Do not enter your personal information and card details, account number, etc. on a suspicious and fake links, it’s a fraud!
Read More

Notice on Personal Data Processing for Customers

NOTICE ON PERSONAL DATA PROCESSING FOR USERS


In accordance with the Law on the Protection of Personal Data, Eki Pay doo Beograd (hereinafter: Payment Institution or Data Controller) informs you, potential users, and users of payment services – one-time payment transactions (hereinafter: User), about the terms and processing of your personal data that we collect directly from you or another person, as well as how to protect your rights and other information related to the processing of personal data.


1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
Eki Pay doo Beograd, Payment Institution, Dobračina 60, 11000 Belgrade, www.ekipay.rs
Eki Pay doo Beograd is a Payment Institution registered with the National Bank of Serbia under number 705.

Based on Decision IO NBS no. 84 dated 28.09.2015 and the concluded Agreement with Western Union Network (Ireland) Limited (“Western Union”), the Payment Institution provides the payment service – money transfers via the Western Union system, in cooperation with Western Union and their affiliates (Partners), through the locations of its agents registered with the National Bank of Serbia.

Based on Decision IO NBS no. 77 dated 13.10.2016, the Payment Institution provides the payment service of transferring funds (e.g., bill payments) through the locations of its agents registered with the National Bank of Serbia.

2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
We have appointed a person responsible for personal data protection who you can contact for any questions regarding the processing of your personal data, or for exercising the rights prescribed by law, in the following ways:

By email: zaštitapodataka@ekipay.rs
By mail: Eki Pay doo Beograd, Dobračina 60, Belgrade, Attention: Data Protection Officer
3. PURPOSE OF PROCESSING AND LEGAL BASIS
The Payment Institution collects and processes your data only to the extent necessary to provide payment services – one-time money transactions, in accordance with the Law on Payment Services and the general terms of providing payment services by the Payment Institution (e.g., sending money through the Western Union system, paying bills) (hereinafter: payment transactions), to respond to your requests, and to fulfill obligations prescribed by law (Law on the Prevention of Money Laundering and Terrorism Financing, etc.). If you refuse to provide the necessary data for this purpose, the Payment Institution will not be able to provide the requested payment service. By consenting to execute the payment transaction, you consent to the processing of your personal data.

The Payment Institution also collects and processes your data to comply with legally prescribed obligations of the Payment Institution, for which your consent is not required. This processing is carried out to apply regulations in the area of money laundering and terrorism financing prevention, to prevent fraud in payment services, or to fulfill the requirements of competent authorities (National Bank of Serbia, Administration for the Prevention of Money Laundering), as well as for resolving complaints in accordance with applicable regulations (Law on Payment Services, Law on the Protection of Financial Service Users).

In certain cases, the Payment Institution bases the processing of your data on the protection of legitimate interests, either its own or those of third parties, provided that these legitimate interests outweigh your interests, rights, and freedoms and do not harm them. In such cases, your consent for data processing is not required, but you have the right to submit a request to exercise your rights at any time, as described in section 10 of this Notice.

4. TYPES OF PERSONAL DATA PROCESSED
Identification Data and Other Types of Data

To execute the payment service (one-time payment transactions), we need your basic identification data primarily to fulfill legally prescribed obligations (e.g., Law on Payment Services, Law on the Prevention of Money Laundering and Terrorism Financing, Law on Foreign Exchange Operations). For this purpose, we collect data such as: name and surname, date and place of birth, unique identification number (JMBG), residence address, type and number of identification document, etc. A copy of your identification document is stored in accordance with regulations on money laundering prevention and for the protection of the legitimate interests of the Payment Institution related to fraud prevention.

To respond to your requests and inquiries, as well as complaints, the Payment Institution processes your contact details needed for mutual communication or investigation of possible abuses, such as: email address, landline or mobile phone number.

If you communicate with the Payment Institution's customer center, you should know that conversations are recorded, and we will inform you of this at the beginning of the phone call before recording begins, so you have the opportunity to decline the conversation. If you contact us via the internet using the contact form on the Payment Institution's website and expect feedback, we need your data to respond to you.

5. METHOD OF COLLECTING PERSONAL DATA
We collect your data directly from you or from third parties, as follows:

Through payment orders and Western Union forms for receiving and sending, and through your communication with us and our agents;
When our customer center provides you with support or consultation, via email, mail, by calling the customer center, phone conversations.
In addition to the personal data we collect from you, we may also collect your personal data from persons to whom you sent or from whom you received money, from our agents, business partners, from state institutions, and other commercial and publicly available sources of personal data.

If we did not collect your data directly from you, the Payment Institution will inform you of the conditions of processing no later than 30 days from the date the data was collected, unless you are already aware of it or the notification would be impossible or would involve disproportionate expenditure of time and resources, or if the data collection is explicitly prescribed by law, which simultaneously ensures measures for the protection of your legitimate interests and data confidentiality to the level of the obligation to maintain business secrecy.

6. HOW WE ENSURE DATA SECURITY
We strive to apply reasonable organizational, technical, and administrative security measures in accordance with applicable law and regulations to ensure the protection of your personal data. We aim to limit access to information only to our employees, agents, and their employees who need to have insight and access to personal data to provide you with payment services and other services. Despite our efforts, as you know, a third party may unauthorizedly attempt or access the data you sent us or may mislead you to disclose your personal data by posing as Eki Pay Payment Institution or a Western Union service provider. Please contact us immediately if you have reasons to believe that your personal data that you provided to us and that is in our possession is at risk.

