Privacy Policy

GRANDPAY Privacy Notice

1. About this Privacy Statement

This is the Privacy Statement of motto Fintex Limited (“GRANDPAY” or “we”). It applies to all subsidiaries and branches of motto Fintex Limited to the extent that they process personal data. motto Fintex Limited has its registered office at 22/F., 3 LOCKHART ROAD, WANCHAI, HONG KONG.

GRANDPAY treats personal data which it receives through its websites, portals, and any other means with due care and is dedicated to safeguarding any personal data it receives. GRANDPAY is bound by the General Data Protection Regulation (Regulation (EU) 2016/679), Personal Data (Privacy) Ordinance (CAP.486) (the “PDPO” Hong Kong), and the Philippines’ Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012

This Privacy Statement is designed to advise you about the type of information that GRANDPAY collects and the purposes for which this information is being processed, used, maintained, and disclosed

This Privacy Statement aims to explain in a simple and transparent way what personal data we gather about you and how we process it. It applies to the following persons:

・The legal representatives and ultimate beneficial owners of all past, present, and prospective

GRANDPAY merchants (webshops/online retailers) and other commercial contracting

parties such as independent sales agents (also known as referral partners). We are legally obliged to retain personal data of these persons, also for a certain period after the relationship has ended, in compliance with ‘know your customer’ (“KYC”) regulations;

・Anyone involved in any transaction with our payment institution, including non-GRANDPAY customers such as consumers/payees of GRANDPAY merchants; and

・Anyone visiting the GRANDPAY website, and/or using our Services (including downloading and using our App, or via the API, a social media platform or other authorised third party).
We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 5 March 2023.

2. Personal Data

Personal data refers to any information that tells us something about you or that we can link to you. GRANDPAY processes any information we receive from you, including personal and financial information you provide to us including when you or your business: make a payment, enquire or make an application for GRANDPAY services, register to use and/or use any of our services and when you communicate with us through e-mail, SMS, WhatsApp, a website or portal, telephone or any other electronic means.

Such information may include you or your customer’s:

・Name including first name and family name, date of birth, e-mail address, billing address, username, password and/or photograph, address, nationality and country of residence;

・Card account number, card expiry date, CVC details, bank and/or issuer details; and/or

・Information relating to any items purchased, including the location of the purchase, the value, the time and any feedback that is given in relation to such purchase.

By processing, we mean everything we can do with this data such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting. For more information about the way we use your personal data, please refer to Section 4 (“What we do with your personal data”).

You share personal information with us, for example when you: visit our website, download our mobile app complete a(n) (online) (application) form, sign a contract, make a payment or alternatively use our payment services, or contact us through one of our channels.

We also use data that is legally available from public sources such as commercial registers, debtor registers and the media, or data that is legitimately provided by other companies within GRANDPAY or by third parties.

3. Sensitive data

We do not record sensitive data relating to your health, ethnicity, religious or political beliefs unless it is strictly necessary. When we do it is limited to specific circumstances, for example, if you as a customer of a GRANDPAY merchant make a payment for a membership fee to a political party or religious organisation.

4. What we do with your personal data

We use your personal data only for legitimate business reasons. This includes:

Administration. When you open a merchant account and/or use our Services (including downloading and using our App, or via the API, a social media platform or other authorized third party), we are legally obliged to collect personal data that verifies your identity (such as a copy of your ID card or passport) and to assess whether we can accept you or your company as a customer. We also need to know your address or phone number to contact you.

Managing customer relationships. We may ask you for feedback about our products and services and share this with certain members of our staff to improve our offering. We might also use notes from conversations we have with you online, by telephone, or in-person to customize products and services for you.

Personalized marketing. We may send you letters, emails, or text messages offering you a product or service based on your personal circumstances, or show you such an offer when you log in to our website or mobile apps. You may unsubscribe from such personalized offers. You have the right, not to consent or to object to personalized direct marketing or commercial activities, including profiling related to these activities.

Providing you with the best-suited products and services. When you visit our website, call our customer service centre and/or use our Services (including downloading and using our App, or via the API, a social media platform or other authorized third party)we gather information about you. We analyse this information to identify your potential needs and assess the suitability of products or services. We analyse your payment behaviour, such as large amounts entering or leaving your account. We assess your needs in relation to key moments when a specific financial
product or service may be relevant for you.

