Privacy Policy

Privacy Policy

Creopay sarl has the data protection of its own users and clients as one of the most important concerns. That’s why in the performing of personal data processing in the context following indicated, Creopay as Data Controller, has put in place the most appropriate security measure in order to ensure the confidentiality, integrity, correctness and safety of data subject persona data, carefully observing, at the same time, domestic and European legislation on data protection matters. Hence, we process your personal data exclusively on the basis of the General Data Protection Regulation 2016/679 (following “GDPR”) and on the basis of the domestic harmonization law on data protection (following overall “Data Protection Applicable Law”). In this privacy policy, we inform you about the most important aspects of data processing in the context of our website.

Based on the EU privacy regulation we give you the following information on how your personal data are processed by us.

Our contact details:

Company name: CREOPAY SARL

Address: RUE DU PUITS ROMAIN 33, L-8070 – BERTRANGE (LUXEMBOURG)
VAT : LU-32094410

Phone: +352 20210009

email: info@creopay.com

Explanation of terms

1. Personal data (Art 4 L 1 GDPR)

The regulations of the GDPR apply to the processing of personal data of natural persons.

As per definition “personal data” are all pieces of information which refer to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, site data, an online identification sign or by one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

1. Processing (Art 4 L 2 GDPR)

With the term “processing” the GDPR describes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

1. Data Controller (Art 4 L 7 GDPR) and Data Processor (Art 4 L 8 GDPR)

The “Data Controller” is a natural or legal person, authority, entity or any other body who jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

The “Data Processor” is a natural or legal person, authority, entity or any other body who

processes personal data on behalf of the Data Controller;

1. Consent (Art 4 L 11 GDPR)

The “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

1. Pseudonymization

The pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Any other term not expressly defined in this section shall have the meaning provided for by the applicable law on data protection.

Personal data processed and collected

Your navigation on the Site and/or access to certain sections of the Site may result in the collection and subsequent processing of your personal data by the Controller. In fact, when connecting to the Site, computer systems and software procedures for their operation automatically and indirectly acquire certain information (such as, but simply an example, the so-called “cookies”, as specified in the “Cookie Policy”, which is located at the end of this policy).

Furthermore, in the context of your navigation and use of the Site, it may be collected some other personal data resulting from specific activity performed by you on the Site and from specific activity carried out by the Controller.

The collection of your personal data may take place:

– by filling out online forms on your part, and specifically:

1. by filling out the form related to your registration on the web-account of the Creopay platform. In fact, during the operations related to the creation of a personal account on the platform it must be released the following personal data:
   1. anagrafic personal data of the owner of a sole company;
   2. identification document of the executive or the legal representant or board member of the Company;
   3. personal data related to the creation of the account (nickname, password, email address).
2. by filling out the form related to your request of information. In fact, during the operations related to the fulfillment of the form for information request it must be released the following personal data:
   1. anagrafic personal data of the requester (name, surname, professional status, company name);
   2. contact personal data (email, phone number);
   3. name of the
3. by marketing activity performed by the Controller on the personal data released by the user in the context of site use. Specifically:
   1. anagrafic personal data of the owner of a sole company;
   2. identification document of the executive or the legal representant or board member of the Company;
   3. contact personal data (i.e. e-mail contact).

Purposes and legal basis of data processing

According to the needs you have expressed from time to time by accessing the various sections of the Site the following are the purposes of the processing of your personal data and its legal basis.

Your personal data will be processed for the following purposes:

1. Managing of your registration on the platform and creation of related account

The personal data released in the context of the registration and creation of the account on the Creopay platform will be processed on the basis of the art. 6 par. 1 lett. b of the GDPR within the establishment of the pre-contractual or possibly contractual relationship between the data subject and the data controller. If you decide not to lend your personal data, the controller will not be able to establish any kind of contractual relationship and you will not be allowed to proceed with the steps related to the creation of the account.

1. Managing and responding to your requests

you can decide to give consent, according to the art. 6 par.1 lett. a of the GDPR, to the processing of your personal data for management and response, by the Controller, to your requests in relation to your activities on the Site (“contact us” section of the Site). In connection with this purpose, your consent is required when submitting requests. If you decide not to consent to the processing of your personal data for that purpose, you will not be able to continue sending your request.

