Principles of data processing of visitors

Privacy Policy and Cookies

 

This Privacy Policy sets out the principles of personal data processing and protection in connection with the use of the service available at https://softpos.eu/ (hereinafter the "Service").

 

If this document refers to GDPR, it should be understood as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

The Administrator shall make every effort to protect the privacy of the users of the Website and any data and information that have been obtained in connection with the use of the Website. The Administrator selects and applies protection measures with due diligence, both programming and organisational, thus ensuring protection against their disclosure, loss, destruction, unauthorized modification or processing in violation of the applicable laws.

The data collected by the Administrator shall be processed in accordance with the law, respecting the principles of fairness and transparency, shall be collected to the minimum extent necessary for the specified purposes and processed in accordance with them, shall not be subject to further processing incompatible with those purposes, shall be adequate and correct in relation to the purpose, and shall be stored in a manner enabling the identification of data subjects.

 

  1. The controller

 

The administrator of personal data processed in connection with the use of the Website is SoftPos S.A. with its registered office in Warsaw, Prosta Street 68, 08-838 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000773538, holding the following tax identification number (NIP): PL9462686806

 

In all matters concerning personal data, please contact the Administrator at his e-mail address: [email protected].

 

  1. Processed data

 

When using the Service, the Administrator collects information concerning the user's device in order to ensure the correct functioning of the Service: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity in the Service, including on individual subpages; if the user has consented to this, the Administrator also collects geolocation information in order to provide more tailored offers of products and services.

 

The above information collected in the course of using the Service does not include data concerning the identity of natural persons, however, in combination with other information, it may constitute personal data, and therefore the Administrator shall fully protect it.

 

Through the Service or by using the contact data available in the Service, the Administrator may be contacted by means of requests concerning cooperation and employment. In such a case, the Administrator processes the data provided in the application, including first name(s) and surname(s); first names of parents; date of birth; place of residence (mailing address); education; course of previous employment, contact details such as the telephone number or e-mail address provided.

 

  1. The purpose and legal basis of data processing.

 

Personal data collected in connection with the use of the Service or transferred through the Service or using the contact data available on the Service shall be processed for the following purposes:

 

In order to ensure the correctness of the operation of the Service, to inform about the Administrator's activity, for analytical and statistical purposes, to ensure the information and communication security of the Service, to consider complaints, to defend against claims and to establish and enforce claims. The legal basis for the processing of personal data for these purposes is Article 6(1)(f) of the TCO, i.e. the legally justified interest of the Administrator.

In order to conduct the recruitment of persons interested in working or cooperating with the Administrator. The legal basis for the processing of personal data for this purpose is Article 6(1)(c) and Article 6(1)(a) of the TOP.

 

In order to fulfill the legal obligations incumbent on the Administrator, such as tax, accounting or statistical obligations - resulting from the applicable regulations. The legal basis for the processing of personal data for this purpose is Article 6(1)(c) of the PCO.

 

  1. Is it obligatory to provide data?

 

Providing personal data is voluntary. The User is not obliged to provide data, however, depending on the circumstances, refusal to provide them may prevent or hinder the use of the Website or contact with the User.

 

  1. Powers related to the processing of personal data

 

The data subject has the right to obtain confirmation from the Administrator whether his or her personal data are being processed. If such a person's data are processed, he or she is entitled to access them and obtain the following information: the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period of storage of the data or the criteria for their determination, the right to request the rectification, erasure or restriction of the processing of personal data to which the data subject is entitled and to object to such processing, information about the right to lodge a complaint with the supervisory authority; if the personal data have not been collected from the data subject, all available information about the source of the data; information about automated decision making, including profiling; information about adequate safeguards for the transfer of personal data to a third country or international organisation. (Article 15(1) and (2) of the COB);

The data subject has the right to obtain a copy of the data to be processed, the first copy being free of charge, and for subsequent copies the controller may impose a reasonable charge resulting from the administrative costs (Article 15 (3) RBO);

 

A data subject has the right to request the rectification of personal data concerning him/her that are incorrect or to supplement incomplete data (Article 16 of the GPC);

 

The data subject has the right to request the erasure of his/her personal data in the cases indicated in Article 17 (1) of the GCRL, in particular if the controller no longer has a legal basis for their processing or the data are no longer necessary for the purposes of processing.

