en

Privacy policy

Enacted: October 18, 2022

Last modified: October 18, 2022

This Privacy Policy (hereinafter referred to as the “Policy”) describes the procedure implemented by PAILY AS, a legal entity incorporated under the laws of the Republic of Estonia, company number 12426661 (hereinafter referred to as the “Paily”) on processing of personal data of Data subjects using the website of Paily with the domain name pailylegal.com (hereinafter referred to as the “Website”) or the accounts, profiles, or channels of Paily in messengers or social networks or/and expressing interest in the legal, business consulting, and other services of Paily the information about which is provided through the Website (hereinafter referred to as the “Services”).

The Policy is enacted in accordance with The Data Protection Act 2018 of the Republic of Estonia, The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, and the General Data Protection Regulation No. 2016/679 (GDPR) adopted by the European Parliament and the Council on 27 April 2016. These laws and regulations shall prevail over the Policy in case of any contradictions.

All the terms and definitions provided by The Data Protection Act 2018, The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, and GDPR shall apply to this Policy unless their application does not contradict the terms or definitions of the Policy.

If Paily processes personal data of a Data subject who is a resident or citizen of the European Union, the processing is conducted in accordance with GDPR, unless Paily cannot avoid the application of the data processing rules and procedures established by the legislation of the Republic of Estonia.

f Paily processes personal data of a Data subject who is not a resident or citizen of the European Union or the Republic of Estonia, and the processing of personal data of such Data subject is governed by the laws and regulations of other jurisdictions, including, but not limited to California Consumer Privacy Act (CCPA) and Children’s Online Privacy Protection Act and Rule enacted by the Federal Trade Commission (COPPA), such laws and regulations shall apply to the extent that their application does not violate the legislation of the Republic of Estonia.

The following terms and definitions shall apply to the Policy:

“Controller” means Paily.

“Data subject” means a natural person who is using or/and exploring the Website or/and expressing interest in the Services of Paily by contacting Paily or otherwise.

“Processor” means a natural person or a legal entity that is either:

(a) engaged in the processing of personal data of Data subjects under the contract concluded with Paily or Paily’s Subsidiary or

(b) Paily’s Subsidiary

“Services” means legal, business consulting, accounting, and other services the information about which is provided through the Website.

“Subsidiary” means a legal entity incorporated, owned, or controlled by Paily.

“Third party” means a natural person or a legal entity that either:

(a) participates in the provision of the Services of Paily under the contract concluded with Paily or Paily’s Subsidiary or

(b) receives personal data of the Data subject from Paily

“Usage data” means personal data about the Data subject’s activities on the Internet collected automatically either through the use of the Website or from the Website’s infrastructure itself. The Usage data is anonymous and cannot be attributed to the particular person.

Sesction 1. Lawfulness of personal data processing

1.1. By visiting, using, or/and exploring the Website, the Data subject provides Paily with the consent to the processing of personal data of the Data subject provided in paras.2.1.8-2.1.9 of the Policy.

1.2. By filling out the feedback form provided on the Website, or by providing Paily with personal data through the accounts, profiles, or channels of Paily in messengers or social networks, the Data subject provides Paily with the consent to the processing of personal data of the Data subject provided in paras.2.1.1-2.1.7 and para.2.1.11 of the Policy.

1.5. Even if the Data subject does not provide explicit consent to the processing of his or her personal data but uses the Services of Paily or requests Paily to provide the Services, Paily has the right to process personal data of such a Data subject provided in paras.2.1.1-2.1.7 and para.2.1.11 of the Policy for the purposes related to the provision of the Services.

1.6. If a Data subject provides Paily with personal data provided in para.2.1.11 of the Policy, the Data subject provides Paily with the consent to the processing of such personal data for the purposes prescribed by this Policy. In this case, the exact purpose of personal data processing depends on the nature of the personal data provided by the Data subject.

1.7. If a Data subject provides Paily with personal data prescribed by para.8.2 of the Policy, the Data subject provides Paily with the consent to the processing of such personal data for the purposes provided in para.8.3 of the Policy.

1.8. If a Data subject makes publicly available personal data provided in para.8.4 of the Policy, the Data subject provides Paily with the consent to the processing of such personal data for the purposes prescribed by para.8.4 of the Policy.