1. Performing of marketing activities on your personal data

you can decide to give consent, according to the art. 6 par.1 lett. a of the GDPR, to the processing of your personal data for marketing purposes, allowing the Data Controller to contacting you by email in order to submitting you promotional information about its own services. In connection with this purpose, your consent is required for performing the above – mentioned activities. If you decide not to consent to the processing of your personal data for that purpose, Creopay sarl will not be allowed to send you its promotional information.

Methods of data processing and security measures

The processing of your personal data may include any type of operation, including collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction. Your personal data will be processed mainly in an automated form, with logic strictly related to its purposes, through the databases, the electronic platforms managed by the Controller or by third parties appointed for this purpose data processors and/or integrated IT systems of the Controller. The Data Controller has assessed the level of security as adequate taking into account the risks that could derive from loss, destruction, modification, unauthorized disclosure, accidental or illegal access, abuse or alteration of your personal data. In particular:

• has adopted security measures appropriate to the risks;
• keep your personal data on servers mainly located in the European 

Data Retention

In order to ensure compliance with the principles of necessity and proportionality of the processing, the Data Controller has identified different times for storing personal data in relation to the individual purposes pursued:

• for the purpose of your registration on the platform and creation of related account your personal data will be kept for the time strictly necessary and in any case at most as long as your profile is active;
• for the purpose of managing and responding to your requests on the Site (“contact us” section of the Site), your personal data will be kept for the time strictly necessary to process your request;
• for marketing purposes your personal data will be kept for at most 24 months from their

Furthermore, for the purposes of the points (ii) and (iii) your personal data will be deleted, if they are no longer needed for justifiable and admissible purposes or as soon as you revoke your consent and we are not legally bound or in any other way authorized to save these data anymore.

Finally, your data will be stored in particular to respect legal retention obligations as long as they may be needed for the exercise or defense of legal claims.

Data Recipients

Your personal data may be communicated to and processed by:

• legal or natural persons acting as external data processors appointed by the Controller;

• employees and/or collaborators of external data processors who, operating under the direct authority of external data processors, will be authorized to process your personal data.

Your personal data will not be disclosed to third parties, except in the event that your personal data should be disclosed by the Controller to third parties who will act as independent Controllers or consultants in order to protect the own rights, nor disseminated.

Transfer of your personal data outside the European Economic Area

Your personal data will not be transferred outside the European Economic Area.

Data subject’s rights

Data Protection Applicable Law recognizes you, as data subject, the following rights:

1. obtain confirmation from the Data Controller of the existence or not of your personal data, even if not yet registered and their communication in an intelligible form as well as access to your personal data (obtaining a copy) and related information (including the purposes of the processing, the categories and origin of the personal data, the categories of recipients to whom they have been or may be communicated, the retention period, the rights that can be exercised);
2. obtain from the Data Controller the correction of your personal data and the integration of your incomplete personal data;
3. obtain from the Data Controller the deletion of your personal data without undue delay, inter alia, when personal data are no longer necessary with respect to the purposes for which they were processed o the legal basis for their processing no longer exists;
4. obtain from the Data Controller the transformation into anonymous form or the blocking of your personal data processed in violation of the law, including those whose retention is not necessary, in relation to the purposes for which the personal data were collected or subsequently processed;
5. obtain from the Data Controller the limitation of the processing of your personal data, inter alia, when you contest the accuracy or object to the processing, for the period necessary for the respective assessment;
6. receive, in a structured format, commonly used and readable by an automatic device, your personal data as well as transmit or, if technically possible and in the cases provided by the applicable law, obtain the direct transmission of your personal data to another data controller without impediments, in cases where the processing is carried out by automated means and is based on your consent or is necessary for the execution of a contract of which you are a

Furthermore, if the processing of your personal data bases on your consent, you have the right to withdraw the consent at any time per mail to the following address or via email to:

• Address: avenue de la faiencerie 121 – L-1511 Luxembourg
• Email: info@creopay.com

If you believe that the processing of your data violates the data protection applicable law, or your data protection rights are infringed in any other way, you can lodge a complaint with a supervisory authority. In Luxembourg the competent supervisory authority is the “National Commission for Data Protection”.

Cookie Policy

Our website uses cookies. Cookies are small text files which your browser files and stores on your terminal device. We use cookies to make our offer more user-friendly. Some cookies will remain saved on your terminal device until you delete them. They enable us to recognize your browser at your next visit. The deactivation of cookies may restrict the functionality of our website.

