.
Personal Data may be transferred to the following categories of Personal Data processors:
− Companies providing technical support of the System operation, including server and hosting companies;
− Companies providing analytical services, advertising partners and other companies related to improving the operation of the System;
− Payment Processors;
− Government authorities or legal advisors in case of suspected criminal or illegal behavior;
− Persons/companies with whom the E.PN enters into a business transaction or is negotiating a business transaction involving the sale or transfer of all or part of E.PN’s business or assets. Such transactions may include any mergers, financings, acquisitions, and bankruptcy transactions or proceedings;
− Auditors and other review organizations;
− Other persons/companies if necessary for the proper provision of services to the Customer and/or if required by E.PN pursuant to law or an order of an authority.
E.PN shall protect Personal Data when it is transferred to recipients outside the EEA and takes all steps reasonably necessary to ensure that Personal Data is processed securely in accordance with this Privacy Policy. However, the Customer acknowledges that it understands and accepts that these countries may have different laws that provide a lower level of protection for Personal Data and that such Personal Data may become subject to disclosure laws and requirements in those countries, including disclosure to governmental authorities, regulatory agencies and individuals, as a result of a relevant governmental or regulatory request, court order or other similar process.
Cross border transfer of data
Some of our partners and employees may be located outside the European Economic Area (EEA), so we may transfer data to third countries. Such a transfer may only take place if appropriate guarantees are in place to ensure an adequate level of protection of the rights of the personal data subjects.
Our partners and providers are required to provide an adequate level of data protection in accordance with the terms of the contract we enter into with them.
Links to other websites
Our website may contain external links to third-party resources, such as the services of our partners. We can't control how third parties use your information for their purposes, so please review the Privacy Policies of these websites.
Your rights
You have the right to exercise control over the way in which your personal data is processed:
-
Right to be informed. You are entitled to know how and why we process personal data. Therefore, we publish this Privacy notice and are always ready to answer any of your questions.
-
Right of access. You can ask us to confirm whether we are processing your personal data. You can ask for detailed information about how we collect, process, use, store and share your data.
-
Right to rectification. We strive to maintain the integrity of the data we store and keep it up to date. Therefore, you can always ask us to clarify and correct outdated or inaccurate information.
-
Right to erasure/Right to «be forgotten». You may request to delete your personal data. However, if we are required by law to still retain it, then the right to erasure will not apply to such processing.
-
Restrict and object to processing. You may restrict or object to the processing of your personal data.
-
Right to data portability. You can ask us to transfer your data to another entity providing similar services, if it is technically possible to do so and unless it is not restricted by law. The data will be transmitted in a structured, commonly used, and machine-readable format.
-
Right to withdraw consent. Where the processing is based on your consent, you may withdraw it at any time by changing your account settings or by sending an e-mail to [email protected]. You can opt out of receiving materials from us electronically by clicking the «unsubscribe» link in e-mails
-
Right to complain. You may lodge a complaint if you feel like your rights have been violated.
We will reply to your request within 30 days once we receive it. If we expect that responding to you would take longer, we will let you know.
Before we provide you with any confidential information, we must ensure that you are indeed the person you claim to be. For example, we will ask you to send a request from the mail associated with your E.PN account, or in some cases to pass SumSub verification.
However, where requests are obviously unreasonable or excessive, in particular because of their repetitive nature, we may charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action.
Kindly note that there may be legal reasons when we will not be able to fulfill your request.
Filing a complaint
You may find the relevant document with the full information regarding the process of filing a complaint. Please familiarize yourself before taking actions of any kind.
Amendments
We may update our Privacy Policy from time to time. In case of significant changes, we may notify you of them by e-mail or by publication on site.
Contact us
You are welcome to send your questions and comments regarding our Privacy notice to our Data Protection Officer at [email protected].