Privacy Policy

Effective: May 2021

Last Updated: January 2022

This Privacy Policy explains how AptPay collects and uses your personal information obtained when you use our services, our website, our mobile application or when you interact with us either by email, telephone or online. This policy covers how we share your information and how we protect your information.

California Residents

If you are a resident of California, California law may provide you with additional rights regarding our use of your personal information. To learn more about our data collection practices and your California privacy rights, visit the California Consumer Privacy Act (CCPA) Notice.

1. GENERAL

This Privacy Policy applies to Apt Pay Inc., AptPay US Inc. and its affiliated companies (“AptPay”). Details on AptPay are available at: www.aptpay.com.

AptPay is committed to the privacy and security of your personal data. The Privacy Policy describes how AptPay collects and uses personal data, in accordance with applicable law and AptPay’s standards of ethical conduct.

AptPay, Inc. at 121 Bloor Street East, Suite 410, Toronto, Ontario, M4W 3M5, Canada will be the data controller in relation to any personal data provided to AptPay directly via email, phone, direct mail or via aptpay.com (“website”), or through AptPay’s Mobile application(s) (“app”). This means that AptPay is responsible for deciding how your data will be held and how your personal data about you will be used.

The AptPay Data Protection Officer can be contacted:

1. By email at: [email protected].

2. By post to: AptPay Data Protection Officer, 121 Bloor Street, Suite 410, Toronto, Ontario, M4W 3M5, Canada.

By using or navigating AptPay’s website, the app or any product or service offered by AptPay through the website and/or app, you acknowledge that you have read, understand, and agree to be bound by this Privacy Policy. You should not provide AptPay with any of your information if you do not agree with the terms of this Privacy Policy.

You are encouraged to review and check our website for any updates to this Privacy Policy. We will publish the updated version on this website and by continuing to deal with us, you accept this Privacy Policy as it applies from time to time.

2. DATA PROTECTION PRINCIPLES

“Personal data” means any information that enables AptPay to identify you or the beneficiary of your transaction, directly or indirectly, such as name, email, address, telephone number, date of birth, tax ID number and any form of identification or identification number.

AptPay is committed to complying with applicable data protection laws and will ensure that personal data is:

1. Used lawfully, fairly and in a transparent way;

2. Collected only for valid purposes that AptPay has clearly explained to you and not used in any way that is incompatible with those purposes;

3. Relevant to the purposes AptPay has told you about and limited only to those purposes;

4. Accurate and kept up to date;

5. Kept only as long as necessary for the purposes AptPay has told you about;

6. Kept securely.

3. PERSONAL DATA WE COLLECT AND HOW ITS COLLECTED

PESONAL DATA YOU PROVIDE

AptPay may collect personal data when you provide it, including when you indicate that you would like to receive any of our Services, when you register with us, when you complete forms online, when you speak with us over the telephone, when you write to us, when you visit the website or app. We will also collect details of your transactions carried out through the website or app and of the fulfilment of such transactions.

AptPay may collect and process the following personal data:

1. Personal details, such as data which may identify you, may include:

Your name, title, residential and/or business address, email, telephone and other contact data, date of birth, gender, images, government issued identification details, signature, IP address and country details, such as destination country. (“Identifiable Personal Data”).

2. If you have provided your consent for AptPay to collect such information and not withdrawn such consent, non-identifiable GPS-based location details while using AptPay’s website or app (“Location Data”).

3. Information from which you may be indirectly identified, such as a client identification number (“Indirectly Identifiable Personal Data”).

4. Financial details, such as data relating to your and your beneficiary’s payment data and bank account information obtained for the purposes of disbursements and/or payments (“Transaction Personal Data”).

5. Additional details requested by law enforcement or requested pursuant to AptPay’s compliance procedures in connection with efforts to prevent money laundering, terrorist financing and criminal activity, such as relationship to parties of the transaction, the purpose of the transaction and proof of funds (“Compliance Personal Data”).

We may also receive information in connection with transactions you carry out with us, such as the last four digits of the payment card you used to make or receive a payment. (“Payment Data”).

COOKIES

When you use our website or app we collect information via cookies and similar technologies, in the IP address of visitors, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

We may use this data for the following purposes:

1. To measure the use of our website, app and services, including number of visits, average time spent on a website, pages viewed, page interaction data (such as scrolling, clicks and mouse-overs), etc., and to improve the content we offer;

2. To administer the website, app and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

3. As part of our efforts to keep the website and app safe and secure.

Due to the core role of enhancing and enabling usability or site processes, disabling cookies may prevent you from using certain parts of our website or app. It will also mean that some features on our website or app will not function if you not allow cookies.

