Privacy Policy

[PUBLICATION: January 11, 2022 / LAST AMENDMENT DATE OF THE PRIVACY POLICY: October 24, 2024]

1.DATA CONTROLLER

"RevoluPAY EP S.L.U." (hereinafter, "THE DATA CONTROLLER"), is a payment entity authorized and supervised by the Bank of Spain and registered under entity number 6900, belonging to the parent company RevoluGROUP Canada Inc., with registered office at C/ Vallespir, 19, 1st Floor, Sant Cugat del Vallés, Barcelona (Spain), with tax ID number: B-67233817. RevoluPAY is the entity providing the money transfer service offered under the brand SENDITY through the website www.sendity.com. RevoluPAY EP, S.L.U. is also the owner of the software through which RevoluPAY EP, S.L.U. provides the money transfer service on the website www.sendity.com. You can contact THE DATA CONTROLLER via email at hola@sendity.com.

2. PERSONAL DATA COLLECTED

THE DATA CONTROLLER will collect and process users' personal data in accordance with the provisions of this Privacy Policy, as well as in accordance with the specific data protection clauses applicable to certain products or services. The personal data collected and processed by THE DATA CONTROLLER are:

Personal data required to register on the Application and/or Website:

• Full name
• Email address
• Mobile phone number

Personal data collected through the contact form on social networks and search engines for initial contact for informational, advertising, and promotional purposes:

• Full name
• Email address
• Mobile phone number

Personal data required if the User makes a money transfer through THE DATA CONTROLLER:

Sender's data:

• Full name
• Email address
• Phone number
• Payment information:
  • Card number
  • Cardholder name
  • Expiry date
  • Security code
  • Acceptance of the terms and conditions of the service
• Front and back photo of the identity document

Recipient's data (money received in a bank account):

• Full name
• Email address (optional)
• Phone number (optional)
• Bank account number
• SWIFT code
• Identity document number (DNI or NIE)

Recipient's data (money received at an official pick-up point):

• Full name
• Email address (optional)
• Phone number (optional)
• Bank account number
• SWIFT code
• Identity document number (DNI or NIE)
• City
• Postal code
• Pick-up point (from a list of available options)
• Payment information:
  • Card number
  • Cardholder name
  • Expiry date
  • Security code

THE DATA CONTROLLER will limit the collection and processing of personal data solely for the purposes of data processing, detailed in sections 3 and 4.

3. PURPOSE OF THE PROCESSING

The personal data collected will be processed for the purpose of:

• Providing the service.
• Generating reports and analyses of the service.
• Creating new products and services.
• User support.
• Managing the website and platform.
• Fraud prevention.
• Commercial/marketing communications with users.
• Analyzing the usage and impact of THE DATA CONTROLLER's services on its users.
• Sending newsletters to users.

4. LEGITIMIZATION

The legal basis for the processing of personal data by THE DATA CONTROLLER is:

• The explicit and free consent of the data subject.
• The provision of services by THE DATA CONTROLLER.
• THE DATA CONTROLLER’s legitimate interest in sending commercial/marketing communications.

5. RECIPIENTS

Data Processors: THE DATA CONTROLLER will share personal data with data processors (service providers of THE DATA CONTROLLER) for the purposes established by THE DATA CONTROLLER and supported by a Data Processing Agreement in accordance with Spanish and European regulations on personal data protection. Data processors may be located inside or outside the European Union. If the data processors are established outside the European Union, THE DATA CONTROLLER will ensure they provide adequate guarantees, such as compliance with the Standard Contractual Clauses established by the European Commission.

Third Parties: THE DATA CONTROLLER will not share personal data with third parties.

International Transfers: THE DATA CONTROLLER does not perform international transfers of personal data. In such cases, THE DATA CONTROLLER will comply with all provisions established by Spanish and European regulations on personal data protection.

Legal Obligation: As a payment service provider, THE DATA CONTROLLER is required to provide statistical data on fraud electronically to the Bank of Spain on a semi-annual basis. In compliance with anti-money laundering and counter-terrorism financing regulations, THE DATA CONTROLLER must provide payment transaction information to official authorities or agencies from other countries, both within and outside the European Union, as part of the fight against terrorism financing and other forms of organized crime. Additionally, THE DATA CONTROLLER may provide users’ personal data to public authorities when requested in a justified and motivated manner.