Characteristics and purposes of cookies

Our Site uses the following categories of cookies, which can be from us or third parties.

Technical and functional cookies

1. Technical cookies or “technical cookies”: They are used to facilitate your navigation on the Site and the use of its features. Among the technical cookies, we point out the essential cookies, also called “strictly necessary”, which enable functions without which it would not be possible to fully use the Site as well as the performance cookies or “performance cookies” that allow you to improve the functionality of the
2. Function cookies or “functionality cookies”: They allow the Site to remember the choices you made (for example the language or the geographical area in which you are) and propose them to subsequent accesses in order to provide better and personalized services (for example, they can be used to offer content similar to those you have previously requested).

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which will be saved on your computer and facilitates the analysis as regards the use of the Site by you. Furthermore, the information collected are gathered in an aggregated form in order to not jeopardize your rights and fundamental freedoms.

You can prevent the storage of cookies through specific settings in your browser software: but please note that in this case you will eventually not be able to use all functions of our website to their full extent. Furthermore, you can prevent the collection of data which are generated through cookie and refer to your use of this website (incl. your IP-address) as well as the processing of these data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Description of the methods of consent for the installation of cookies

For the use of technical and analytical cookies, your consent is not required. You can, however, disable them by following the procedure described in the paragraph “How to enable or disable cookies on your browsers”.

In any case, you can at any time change your preferences regarding cookies.

The following table describes the cookies sent to your browser by accessing the Site.

CREOPAY SARL Cookies

GOOGLE ANALYTICS’ Cookies

How to  enable  or  disable cookies on  your browsers

You can block the acceptance of cookies by your navigation browser. However, this operation could make it less efficient or prevent access to some functions or pages of the

Site. Below are the methods offered by the main browsers to block the acceptance of cookies:

Internet Explorer:

Firefox:

Chrome:

Safari:

Privacy Notice

(Art. 13 Regulation UE 2016/679)

Creopay sarl, with registered office in Luxembourg av. De la faiencerie 121 , email: info@creopay.com phone number: +352 20210009, (hereinafter “Creopay”) informs that it is the Data Controller – in accordance with the provisions of EU Regulation 2016/679 (“GDPR”), the national harmonization legislation and the measures adopted by the National Supervisory Authority (hereinafter collectively the “applicable law”).

Processing of personal data means any operation or set of operations, performed with or without automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

1. Categories of data processed

Creopay will process the following categories of personal data (following and overall “personal data”):

1. anagrafic personal data of the requester (name, surname, professional status, company name);
2. contact personal data (email, phone number).
3. Purposes of data processing

Personal Data will be acquired and processed in the context of the activities foreseen in the “Contact us” section of the website for the exclusive purpose of taking charge of and responding to requests for information from users or customers.

3. Legal basis of data processing

Personal Data will be processed, exclusively for the purposes indicated in the previous point, on the basis of the unequivocal expression of consent by the data subject on the basis of the provisions of art. 6 par. 1 letter A of the GDPR, which can be revoked at any time according to the procedures indicated by the Controller at the time of the collection of consent. You can whenever revoke your consent sending an email to the email: info@creopay.com

4. Nature of the conferring of personal data

The communication of Personal Data is optional. Any partial or total failure to communicate the aforementioned data will make it impossible to take charge of and subsequently respond to requests for information made in the “Contact Us” section of the site.

5. Communication and disclosure of personal data

Personal Data may be disclosed to any other third party if such disclosure is required for the performing if the activities carried out on the website or where required by law, including the scope of prevention/repression of any illegal activity.

Your personal data may be communicated to and processed by:

1. legal or natural persons acting as external data processors appointed by the Controller;
2. employees and/or collaborators of external data processors who, operating under the direct authority of external data processors, will be authorized to process your personal

Your personal data will not be disclosed to third parties, except in the event that your personal data should be disclosed by the Controller to third parties who will act as independent Controllers or consultants in order to protect the own rights, nor disseminated.

6. Transfer of your personal data outside the European Economic

Your personal data will not be transferred outside the European Economic Area to other countries (so-called “Third Countries”) or to international organizations.

7. Methods of processing personal data and security measures adopted

The personal data collected are processed in accordance with the principles of correctness, lawfulness, transparency and protection of confidentiality and rights. Personal Data is processed manually and electronically. Security measures are also adopted in order to avoid the risks of unauthorized access, destruction or loss, unauthorized processing or processing that does not comply with the purposes of collection.

