ログイン
JP
JP EN ZH

プライバシーポリシー

Last Update: 25th April, 2022

Who is Evonet?

Evonet Global Pte. Ltd. is a payment technology company across Southeast Asia and East Asia region with subsidiaries including Evonet Global Corp. Ltd., Evonet Global Japan Inc. and other related affiliates and group companies (totally, hereinafter, “we”, “us”, or “Evonet”). Evonet provides wallet network services, payment processing gateway services, merchant acquiring services and other payment services (totally, hereinafter, “Services”) to wallet operators, acquirers, merchants, financial institutions, banks or other customers (totally, hereinafter, “Customer”). Evonet Services maybe directly or indirectly provided to the customers of Customer (hereinafter, “End-Customer”) to fulfill the services Customer provided to the End-Customer.

“Personal Data” means the information related to an identified or identifiable individual. The Personal Data usually is provided by Customer to Evonet and Evonet usually collect, process, store and use the Personal Data for KYC needs, transaction processing, settlement processing or any appropriate reasons. Personal Data includes both the information of an individual from Customer and the information of an individual as an End-Customer.

Evonet takes great importance on the privacy protection and data security of Personal Data. By following the privacy concepts from the applicable laws and regulations including but not limited to the local laws of Singapore, Hong Kong SAR, Japan, China and the General Data Protection Regulation (“GDPR”), we implement our privacy policy to ensure the legal and appropriate uses of the Personal Data. Evonet also have Data Protection Officer to implement employee and staff training, supervise employee and staff to be in an appropriate manner, supervise the system to fulfill the Privacy Policy and Data Protection Policy requirement and take other necessary responsibilities.

What personal data do we collect?

Personal Data will be collected, processed, stored or used in the following circumstances:

  1. when Customer onboarding at Evonet (Customer Onboarding)
  2. when Customer or End-Customer visiting or utilizing Evonet official website, Merchant Service Portal or any other online pages or apps (” Online Visit”)
  3. when End-Customer purchasing on Customer’s website (” Online Purchasing”)
  4. when Evonet complying with legal or regulatory obligations (” Compliance”)
  5. when Evonet holding marketing activities, or data analysis for system upgrading (” Marketing and Upgrading”)

Customer Onboarding

The Customer Onboarding process includes performing the contract, completing the KYC/CDD procedure, completing the AML/CFT procedure, and any other procedures before we provide the Services to the Customer. The data is required for us to verify the Customer that is in an appropriate manner and is not involved in any sanction or illegal and illicit activities. Our Sanction Policy and AML & CFT Policy have addressed the detail of the verification procedure.

Data we collect :

  1. Full name including first name and family name
  2. ID card or passport, including number and copies
  3. Registered address listed in the house registration and current address
  4. Telephone number
  5. Email address
  6. Date of birth
  7. Photographs
  8. Details of bank account
  9. occupation and work address
  10. Sample of signature(s)
  11. Any other data required in the Merchant Services Agreement, Merchant Application Form, Sanction Policy and AML & CFT Policy

Method of data collection : We collect the above data by documents we provide to the Customer through email, Merchant Service Portal, or hard copies delivered to us.

Data storage : We store the hard copies in our Offices, otherwise we store the data in our Amazon database which is under Data Protection Policy.

Online Visting

The Online Visit process includes visiting our official website, visiting and utilizing Merchant Services Portal, or visiting other online pages or apps developed by Evonet. We capture the logs of the Customer operation to provide marketing communication or conduct data analysis.

Data we collect :

  1. Browser information
  2. IP information
  3. Time of visit
  4. Referral uniform resources locator (URL)
  5. Pages visited and actions or clicks on the pages
 

Any other data the Customer fill in the input box we intend to set in advance

Method of data collection : We collect the above data by embedding the data collector into the pages or apps.

Data storage : We store the data in our Amazon database which is under Data Protection Policy.

Online Purchasing

Online Purchasing process means the End-Customer conducts payment at the Customer’s website or app, and the Customer provides such payment and individual data to Evonet to complete the payment.

Data we collect :

Full name including first name and family name

Shipping address information, including shipping address and ZIP code

Telephone number

Payment information, including payment method, card number, cardholder name, expiration date, verification code, user ID, and any other payment information needed

Any other data the Customer fill in the input box in the checkout page and is needed to complete the payment

Method of data collection : We collect the above data by the pre-configured APIs between the Customer and Evonet under the use of Merchant Services Agreement.

Data storage : We store the data in our Amazon database which is under Data Protection Policy.

Compliance

Compliance process includes legal or authority request of the Customer information and Evonet’s third-party auditor. Evonet shall provide the Customer Personal Data to the specific department or organization for compliance review.

Data we collect : based on the request of the legal or authority department or Evonet’s third-party auditor

Method of data collection : based on the request of the legal or authority department or Evonet’s third-party auditor

Data storage : We store the hard copies in our Offices, otherwise we store the data in our Amazon database which is under Data Protection Policy.

Marketing and Strategy

For marketing purposes, we may contact the contact addresses the Customer left at Evonet to provide the latest Services.

We will also compile anonymous, aggregated statistics that allow us to form the payment trends and hence enhance our systems.

How long do we retain the Personal Data?