For more information, please see our Cookie Policy.

4. HOW WE USE YOUR PERSONAL DATA

Personal data collected through AptPay’s website or app is typically stored and processed in Canada; however, in some instances, it may be transferred, stored, and/or processed outside of Canada (see section 5 for further details).

Below is a summary of the ways in which AptPay may use your personal data and our basis for such usage:

NON-IDENTIFIABLE DATA

Whenever possible, AptPay uses data from which you cannot be identified directly (such as IP addresses and anonymous demographic and usage data) rather than personal data. This non-identifiable data may be used to tailor your experiences with AptPay’s Services by showing content in which AptPay thinks you will be interested in and displaying content according to your preferences. Non-identifiable data may also be used to improve AptPay’s internal processes or delivery of services.

AptPay may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of the Services. AptPay also may use the data collected to evaluate and improve the Services and analyse traffic to the Services. In some circumstances AptPay may anonymise your personal data so that it can no longer be associated with you, in which case AptPay may use such data without further notice to you.

Using Your Personal Data Basis on Which AptPay Uses Your Personal Data
Registration and Administration

AptPay may use Identity Personal Data and/or Compliance Personal Data to enable you to register with us. Once your registration is complete, AptPay may use Identity Personal Data and/or Compliance Personal data for the administration of your account, to contact you, to update our records about you, and to respond to and process your queries and requests.

  • Taking steps prior to entering into a contract with you.
  • Performance of a contract or service through AptPay’s website or app.
Requesting Access to Tools and Information

You may wish to have access to certain tools and information made available on AptPay’s website or app, before or after you decide that you would like to register to use AptPay’ Services. AptPay may collect and use Identity Personal Data as part of this access and use Identity Personal Data before or after you decide that you would like to register to use the Services.

  • Taking steps prior to entering into a contract with you.
  • Performance of a contract or service through our website or app
Supply of AptPay’s Services

AptPay may use Identity Personal Data, Transaction Personal Data and/ or Compliance Personal Data (and where it is collected, Payment Data) so that we can supply you with our Services which you use or have requested and to meet our contractual obligations to you.

  • Taking steps prior to entering into a contract with you.
  • Performance of a contract or service through AptPay’s website or app.
  • Your consent for AptPay to process your personal data for the purposes of supplying you with the Services.
Location

If you have given your consent for AptPay to do so and not withdrawn such consent, AptPay may collect and use Location Data to provide you with a tailored experience on AptPay’s website or app related to your location.

  • Your consent for us to process your Location Data for such purposes.
Service communications

AptPay may use Identity Personal Data and/or Transaction Personal Data to notify you about changes or developments relating to AptPay’s Services which you used or have requested.

  • Necessary to comply with legal obligations.
  • Necessary for AptPay’s legitimate interest to notify you about changes or developments relating to our products and services which you use or have requested.
Compliance

AptPay may use Identity Personal Data, Transaction Personal Data and/or Compliance Personal Data for compliance purposes, including the prevention and detection of money laundering, terrorist financing, crime, tax evasion or fraud.

  • Necessary to comply with legal obligations.
Recording of telephone calls

AptPay may monitor and record telephone calls with you (which may involve Identity Personal Data, Transaction Personal Data and/or Compliance Personal Data and AptPay may use any transcripts of these calls so we can be sure we understand the instructions you give us and so we have a clear record of any discussions with you.

  • Taking steps prior to entering into a contract with you.
  • Performance of a contract or service through AptPay’s website or app.
Marketing

AptPay may use your Identity Personal Data to contact you with marketing communications in relation to AptPay’s Services.

  • See section 11 below.
Profiling

AptPay may combine Indirectly Identifiable Personal Data with other information generated during the user of our Services to create individual profiles for customers through automated processes.

  • Necessary for our legitimate interest to enhance the customer experience by allowing for better use of our services.
  • See Section 12 below

5. DATA SHARED WITH OR COLLECTED BY THIRD PARTIES

APTPAY COMPANIES

AptPay may share your personal data with AptPay’s Companies in order to enable or facilitate us to provide you with any of the Services you have requested, for AptPay’s compliance purposes and where you have consented and not withdrawn your consent, for AptPay’s direct marketing purposes (see section 11 below).

AGGREGATED STATISTICAL ANALYSIS

AptPay may use statistical analysis of aggregate data to inform advertisers of aggregate user demographics and behaviour, as well as the number of users that have been exposed to or clicked on their advertising banners. AptPay will provide only aggregate data from these analyses to third parties.