8. Storage of personal data processed

Personal Data will be processed only for the time necessary to respond to users’ and customers’ requests for information. This period may be suspended and/or extended at the request of the Authority in cases of prevention/repression of any illegal activity.

• Data Controller

The identification details of the Data Controller are as follows: Creopay sarl, with registered office in Luxembourg av. De la faiencerie 121 – L1511 , email: info@creopay.com , phone number: +352 20210009

10. Data subjects’ rights

Data Protection applicable Law recognizes you, as data subject, numerous rights. In particular, you have the right to:

• obtain confirmation from the Data Controller of the existence or not of your personal data, even if not yet registered and their communication in an intelligible form as well as access to your personal data (obtaining a copy) and related information (including the purposes of the processing, the categories and origin of the personal data, the categories of recipients to whom they have been or may be communicated, the retention period (when possible), the rights that can be exercised);

• obtain from the Data Controller the correction of your personal data and the integration of your incomplete personal data;
• obtain from the Data Controller the deletion of your personal data without undue delay, inter alia, when personal data are no longer necessary with respect to the purposes for which they were processed o the legal basis for their processing no longer exists;
• obtain from the Data Controller the transformation into anonymous form or the blocking of your personal data processed in violation of the law, including those whose retention is not necessary, in relation to the purposes for which the personal data were collected or subsequently processed;
• obtain from the Data Controller the limitation of the processing of your personal data, inter alia, when you contest the accuracy or object to the processing, for the period necessary for the respective assessment;
• receive, in a structured format, commonly used and readable by an automatic device, your personal data as well as transmit or, if technically possible and in the cases provided by the applicable law, obtain the direct transmission of your personal data to another data controller without impediments, in cases where the processing is carried out by automated means and is based on your consent or is necessary for the execution of a contract of which you are a

Furthermore, if you believe that the processing of your data violates the data protection applicable law, or your data protection rights are infringed in any other way, you can lodge a complaint with a supervisory authority. In Italy the competent supervisory authority is the “National Commission for Data Protection”.

The address for the exercise of the aforementioned rights under Articles 15-20 of the GDPR is as follows: info@creopay.com

CONSENT FORM

The data subject declares to have received the information regarding the processing and protection of personal data in accordance with Articles 13 and 14 of European Regulation 679/2016.

For the purposes indicated in the paragraph “Purposes of data processing”, the consent of the data subject is required pursuant to Article 6, paragraph 1, letter a. of EU Regulation 670/2016. Therefore, the data subject party gives his/her informed and specific consent:

To the processing of personal data by Creopay sarl for the purpose of taking charge of and responding to requests for information from users or customers into section “Contact Us” of the website.

YES ❏           NO ❏

Privacy Notice

(Art. 13 Regulation UE 2016/679)

Creopay sarl, with registered office in Luxembourg av. De la faiencerie 121 , email: info@creopay.com phone number: +352 20210009, (hereinafter “Creopay”) informs that it is the Data Controller – in accordance with the provisions of EU Regulation 2016/679 (“GDPR”), the national harmonization legislation and the measures adopted by the National Supervisory Authority (hereinafter collectively the “applicable law”).

Processing of personal data means any operation or set of operations, performed with or without automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

2. Categories of data processed

Creopay will process the following categories of personal data (following and overall “personal data”):

1. anagrafic personal data of the owner of a sole company;
2. identification document of the executive or the legal representant or board member of the Company;
3. contact personal data (i.e. email contact).
4. Purposes of data processing

Personal Data will be acquired and processed in the context for the following exclusive purposes:

1. managing of your registration on the platform and creation of related account;
2. performing of marketing activities on your personal
3. Legal basis of data processing

Personal Data will be processed, exclusively for the purposes indicated in the previous point, on the basis of:

1. the establishment of the pre-contractual or possibly contractual relationship between the data subject and the data controller as described into the art.6 par.1 letter B of the GDPR, for the purposes of the above – mentioned point a).
2. the unequivocal expression of consent by the data subject on the basis of the provisions of 6 par.1 letter A of the GDPR, for the purposes of the above – mentioned point b).

The consent eventually released can be revoked at any time according to the procedures indicated by the Controller at the time of the collection. You can whenever revoke your consent sending an email to the email: info@creopay.com .