1.9. If a Data subject refuses to give consent to the processing of personal data, and there are no other legal grounds of processing provided by the legislation of the Republic of Estonia or by GDPR, Paily has the right to refuse provision of the Services or restrict access of the Data subject to the Website if provision of the Services or provision of access to the Website are impossible without processing of such personal data.

Section 2. Personal data processed

2.1. Under this Policy, Paily has the right to process the following personal data of Data subjects:

2.1.1. First and last name of the Data subject, as well as corporate name of the legal entity to which the Data subject relates.

2.1.2. ID or passport information (including ID/passport number) and tax ID or/and VAT number of the Data subject, as well as tax or VAT number of the legal entity to which the Data subject relates.

2.1.3. Email address of the Data subject and/or the contact details of the Data subject in a social network or messenger (e.g., Telegram, WhatsApp, Skype etc.).

2.1.4. Phone number of the Data subject.

2.1.5. Address of residence of the Data subject, as well as registered and other addresses of the legal entity to which the Data subject relates.

2.1.6. Name, address, and other information of the person paying the fee for the Services or/and paying the costs associated with the provision of the Services.

2.1.7. Information about the Data subject or/and about the legal entity to which the Data subject relates available through public state or/and municipal registers.

2.1.8. Cookies and technically similar data defined in Section 7 of this Policy.

2.1.9. Usage data, including, but not limited to Internet Protocol address of the Data subject’s computer or telephone (e.g., IP address), browser type, browser version, the pages of the Website that the Data subject visits, the time and date of the visit of the Website, the time spent by the Data subject on the pages of the Website, unique device identifiers, and other diagnostic data.

2.1.10. Personal data lawfully provided to Paily by Third parties.

2.1.11. Other personal data provided by the Data subject voluntarily.

2.2. Personal data not provided in para.2.1 of the Policy may be processed only under the prior consent of the Data subject or under other grounds of processing provided by the legislation of the Republic of Estonia or by Article 6 paragraph 1 points (c)-(f) GDPR.

2.3. Paily does not and will not process any special categories of personal data provided by Article 9 GDPR (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs etc.). If Paily finds out that Paily or Paily’s Processor has processed any personal data provided by Article 9 GDPR, Paily will immediately delete such personal data and will take reasonable measures preventing the processing of such personal data in future.

Section 3. Purpose of personal data processing

3.1. Paily has the right to process personal data of Data subjects provided in paras.2.1.1-2.1.7 of the Policy for the following purposes:

3.1.1. Provision of the Services.

3.1.2. Resolving disputes with Data subjects or with natural persons or legal entities affiliated with Data subjects.

3.1.3. Improving the quality of the Services.

3.2. Paily has the right to process personal data of Data subjects provided in paras.2.1.8-2.1.9 of the Policy for the following purposes:

3.2.1. Statistical and analytical purposes.

3.2.2. Improving the Data subject’s experience related to the use of the Website.

3.2.3. Improving the work of the Website.

3.2.4. Changing the functionality of the Website to attract more Data subjects interested in the Services.

3.2.5. Providing the Data subject with all the functionality of the Website necessary for the provision of the Services.

3.2.6. Providing technical support of the Website.

3.2.7. Analyzing the interaction of Data subjects with the Website for amending the contents and the structure of the Website and other Internet resources used by Paily for providing the Services.

3.2.8. Analyzing the interaction of Data subjects with the Website for creating and launching marketing and ad campaigns on the Internet.

3.2.9. Resolving disputes with Data subjects.

3.3. Paily has the right to process personal data of Data subjects provided in para.2.1 of the Policy for marketing and advertising purposes, which includes direct advertising (such as email newsletters, bulk emailing) and creation of context advertisements.

3.4. Depending on the nature of personal data, Paily has the right to process personal data of Data subjects provided in para.2.1.11 of the Policy for the purposes provided in paras.3.1-3.3 of the Policy.

3.5. Depending on the nature of personal data, Paily has the right to process personal data of Data subjects provided in para.2.1.10 of the Policy for the purposes provided in para.6.1 of the Policy.

