TPML Privacy Policy

This policy explains when and why we collect personal information about you, how we use it, under what conditions we share it with third parties, and how we keep it secure.

TPML is committed to protecting the privacy of your information. By “your data,” “your personal information,” and “your information,” we mean any personal information about you that you or third parties provide to us.

We may change this policy from time to time. Please check this page regularly to make sure you agree with any changes.

Who are we

Transact Payments Malta Limited (“TPML”, “we”, “our” or “us”) is the issuer of your card and is the data controller for the personal data that you only provide to us in connection with the card. TPML is an e-money institution authorized and regulated by the Malta Financial Services Authority. Our registered office address is Vault 14, Level 2, Valletta Waterfront, Floriana, FRN 1914, Malta and our registered company number is C91879.

Card Compact Limited is the program manager for your card program and is the data controller for any personal data that you provide that is not related to the card. Card Compact Limited is registered in England and Wales and has its registered office at 483 Green Lanes, London, N13 4BS, and the company registration number is 07703826.

How do we collect your personal information?

We collect information from you when you submit a payment card request online or via a mobile app that is issued by us. We also collect information when you use your card to make transactions. We may also process information from the Program Manager, other third-party payment partners, and service providers. We also obtain information from third parties (such as fraud prevention agencies) who can compare your personal data with the information in the electoral register and/or other databases.

When we process your personal data, we rely on legal bases in accordance with data protection laws and this privacy policy. You can find more information about this at: On what legal basis do we process your personal data?

On which legal basis do we process your personal data?

treaty

The provision of your personal data and the processing of this data by us is necessary so that we can fulfill our obligations under the contract (known as a cardholder agreement or cardholder conditions or similar) that we conclude when you sign up for our payment services. Processing may sometimes be necessary so that we can take certain steps or, at your request, before concluding the contract, such as verifying your information or your eligibility to use payment services. If you do not provide the personal information we request, we will not be able to enter into a contract to provide payment services to you or will take action to end a contract with you.

Legal/Regulatory

We may also process your personal data to comply with our legal or regulatory obligations.

Legitimate interests

We or a third party may have a legitimate interest in processing your personal data, for example:

  • To analyze and improve the security of our business;
  • Anonymization of personal data and subsequent use of anonymized information.

What type of personal data do we collect from you?

When you order a card, we, our partners or service providers, collect the following information from you:

full name, home address, email address, mobile phone number, phone number, date of birth, gender, login details, IP address, identity and address verification documents.

When you use your card to make transactions, we store this transaction and financial information. This includes the date, amount, currency, card number, cardholder name, account balances, and the name of the merchant, creditor, or supplier (such as a supermarket or retailer). We also collect information about payments made to your account.

How is your personal data used?

We use your personal information to:

    • Set up your account, including editing your card sign up, creating your account, verifying your identity, and printing your card.
    • to manage and service your account, including processing your financial payments, handling correspondence between us, monitoring your account for fraud, and providing a secure internet environment to transmit our services.
    • comply with our legal requirements, including anti-money laundering obligations
    • to improve our services, including creating anonymous data from your personal data for analytical purposes, including training, testing, and system development.

Who do we share your information with?

When we use third-party service partners, we have contracts with them that require them to keep your information secure and confidential.

We may share your information with the following categories of companies:

    • identity verification agencies to carry out the required verification, comply with regulations and prevent fraud;
    • information security services organizations, web application hosting providers, mail support providers, network security services providers, and software/platform developers;
    • service providers for the destruction of documents;
    • Mastercard, Visa, digital payment service partners, or other third parties involved in processing financial transactions you make;
    • Any person to whom we may lawfully transfer or transfer our rights and obligations under this contract;
    • Any third party as part of a restructuring, sale, or acquisition of TPML or an associated organization, provided that the recipient is using your information for the same purposes for which it was originally provided to us and/or was used by us.
    • Regulatory and law enforcement agencies, regardless of whether they are based within or outside the European Economic Area (EEA), if the law requires us to do so.