12. Nature of the conferring of personal data

The communication of personal data, for the purposes of the above – mentioned point a) of paragraph 2 is mandatory. Any partial or total failure to communicate the aforementioned data will not allow the Data Controller to create an account on the platform.

The communication of personal data, for the purposes of the above – mentioned point b) of paragraph 2 is optional. Any partial or total failure to communicate the aforementioned data will make impossible to perform any kind of marketing activity on your personal data.

13. Communication and disclosure of personal data

Personal Data may be disclosed to any other third party if such disclosure is required for the performing if the activities carried out on the website or where required by law, including the scope of prevention/repression of any illegal activity.

Your personal data may be communicated to and processed by:

1. legal or natural persons acting as external data processors appointed by the Controller;
2. employees and/or collaborators of external data processors who, operating under the direct authority of external data processors, will be authorized to process your personal

Your personal data will not be disclosed to third parties, except in the event that your personal data should be disclosed by the Controller to third parties who will act as independent Controllers or consultants in order to protect the own rights, nor disseminated.

14. Transfer of your personal data outside the European Economic

Your personal data will not be transferred outside the European Economic Area to other countries (so-called “Third Countries”) or to international organizations.

15. Methods of processing personal data and security measures adopted

The personal data collected are processed in accordance with the principles of correctness, lawfulness, transparency and protection of confidentiality and rights. Personal Data is processed manually and electronically. Security measures are also adopted in order to avoid the risks of unauthorized access, destruction or loss, unauthorized processing or processing that does not comply with the purposes of collection.

16. Storage of personal data processed

Personal Data will be processed only for the time necessary to achieve the purposes for which they were collected and in particular:

1. For the purposes of the above – mentioned point a) of the paragraph 2, as long as your account on the platform is
2. For the purposes of the above – mentioned point b) of the paragraph 2, within 24 months from the collection of personal

These periods may be suspended and/or extended at the request of the Authority in cases of prevention/repression of any illegal activity.

17. Data Controller

The identification details of the Data Controller are as follows: Creopay sarl, with registered office in Luxembourg avenue de la faiencerie 121 , email: info@creopay.com, phone number: +352 20210009

18. Data subjects’ rights

Data Protection applicable Law recognizes you, as data subject, numerous rights. In particular, you have the right to:

• obtain confirmation from the Data Controller of the existence or not of your personal data, even if not yet registered and their communication in an intelligible form as well as access to your personal data (obtaining a copy) and related information (including the purposes of the processing, the categories and origin of the personal data, the categories of recipients to whom they have been or may be communicated, the retention period (when possible), the rights that can be exercised);

• obtain from the Data Controller the correction of your personal data and the integration of your incomplete personal data;
• obtain from the Data Controller the deletion of your personal data without undue delay, inter alia, when personal data are no longer necessary with respect to the purposes for which they were processed o the legal basis for their processing no longer exists;
• obtain from the Data Controller the transformation into anonymous form or the blocking of your personal data processed in violation of the law, including those whose retention is not necessary, in relation to the purposes for which the personal data were collected or subsequently processed;
• obtain from the Data Controller the limitation of the processing of your personal data, inter alia, when you contest the accuracy or object to the processing, for the period necessary for the respective assessment;
• receive, in a structured format, commonly used and readable by an automatic device, your personal data as well as transmit or, if technically possible and in the cases provided by the applicable law, obtain the direct transmission of your personal data to another data controller without impediments, in cases where the processing is carried out by automated means and is based on your consent or is necessary for the execution of a contract of which you are a part;

Furthermore, if you believe that the processing of your data violates the data protection applicable law, or your data protection rights are infringed in any other way, you can lodge a complaint with a supervisory authority. In Luxemburg the competent supervisory authority is the “National Commission for Data Protection”.

The address for the exercise of the aforementioned rights under Articles 15-20 of the GDPR is as follows: info@creopay.com

CONSENT FORM

The data subject declares to have received the information regarding the processing and protection of personal data in accordance with Articles 13 and 14 of European Regulation 679/2016.

For the purposes indicated in the paragraph “Purposes of data processing”, the consent of the data subject is required pursuant to Article 6, paragraph 1, letter a. of EU Regulation 670/2016. Therefore, the data subject party gives his/her informed and specific consent:

– To the processing of personal data by Creopay sarl for marketing activities.

YES ❏                NO ❏

Luxembourg, 15 october 2020