Section 4. Data subjects and provacy of children

4.1. The Services of Paily are not aimed at natural persons who are under 18 (eighteen) years of age. Paily does not provide Services to Data subjects who are under 18 (eighteen) years of age and does not knowingly process personal data of other Data subjects who are under 18 (eighteen) years of age. Paily takes all the reasonable technical and organization measures to prevent processing of personal data of Data subjects who are under 18 (eighteen) years of age.

4.2. If Paily has doubts regarding the age of the Data subject, Paily has the right to request the Data subject to verify the Data subject’s age. If the Data subject refuses to verify the Data subject’s age or if Paily finds out that the Data subject is less than 18 (eighteen) years of age, Paily will immediately delete all the personal data associated with such Data subject in accordance with this Policy and restrict access of the Data subject to the Services.

4.3. If a Third party provides Paily with personal data in accordance with para.2.1.10 of the Policy, and Paily figures out that such personal data belongs to a Data subject who is under 18 (eighteen) years of age, Paily will immediately delete such personal data and take reasonable measures preventing the processing of such personal data in future. Paily also has the right to terminate the contract with such a Third party under which the Third party provided Paily with personal data.

4.4. If the Website or other technical tools used by Paily process personal data provided in paras.2.1.8-2.1.9 of the Policy, and Paily figures out that the processed personal data belongs to a Data subject who is under 18 (eighteen) years of age, Paily will take all the reasonable steps to extract and delete such personal data.

4.5. If a person who is a holder of parental responsibility over the Data subject that is under 18 (eighteen) years of age contacts Paily and presents evidence that Paily unknowingly processes personal data of such a Data subject, Paily will immediately delete such personal data and take reasonable measures preventing the processing of such personal data in future. If such holder of parental responsibility notifies Paily that Paily unknowingly processes personal data provided in paras.2.1.8-2.1.9 of the Policy, Paily will make all the reasonable steps to extract and delete such personal data and to prevent the processing of such personal data in future.

Section 5. Controller and processor

5.1. Under this Policy, Paily is the Controller as defined by Article 4 paragraph 7 GDPR and the legislation of the Republic of Estonia. The Controller determines the purposes and means of the processing of personal data of Data subjects and engages Processors in the processing of personal data under this Policy.

5.2. The Controller processes personal data of Data subjects directly by itself or through engaged Processors. The Processors process personal data of Data subjects on behalf of the Controller. All the Processors act under the contracts concluded with the Controller or Paily’s Subsidiary under the direct authorization of the Controller. The Controller observes the compliance by the Processors with GDPR and other applicable personal data legislation.

5.3. Under this Policy, the Controller has the right to engage the following categories of Processors in the processing of personal data of Data subjects:

5.3.1. Employees of Paily, as well as contractors of Paily who are natural persons acting under the contract aimed at processing of personal data of Data subjects. Such employees and contractors may only process personal data under the non-disclosure agreement concluded with Paily and subject to the internal policies and regulations on personal data processing enacted by Paily.

5.3.2. Paily’s Subsidiaries. The Subsidiaries may directly process personal data of Data subjects under the Policy. Under the direct authorization of Paily, the Subsidiaries may also conclude contracts with other Processors on the processing of personal data on behalf of the Controller. If the Services are provided through the Subsidiary, Paily remains the Controller under this Policy.

5.3.3. Processors that provide technical support to the Website and other Internet resources used by Paily for the provision of the Services.

5.3.4. Processors that provide Paily with web and other technical solutions aimed at the provision of the Services and/or increasing the quality of the Services.

5.3.5. Processors that assist Paily with processing personal data provided by paras.2.1.8-2.1.9 of the Policy.

5.3.6. Processors that assist Paily with analyzing and using personal data provided by paras.2.1.8-2.1.9 of the Policy for advertising and marketing purposes (such as Google Analytics, Meta for Business etc.).

5.3.7. Processors that assist Paily with resolving disputes with Data subjects.

5.3.8. Processors that ensure the security of the Website and other Internet resources used by Paily for the provision of the Services and processing of personal data of Data subjects.

5.4. By providing consent to the processing of personal data under this Policy, the Data subject agrees that the employees or contractors of Paily provided in para.5.3.1 of the Policy may reside outside the Republic of Estonia and EEA and may receive and process personal data of the Data subject on behalf of Paily outside the Republic of Estonia and EEA for the purpose of providing the Services.