 

The data subject has the right to demand a restriction of personal data processing by the controller (Article 17(1) of the GDPR). 18 of the TRO), where: the controller contests the accuracy of personal data - for a period of time allowing the controller to verify the accuracy of such data; or the processing is unlawful and the data subject opposes their erasure by demanding the restriction of their use; or the controller no longer needs the data, but the data subject needs the data to establish, pursue or defend his/her claims; or the data subject has objected to the processing - until it is established whether the legitimate grounds on the part of the controller take precedence over those of the data subject

 

The data subject has the right to receive in a structured, commonly used machine-readable format personal data concerning him/her which he/she has provided to the controller and to request that the data be sent to another controller, if the data are processed on the basis of the data subject's consent or an agreement concluded with him/her and if the data are processed by automated means (Article 20 of the GPC);

 

The data subject has the right to object to the processing of his/her personal data for the legitimate purposes of the Controller, for reasons related to his/her particular situation, including profiling. In such a case, the Controller may no longer process these personal data, unless the Controller demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims. (Article 21(1) of the GDPR);

 

Where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, in so far as the processing is related to such direct marketing. Where the data subject objects to the processing of personal data relating to him/her for the purposes of direct marketing, personal data may no longer be processed for such purposes. (Article 21(2) and (3) GDPR)

 

Where data are processed on the basis of consent, it may be revoked at any time.  The withdrawal of consent shall not affect the lawfulness of the processing of personal data carried out on the basis of consent prior to its withdrawal.

 

The data subject has the right to lodge a complaint with the supervisory authority in the Member State of his or her habitual residence, place of work or place of establishment if he or she believes that the processing of personal data concerning him or her violates the TCO.

 

  1. Disclosure of data to other parties

 

Data may be disclosed to entities indicated in the legislation providing for the obligation to disclose certain data (e.g. administrations, tax authorities, courts, etc.).

The data may be disclosed to entities providing services to the Administrator to whom the Administrator has entrusted the processing of personal data on the basis of agreements concluded with these entities. This applies, for example, to entities providing accounting, legal, marketing, postal, courier, technical, IT, etc. services.

 

  1. Transfer of data to third countries or international organisations

 

The controller shall not provide for transfers to third countries or to international organisations. However, the controller may use services related to the use of analytical tools, e-mail services, IT tools, providers of IT solutions including hosting services of entities from third countries (e.g. Google, Microsoft, Facebook, Twitter etc.).  Insofar as such use would involve the transfer of data to third countries, this will only be possible if adequate safeguards are in place and if there are enforceable data subjects' rights and effective legal remedies. Adequate safeguards shall be provided by means of the standard data protection clauses referred to in Article 46(2)(c) TODO.  In addition, the controller shall apply additional technical safeguards such as data encryption both during the transfer and in the so-called 'state of rest'.

 

  1. Data retention period

 

The storage period depends on the purpose of the processing and is limited to the time when the intended purpose is achieved.

The data processed in order to ensure the correctness of the Service's operation, for analytical and statistical purposes, as well as to ensure the Service's ICT security, shall be stored until the legally justified interest of the Administrator is realised.

The data processed for the purpose of conducting information and marketing activities of the Administrator's products or services shall be stored until the withdrawal of consent for processing, and when such data is processed on a basis other than consent, until an objection is raised.

The data processed for the purpose of recruitment of persons interested in working for or cooperating with the Administrator shall be stored until the recruitment process is completed or consent to the processing of such data is withdrawn.

The data processed for the purpose of fulfilling the Administrator's obligations, such as tax, accounting or statistical obligations shall be stored for the period resulting from the applicable regulations imposing such obligations on the Administrator.

The data processed for the purpose of processing complaints, defending against claims and determining and asserting claims shall be stored until the statute of limitations expires or claims are asserted.

 

  1. Data processing in an automated manner

 

The controller shall not process the data by automated means, including in the form of profiling, in such a way that any decisions may be taken, other legal effects may arise or would otherwise affect the data subject as a result of such automated processing.

During the use of the Service, information related to browsing the content of the Service is automatically collected, such as the number and source of visits, the time of the visit, the content viewed, the number and type of subpages opened, references used, or the IP number of the computer. This information is not combined with personal data of the Users. We use this information exclusively for the purposes of market research and Internet traffic within the Service and for statistical purposes.

 

  1. Cookies

 

The Website uses small files called cookies. These files are saved and stored on the computer or other end user's device. Cookies are installed if the browser settings allow it. Cookies usually contain the name of the domain they come from, the time of their storage on the Device and the assigned value.

Cookies are used in order to optimize the process of using the Website, to collect statistical data that allow to identify the use of the users of the Website. They are also necessary to maintain the user's session after he or she leaves the Service.

The Service uses two basic types of cookie files:

Session (temporary) cookies: they are stored on the terminal device and remain there until the end of a browser session. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not allow for downloading any personal data or any confidential information from the terminal device.

Permanent cookies: they are stored on the terminal device and remain there until they are deleted. Ending a session of a given browser or switching off the device does not cause their deletion. Permanent Cookies do not allow the collection of any personal data or any confidential information from the terminal device.

