Get Started
Get Started

Privacy Policy

Last updated: October 24, 2024

Introduction

NotaPay Inc. (dba as «NotaPay»)respects your privacy and is committed to protecting your personal data.
This Privacy Statement applies to information collected by NotaPay through www.notapay.co (the
“Website”). This Statement describes how NotaPay collects, uses, shares, protects, or otherwise
processes your personal information. By using this Website, you agree to the terms of this Privacy
Statement.
Nota Pay Inc. is a legal entity established in Canada with registration number 1000640793, having its
registered address at 1110 Finch Avenue West, 406 North York, Ontario M3J 2T2.

DATA CONTROLLER

NotaPay will be the “data controller” or “controller” in relation to any personal data provided to us directly via email, phone, chatbot, and post or via the Services, including the Website, or any other available communication channel offered by NotaPay to you. This means that we are responsible for deciding how we will hold and use personal data about you.

By using or navigating the Website and the Services, you acknowledge that you have read, understand,
and agree to be bound by this Privacy Policy. You should not provide us with any of your data or use the
Website or Services if you do not agree with the terms of this Privacy Policy. This Privacy Policy is
incorporated into our Terms of Use.

We encourage you to review and check the Services, including the Website regularly for any updates to
this Privacy Policy. We will publish the updated version on the Website and by continuing to deal with us,
you accept this Privacy Policy as it applies from time to time.
Persons under the age of 16 cannot provide any personal information through our Website, Services,
social media account. If you are a person below the age of 16, before submitting personal information,
you must obtain the consent of your parents or other legal guardians.
DATA PROTECTION PRINCIPLES

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the
“GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified
in particular by reference to an identifier’.
Personal data is any information about you that enables us to identify you or the beneficiary of your
transaction with us, either directly or indirectly. Personal data covers information such as your name and
contact details, but also information such as identification numbers, electronic location data, and other
online identifiers.

We are committed to complying with applicable data protection laws and will ensure that personal data
is:

Used lawfully, fairly and in a transparent way;

  • Collected only for valid purposes that we have clearly explained to you and not used in any way
    that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about;
  • Kept securely.

WHAT PERSONAL DATA WE COLLECT ABOUT YOU

We only collect the most relevant, proportionate for each purpose and strictly necessary personal data
from you in the course of our business when you access, visit or use our Services. We collect data that is:

  • necessary to provide our services to you, such as when you sign-up and open an account with us,
    when we carry out the necessary KYC checks, and when you use our Services;
  • information about your use of the Services;

NotaPay collects information on each transaction conducted through our Website. Such information may
include the amount of the transaction; the goods purchased; the identity of the seller, affiliate, and
customer; payment type; currency; location; Internet Protocol address; and websites visited.

NotaPay uses such information for refunds, for customer service, for website optimization, or for other
administrative or business purposes. NotaPay may share information related to the transactions you
conduct through our website with sellers, affiliates, or customers for the purposes disclosed in this Privacy
Statement. NotaPay retains transaction information for as long as reasonably required for business
purposes or as reasonably required to comply with our legal obligations.

NotaPay also collects information involving customer service correspondence. This information may
include emails, internet chats, faxes, or telephone calls directed to our customer service centers. NotaPay
processes this information to provide customer service, handle complaints or disputes, measure and
improve our customer service, detect and prevent fraud, and detect and prevent violations of our legal
agreements. NotaPay retains customer service information for as long as reasonably required for business
purposes or as reasonably required to comply with our legal obligations.

HOW WE COLLECT YOUR PERSONAL DATA

We collect your data in various ways. These include the following:

  • We may collect data that you provide directly.

Typically, this will happen when you register or sign-up with us, where you create an account with us,
when you fill in any application form, when you subscribe to our newsletter, when you participate in
surveys, when you send us an email, when you sign a contract with us.

  • We may collect data about you automatically.

When you use our Services, including when you interact with our website without logging in your account, we will automatically collect technical-related data about you, your equipment, browsing actions and patterns.

Every time you use or access the Services, and our website, data is collected. This data is stored in log files
on the server and can include, the temporary storage of data and log files. The IP address is temporarily
stored in the system as it is necessary to provide website access to your computer or other device. The IP
address is retained while that website is being accessed. These log files are stored to ensure website
functionality, optimize the content of our website, and ensure the security of our IT system.

Typically, automatic collection of data will happen when you browse and use our Services and Website,
social media pages, (usually with the use of cookies and other similar tracking technologies).

  • We may acquire information about you from third parties.

We do this where we are permitted by law. This may be the information provided by our partners,
marketing agencies, your public profile information such as in social media platforms, like LinkedIn,
Facebook, Twitter, Instagram). We may associate the information we receive about you from yourself,
public and commercial sources with other information we receive from you or about you.

These are the typical ways in which we collect data about you. We may collect data about you in other
cases that are not covered by this Privacy Policy or using other methods not covered by this Policy. If this
happens, we will inform you additionally.

HOW WE USE YOUR PERSONAL DATA AND BASIS FOR SUCH USE

We will use your personal data when the law allows us to. Most commonly, we will use your personal data
in the following circumstances:

When we have your consent,

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and
    fundamental rights do not override those interests.
  • When processing cryptocurrency transactions.
  • When providing you with access to your account and services.
  • Where we need to comply with legal obligations (AML and KYC procedures).
  • When sending you updates and promotions (with your consent).