5.5. By providing consent to the processing of personal data under this Policy, the Data subject agrees that the Processors prescribed by para.5.3.7 of the Policy may reside outside the Republic of Estonia and EEA and may receive and process personal data of the Data subject outside the Republic of Estonia and EEA for the purposes provided in para.3.1.2 and para.3.2.9 of the Policy.

5.6. By providing consent to the processing of personal data under this Policy, the Data subject agrees that other Processors listed in this Section of the Policy may reside outside the Republic of Estonia and EEA and may receive and/or process personal data of Data subjects outside the Republic of Estonia and EEA for the purposes provided in the Policy and in accordance with the rules and procedures established by the Policy and applicable data protection legislation.

Section 6. Third parties and business use of personal data

6.1. Paily may receive personal data provided by para.2.1.10 of the Policy from Third parties for achieving the purposes provided in para.3.1.2 and paras.3.2-3.3 of the Policy. Such Third parties do not participate in the processing of personal data under the Policy. The following categories of Third parties may provide Paily with personal data of Data subjects for the purposes prescribed by this paragraph of the Policy:

6.1.1. Natural persons and legal entities conducting collection and/or analysis of Usage data described in para.2.1.9 of the Policy.

6.1.2. Business partners, contractors, and subcontractors of Paily assisting Paily with the provision of the Services or participating in other business projects of Paily indirectly related or unrelated to the provision of the Services.

6.1.3. Natural persons and legal entities (including public bodies) providing Paily with personal data of Data subjects for the purpose of resolving disputes with Data subjects or assisting Paily with collecting information necessary for resolving the dispute with the Data subject.

6.2. Paily refuses to receive personal data from a Third party if such personal data was illegally obtained by such a Third party. If Paily finds out that the Third party illegally obtained personal data of a Data subject, Paily will immediately delete such personal data and take reasonable measures preventing the processing of such personal data in future. Paily also has the right to terminate the contract with such a Third party under which the Third party provided Paily with illegally obtained personal data.

6.3. Paily may provide personal data of Data subjects to the following categories of Third parties:

6.3.1. Third parties directly providing the Services to Data subjects or to natural persons or legal entities affiliated with Data subjects under the contract concluded with Paily or Paily’s Subsidiary or under the direct authorization of Paily. Such Third parties receive personal data of Data subjects exclusively for the purpose of providing the Services.

6.3.2. Business partners, contractors, and subcontractors of Paily assisting Paily with the provision of the Services or performing other business projects of Paily indirectly related or unrelated to the provision of the Services. Such business partners, contractors, and subcontractors may use personal data of Data subjects exclusively for the following purposes:

(a) Analysis of personal data for the purpose of improving the Services and other services offered by Paily or Subsidiaries of Paily.

(b) Organizing the provision of the Services or performance of other business projects of Paily.

(c) Improving the design or functionality of the Website.

(d) Assisting Paily with launching and administering marketing and ad campaigns.

(e) Promoting the Services of Paily among the current or potential clients of Paily.

6.3.3. Potential or current investors of Paily interested in investing in the business activities of Paily. Such Third parties may receive personal data of Data subjects exclusively for the purpose of evaluating the business activities of Paily to make the decision on investing in the business of Paily. The disclosure of Data subjects’ personal data to such Third parties is strictly limited to the purpose of personal data disclosure and performed only under the non-disclosure agreement signed with the potential or current investor of Paily. Generally, Paily does not disclose to such Third parties the personal data provided in paras.2.1.1-2.1.7 of the Policy.

6.4. Paily may disclose personal data of Data subjects to other categories of Third parties not listed in para.6.3 of the Policy if the disclosure is performed under the legal grounds provided by GDPR or applicable laws of the Republic of Estonia or other jurisdictions.

6.5. Paily does not and will not sell any personal data of Data subjects to any Third parties or to any other natural persons or legal entities. Paily has never sold any personal data of Data subjects within the preceding 12 (twelve) calendar months.

6.6. The Website of Paily may include URL links of the websites and other Internet resources of Third parties and other natural and legal persons. Paily does not control or govern neither the contents of such websites or Internet resources, nor the rules of personal data processing applicable to such websites or Internet resources. It is fully the Data subject’s responsibility to carefully use the websites and the Internet resources the URLs to which are provided on the Website. Paily does not post URLs of websites or other Internet resources that violate applicable laws.

