Who is responsible for processing of your data?
The following are the responsible parties for the processing of data, they will be referred to as Verse.
VERSE PAYMENTS LITHUANIA, UAB
- Company code 304932396
- Registered Office: Lvovo str. 105A, 2nd floor, Vilnius 08104, Lithuania
DECENTRALIZED GLOBAL PAYMENTS, S.L.
- CIF: B66570490
- Registered Office: Plaza de Catalunya, 21, 08002, Barcelona (Spain)
- Business Registry: Barcelona Business Registry; Volume 44.953, Folio 128, Sheet 128, 1st entry.
Objectives and data processing means are determined by all of them and they are therefore mutually responsible for your personal data processing.
Information about the Data Protection Officer(‘DPO’):
DPO contact details:
2. Information and Acknowledgement
3. Mandatory provision of data
We want to inform you that Verse will use and obtain IP addresses and further identifiers provided by your mobile device when you use the App correctly. Similarly, the personal data provided through Verse’s Website or through the App are, unless otherwise specified, necessary for the purposes established. Verse will not be able to offer its full services if that data is not provided.
4. How we use the data we collect
How do we use your data?
Verse will process the data you provide as follows:
- Register and verify you as a user of the App and fulfil the terms of your account. Please note that Verse will need to exchange your data with third-party partners in order to offer you our services. We receive information from users that have registered in the App as well as from those who consult our services through the Verse website, even if they have not created an account. We base this processing on necessity to perform contracts concluded with you or in order to take steps to conclude contracts (Article 6(1)(b) of the General Data Protection regulation (‘GDPR’)).
- Manage payments and execute your payment orders through the App and manage the correct functioning of the App. We base this processing on necessity to perform contracts concluded with you (Article 6(1)(b) of the GDPR).
- Assess the risk of new payment transactions in Verse. For this, we rely on our legitimate interest to control risk and manage our commercial exposure (Article 6(1)(f) of the GDPR).
- Prevent, investigate and/or discover fraud. We process data for this purpose to ensure compliance with our legal obligations (Article 6(1)(c) of the GDPR) and for our legitimate interest to protect ourselves, our users, or any third parties (Article 6(1)(f) of the GDPR).
- Maintain, improve, and develop the App and our other products and services. We do this based on legitimate interests to continuously research and improve our offerings, and your user experience (Article 6(1)(f) of the GDPR).
- Send you, by any means, including electronic means, commercial communications in relation to products and services offered by Verse. These communications will be adapted to your use of the App or Website. Verse will process this data based on the relationship it has with the user, understanding that those communications will always be related to Verse’s products and services. We will send you our commercial communications based on our legitimate interest to promote our business (Article 6(1)(f) of the GDPR). In some cases, where we cannot rely on our legitimate interest, we will send you or communications on the basis of your consent (Article 6(1)(a) of the GDPR). We may also create a commercial profile of the user to offer tailored commercial actions, unless you do not want us to and withdraw your consent.
- Manage the commercial relationship with you, answer any questions, problems or incidents you may have when you contact us through the App. Our legal basis for this processing is our need to fulfil or facilitate fulfilment of our contractual obligations to you (Article 6(1)(b) of the GDPR).
- Carry out the necessary requirements to manage candidate selection processes. We do this to fulfil our legitimate interests to manage our human resources and employment procedures (Article 6(1)(f) of the GDPR).
- Create anonymous statistical reports regarding the activity of users within the App. This is for our legitimate interest to manage our statistical data and improve our services (Article 6(1)(f) of the GDPR).
- Keep a record of the transactions carried out and events to which you sign up with the purpose of facilitating the said transaction or event. For both purposes, we will need to access location data from your mobile device. We may also share your contact information with the event organizer or business with the sole purpose of helping carry out the transaction or event. This type of processing is based on our need to fulfil our contractual obligations to you when you make transactions or sign up for events (Article 6(1)(b) of the GDPR).
- Use algorithms to be able to suggest which contacts to invite. This is for our legitimate interest to improve and make our service more effective and easier to use (Article 6(1)(f) of the GDPR).
- Analyse your interaction with the App, including making video recordings, to better understand how our users interact with the interface, improve it, and to better service our customers by resolving issues and fixing bugs. We do this based on our legitimate interest to analyse and improve our service (Article 6(1)(f) of the GDPR). We only receive information on your interaction with Verse’s App, but do not have any access to your screen outside of your use of the App.
5. What information do we collect?
Verse processes the following data:
- Identification data: name, last name, official identification document, phone number, email, address, personal picture, social media handle (when contacting us through those means).
- Security PIN
- Personal data and personal characteristics included in official identification document: place of birth, place of residence, date of birth, sex, nationality, and any other relevant information printed on your identity document.
- Financial data: details of your bank account, IBAN code, details of your debit and credit card, relevant expiry dates and CVV.
- Transaction data including when and where the transactions occur, on which device, the names of the transacting users, transaction description/reference, payment amounts.
- Contacts of the user: phone numbers of the contact list of the user.