THIRD PARTY SERVICE PROVIDERS

AptPay may share personal data collected with third party service providers to manage, enable or facilitate certain aspects of the Services AptPay provides and if we do, we will have safeguards in place with such third party service providers requiring them to protect personal data.

  • Compliance verification service providers.
  • Financial services providers, such as banks.
  • Credit control or debt collection agencies.
  • Communication fulfillment providers, to facilitate AptPay’s communications with you.
  • Fraud Prevention Agencies – The personal information AptPay has collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verif your identity. If fraud is detected, you could be refused certain services, finance, or employment.
  • Any other party authorized by you.

AptPay uses advertising services suppliers on our website and app, who, along with their advertising partners, may collect and use personal data when you interact with our website or app. Further details are set out at section 6 below.

CORPORATE PROCESS

Aptpay may transfer your personal data to a third party as a result of a sale, acquisition, merger, or reorganisation involving AptPay. In these circumstances, AptPay will take reasonably appropriate steps to ensure that your information is properly protected.

LEGAL AND REGULATORY

AptPay may also disclose your personal data in special cases if required or requested to do so by law, court order, or other governmental authority, or when AptPay believes in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to, or interfering with, AptPay’s rights or property, AptPay’s services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).

SHARING PERSONAL DATA

The nature of AptPay’s products and services means that we may need to share your personal data with recipients based outside of the country you reside. As explained above, we may share your personal data within affiliates of AptPay, which may involve transferring your data outside of your country. Where we do so, we will ensure a similar level of protection afforded to you in your country.

If AptPay shares personal data with third party service providers based outside of your country, we will ensure a level of protection and safeguarding of your personal data.

REFERRAL

You may sometimes ask AptPay about, or AptPay may sometimes ask you if you are interested in, products or services which we are unable to provide but which someone else we know (a “Contact”) may be able to provide. AptPay will never pass your information to a Contact unless you have asked us to do so. Please note that AptPay is not responsible for and cannot be liable to you for any products or services of any Contact or any acts or omissions of any Contact.

In addition, where AptPay has received your contact details and other personal data as a result of a referral, we may pass your personal data back to the relevant referrer for the specific purpose of commission reporting.

6. ADVERTISING

Advertisements that appear on AptPay’s website or app or otherwise in the Services are generally delivered directly to you by third party advertisers. These third-party advertisers have no access to the information you have provided directly to AptPay.

If you have provided your consent by accepting “Targeted Cookies” through the Website cookie consent manager or enabled “Targeting” and “Location” on the app, the advertisements that are served may be personalised to you.

ADVERTISING ON APTPAY’s WEBSITE

Advertisements on AptPay’s website and app may be served by third-party advertisers or their advertising partners.

1. Website: If you have provided your consent by accepting Targeted Cookies, third-party advertisers could automatically receive your IP address. Third-party advertisers or their advertising partners may also download cookies and similar technologies such as pixel tags/beacons and scripts downloaded to your computer to measure the effectiveness of their ads and to personalize advertising content. Doing this allows them to recognize your computer each time they send you an advertisement in order to measure the effectiveness of their ads and to personalize advertising content. In this way, they may compile information about where individuals using your computer or browser saw their advertisements and determine which advertisements were clicked.

If you have provided your consent by accepting Targeting Cookies, third-party advertisers will collect and profile personal data in the form of IP address and cookies from users on AptPay’s website in order to provide targeted online advertising and ad measurement. You may change your consent decision at any time via AptPay’s website cookie consent manager. Third-party advertiser’s collection and use of your personal data is covered by the third-party advertiser’s Privacy Policy.

2. App: If you have provided your consent by enabling “Targeting” and “Location” for the app, third-party service providers will collect and use the personal data to serve you personalised advertising. Depending on where you live and your privacy choices on AptPay’s app, the personal data collected in the app may include device identifiers and information, app usage information, (if you have enabled Location Services) geo-location, information about interests to make ads served more relevant and information about interactions with ads. Your device may be recognized over time and across apps.

3. Cookies and Location Tracking: If you do not accept Targeting Cookies on AptPay’s website, third party advertisers will not receive your IP address or download any cookies to your computer through AptPay’s website. However, advertisements that are not specific or personalised to you or your device may still be served to you on our website.

If you do not enable Targeting and Location for AptPay’s app, you will not receive personalised advertisements and thirdparty service providers will not collect and use personal data for such purposes.

REMARKETING ON APTPAY’S WEBSITE AND MOBILE APPLICATION

If you have provided you consent by accepting Targeting Cookies on AptPay’s website or enable Targeting on the app, AptPay may use Google AdWords and Facebook Ads. You can review AptPay’s Cookie Policy at www.aptpay.com which includes details on how to customize your cookie settings.