We retain the Personal Data for different periods in different scenarios:

  1. For the Customer information, including but not limited to identity, contact details, technical information, or other information related to the Customer, we will hold a retention period of 3 (three) years after the termination of the contract between us and the Customer.
  2. For End-Customer information, we will hold a retention period of 5 (five) years after the initial transaction or payment initiated by the End-Customer.

We may extend or change the retention period of holding the Personal Data if there is a specific legal or compliance requirement. We will only retain the Personal Data for as long as necessary to fulfil the purposes we collected, processed, stored or used in above circumstances.

If the Customer is closed but still within the contract period, we reserve our right to retain and access Personal Data for so long as required to comply with applicable laws. We will continue to use and disclose Personal Data in accordance with this Privacy Policy.

We have defined the expiration time of the cookies we use and the cookies will be automatically disabled after the expiration time. After that, the retained Personal Data will be deleted at all. Our Cookie Policy addresses the details of how we use the cookies.

Based on the rights addressed in the subsequent chapter, it is the Customer’s right to ask us to delete the Personal Data in some specific circumstances.

The Customer or the End-Customer may not be notified that we use the Personal Data for marketing and system upgrading purposes. In these circumstances, the Personal Data will be anonymously processed.

We will always retain the latest Personal Data so the Customer shall let us know if any of the Customer’s Personal Data has been updated.

How do we use the Personal Data?

 We process the Personal Data in the following circumstances:

  1. Where we need to perform the contract we are about to enter into or have entered into with the Customer as our merchant.
  2. Where we have a legitimate interest in processing the Personal Data, it will not do so to the extent that processing would override the Customer’s interests, rights, and freedoms to protect the Personal Data.
  3. Where we need to share the Personal Data, which is addressed in Sharing of the Personal Data section.
  4. Where we manage the payment or other general records keeping.
  5. Where we can compile anonymous, aggregated statistics that allow us to form the payment trends and share it to the Customer.
  6. Where we can improve our Services and to ensure our Services are of interest to the Customer.

Sharing of the Personal Data

Evonet will not share or disclose the Personal Data to any other third parties, except:

  1. The circumstances that have been expressed in other sections, especially in the Customer rights section.
  2. To third party service providers who have been appointed as data processors to perform functions and services on our behalf and who will be provided only with the Personal Data necessary to perform the services on our behalf but are not authorized by us to use such data for any other purposes (e.g. providers of services in respect of risk management machine, information technology systems, customer relationship management, etc.).
  3. To third party service providers who have been appointed as verification auditors to verify the identity of the Customer in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as “Anti-Money Laundering (“AML”) and Know-Your-Customer (“KYC”)” obligations, and financial reporting obligations.
  4. If we are required to do so by law or pursuant to legal or regulatory process or to comply with any applicable laws, or in response to a legitimate request from a law enforcement authority or other government official.

Data Security

Understanding that the Personal Data protection is extremely important to us and required by the payment industry, we’ve obtain the PCI DSS (Payment Card Industry Data Security Standard) certificate to ensure that the processing and storage of the Personal Data is in a secure and safe system environment.

We implement administrative, technical and physical safeguards designed to protect the Personal Data the Customer provides against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Other service providers who might have access to the Personal Data in order to provide services on our behalf will be contractually obliged to keep such data in confidence, provide adequate data security measures, and may not use that data for any other purpose.

For any detected suspicious data and security breaches, we have strict procedures in place to deal with them. The Customer and any applicable regulators will be notified of the processing results.

Customer Rights

By complying to legal or regulatory obligation of applicable laws, the Customer has rights to the related activities:

  1. Right to access the Personal Data. This enables the Customer to request confirmation of whether we process certain Personal Data relating to the Customer, and if so, to request a copy of that Personal Data.
  2. Right to rectify the Personal Data. This enables the Customer to request that we rectify or update any Personal Data that is inaccurate, incomplete or outdated.
  3. Right to erase the Personal Data. This enables the Customer to request that we erase the Personal Data in certain circumstances, such as where we collected Personal Data on the basis of the Customer’s consent and the Customer withdraw the consent.
  4. Right to object to processing of Personal Data or restrict to process Personal Data. This enables the Customer to object where we are processing the Personal Data for certain circumstances, such as direct marketing purposes, or request that we restrict the use of the Personal Data in certain circumstances, such as while we consider another request that the Customer have submitted, for example a request that we update the Customer’s Personal Data.
  5. Right to withdraw consent. This enables the Customer to withdraw the consent where the Customer have given us consent to process the Personal Data. Please note that if the Customer withdraw the consent, we may not be able to provide certain Services to the Customer.
  6. Right to transfer the Personal Data to the Customer or to a third party. This enables the Customer to request that we provide a copy of the Personal Data to the Customer in a structured, commonly used and machine readable format in certain circumstances.

Contact us if any inquires

If the Customer have any questions, complaints, suggestions or concerns about this Privacy Policy, please contact our Data Protection Officer as the following information.

contact@evonetglobal.com

Change to this Policy

Evonet may change this Privacy Policy from time to time to reflect the new changes based on the policy practice, legal or regulation opinions, update of applicable laws, or other related requirements.

To inform the Customer of the changes, we mark the “Last Update” under the title to indicate the last update date. What we amend will also be reflected in the policy and be pushed as a banner to the Customer through Evonet’s official website, Merchant Service Portal or any other online pages or apps.