7. CATEGORIES OF RECIPIENTS TO WHOM YOUR PERSONAL DATA MAY BE DISCLOSED
To fulfill the purpose of processing, the Payment Institution discloses your data to the following categories of recipients:

To Western Union and their affiliates (Partners) for the purpose of executing WU money transfers;
Competent state authorities and organizations such as the National Bank of Serbia, judicial and administrative authorities;


8. TRANSFER OF PERSONAL DATA TO ANOTHER COUNTRY OR INTERNATIONAL ORGANIZATION
Personal data can be transferred from the Republic of Serbia to another country or international organization only with the application of appropriate protection measures, in accordance with the provisions of the Law.

For the purpose of executing Western Union money transfers, the Payment Institution, as an agent of Western Union Network (Ireland) Limited (hereinafter: Western Union), may transfer data to Western Union and affiliated entities within the Western Union group and their partners for the purpose of executing WU money transfers. More about Western Union's privacy policy and the way personal data is processed can be found on the Western Union website. More information about protection measures can be requested from the Data Protection Officer.

9. RETENTION PERIODS
The Payment Institution retains your data in accordance with the Law on the Prevention of Money Laundering and Terrorism Financing for 10 years from the date of execution of the payment transaction.

10. YOUR RIGHTS REGARDING DATA PROCESSING

We inform you that, as a data subject whose data is being collected and processed, you have certain legal rights regarding your personal data, which are detailed in this section. To exercise these rights, you can contact the Payment Institution at the contact details provided in point 1 of this Notice by submitting a Request as described in point 8 below.

You have the following rights:

1. Right of access – We will inform you about the data we have about you. Upon your request, we will provide you with a copy of your personal data that we process free of charge. For additional copies, the Payment Institution may charge a reasonable fee for administrative costs. You will also receive information such as the purpose of processing, types of personal data, data recipients, retention period, etc. When personal data is transferred to another country or international organization, you have the right to be informed about the protection measures related to the transfer, as mentioned in point 8 of this notice.

2. Right to rectification and update of data – The Payment Institution will, at your request, correct your inaccurate personal data or supplement incomplete data. Please note that this right may be limited in terms of the scope of data that we can or are able to correct.

3. Right to erasure of data – The Payment Institution will, at your request, erase personal data if the conditions from Article 30 of the Law are met (e.g., if the purpose for which they were collected has been fulfilled). The Payment Institution cannot erase your personal data if their processing is prescribed by law or is necessary for the protection of public interest (e.g., acting on the order of a state authority) or is necessary for initiating, submitting, or defending a legal claim (e.g., filing a lawsuit, conducting an administrative or judicial procedure).

4. Right to restrict processing – The Payment Institution will, at your request, restrict the processing of your personal data if any of the conditions from Article 31 of the Law are met (e.g., if you have reasonably contested the accuracy of your data or the lawfulness of the processing, etc.).

5. Right to data portability – The Payment Institution will, at your request, provide personal data in a commonly used and electronically readable format (e.g., on a computer) and allow you to transfer it to another controller without interference from the Payment Institution if the following conditions are met: a) the processing is based on consent or is necessary for the execution of a contract, b) the processing is automated, c) the transfer does not adversely affect the exercise of rights and freedoms of others. If technically feasible, you can also request that the Payment Institution directly transfer the data to another controller.

6. Right to object – You can object to the processing of your data based on legitimate interest or necessary for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the Payment Institution at any time, after which the Payment Institution will cease further processing of that data unless there is a legitimate basis for processing that outweighs your interests or freedoms, or the processing is carried out for the purpose of initiating, submitting, or defending a legal claim.

7. Right to file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection and the right to administrative and judicial protection – If you believe that the processing of your personal data is being conducted contrary to the provisions of the Law or other applicable regulations, you can file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection. If you are not satisfied with the Commissioner's decision, you can initiate an administrative dispute by filing a lawsuit within 30 days from the date of receipt of the decision. Filing a lawsuit in an administrative dispute does not affect the right to initiate other administrative or judicial protection procedures.

8. How your Request should look and how the Payment Institution handles it

Your request must be understandable and complete. If the request is unclear or incomplete (based on the information provided, we cannot identify you), the Payment Institution will instruct you on how to correct the deficiencies. If you do not correct the deficiencies in the submitted Request within the given time frame, and the deficiencies are such that the request cannot be processed, the Payment Institution will reject the request as disorderly.

The Payment Institution is obliged to provide the person to whom the data relates with information on the handling of their request without delay, and no later than 30 days from the date of receipt of the request. This period can be extended for an additional 60 days if necessary, considering the complexity and number of requests. The Payment Institution will notify the data subject of the extension of the deadline and the reasons for the extension within 30 days from the date of receipt of the request. If you submit a request for a copy electronically, the information is provided in the usual electronic format unless you request otherwise (e.g., by registered mail).

The Payment Institution reserves the right to change this notice. Please periodically check for any changes to this notice to stay informed about its updates.

Payment Institution
Eki Pay doo Beograd

Agents

Banca Intesa
Adriatic Bank
Halkbank
AIK banka
Raiffeisen banka
Menjačnice
Euro 5

Message sent.