At any time, it is possible to change the settings concerning cookies, including blocking cookies. However, such action may hinder or prevent the use of the Service.

The change of settings concerning cookies is made in the Internet browser. Already installed cookies can be removed manually at any time. Detailed instructions and information concerning cookies are contained in the help menu of the Internet browser currently used by the user.

Cookie files placed in the final device of the Service User and may also be used by partners cooperating with the Administrator, such as Google Analytics, Facebook, Twitter, Youtube.

More information about cookies is available in the "Help" section of the Internet browser menu.

 

  1. Changes

 

Changes to the Privacy Policy and Cookies will be published on the Website. These changes will be effective only for the future and will come into force upon acceptance of the modified privacy policy, of which the User will be notified via the so-called pop-up.

Not now
Accept

Worldline announces the acquisition of a majority stake in SoftPos.eu

Worldline, a global leader in payment services, today announces the closing of the acquisition of a 55% stake in SoftPos.eu, a Warsaw-based fintech that converts Android devices into secure payment terminals. This acquisition fully embeds Worldline’s objective to provide payment solutions that are adapted to all forms of commerce and serve the business ambitions of its clients. Based on SoftPos.eu, Worldline is launching a new product internationally: Worldline Tap on Mobile.

sp wl-1.jpg

Based in Poland, SoftPos.eu was created in 2019 by two payment entrepreneurs: Grzegorz Nowakowski and Biser Jorgow, supported by a financial investor P2 Invest, managed by Howard Polinski. The fintech converts regular Android devices into secure payment terminals, enabling merchants to accept card payments without the need for additional hardware.

As part of its strategy, Worldline is exploring new adjacencies in its value creation journey through technologies and products acquisitions. Together with SoftPos.eu, several partnerships with substantial value creation have been launched. Worldline is truly convinced by the fintech go-to-market and product development added-value, as a pivotal addition to the Group’s existing suite for merchants. Supported by SoftPos.eu technology, Worldline will leverage its vast portfolio, from onboarding to acquiring, and enhance customer value across all verticals.

Worldline Tap on Mobile

Worldline Tap on Mobile is a unique end-to-end solution based on Android application that allows all merchants – from micro to large – to accept payments using a smartphone, tablet, or enterprise device through one single tap. The solution is designed to accept small amounts simply by “tap” but also larger amounts with PIN entry on the screen.

Worldline Tap on Mobile will support the growth of its clients with:

  • Modern, convenient, easy, and fast acceptance of contactless payments
  • Flexibility, with no additional hardware needed, suited for all verticals
  • Secure, PCI-certified solution, with pin-entry for high value payments
  • Cost-effective solution replacing or complementing their existing fleet
  • Integration capabilities with third-party applications

Worldline Tap on Mobile is the first payments application certified by Zebra Technologies. Zebra Technologies is a global leader in enterprise asset intelligence, providing handheld devices for a large variety of verticals. The product has been fully certified by Zebra and makes Worldline the first payment partner of Zebra globally. Through this partnership, specialized integrators and partners in all segments can add payment to their customers’ offering over their Android devices.

Niklaus Santschi, Head of Merchant Services at Worldline, commented: “There is an appetite towards mobile payments from both consumers and businesses sides. With SoftPos.eu acquisition and the concrete business materialization of Worldline Tap on Mobile, Worldline is now providing its clients with full suite of solutions adapted to all growth ambitions. Complementing our existing offers, Worldline Tap on Mobile offers convenience and flexibility to all sizes of commerce, it is all about a single - and safe - tap. Worldline is now covering by itself a new core feature in the payments value chain, enabling to deploy it on demand, for both existing and new clients. This marks a new key strategic positioning for our company in the current landscape, with many business opportunities for us, and we’re just excited about the road ahead.”

Grzegorz Nowakowski, CEO of SoftPos.eu, commented: “Worldline was the first major player to believe in SoftPos, its team and its product. Back in 2020 when we were launching our co-operation, the market for app-based terminals was much smaller than it is now. From the very first day we felt that only with support from a strong strategic partner we will seize the full opportunity to grow. Now we can clearly see that we were right. We are extremely happy that the appreciation was mutual, and we have come to this investment stage. SoftPos.eu has built an advanced but easy-to-use technology already actively used by multiple merchants of all sizes across Europe. Having Worldline as our strategic investor means strong support both in further product development as well as sales to other markets and merchants.”

Howard Polinski, Managing Partner at P2 Invest, commented: “I am very happy that vision of Grzegorz and Biser supported by investment by P2 Invest, have resulted in creating a technology and market leader, whereas it acquisition by Worldline is the best proof of our joint success. I am convinced that acquisition of SoftPos will further strengthen Worldline’s leadership position in the payments area.”