The CONTROLLER of the websites under the domain appla-x.com is the company applá Trading Ltd.
applá TRADING LTD is authorized and Regulated by Central Bank of Cyprus (CBC) and the European Central Bank (ECB). Registered with GoAML - MOKAS. applá payment Institution is wholly owned by applá Trading Ltd
According to the GDPR, the CONTROLLER establishes the purposes and means of personal data processing.
We understand that You are aware of and care about Your privacy, and we take that seriously and are committed to protecting Your privacy and handling Your personal data in a transparent manner in compliance with the requirements of the General Data Protection Regulation (EU) 2016/679 , the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) as amended and/or replaced from time to time, and any other applicable legislation. This Privacy Statement describes the policies and practices regarding our collection and use of Your personal data, as well as sets forth Your privacy rights.
When we process your personal data, such data is:
(i) Processed lawfully, fairly and in a transparent manner in respect to the data subject (‘lawfulness, fairness and transparency’); This means that we provide information to you in respect of the processing of your personal data (transparency), the processing matches the description given to you (fairness), and that it is based on at least one of the lawful basis set out in the GDPR (lawfulness).
(ii) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’); This means that we specify exactly what personal data is collected for, the purpose of use and limit the processing of personal data to only what is necessary to meet the relevant purpose.
(iii) Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’); This means that we do not process any personal data over and above what is required.
(iv) Accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay (‘accuracy’); This means that we have in place processes for identifying and addressing out-of-date, incorrect, or unnecessary personal data.
(v) Kept in a form which permits identification of data subjects only for the period necessary for the purposes for which their personal data are processed (‘storage limitation’); This means that we store personal data only for the max required period and delete them right after in such a way that limits or prevents identification of the data subject.
(vi) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
We collect and process different types of personal data provided by You, or Your representatives in the context of providing our products and services. We may also collect and process personal data, which we lawfully obtain from other entities of our group, public authorities, client introducers, or publicly available sources (such as online registers, websites, security searches and social media).
We collect information You provide when You:
• Fill in any of our documents.
• Correspond with us (either through the phone or email).
• Register to open an account or use any of our services.
• Execute transactions; or
• Contact us for any other reason.
• Such personal data may include, amongst others:
Government issued identifiers and other identification data, such as passport, identification card, social insurance number, tax identification number and any other document you have provided for identification purposes.
Contact information, such as name, surname, address (including proof of address e.g., utility bill), telephone, fax number, e-mail address country of residence, and details of the device you use (phone, computer or tablet);
Personal characteristics, such as date of birth and country/place of birth, nationality.
We may also collect non-personal information about You, which does not identify You as a specific individual. Such non-personal information that we may collect includes:
Browser and device data, for instance, IP address, operating system, and browser type. This is statistical data about the Website users’ browsing actions and patterns and does not identify any individual.
Cookie data, such as time spent on the Website, pages visited, language preferences, and other anonymous traffic data.
Company data, such as a company’s name, product and service offerings, jurisdiction.
We may process Your personal data for the following purposes:
• Meeting our obligations under our business relationship and/or agreement entered between us, including inter alia in relation to the provision of our financial services;
• Customer acceptance and onboarding procedures, customer communication, customer relationship purposes.
• Maintaining and developing our business with our customers or potential Customers.
• Developing identity verification procedures and processes for legal/regulatory compliance purposes.
• Conducting market research and carrying out marketing activities.
• Ensuring that content from the Website is presented in the most effective manner and to keep our website safe and secure.
• Allowing You to use interactive features of our website.
• Administering our website.
Your personal data is used only for the purpose for which we collected it, unless there are reasonable ground for using them for any other reason which is compatible with the original purpose. We process Your personal data for the purposes mentioned above on the following basis:
(a) Processing is necessary for compliance with a legal obligation: we are required by law to carry out various activities for prevention of fraud and money laundering.
(b) Processing is necessary for entering or performance of contractual obligations: we process Your personal data to carry out our contractual obligations towards You as our Customer or Payer.
(c) Processing is necessary for the purposes of the legitimate interests pursued by us: we process personal data based on our various legitimate interests, such as preventing crimes, fraud and money laundering activities, actions to manage our business and further develop our services, direct marketing, risk management, initiating legal claims and preparing a defense in the event of litigation, disclosing information to other data recipients such as our service providers, auditors and technology providers, and/or to monitor and improve our relationship with You and/or to keep our internal records and/or to monitor communication to/from You using our systems and/or to protect the integrity of our IT systems.
(d) Processing is based on Your consent. Insofar as You have granted us specific consent for processing, the lawfulness of processing is based on Your consent.
We will retain Your personal data for a period necessary to fulfil the purposes listed above unless a longer retention period is required or permitted by the applicable law. Please be aware that we may be required to retain Your personal data for various legal or regulatory reasons, for example, to ensure that transactions are appropriately processed, settled, refunded or charged-back, as well as to investigate any potential fraud and to comply with anti-money laundering and counter-terrorism financing laws and other legal requirements. This means that in the event where You, in the capacity of a Payer or a Customer, cease to make use of our services, we will still retain certain personal data in order to carry out our legal obligations.
