Your privacy is very important to us. We commit to collecting only information about you that is important for offering and improving our products and services and complying with our legal obligations. We want our customers and website visitors to understand why and how we use their data, and what are their rights. We therefore ask you to read the following carefully.
This policy applies to information we collect when you sign up for Adson, access or use any of our websites, mobile applications and products, speak with our team, or any other interactions you may have with us (collectively, the “Services”). We may update this policy from time to time and so recommend that you check this page regularly and be sure that you are content with any changes. Nevertheless, should we make any material changes to this policy, we notify our users by newsletter, email or an internal message displayed when logging in to our website or opening our mobile application.
We, Adson AS, the data controller, are a payment institution authorised by the Estonian Financial Supervision and Resolution Authority and a public limited company, incorporated in Estonia. Our registration number is 14892025 and registered office address is Keemia tn 4, 10616, Tallinn, Estonia.
1.1. When you visit our website or use our mobile application, your browser transmits data to our web server for technical reasons. This involves the following data (so-called server log files): IP address, date and time of the request, time zone difference to Greenwich Mean Time ("GMT"), content of the request (specific page), operating system, amount of data transferred, website from which the request comes (“referrer URL”), browser, language and version of the browser software.
We also store your interactions with the website including the use of our webchat.
This information is collected and stored in order to respond to your service requests quickly and competently, improve the function and security of our services, and comply with our legal obligation as a payment service provider to combat money laundering and terrorist financing.
The data is deleted after five years at the latest, unless it is required for the investigation and clarification of an incident.
The described measures are necessary to comply with our legal obligations and to ensure the security of our website, which is in our legitimate interest and that of the customers of our payment services within the meaning of Article 6 GDPR.
1.2. When you register for an account (“Account”) we collect the personal information which you enter and from any documents you provide, such as your national identity card. We also collect the information about your business which you enter and from the documents you provide.
In order to payout to you based on the card transactions that you perform we collect your bank account details.
In order to complete marketing or research surveys, we may from time to time collect other information when you register such as your interests and preferences.
In order to verify your identity as required by anti-money laundering laws and to prevent fraud we may collect information about you from third parties including your credit rating, financial history, court judgements, share capital, VAT number, company registration number, date of registration and ultimate beneficial owners.
When you use our Services, we collect information relating to your transactions including time, location, transaction amount, payment method and cardholder details, as well as your logins, password changes and use of our website and your interactions with us.
These steps follow our legitimate interest in the provision of contractual services within the meaning of Article 6 GDPR.
2.1. We use information we collect about you to deliver our Services and provide you with all relevant information, such as payout reports, security warnings and support messages.
2.2. We also may use information we collect about you to improve and tailor our services, such as offering or enabling functions of our Services for your company’s benefit.
2.3. We may use information we collect about you to share with you our news and service updates including promotions, incentives and rewards offered by us and / or partners unless you opt out of these communications. To opt out, email email@example.com. We can continue to provide our Services to you without these updates.
2.4. We may also use information collected about you to protect our rights and to investigate and prevent fraud or other illegal activities and for other purposes disclosed to you in connection with our services.
3.1. Your information will be processed by our internal teams in order to deliver our Services including onboarding, logistics, customer support, marketing, anti-money laundering/terrorism financing, anti-fraud, accounting and internal audit.
3.2. To the extent necessary to process payment transactions, provide services and/or ship goods to you, we may share information with third parties who perform functions on our behalf, including fraud prevention and verification service providers, financial institutions, processors, card payment organisations, logistics service providers and other legal entities that are part of the payment process or are used by us to provide further services or ship goods to you.
3.3. Transfer of data to third parties takes place only within the framework of the legal requirements and for the economic and effective operation of our business operations. We only pass on user data to third parties if this is required for contractual purposes, based on legitimate interests and/or with your consent, in accordance with Article 6 GDPR.
3.4. We may also share the information we collect about you with our carefully selected third parties for advertising campaigns, contests, special offers or other events or activities in connection with our services, if you have not opted out of such communications.
3.5. In the context of order processing and for the provision of our services, in particular for the operation, maintenance and hosting of the website and IT systems, we have taken appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
3.6. We may disclose information we have collected about you to third parties in connection with any merger, sale of any shares or assets in the company, financing, acquisition, disposal or dissolution of all or part of our business.
3.7. We may also disclose the information we collect about you (i) if the disclosure is necessary to comply with any applicable law or regulation; (ii) to enforce any applicable terms and conditions or regulations; (iii) to protect the security or integrity of our services; and (iv) to protect our rights.
