Application Privacy Policy and Cookie Policy All-En

Application Privacy Policy and Cookie Policy

TOPii

The basic information regarding the processing of the User’s personal data collected through the Application is included below for information purposes. The User may consult additional and detailed information on the processing of his/her personal data below.

Responsible	TOPii Fide Europe, S.L. (the «Company»).
Data collected	Identification data, contact data, data related to documentation proving identity, biometric data, data derived from the operations carried out through the Application, from the use of the Application and the Services, from the Means of Payment, Application Passwords, from the Device on which the Application is installed, geolocation. The consequences of not providing them are indicated in the Privacy Policy.
Purposes	Manage and verify registration and access to the Application, provide the Services and monitor compliance with the Terms and Conditions, [EA1] provide information to the User, manage the operation of the Application. Improving the Application and the Services, improving the User’s attention, improving security, preventing fraud, risk assessment, analyzing the use of the Application. Use of anonymized biometric data to improve the Application and use of geolocation data.
Legitimation	The formalization and correct execution of the Terms and Conditions governing the Service and the use of the Application. The satisfaction of the legitimate interest of the Company. The fulfillment of legal obligations by the Company. The express consent of the User with respect to each of the purposes that require it.
Addressees	The Company and its group entities. Other recipients for the proper provision of the Services. Supervisory bodies or authorities, public administrations, competent bodies or courts.
Rights	Access, rectification, deletion, limitation, opposition, portability, withdrawal of consent and not to be subject to automated decisions. You can exercise these rights before the data protection officer of the Company, at [email], or at [address]….

Purpose of this Privacy Policy and Cookie Policy

By means of this Privacy Policy and Cookie Policy (the «Policy»), TOPii Fide Europe, S.L. (the «Company») informs Users:

By means of the Privacy Policy (the «Privacy Policy»), on the processing of personal data collected from the User through the mobile application «TOPii» as well as on the «TOPii Space» that may be available from time to time in various third-party applications (both together, the «Application»), for which the Company acts as data controller.
Through the Cookie Policy (the «Cookie Policy»), about the use of cookies and other similar mechanisms by the Application, on the device on which the Application is installed (the «Device»).

The Application allows the User to access the services described in the Terms and Conditions (the «Services»). The terms and conditions governing the Services (the «Terms and Conditions»), of which this Policy forms part, can be found at: [-].

Likewise, the creation and operation of the Electronic Money Account is governed by Sefide’s Electronic Money Account Opening Agreement, applying the personal data processing policy contained in the Electronic Money Agreement, which the User may consult here: [-].

Privacy Policy

1. Acceptance of Privacy Policy

1.1. The Privacy Policy includes the necessary information so that the User, in advance and freely, can decide whether he/she wishes to provide the personal data that may be required for the registration and creation of his/her Account in the Application, and whether he/she wishes to give his/her consent to the processing of his/her personal data by the Company under the terms of this Privacy Policy.

1.2. Registration with the Application is voluntary. By registering, the User declares to accept the Privacy Policy, and is bound by it in a manner equivalent to accepting it by handwritten signature. Therefore, the User is advised to read this Privacy Policy carefully before registering with the Application. If the User does not agree with it, he/she should not register in the Application.

1.3. Likewise, the User is recommended to periodically read this Privacy Policy, since it may undergo modifications.

2. Data Controller

2.1. The person responsible for the processing of personal data provided by or collected from the User for the provision of the Service is TOPii Fide Europe, S.L., a company incorporated and existing under the laws of the Kingdom of Spain, with registered office at Calle Velázquez 76, bajo izquierda, 28001, Madrid, Spain and Spanish Tax Identification Number B-01980382, which is registered in the Mercantile Register of Madrid, volume 41110, folio 99, page M-728985.

In providing the Services, the Company acts in the name and on behalf of the electronic money institution Sefide, EDE, S.L.U. («Sefide»), as Sefide’s authorized agent. Sefide is a company incorporated and existing under the laws of the Kingdom of Spain, with registered office at Avenida de la Ciencia 2-3º, 18006, Granada, Spain and Spanish Tax Identification Number B-93205474, which is registered in the Mercantile Registry of Granada, volume 1559, folio 143, page GR-46879. E-mail address: info@sefide.es.

More information about Sefide can be found at: https://sefide.com/.