Section 7. Cookis and similar technologies

7.1. Cookies or cookie files are small text files located in browser directories that may include an anonymous unique identifier. Generally, there are two types of cookies – a session cookie and a persistent cookie. A session cookie is used to make it easier for a person to navigate a website and expires when a person closes the browser. A persistent cookie remains on a hard drive of a person’s device for an extended period of time. Cookies cannot be used to run programs or deliver viruses to a person’s computer. Cookies are uniquely assigned to a person’s device and can only be read by a web server in the domain that issued the cookie to a person’s device. To learn more about cookies please follow the link: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. Paily may use both session cookies and persistent cookies to help Data subjects navigate through the Website and the Services and efficiently perform the functions of the Website. Particularly, the following kinds of cookies may be used by Paily in accordance with this Policy:

7.2.1. Session Cookies. Paily may use Session Cookies to operate the Services provided via the Website.

7.2.2. Preference Cookies. Paily may use Preference Cookies to remember preferences and various settings of the Data subject using the Website.

7.2.3. Security Cookies. Paily may use Security Cookies for making safe the use of the Website.

7.3. By use of cookies, Paily may automatically collect information about the online activity of the Data subject on the Website. Such information may include:

7.3.1. The information about the web-pages of the Website visited by the Data subject.

7.3.2. The URL links clicked by the Data subject on the Website.

7.3.3. The searches made by the Data subject via the Website.

7.4. The Data subject has the right to accept or decline cookies by using the browser settings. However, if the Data subject declines cookies, the Data subject may not be able to use the full range of functions provided by the Website of Paily.

7.5. Paily may also use other technologies for processing personal data provided in para.7.3 of the Policy, including the following:

7.5.1. Web beacons. Web beacons (also known as clear gifs, pixel tags, or web bugs) are tiny graphics with a unique identifier, similar in functions to cookies, and used to track online movements of website users. Unlike cookies, which are stored on a user’s device, web beacons are embedded invisibly on the web pages of the website or in an email, and the size of such web beacons is about the size of the period at the end of the sentence.

7.5.2. Tracking URLs. A tracking URL is a standard link that has parameters attached to it for the purpose of tracking and analytics. A tracking URL has unique identifier that allows to identify the source of the website’s traffic (e.g., the location from which the Internet users visit the website, or the search engine used by the visitors for clicking the URL of the website).

7.6. Paily may also use web beacons and tracking URLs prescribed by para.7.5 of the Policy in marketing emails of Paily (including marketing bulk emailing) and in online advertisements of Paily posted on third-party websites.

Section 8. Messengers and social networks

8.1. In order to promote information about Paily, its Services, and the Website, and to establish direct communication with Data subjects interested in the Services of Paily, Paily may create accounts, profiles, and channels in social networks and messengers, including Facebook, Instagram, WhatsApp, and Telegram.

8.2. In order to interact with Paily, Data subjects may follow the accounts and profiles of Paily in social networks and the channels of Paily in messengers. Data subjects may like posts and comments of Paily and leave comments, reviews, or reactions under the posts and messages of Paily in social networks and messengers. Data subjects may also send messages to accounts and channels of Paily in social networks and messengers, including messages that contain requests for the provision of the Services by Paily.

8.3. The data prescribed by para.8.2 of the Policy is considered as personal data of Data subjects provided in para.2.1.11 of the Policy. Such personal data of Data subjects, depending on the nature of the processed data, may be used by Paily for the purposes provided by para.3.1, paras.3.2.1-3.2.3, paras.3.2.7-3.2.8, and para.3.3 of the Policy.

8.4. In addition to the personal data provided in para.8.2 of the Policy Paily may also analyze the profile information of the Data subject published by the Data subject on his or her account or profile in a social network or messenger, subject that such analysis does not violate applicable terms and policies of social networks and messengers. The analysis is performed only in manual mode without the use of any automated decision-making. Depending on the nature of personal data processed, such analysis may be performed for achieving the purposes provided in paras.3.1-3.3 of the Policy.

Section 9. Rights of data subject

9.1. Each Data subject has the following rights:

9.1.1. Right of access: the Data subject is entitled to receive from Paily the information about personal data that is processed by Paily, the purposes of personal data processing, the categories of personal data recipients, the period of personal data storage, and the information about the transfer of personal data to other jurisdictions.