Improving and developing products and services: Analysing how you use our products and services helps us understand more about you and shows us where we can improve. For instance, when you open a merchant account, we measure the time it takes until your first transaction to understand how quickly you are able to use your merchant account.

We analyse data on transactions between you and our corporate customers (merchants) to offer information services. When GRANDPAY processes personal data for this purpose, aggregated data may be made available to the GRANDPAY merchant (webshop/online retailer). This merchant cannot identify you from these aggregated data.

We analyse the results of our marketing activities to measure their effectiveness and the relevance of our campaigns.

Preventing and detecting fraud and data security: We have a duty to protect your personal data and to prevent, detect and contain data breaches. This includes information we are obliged to collect about you, for example to comply with regulations against money laundering, terrorism financing and fraud. We may process your personal information to protect you and your assets from fraudulent activities, for example if you are the victim of identity theft, if your personal data was disclosed, or if you are hacked.

We may use certain information about you for profiling (e.g. name, account number, age, nationality, IP address, etc.) to quickly and efficiently detect a particular crime and the person behind it.

Our merchants (webshops/online retailers) may use contact and security data to secure transactions and communications made via remote channels.

Internal and external reporting: We process your data for our payment operations and to help our management make better decisions about our operations and services. To comply with a range of legal obligations and statutory requirements (anti-money laundering legislation and tax legislation, for example).

Data that we process for any other reason is anonymised or we remove as much of the personal information as possible.

5. Who we share your data with and why

Whenever we share personal data internally or with third parties in other countries, we ensure the necessary safeguards are in place to protect it. For this, GRANDPAY relies on:

・General Data Protection Regulation (Regulation (EU) 2016/679),

・Personal Data (Privacy) Ordinance (CAP.486) (the “PDPO” Hong Kong),

・The Philippines’ Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012.

To be able to offer you the best possible services and remain competitive in our business, we share certain data both internally as well as outside of GRANDPAY. This includes:

GRANDPAY entities – We transfer data across GRANDPAY businesses and branches for operational, regulatory or reporting purposes, for example to comply with certain laws, secure IT systems or provide certain services (see section 4 (“What we do with your personal data”). We may also transfer data to centralised storage systems or to process it globally for more efficiency.

Independent sales agents – We share information with independent sales agents (referral partners) who act on our behalf.

Government authorities – To comply with our regulatory obligations, we may disclose data to the relevant authorities, for example, to counter terrorism and prevent money laundering.

In some cases, we are obliged by law to share your data with external parties, including:

・public authorities, regulators and supervisory bodies such as fraud protection agencies and the central banks of the countries where we operate

・judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legal request

・lawyers, for example, in case of a claim or bankruptcy, trustees who take care of other parties’ interests and company auditors.

Financial institutions – When funds are transferred from a payer to a payee, the transaction involves other financial institutions, banks or a specialised financial company. GRANDPAY may process payments through such other financial institutions. These external organisations may process and store your personal information abroad and we and they may have to disclose your information to foreign authorities to help them in their fight against crime and terrorism.
To process payments, we have to share information about the transaction with other financial institution, such as your name and account number. We also share information with financial sector specialists who assist us with financial services like:

・payments and credit transactions worldwide

・processing electronic transactions worldwide

・settling domestic and cross-border security transactions and payment transactions.

Sometimes we share information with banks or financial institutions in other countries, for example when you make or receive a foreign payment.

Third party service providers – When we use other service providers, we only share personal data that is required for the particular task we involve the service provider for. Service providers support us with activities like:

・performing certain services and operations

・designing and maintenance of internet-based tools and applications

・marketing activities or events and managing customer communications

・preparing reports and statistics, printing materials and designing products

・placing advertisements on apps, websites and social media.

Business transfers – GRANDPAY may buy or sell business units or affiliates. In such circumstances, we may transfer customer information as a business asset. Without limiting the foregoing, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.

With your permission – Your information may also be used for other purposes for which you give your specific permission, or when required by law or where permitted under the terms of the laws of the relevant jurisdiction.