In certain circumstances we may disclose the personal data we have gathered about You to the following categories of recipients:
Our group companies. To provide our services/products, we share personal data with our group companies. We are the entity responsible for the general use of personal data by other group companies in relation to the services/products provided by us.
Global compliance databases in line with our Know-Your-Customer and Due Diligence procedures.
Third-party service providers. We disclose personal data to service providers only when it is necessary to ensure the provision of our services, including, but not limited to processing of payments/transactions, or other added value providers.
Our IT service providers and other companies who assist us with the effective operation of our business by providing technological expertise, penetration testing, file storage and record management, logistic services and solutions and other subcontractors.
Third parties in relation to a legal obligation or if we are permitted to do so by law. In certain circumstances we may be under an obligation to disclose or share Your personal data with auditors, regulatory authorities or law enforcement bodies in order to comply with a legal obligation.
We do not take decisions solely based on automated processing. However, some of Your personal data may be processed by automatic means to evaluate certain of Your personal aspects, in the following cases:
Carrying out data evaluations, which may include payment transactions, in the context of fraud prevention, anti-money laundering and anti-terrorism financing measures. These evaluations are carried out to protect You.
Marketing our services and products if You have consented.
You have certain rights in respect to the way we treat Your personal data:
(a) Right to access. You have the right to request a copy of the information that we hold about You.
You have the right to confirmation as to whether we process Your personal data and, where we do, access to the personal data, together with certain additional information. Such additional information includes inter-alia, details of the purposes of the processing, the categories of personal data concerned and the categories of recipients of the personal data. The right to obtain a copy of Your data shall not adversely affect the rights and freedoms of others.
(b) Right to rectification. You have the right to request rectification of inaccurate or incomplete personal data concerning You. You have the right to have any inaccurate personal data about You rectified and, considering the purposes of the processing, to have any incomplete personal data about You completed.
(c) Right to erasure (‘’right to be forgotten’’). You have the right to request erasure of personal data, where one of the following grounds applies:
Personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw Your consent on which the processing is based and where there is no other legal ground for the processing.
You object to the processing and there are no overriding legitimate grounds for the processing, or You object to processing for direct marketing purposes.
Personal data has been unlawfully processed.
Personal data must be erased for compliance with a legal obligation.
The above shall not apply where processing is necessary (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by a law to which we are subject; and (iii) for reasons of public interest; or for the establishment, exercise, or defense of legal claims.
(d) Right to restriction of processing. You have the right to obtain restriction of processing where one of the following applies:
The accuracy of the personal data is contested for a period enabling us to verify the accuracy of the personal data.
The processing is unlawful, and You oppose the erasure of such data, and You request the restriction of their use instead.
We no longer need the personal data for the purposes of processing, but You require their retention for the establishment, exercise, or defense of legal claims.
You have objected to processing on the grounds of our legitimate interests, until we verify whether the grounds on which we process Your information override Your rights and freedoms.
Where processing has been restricted on the basis of the above, we will continue to store Your personal data. However, we will only otherwise process it (i) with Your consent; (ii) for the establishment, exercise, or defense of legal claims; (iii) for the protection of the rights of another natural or legal person; or (iv) for reasons of important public interest.
(e) Right to portability. You have the right to receive the personal data that You have provided us in a structured, commonly used, and machine-readable format and You have the right to transmit this data to another organization and/or request that we do it for You, provided that:
The processing is based on Your consent, or on a performance or conclusion of a contract.
Processing is carried out by automated means.
(f) Right to object. You have the right to object to the processing of Your personal data, at any time and for reasons related to Your particular situation where the legal basis on which the processing activity is based is our legitimate interests. Should You exercise this right, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override Your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. Where You have objected to processing for direct marketing purposes, we shall no longer process Your personal data for such purposes.
(g) Right to withdraw consent. Where the processing is based on Your written consent You have the right to withdraw consent at any time.
To the extent that the legal basis for our processing of Your personal data is consent (as and where applicable), You have the right to withdraw that consent at any time such withdrawal will not affect the lawfulness of processing before the withdrawal.
(h) Right to lodge a complaint. You can contact us for any personal data related matters in the details mentioned above. In case You are not satisfied or still have concerns You may file a complaint with the Office of the Commissioner for Personal Data Protection. You can find out on their website how to submit a complaint.
All information provided by You to us is stored securely and we use appropriate organizational, technical, and administrative measures to protect Your personal data. Once Your information is received, we use strict procedures and security features to prevent any unauthorized access. However, please note that neither the transmission of information via the internet nor its storage is completely secure, and no information system is guaranteed to be entirely secure. If You have any reason to believe that Your interaction with us is no longer secure, please contact us immediately.
We may update this Privacy Statement from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes. If the changes are substantial, we may notify you of changes to this Notice by email.
Further information and/or queries and/or requests regarding the processing of Your personal data and any of Your rights in respect to Your personal data, can be requested by contacting us in writing to email@example.com