We do not generally rely on consent to process your personal data. We rely on other grounds for
processing. We only rely on consent where this is required by law or where we consider that processing
data is necessary, and we cannot rely on other grounds.

PURPOSES AND BASES FOR PROCESSING

In general, we may use your personal data to carry out, provide, fix, and improve our Services, develop
new Services, and market our Services.

We reserve the right to offer you supplemental documents to this privacy policy that will describe the
ways in which we process your personal data.

Your personal data is processed under the following legal bases:

Performance of a contract (e.g., cryptocurrency exchange services).

Compliance with legal obligations (AML and KYC laws).

CHANGE OF PURPOSE

We will use your personal data for the purposes for which we collect it or where we reasonably consider
that we need to use it for another reason only if this reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the
legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance
with the above rules, where this is required or permitted by law.

HOW LONG WE KEEP YOUR PERSONAL DATA

Personal data is used for different purposes, and is subject to different standards and regulations. In
general, personal data is retained for as long as necessary to provide you with services you request, to
comply with applicable legal obligations, particularly related to Anti-Money Laundering (AML) and
Countering the Financing of Terrorism (CFT), accounting or reporting requirements, and to ensure that
you have a reasonable opportunity to access the personal data.

To determine the appropriate retention period for personal data, we consider the applicable legal
requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we process your personal
data and whether we can achieve those purposes through other means. For example,

  • we will retain your personal data if we are required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods. We will retain your personal data for a period after closure of your account with us or the last transaction we carried out for you. (Legal requirements)
  • Personal data provided to us for marketing purposes may be retained until you opt out or until
    we become aware the data is inaccurate.

WHO WE SHARE YOUR PERSONAL INFORMATION WITH

We may disclose your information to our employees and agents.
We may also disclose your information to third parties, such as:

Service Providers who provide services to us as we request them, such as IT and system
administration services, cloud storage service providers, fraud detection, customer support,
remote ID verification providers, strong customer authentication, e-signature providers,

  • Companies that assist in payment transactions such as financial institutions, like banks, payment
    service providers like electronic money and payment institutions, international payment service
    organizations like SWIFT and TARGET 2.
  • Relevant business partners, like banking partners and intermediaries, international payments
    services provider, as well as card manufacturing/personalisation and delivery companies, fraud
    and risk mitigation service provider.
  • Professional advisers including lawyers, auditors, and insurers who provide relevant services,
  • Governmental agencies or entities, regulatory authorities, or other persons in line with applicable
    rules, orders, subpoenas, official requests, or similar processes as either required or permitted by
    applicable law.
  • Advertising networks that help organise competitions and promotions, to support and display ads
    on our Website, apps and other social media tools.
  • Third party service providers to assist us with client insight analytics, such as Google Analytics.

Please note the following:

  • This list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide our services as effectively as we can.
  • We require all third parties to respect the security of your personal data and to treat it in
    accordance with the law. We do not allow our third-party service providers to use your personal
    data for their own purposes and only permit them to process your personal data for specified
    purposes and in accordance with our instructions.

HOW WE PROTECT YOUR PERSONAL DATA

We use a variety of technical and organisational measures to help protect your personal data from
unauthorised access, use, disclosure, alteration or destruction consistent with the applicable data
protection laws and the EU General Data Protection Regulation. We have also implemented appropriate
information security policies, rules and technical measures to secure your personal information collected
by us. Your personal information is saved in an encrypted form.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your
personal information on our behalf,), who have access to, and are associated with the processing of
personal information, are obliged to respect the confidentiality of such personal information, keep it
secure and protect it.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You have the following rights in relation to the personal data we hold about you. Please note that some
of these rights will only apply in certain circumstances and some of them may be limited where we have
an overriding interest or legal obligation to continue to process the data or where data may be exempt
from disclosure due to reasons of confidentiality obligations.

Access: you are entitled to ask us if we are processing your data and, if we are, you can request
access to your personal data. This enables you to receive a copy of the personal data we hold
about you and certain other information about it;

  • Correction: you are entitled to request that any incomplete or inaccurate personal data we hold
    about you is corrected;
  • Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances.
    There are also certain exceptions where we may refuse a request for erasure, for example, where
    the personal data is required for compliance with law or in connection with claims;
  • Restriction: you are entitled to ask us to suspend the processing of certain of your personal data
    about you, for example if you want us to establish its accuracy or the reason for processing it;
  • Transfer: you may us to help you request the transfer certain of your personal data to another
    party;
  • Objection: where we are processing your personal data based on legitimate interests (or those of
    a third party) and you may challenge this. However, we may be entitled to continue processing
    your information. You also have the right to object where we are processing your personal
    information for direct marketing purposes;
  • Automated decisions: you may contest any automated decision made about you where this has
    a legal or similar significant effect and ask for it to be reconsidered.
  • Consent: where we are processing personal data with consent, you can withdraw your consent.

If you want to exercise any of these rights, please contact us at info.ca@notapay.co

CHANGES TO THIS POLICY

We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of
how we use your personal data we will update this Privacy Policy from time to time to reflect any changes
to our use of your personal data. We may also make changes as required to comply with changes in
applicable law or regulatory requirements. Where it is practicable, we will notify you by email of any
significant changes. However, we encourage you to review this Privacy Policy periodically to be informed
of how we use your personal data.

JURISDICTION

We adhere to Canada and European Union regulations concerning data protection. Any legal disputes will
be governed by the laws of Canada.

CONTACT

You may contact our Data Protection Officer by email at: info.ca@notapay.co