GOOGLE ADWORDS

Google AdWords enables Google, through the use of cookies, to identify the fact that you have visited the website or app, to identify aspects of your usage of the website or app and combine that with what it knows about your usage of other websites in the Google ad network. We use these services to advertise to visitors of Google ad network websites who have previously visited our website or app or who Google deems to have shared interests with visitors of our website and app.

Google’s collection and use of your personal data is covered by the Google privacy policy. You can set preferences for how Google advertises to you using the Google Ad Preferences page.

FACEBOOK ADS

AptPay may make use of Facebook Ads to allow us to better serve relevant advertising to our customers on the Facebook social media platform. Through the use of cookies, we can identify aspects of your usage of the website or app which can allow Facebook to identify which AptPay ads could be more relevant to you.

You can review the Facebook privacy policy and modify your Facebook Ad Preferences for ads shown to you by Facebook.

7. PERSONAL DATA RETENTION

Personal data is used for different purposes and is subject to different standards and regulations. In general, personal data will be retained for as long as necessary to provide you with services you request, to comply with applicable legal, accounting or reporting requirements, and to ensure that you have a reasonable opportunity to access your personal data.

To determine the appropriate retention period for personal data, AptPay considers the applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which AptPay processes your personal data and whether we can achieve those purposes through other means. For example:

1. Legal and regulatory requirements. AptPay will retain your personal data if required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods. We will retain your personal data for a period after closure of your account with AptPay or the last transaction AptPay carried out for you or disbursement paid to you.

2. Customer service. If you provide AptPay with your personal data but do not have an account with us, we will (subject to any legal or regulatory considerations) retain your personal data for as long as necessary to deal with your query (for example, to address your questions in the event of an unsuccessful application).

3. Marketing. Personal data provided to AptPay for marketing purposes may be retained until you opt out or until AptPay becomes aware the data is inaccurate.

8. CORRESPONDING WITH APTPAY

If you send correspondence to AptPay, including e-mails, AptPay may retain such data along with any records of your account.

AptPay may also retain customer service correspondence and other correspondence involving you, AptPay and any AptPay affiliate, our partners, and our suppliers. AptPay will retain these records in line with our data retention policy.

9. DATA SECURITY

AptPay is committed to maintaining the security of your personal data and has measures in place to protect against the loss, misuse, and alteration of the data under AptPay’s control.

AptPay employs modern and secure techniques to protect our systems from intrusion by unauthorised individuals, and regularly upgrade our security as better methods become available.

AptPay’s datacentres and those of our partners utilise modern physical security measures to prevent unauthorised access to the facility. In addition, all personal data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access.

All AptPay employees who have access to, or are associated with, the processing of personal data are contractually obligated to respect the confidentiality of your data and abide by the privacy standards AptPay has established.

Please be aware that no security measures are perfect or impenetrable. Therefore, although AptPay uses industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of personal data.

AptPay’s website or app may offer chat rooms, forums, message boards, or news groups to users. It is important to remember that any information disclosed in these areas becomes public information. Accordingly, as with any public forum, you should exercise extreme caution when deciding whether to disclose your personal information.

10. OTHER WEBSITES

This Privacy Policy does not apply to other websites. AptPay’s website and app may contain links to other Internet websites. By clicking on a third party advertising banner or certain other links, you will be redirected to such third party websites.

AptPay is not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third party administrators or webmasters prior to providing any personal data.

AptPay may permit third parties to offer subscription or registration-based services promoted through our own Services. In some instances, these other services may be co-branded or use AptPay’s trademarks under license; however, other’s services have their own respective privacy policies.

11. DIRECT MARKETING

AptPay may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services. Such marketing communications will only be sent to you if you gave your consent (when you registered for AptPay’s Services or at another point) and you have not withdrawn such consent or if there is another basis to send such communications to you (for example, in certain circumstances, AptPay may send marketing communications solely about our Services to existing customers using contact details we have obtained directly from the customer during the course of registration or the provision of our Services to them, provided they have not previously unsubscribed from such communications).

All marketing e-mails you receive from AptPay will include specific instructions on how to unsubscribe and you may unsubscribe at any time.

Additionally, you can unsubscribe from marketing by contacting us in writing at AptPay Inc., 121 Bloor Street E, Suite 401, Toronto, Ontario, M4W 3M5 or email [email protected] or by amending your marketing preferences within your account.