9.1.2. Right to lodge a complaint with a supervisory authority: the Data subject is entitled to file a complaint against Paily with a supervising authority of Data subject’s habitual residence or place of work, or with a supervising authority located in a place of possible infringement, or with a supervising authority of Paily’s residence which supervises the compliance of Paily with personal data legislation.

9.1.3. Right to rectification: the Data subject is entitled to rectification of inaccurate data about the Data subject.

9.1.4. Right to erasure: the Data subject is entitled to erasure the personal data about the Data subject.

9.1.5. Right to restriction of processing: the Data subject is entitled to restrict processing of personal data under the grounds provided for in Article 18 GDPR.

9.1.6. Right to data portability: the Data subject is entitled to receive personal data about the Data subject in a structured, commonly used, and machine-readable format and transmit such data to another controller.

9.1.7. Right to object: the Data subject is entitled to object to personal data processing on the grounds relating to a particular situation (for example, if Paily processes personal data for marketing purposes).

9.1.8. Right not to be subject to a decision based solely on automated processing, including profiling.

9.1.9. Right to file a request or complaint with Paily acting as the Controller. Such right also includes the right of the Data subject to use judicial remedies against Paily in a country of Paily’s or Data subject’s residence under Article 79 GDPR and the right to use judicial remedies against the supervisory authority in a country where the supervisory authority is established (Article 78 GDPR).

9.1.10. Right to withdraw Data subject’s consent to personal data processing.

9.1.11. Right to prohibit sale or resale of Data subject’s personal data.

9.2. If the Data subject is intending to use one of the rights provided for in para.9.1 of the Policy, the Data subject shall send a mail or an email to Paily by using contact details of Paily provided for in Section 14 of the Policy. If the Data subject desires to lodge a complaint with a supervisory authority against Paily or use judicial remedies against Paily or the supervisory authority, the Data subject shall follow the procedures provided by Articles 77-79 GDPR or the legislation of the Republic of Estonia and by the legislation of the country in which the Data subject is planning to lodge a complaint or use judicial remedies.

9.3. If the Data subject requests Paily to erasure Data subject’s personal data, objects to processing of Data subject’s personal data, exercises the right to data portability, or withdraws the consent to personal data processing, Paily has the right to refuse provision of the Services if provision of the Services is impossible without processing of Data subject’s personal data. In this case, Paily also has the right to restrict access of the Data subject to the Website if provision of access to the Website or particular parts of the Website is impossible without processing of Data subject’s personal data under the Policy.

Section 10. Security of personal data

10.1. Paily takes all the reasonable measures to protect Data subject’s personal data from unauthorized access by third parties, as well as against loss, misuse, alteration, or destruction of personal data, including the following:

10.1.1. The Data subject’s session on the Website goes through the secure SSL connection during the Website browsing.

10.1.2. Only authorized personnel of Paily have access to the personal data of Data subjects, and these employees and contractors are required to treat this information as confidential.

10.1.3. The Data subject’s personal data is stored on the servers of Paily protected by authentication.

10.2. The existing security measures will be reviewed from time to time in accordance with new legislation and technical innovations.

Section 11. Storage of personal data

11.1. Paily stores personal data of Data subjects only for the period that is necessary for achieving the purposes of processing provided by Section 3 of this Policy.

11.2. Paily stores personal data of the Data subject provided in paras.2.1.1-2.1.7 and para.2.1.11 of the Policy for the period of use of the Services by the Data subject. If the Data subject stops using the Services of Paily, Paily has the right to store personal data of such Data subject for the period not exceeding 5 (five) years after the Data subject stops using the Services. The provided five-year term does not apply if the Data subject starts using the Services again before the expiration of the five-year term.

11.3. Paily stores personal data of Data subjects provided in para.2.1.10 of the Policy for the period necessary for achieving the purposes of processing provided by Section 3 of the Policy.

11.4. Paily stores personal data of Data subjects provided in paras.2.1.8-2.1.9 of the Policy for the period necessary for achieving the purposes of processing provided by paras.3.2-3.3 of the Policy.