3.8. In any case, we will always ensure that your information is processed exclusively in connection with the services and in accordance with these data protection provisions and applicable law.
4.2. We will only process data outside the EEA if it is necessary to fulfil our contractual obligations and with your consent, on the basis of a legal obligation or on the basis of our legitimate interests. In such an event, data is processed under the protections of Article 44 GDPR and special contractual obligations (“standard contractual clause”).
5.1. We use state of the art technical, contractual and organizational measures to ensure the security of data processing in accordance with data protection laws, particularly GDPR, and to protect against destruction, loss, modification and unauthorized access. These security measures include a Secure Socket Layer (“SSL”) which encrypts data transmitted between your browser and our servers, protecting against illegal third-party data access. Please note that SSL encryption is only active for Internet transmissions when the key symbol appears in the lower menu bar of your browser window and the address begins with “https://”. If this option is not available, you can also choose not to send certain data over the Internet.
5.2. This high level of security can only be effective if you follow certain security practices yourself including never sharing your Account or login details with anyone. If you believe that any of your Account login details have been exposed, you can change your password at any time through our website or mobile application, but you should always also immediately contact customer service.
5.3. Transmission of information over the Internet is not completely secure so we cannot guarantee the security of the transmission of your information to us. Any transmission is at your own risk. Once we receive your information, we use strict procedures and security structures to prevent unauthorised access.
6.1 Cookies are small text files that are placed on your mobile device or computer when you browse our website or use our applications.
Web beacons are small graphics or other web programming codes that are included in websites and email messages.
6.2 Cookies or web beacons never allow us to access any information about you on your computer, mobile device or any other device other than the information you provide to us.
We exclusively use the following cookies:
Type: necessary functional Cooke
Storage period: permanent (max. 180 days)
Content: country and language, e-mail
We expressly do not permit third parties the use or analyse your data for their own purposes (e.g., marketing).
6.5 Most web browsers automatically accept cookies, but you can set your browser to reject them. As our website requires cookies to function correctly, you will only be able to use our website to a limited extent or not at all in this case.
6.6 Some cookies may not be associated with us. If you visit one of our websites with embedded content from YouTube or Facebook, among others, cookies may be stored on your computer by these websites. We have no control over the distribution of such third-party cookies and recommend that you check these websites for information about these cookies and their privacy policies.
6.7 Our legal basis for processing personal data using cookies is Article 6 GDPR.
7.1. If you access links to third party websites via our website which are not owned by us, please be aware that these websites have their own privacy policies. We do not accept any responsibility or liability for these privacy policies. We recommend you review these privacy policies before you submit any information about you to these websites.
8.2. If you would like to request a copy of your personal data, or to amend, delete or update certain personal data or withdraw your consent to the processing of data from us, email us at firstname.lastname@example.org.
8.3. Your specific rights are:
(i) Access of information (Article 15 GDPR)
(ii) Corrections and Updates (Art. 16 GDPR)
(iii) Deletion of some or all of your personal data (Art. 17 GDPR)
(iv) Limit, restrict or stop processing of your data (Article 18 & 21 GDPR)
(v) Transmit your data to another controller without our hindrance (Art. 20 GDPR)
8.4. If you are not satisfied, you have the right to lodge a complaint with Estonian Data Protection Inspectorate (Article 77 GDPR). Adson will endeavour to satisfy all such queries as fully as possible.
Estonian Data Protection Inspectorate
Address: Tatari 39, 10134 Tallinn, Estonia
9.1. We are required by law to retain certain records of the information collected about you for a period of at least five (5) years after termination of your Account. Otherwise, we reserve the right to delete and destroy all of the information collected about you upon termination of your Account.
Retention obligations also arise from commercial and tax law, which depending on your jurisdiction may be six (6) years for accounting data and ten (10) years for tax related accounting, and commercial letters.
9.2. Notwithstanding the above, you have the right to request the deletion of your data. We may be required to hold certain data for five years from the date of request of deletion of data, for legal purposes. We cannot continue to provide our Service to you if you request the deletion of your data.
9.3. You can request the deletion of your data by emailing email@example.com. Your data will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements.
10.3 Any dispute arising from or in connection with these Terms, including without limitation any disputes regarding its valid conclusion, existence, nullity, breach, termination or invalidity shall be finally referred to and resolved by the courts of Estonia, except where prohibited by EU law. Notwithstanding the foregoing, Adson may initiate proceedings against you in any court and in any number of jurisdictions. Before referring the dispute to court, you and us will endeavour to resolve the dispute by amicable negotiations.