You should note that AptPay is opposed to third-party spam mail activities and does not participate in such mailings, nor does AptPay release or authorise the use of customer personal data to third parties for such purposes.

12. PROFILING

Through automated processes AptPay may create individual profiles for customers based on a combination of Indirectly Identifiable Personal Data and other information gathered through our customer’s interaction with our Services. AptPay may use such profiles to better understand the ways in which you use AptPay’s Services. In addition, AptPay may send personalised communications to you based on a profile (inc

e have a basis to send such communications in accordance with this Privacy Notice (see Section 11 above).

You have the right not to be subject to profiling, and you can exercise this right by contacting AptPay in writing at [email protected] or [email protected].

13. DATA PROTECTION RIGHTS

CALIFORNIA

Under California privacy law, you have certain privacy rights including the right to access information AptPay holds about you, and delete your personal information held by AptPay, limited to certain exceptions. If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about AptPay’s data collection practices and your California privacy rights, visit the CCPA Privacy Notice.

EUROPEAN ECONOMIC AREA (EEA) & UNITED KINGDOM

In certain circumstances (for example, if you are a “data subject” in the EEA or UK), and subject to verification of your identity, you may request access to and have the opportunity to update and amend your personal data. You may also exercise any other rights you enjoy under applicable data protection laws.

Data subjects in the EEA and UK have the right to:

1. Request access to any personal data AptPay holds about them (“Subject Access Request”) as well as related data, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making;

2. Obtain without undue delay the rectification of any inaccurate personal data AptPay holds about them;

3. Request that personal data held about them is deleted provided the personal data is not required by AptPay for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;

4. Under certain circumstances, prevent or restrict processing of their personal data, except to the extent processing is required for the establishment, exercise or defence of legal claims;

5. Under certain circumstances, request transfer of personal data directly to a third party where this is technically feasible.

Also, where you believe that we have not complied with our obligations under this Privacy Policy or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts.

You can find your National Data Protection Authority in the EU online at: https://edpb.europa.eu/about-edpb/board/members_en

The Data Protection Authority in the UK is the Information Commissioner’s Office: https://ico.org.uk/

Although not required, AptPay encourages you to let us know about any complaint you might have and AptPay will respond in line with our complaints procedure set out in section 14 of this Privacy Policy.

14. COMPLAINTS PROCEDURE

Where you believe that AptPay has not complied with our obligations under this Privacy Policy, or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let AptPay know about any complaint you might have and AptPay will respond in line with our complaints procedure – our contact details are set out in section 15 below.

We want to deal with your concerns fairly, effectively and promptly. However, some complaints are more complex than others and may take some time to investigate.

1. We will acknowledge your complaint promptly after receiving it

2. We will keep you informed throughout any investigation

In order to assist in the speedy resolution of any complaint you may have, it’s important that we understand your complaint fully. Sometimes this means AptPay may ask you to address your concerns to us in writing. This can be either by email or post to the addresses in section 15 below. AptPay has established internal procedures for investigating any complaint, which may also involve experienced members of staff from AptPay considering or investigation the complaint. Where appropriate, the complaint will be dealt with by someone who was not directly involved in the matter which is the subject of your complaint.

The member of staff will either have authority to settle your complaint or will have ready access to someone who has the authority. AptPay’s response will fully address the subject matter of your complaint and, if appropriate, will offer redress. If you phone us during our investigation and the member of staff handling your complaint is not available, then another member of our team will try to assist you.

Unless applicable data protection laws require responses within shorter timescales, AptPay will try to resolve any privacy complaints you have within 15 business days of receiving your complaint and in exceptional circumstances, within 35 business days (AptPay will let you know if this is the case).

Within the timelines noted above and after conclusion of the investigation, our DPO will inform you of:

  • the result of the investigation; and
  • any appropriate measures we will take to rectify the complaint.

As noted above, if you are not satisfied with AptPay’s reply/outcome, or otherwise with the handling of the complaint, you may have the right to lodge a claim before a relevant Data Protection Authority or the courts.

15. CONTACTING US

If you have a question, request or concern about privacy, confidentiality or the personal information handling practices of Apt Pay, our employees or service suppliers, please contact us at:

ATTN: Data Protection Officer

121 Bloor Street E, Suite 401

Toronto ON, M4W 3M5

email: [email protected]

16. UPDATING THIS PRIVACY POLICY

Apt Pay will continue to review this privacy policy to ensure it remains current with changing laws and regulations while meeting the evolving needs of customers. In the event of any amendment to the privacy policy, a notice will be posted within this page. If you continue to use our website, app or services following an amendment to the privacy policy, you will be deemed to have consented to the updated privacy policy.