11.5. Paily will periodically review the stored personal data provided in para.11.3 and para.11.4 of the Policy. Based on the nature of personal data and the purposes of processing, Paily will periodically delete out-of-date personal data that is not necessary for achieving the purposes of processing provided by Section 3 of the Policy.

11.6. Paily does not store any personal data provided in Section 8 of this Policy. The storage of messages sent by Data subjects to the accounts or channels of Paily in social networks or messengers is performed by the used social networks and messengers.

11.7. Paily will continue storing the personal data of a Data subject if deletion of such personal data is restricted or prohibited by The Money Laundering and Terrorist Financing (Amendment) Regulations 2022 of the Republic of Estonia or by other applicable laws and regulations.

Section 12. International transfer of personal data

12.1. Paily stores personal data of Data subjects only on the servers located in the Republic of Estonia and the countries of EEA (European Economic Area which includes the countries of the European Union plus Iceland, Liechtenstein, and Norway). the Republic of Estonia is the country in respect of which the European Commission made the decision that such countries provide an adequate level of data protection (Article 45 GDPR).

12.2. If Paily makes the organizational decision to store personal data of Data subjects outside the Republic of Estonia and EEA, Paily will first choose servers located in countries other than the Republic of Estonia in respect of which the European Commission made the decision that such countries provide an adequate level of data protection. Particularly, Paily may choose such jurisdictions as Switzerland, Andorra, Israel, New Zealand. To see the full list of jurisdictions outside the Republic of Estonia and EEA that provide adequate level of data protection please visit the following web-page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

12.3. If it is not possible for Paily to store personal data of Data subjects on the servers located in the Republic of Estonia, EEA, or jurisdictions provided in para.12.2 of the Policy, Paily will transfer personal data of Data subject to other jurisdictions subject to appropriate safeguards provided in Article 46 GDPR.

12.4. If for some reasons it is not possible for Paily to transfer personal data in accordance with paras.12.1-12.3 of the Policy, Paily will transfer Data subject’s personal data only subject to the provisions of Article 49 GDPR and the provisions of applicable legislation of the Republic of Estonia which provide derogations for specific situations

For example, if a Data subject is a natural person using the Services, and it is necessary to transfer the personal data of such natural person outside the jurisdictions provided in paras.12.1-12.2 of the Policy for the provision of the Services, Paily will perform such a transfer without prior written consent of the Data subject (Article 49 paragraph 1 point (b) and point (c) GDPR).

12.5. If Paily needs to transfer the personal data of the Data subject outside the jurisdictions provided in paras.12.1-12.2 of the Policy, and the only legal ground for such a transfer is the Data subject’s consent to transfer, Paily will only perform the transfer after receiving the consent of the Data subject to the proposed transfer of personal data. Such consent may only be obtained from the Data subject after Paily informs the Data subject about the possible risks of such a transfer caused by the absence of an adequacy decision provided by para.12.2 of the Policy and appropriate safeguards provided by para.12.3 of the Policy. If the Data subject does not provide the consent to the transfer of personal data, Paily may refuse provision of the Services to such a Data subject or restrict access of the Data subject to the Website if provision of the Services or provision of access to the Website are impossible without the Data subject’s consent to the international transfer of personal data.

Section 13. Changes to the privacy policy

13.1. Paily shall periodically review this Policy for the compliance with applicable data protection laws and will provide the Policy with amendments as Paily deems necessary. The amendments will be posted on the Website in the form of the updated Policy and will be in effect since the date of publication. The publication of the updated version of the Policy amounts to notification of Data subjects about the changes. Data subjects shall periodically review the Website for the amendments in the Policy.

13.2. Paily will take reasonable measures to notify the Data subjects who are the current clients of Paily about the changes in the Policy. In doing so, Paily may send emails or SMS to the Data subjects using the Services.

Section 14. Conracting Paily

PAILY AS

A legal entity incorporated under the laws of the Republic of Estonia

Company number: 12426661

Address: Maakri tn 19/1, 10145 Tallinn, Estonia

Email: legal@paily.io

Get in touch
with us

By clicking the “send” button, you agree to the privacy policy and the processing of personal data by Paily Legal, within the framework of the GDPR rules.

Your request has been sent!

Our specialist will contact you shortly
and provide detailed advice.

Go to homepage