6. RETENTION OF PERSONAL DATA

THE DATA CONTROLLER will retain the personal data provided by the user as long as they are necessary for the provision of services. THE DATA CONTROLLER will subject the processed data to periodic review to block (and subsequently delete) data that are no longer processed or necessary for the purposes of the processing, until their final deletion in accordance with the time limits established by current legislation.

For example, after the end of the contractual relationship with THE DATA CONTROLLER, under the Anti-Money Laundering and Terrorism Financing Law, THE DATA CONTROLLER is obliged to retain the data for at least 10 years.

Data retention periods according to current legislation:

• 4 years: Law on Infractions and Sanctions in the Social Order (obligations related to affiliation, registration, contributions, wage payment, etc.); Arts. 66 and following of the General Tax Law (accounting books, etc.).
• 5 years: Art. 1964 Civil Code (personal actions without a special term).
• 6 years: Art. 30 Commercial Code (accounting books, invoices, etc.).
• 10 years: Art. 25 Anti-Money Laundering and Terrorism Financing Law.
• No deadline: aggregated and anonymized data.

7. RIGHTS

The user or data subject may exercise the following rights over their personal data processed by THE DATA CONTROLLER:

• Right of access: The user/data subject has the right to access their personal data to verify that they are being processed in accordance with the law.
• Right of rectification: The user/data subject has the right to request the correction of any inaccurate or incomplete data to ensure the accuracy of the information.
• Right of erasure: The user/data subject has the right to request that THE DATA CONTROLLER delete their information and stop processing the data. However, there are exceptions to this right under certain circumstances.
• Right to restrict processing: The user/data subject has the right to request that THE DATA CONTROLLER restrict the processing of their data.
• Right to data portability: The user/data subject has the right to receive their personal data in a structured, commonly used format or request the transfer of the data to another controller.
• Right to object: The user/data subject has the right to object to the processing of their data for certain reasons as set forth by current regulations, without needing to justify their decision.
• Right not to be subject to automated decisions: The user/data subject has the right not to be subject to a decision based solely on automated processing, including profiling, if the decision has legal or significant effects on them.
• Right to lodge a complaint with a Supervisory Authority: All users/data subjects have the right to file a complaint with a Supervisory Authority, particularly in the EU member state of their habitual residence, workplace, or where the alleged infringement occurred if they believe the processing of personal data relating to them violates current regulations. In Spain, the supervisory authority is the Spanish Data Protection Agency.

To exercise these rights, the User can contact THE DATA CONTROLLER by regular mail or by sending an email to legal@sendity.com.

8. THIRD-PARTY LINKS

The user may find links to other websites controlled by third parties on the website. THE DATA CONTROLLER has no control over the content provided by these other websites and is not responsible for the processing of users' personal data by the controllers of these websites. Please remember that this Privacy Policy only applies to the personal data collected and processed by THE DATA CONTROLLER through the Website. Therefore, THE DATA CONTROLLER accepts no responsibility for any aspect of the processing of the User’s data by third-party websites.

9. INFORMATION ABOUT COOKIES

THE DATA CONTROLLER uses cookies, which are files stored on the user's computer when accessing and browsing the website. Cookies, in particular, contain a number that uniquely identifies the user's computer or device, even if their location or IP address changes. For more information about the types of first-party and third-party cookies used by THE DATA CONTROLLER, their configuration, and/or deactivation, please read and accept our Cookie Policy.

10. CHANGES AND UPDATES TO THE PRIVACY POLICY

This Privacy Policy is effective from the date indicated in the heading. THE DATA CONTROLLER reserves the right to change this Privacy Policy in accordance with applicable data protection laws in Spain and Europe. If THE DATA CONTROLLER makes changes to this Privacy Policy, you will be notified via a notice on our website or, if appropriate, via email or notification in your user area on the website.

In any case, the date of the last update will be visible at the top of this Privacy Policy. By continuing to access or use THE DATA CONTROLLER's services after such changes or updates, the user is subject to the modified Privacy Policy.

11. CONTACT

If you have any questions regarding this Privacy Policy or the use of your personal data, please send an email to legal@sendity.com