Privacy Policy
Version 2.0 January 01, 2025
This privacy policy explains how CFPS, (further: "Company" or "we") processes the information of our website visitors and application users. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data. Please read our Privacy Policy carefully before using our website ("the Site"). In this Policy "we", "us" and "our" means CFPS (CFPS) and "you" means the individual who is using the Site or Application.
Our Privacy Policy, together with the Terms of Business sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This privacy policy extends to our website visitors and application users as data subjects. For the purposes of the Personal Data Protection Act 2018 (the "Act"), the lead supervisory authority is the Office of the Commissioner for Personal Data Protection.
We deliberately do not request or collect personal data of children under 16 years of age and do not offer them our services. If we discover that a person under the age of 16 has given us their personal data without parental approval, we will take all necessary measures to delete this information.
Different countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you can't give as personal information.
How will we use the information we collect about you?
We act as the controller of your personal data, as we independently decide for what purposes we need them and choose services and tools for their processing.
Cookies
When you browse our website, we set and collect information from cookies on your browser. We use cookies to make using our Site as straightforward as possible and to improve the service we offer you.
Necessary cookies are enabled by default but can be turned off on your device, although this may affect your browsing experience. These cookies help us to operate our website and identify any issues. The processing of this cookies is based on our legitimate interest (GDPR Article 6(1)(f)) to ensure proper functionality of corporate website.
Analytics and advertising cookies which help us understand our website and performance and improve it as necessary, are processed based on your consent (GDPR Article 6(1)(a)). You may withdraw your consent at any time. When you do that, analytics and advertising cookies will be removed from your browser.
You are not obliged to accept cookies that we send to you and you can in fact modify your browser so that it will not accept cookies. To enable or disable cookies, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” facility). Alternatively, an external resource is available at www.allaboutcookies.org/manage-cookies providing specific information about cookies and how to manage them to suit your preferences.
Please note that should you choose to set your browser to disable cookies, you may not be able to access secure areas of this Site, for example any online accounts you may hold.
Based on the exact cookie it will be stored for up to one year. You may find more details on what are cookies and which specific cookies we are using, how long we store them and whom they are shared with in our Cookie Policy.
Account and transaction information
When you register an account with us, we will use your information to manage your account(s), give you statements and provide our services, to identify and tackle fraud, money laundering and other crime, carry out regulatory checks and meet our obligations to any relevant regulatory authority, and to develop and improve our services to you and other customers and protect our interests.
| Purpose of processing | Lawful basis | Data types | Storage duration |
|---|---|---|---|
| Onboarding a new user | Article 6(1)(b) - contract |
- Email - IP address - Country of residence (Native Geolocation services) - Password | Five years after the end of the relationship with the client in accordance with the IFRS requirements |
| Providing access to application | Article 6(1)(b) – contract |
- Email - Phone number - Password - PIN | 12 months after account cancellation |
| Password reset or restoring | Article 6(1)(b) – contract |
- Email - Phone number - Password - PIN | 12 months after account cancellation |
| Prevention of fraud scenarios with multidevice logins | Article 6(1)(f) - legitimate interest of the Company to prevent fraudulent activities by users |
- Device Id (IMEI-like) - Device type - OS name - IP address | Five years after the end of the relationship with the client in accordance with the IFRS requirements |
| SEPA or SWIFT transfers | Article 6(1)(b) – contract |
- Customer account information - Payment details - Payment beneficiary (for outbound transactions) or sender (for inbound transactions) information | Five years after the end of the relationship with the client in accordance with the IFRS requirements |
| Maintain and present transaction history | Article 6(1)(b) – contract | - Transaction details including its status, timestamp, amount, sender or beneficiary/merchant information | Five years after the end of the relationship with the client in accordance with the IFRS requirements |
| Providing customer support to company clients | Article 6(1)(b) – contract |
- Customer profile details - Customer accounts and issued cards information - Customer transaction history | 12 months after account cancellation |
| KYC verification of new customers | Article 6(1)(f) - legitimate interest of the Company to know its customers and ensure they are persons with confirmed identities. |
- Questionnaire (Employment status, Account purpose, Expected
monthly turnover in EUR, Expected monthly number of transactions) - Identity document (Front of ID) - Selfie - Proof of address - Phone verification - First Name - Last Name - Profile details (Place of birth, gender, TIN, nationality) - Address (Country, City, Apartment Number, Post Code) | Five years after the end of the relationship with the client in accordance with the IFRS requirements |
| Retaining of KYC information and results of new customers | Article 6(1)(f) - legitimate interest of the Company to know its customers and ensure they are persons with confirmed identities. |
- Email - First Name - Last Name - Profile details (Place of birth, gender, TIN, nationality) - Address (Country, City, Apartment Number, Post Code) | Five years after the end of the relationship with the client in accordance with the IFRS requirements |
| Establishment, exercise or defense of legal claims | Article 6(1)(f) - legitimate interest of the Company to defend organizational interests in case of a customer complaint or a lawsuit |
- Customer profile - Customer transaction history | Up to 6 years according to national law 66(Ι)/2012 |
All the data is received directly from you when you register the account, receive or send funds using the CFPS service. If any data is inaccurate it will be corrected without delay. The information above is obligatory for CFPS to render the services to you as our customer.
Will we share your information with anyone else?
We partner with Unlimint EU licensed BaaS provider, who provides IBANs, issues debit cards and ensures AML compliance within your CFPS subscription. Account and transaction data is shared with BaaS provider for them to be able to perform their part of the services. You may review the Unlimint Privacy Notice on their website (https://www.unlimit.com/privacy-policy/).
The KYC procedure is performed by SumSub eKYC cutting-edge identity verification service, which has been chosen and contracted by our BaaS provider Unlimit. SumSub Privacy Notice is available at the following link: https://sumsub.com/privacy-notice-service/.
CFPS does not have partners outside of EU with whom it will share customer and transaction data. If there will be cases when such sharing outside of EU will be required and we will plan to disclose your information to a service provider (a person, office or organisation) located in another country (including locations outside of the European Economic Area), we will take steps reasonably necessary to ensure that they apply the same levels of protection as we are required to apply to your information and to use your information only for the purpose of providing the service to us.
Automated decisions
We neither use automated decision-making nor your personal data to automatically assess aspects of your personality (automated profiling).
Your rights over your information
By law, you can ask us what information we hold about you, request to have access to it, and you can ask us to correct it if it is inaccurate.
In those cases where we process your information for contractual reasons, you can ask us to give you a copy of the information.
As we process your data based on the legitimate interest you have the right to object to the processing of your data. It shall be noted however, that the processing activities that are based on legitimate interest are of the nature that the further processing may be seized only with the cancellation of the service contract. If you would like to exercise your right to object, please contact our Data Protection Manager at dataprotection@cfps.co or CFP Technology FZCO, Kalimnou, 1 Q-MERITO, 6th floor, Flat/Office 601 6037, Larnaca, Cyprus.
If you believe we are not using your information lawfully you can ask us to stop using it for a period of time. In some circumstances, you may have the right to ask us to erase your PII.
Your Queries
If you have any queries regarding privacy issues then please write to us at Compliance Department, compliance@cfps.co or CFP Technology FZCO, Kalimnou, 1 Q-MERITO, 6th floor, Flat/Office 601 6037, Larnaca, Cyprus.
If you have a complaint about our use of your information, you can contact the Office of the Commissioner for Personal Data Protection via procedure defined on their website https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_en/page1i_en?opendocument.
Changes to this Privacy Notice
We reserve the right to update this privacy notice at any time.
Previous versions of the Privacy Notice can be access at https://cfps.co/privacy-policy-v1/.