- Location information: we obtain information on your IP address when you use the App. We use technology to determine your location such as a GPS system or your IP address. You can always choose to share your location, but it is not required nor is it necessary for most of the services offered by Verse. If you decide not to share it, we will not be able to offer you the services that require your location.
- Biometric data: facial recognition for identification as a user for know-your-customer (KYC) purposes to access the App or complete a transaction.
- User’s interaction with the App data (i.e. recording of the screen).
6. How long do we keep your data?
Personal data will be kept until you request its deletion, or, where personal data is processed on the basis of your consent, until you withdraw your consent. In absence of these actions, we store your data for the duration of our relationship with you and 10 years after the fiscal year in which our relationship ends in order to comply with any applicable laws and help with legal investigations or requests from competent authorities.
7. Disclosure of your information
Verse may disclose your data to:
- Public Administrations, Tax Authorities and Courts and other state institutions in order to comply with a legal obligation.
- Similarly, Verse works with some third-party partners, data processors, that could have access to your data and process that data on behalf of Verse. This is needed to provide you with Verse services.
- Banking institutions for service management.
- Organizers of the events to which you register.
- Third party companies with which the user transacts, in order to facilitate the purchasing process.
- Contacts (which may include family and friends) of the user. In this case, certain data may be shared for the management of promotions and campaigns of the platform itself, and a withdrawal channel will be enabled if the user does not wish to participate.
- Affiliates and group companies for purposes of internal administration and improvement of our business, including improvement of our offerings to you, and for the purposes of collection outlined above and as necessary to provide our services to you.
- NGOs or non-profits to which you donate money
Some of the third-party partners that Verse works with are in the following industries: payment processors, NFC readers, legal counsels, software developers, physical security companies, mailing providers, providers of IT solutions, providers of identity verification or know-your-customer (KYC), and fraud prevention services, etc.
Some of these data processors are outside the European Economic Area. However, all of these processors are listed in the EU-US Privacy Shield (www.privacyshield.gov/list) or are subject to other appropriate safeguards to permit such a transfer of personal data, and guarantee the adequate protection of the rights of residents in the EU.
Verse may also share personal data with other types of recipients based outside the EEA, such as our affiliates and group companies. When Verse does so, appropriate safeguards are put in place. In addition to relying on the Privacy Shield, personal data may be transferred to third countries based on standard contractual clauses which have been approved by the European Commission, binding corporate rules, and in some cases, other safeguards.
If Verse decides to sell, merge, or in any other way reorganise the business or make corporate changes, your personal data may be shared with prospective or actual purchasers and their advisers, including during due diligence and negotiation. In case of successful transactions, acquirers of the business may receive full control of the personal data and become new data controllers.
8. Marketing communication and promotions
We will use the data provided to us to inform you about promotions, offers, events or any other relevant information that could be of your interest. Every time we send out any of these communications, they will be directed to those users who have not specified their preference to be exempted from them.
If you do not wish to continue receiving commercial or promotional information, you can request it by email at email@example.com.
9. Which are your legal rights?
As a user, you always have the right to freely exercise the following rights at no cost:
- Withdraw consent at any time wherever we are relying on consent to process your personal data.
- Obtain confirmation pertaining to whether or not Verse is processing your personal data.
- Request access to your personal data.
- Request corrections to your personal data.
- Request erasure of your personal data, when, among other things, there is no good reason for us to continue processing your data.
- Object to processing of your personal data.
- Restrict processing of your personal data.
- Request the transfer of your personal data.
- Request to obtain information on safeguards applied to transfers of personal data outside the EEA.
- File a complaint with a supervisory authority such as the Agencia Española de Protección de Datos (www.aepd.es), located at C/Jorge Juan, 6 de 28001 Madrid (Spain), or the State Data Protection Inspectorate located at L. Sapiegos str. 17, 10312 Vilnius (Lithuania) whenever you feel Verse has not respected your rights in accordance with data protection regulation.
In accordance with current regulation, you will be able to exercise your rights by sending a letter with details about what rights you wish to exercise along with a copy of your identification to the following address: Plaza de Catalunya, 21 de 08002, Barcelona (Spain), or Lvovo g. 105A, 2nd floor, Vilnius 08104, (Lithuania), or by email to firstname.lastname@example.org, addressed to the Data Protection Officer.
10. Websites and third-party services
Our website and our App can have links to other Websites, Apps or to third-party provided services. The data collected by third-parties, including the geographical location or contact data, will follow their respective privacy policies. For this purpose, we recommend you review their privacy policies to be informed about the security measures they take to protect your data.
11. Security measures
Verse will process your personal data in a strictly confidential way, respecting the privacy, secrecy and security of your information, in accordance with applicable regulation. In order to achieve this Verse will implement the legal, technical and organizational measures required to avoid the alteration, loss, unauthorized access or processing of your data, given the state of technology, the nature of the data processed and the risks to which it is exposed. Sadly, there are no perfect security measures, and security breaches can still happen. Should this be the case, we will take urgent measures to minimize any potential damage to you or others.
Verse recommends that minors do not send personal data without parental consent. Verse does not take responsibility over personal data that could have been provided to us by minors younger than 14 years of age (or other applicable age threshold for consent where the user resides) without parental consent.