Transfer of personal data abroad

In order to provide you with services, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), such as:

  • with service providers outside the EEA,
  • if you are based outside the EEA
  • when there is an international dimension to the services we offer.

These transfers are subject to special rules under European and Maltese data protection law.

These countries outside the EEA do not have the same data protection laws as Malta and the EEA. However, we will ensure that the transfer complies with privacy regulations and that all personal information is secure. We will send your data to countries where the European Commission has made an adequacy decision. This means that the legal regulations in the country concerned ensure an adequate level of data protection for your personal information. You can find more information about this here.

When we send your data to a country where the European Commission has not made an adequacy decision, our standard practice is to use standardized data contract clauses approved by the European Commission. To obtain a copy of these clauses, please visit the European Commission's website.

If you need more information, please contact our data protection officer using the contact details below.

How long do we store your personal data?

We keep your information for a period of five years after the end of our business relationship to comply with our obligations under applicable law, such as anti-money laundering and fraud prevention regulations. If applicable law or changes require us to keep your information for a longer or shorter period of time, we will do so. We will not keep your data longer than necessary.

What are your rights with regard to your personal data?

You have certain rights with respect to the personal data we process:

  • You can request a copy of it, either parts of it or everything.
  • You can ask us to correct any data that you think is inaccurate.
  • You can ask us to delete your personal information (if applicable).
  • You can ask us to restrict the processing of your personal data.
  • You can object to the processing of your personal data (if applicable).
  • You can request the right to data portability.
  • If you would like us to take any of these actions, please send an email with your request to the Data Protection Officer at DPO@transactpaymentsltd.com.

How is your information protected?

We recognize the importance of protecting and managing your personal information. All personal data processed by us is handled carefully and securely.

Here are some of the safety measures we're taking:

  • We use various physical and technical measures to keep your personal information safe.
  • We have detailed information security policies to ensure the confidentiality, integrity, and availability of information.
  • Your data is stored securely on computer systems, with limited access.
  • Our staff regularly receives training on data protection and information security.
  • We use encryption to protect data at peace and anonymization when possible.
  • We have appropriate security controls to protect our IT infrastructure and employee computers, including identity and access management, firewalls, VPN, antivirus, advanced email threat protection, and more.
  • We conduct regular audits, such as PCI-DSS, to ensure that we comply with appropriate security controls to protect your data.

Although we take all reasonable steps to ensure that your personal information is protected from unauthorized access, we cannot guarantee that it is secure while transmitted by you to the appropriate mobile app, website, or other services over the Internet. However, once we have received your information, we make reasonable efforts to ensure its security on our systems.

grievances

We hope that our data protection officer can address any questions or concerns you may have about our use of your personal information.

The General Data Protection Regulation also gives you the right to file a complaint with a supervisory authority, in particular in the EU member state (or European Economic Area) in which you work, normally live, or where data protection breaches have allegedly taken place. The supervisory authority in Malta is the Office of the Information and Data Protection Commissioner.

Here are their contact details:

IDPC,

2nd floor, Airways House, Triq il-Kbira, Tas-Sliema, SLM1549, Malta

(+356) 23287100/ info@idpc.org.mt

Other websites

Our website may contain links to other websites. This privacy policy only applies to our website. We therefore recommend that you read the privacy statements on the other websites that you visit. We cannot be responsible for the privacy policies and practices of other websites, even if you access them via links from our website.

Changes to our privacy policy

We regularly review and continuously update our privacy policy to meet business needs and data protection regulations. We will notify you of any such changes. This privacy policy was last updated on August 7, 2023.

How you can contact us

If you have any questions about our privacy policy or the personal information we hold about you, please email our data protection officer at DPO@transactpaymentsltd.com.

By clicking on”accept“  you agree to the storage of cookies on your device to improve site navigation, analyze site usage, and support our marketing efforts. For more information, see our Privacy statement.

Cookie SettingsReject allAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
uk flag
English