6. Cookie Policy

GRANDPAY makes use of cookies and similar technologies throughout our websites and mobile app to ensure your visit to our website and mobile app goes smoothly.

Functional cookies – These cookies may store your browser name, the type of computer and technical information about your means of connection to this website, such as the operating system and the Internet Service Providers utilized and other similar information. This information is used to technically facilitate the navigation and use of this website. In addition, functional cookies may be used to store personal settings, such as language, or to remember your information for next visits if so requested.

Analytics cookies – This website also uses analytics cookies placed by Google Analytics (including Google Tag Manager) to measure the number of visits and the parts of the website that are the most popular among our website visitors as well as for benchmarking purposes. This information is used to provide aggregated and statistical information on the use of this website and is used to improve the contents of this website to enhance your user experience.

Third-party/social media cookies – This website contains cookies from third-party websites, mainly social media cookies. When placed on your computer, they automatically activate handy extras, for example, a Facebook ‘like’ button or a Twitter messaging option. These cookies inform our website whether you are logged into such social media and they also enable you to share parts of this website on social media. When visiting this website, GRANDPAY will ask for your consent to use these cookies.

Do you object to cookies?

Cookies generally process your IP-address but they do not save your personal information like e-mail address or phone number. If you do not want to have cookies stored on your computer or want to remove cookies that have already been stored, you can arrange this via your browser settings.

The right to object to processing – You can object to GRANDPAY using your personal data for its own legitimate interests. There is a list of contact details at the end of this Privacy Statement. We will consider your objection and whether processing your information has any undue impact on you that requires us to stop doing so.

You can also object to receiving personalized commercial messages from us. You cannot object to us processing your personal data if we are legally required to do so, even if you have opted out of receiving personalized commercial messages.

The right to restrict processing. You have the right to ask us to restrict using your personal data if: you believe the information is inaccurate; we are processing the data unlawfully; GRANDPAY no longer needs the data, but you want us to keep it for use in a legal claim; and/or you have objected to us processing your data for our own legitimate interests.

Right to complain – Should you for any reason be unhappy with the way GRANDPAY treats your personal data, you can file a complaint with GRANDPAY Compliance Officer via support@grandpay.asia

You can also contact the data protection authority in your country.

Exercising your rights – How you can exercise your rights depends on the type of personal data GRANDPAY processes. It could be through our website, mobile app, by fulfilling our KYC obligations or by processing a transaction. We aim to respond to your request as quickly as possible.

In certain cases, we may deny your request. If it’s legally permitted, we will let you know within a reasonable timeframe why we denied it.

If you want to exercise your rights or submit a complaint, please contact us via the e-mail address provided at: support@grandpay.asia

7. Your duty to provide data

There is certain information that we must know about you so that we can commence and execute our duties as a payment institution and fulfill our associated obligations. There is also information that we are legally obliged to collect. Without this data, we may, for example, not be able to open a payment processing account for your company or for you.

8. How we protect your personal data

We apply an internal framework of policies and minimum standards to keep your data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments. More specifically and in accordance with the law (e.g. Republic Act 10173, otherwise known as the Data Privacy Act of 2012), we take appropriate technical and organisational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed.

In addition, GRANDPAY employees are subject to confidentiality and may not disclose your personal data unlawfully or unnecessarily.

9. What you can do to help us keep your data safe

Unfortunately, the transmission of information via the internet in general is not always completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We do our utmost to protect your data, but there are certain things you can do too: install anti-virus software, antispyware software and a firewall on your computer and mobile phone and keep them updated; do not leave verification tokens or your credit card) unattended; keep your passwords strictly confidential and use strong passwords, i.e. avoid obvious combinations of letters and figures; and be alert online and learn how to spot unusual activity, such as a new website address or phishing emails requesting personal information.

10. How long we keep your personal data

Once you are no longer a customer, we will retain your personal information for a period of 24 months after your last active use or transaction with the application, or as otherwise allowed or required by law, unless the same information is needed in order to defend or assert a claim.

11. Contact us

If you want to know more about GRANDPAY data policies and how we use your personal data, you can send us an e-mail at the following dedicated e-mail address: support@grandpay.asia