2.3. Sefide is licensed by the Bank of Spain (Entity Code No. 6705), and operates under the supervision of the Bank of Spain, with address at Calle de Alcalá, 48, 28014, Madrid, Spain.

2.4. The Company has a Data Protection Officer, who can be contacted at: [-] or [-].

2.5. In its capacity as data controller, the Company determines the purposes and means of the processing of the User’s personal data in connection with the Services.

3. Data collected, and consequences of not providing them

3.1. In order to register and create the User’s account (the «Account») in the Application (a necessary requirement to access the Services), the Company will collect, through the corresponding form, certain personal data of the User (identification data, biometric data, contact data, passwords, cell phone number), the provision of which is mandatory, as indicated in the different registration screens of the Application.

3.2. In order to Use the Services, the User must also provide the financial data related to the valid means of payment (the «Means of Payment») associated with his/her Account, as well as, if applicable, other passwords or codes required for each specific transaction, or biometric data (facial recognition) to authorize transactions, as indicated on the different screens of the Application.

3.3. If the User fails to provide all mandatory data in accordance with this Privacy Policy (or if the User fails to pass the identity verification checks of the Application, or those that may be carried out by the Company in accordance with the Terms and Conditions), the User will not be able to register on the Application and/or use the Services, as indicated above.

3.4. The Company shall collect information on the data of transactions carried out using the Services, such as where they are carried out, when they are carried out, amounts of the transactions, Means of Payment used, description of the transaction, amount of the Incentive, etc.

3.5. The Company will also collect information about the User’s general use of the Application, such as:

Sections of the Application consulted.
Complaints or inquiries.
User interaction with the Application.
Incentives applied.
Searches performed.
Establishment profile visits.
Physical visits to an Establishment (in case the User has granted the corresponding geolocation permissions in the Application to do so).

In general, the information collected referred to in this clause remains anonymous, i.e., it does not personally identify the User nor is it stored in association with any other information that links it to the User. You can consult more information by accessing our Cookies Policy at: [-].

However, if the User voluntarily enters additional information, or if the User checks the corresponding boxes allowing geolocation, the corresponding information on the use of the Application will be associated with the rest of the personal data provided by the User, and will be treated as personal data, for the processing that the Company will carry out in accordance with the purposes and legitimacy of the processing in question, as detailed below.

3.6. Once the Application is installed on a Device, the Company will automatically collect technical information about the Device, including: the Device’s unique device identifier, IP address, as well as, if permitted by the User, geolocation data of the Device.

The information collected referred to in this clause remains anonymous, i.e., it does not personally identify the User nor is it stored in association with any other information that links it to the User. You can consult more information by accessing our Cookies Policy at: [-].

Notwithstanding the foregoing, if the User voluntarily enters additional information, the Device information will be associated with the other personal data provided by the User, and will be treated as personal data, for the processing that the Company will carry out by virtue of the purposes and legitimacy of the processing in question as detailed below (for example, in relation to geolocation data).

3.7. The User must take into account that, in case he/she does not allow the technical data of the Device to be treated as personal data (such as geolocation data), he/she may not be able to enjoy the Services with all their functionalities (for example, he/she will not be able to consult the nearby Establishments available according to his/her location).

4. Purposes of processing and legitimate basis

4.1. The Company will process the User’s personal data to properly manage the Services offered through the Application, as well as other additional purposes in the terms indicated below, and based on the following legitimate bases.

4.2. Purposes based on the fulfillment of the Terms and Conditions, necessary for the formalization and execution of the same by the Company:

(a) Manage and verify the User’s registration on the Application, and enable access by the User to his or her Account and the Services;
(b) To provide the Service that the Company offers through the Application, manage payments and execute payment orders, and keep record of the same;
(c) To be able to perfect, fulfill and control the correct fulfillment by the User of the Terms and Conditions;
(d) Manage, where appropriate, the pre-contractual phase with the User;
(e) Manage, process and respond to requests for information, complaints, incidents or queries from the User;
(f) To manage the proper functioning of the Application and the Services, and to prevent their fraudulent use.

4.3. Purposes based on the legitimate interest of the Company, as long as the User could reasonably consider that such purposes are within his expectations, and that they do not violate his fundamental rights:

(a) Manage, maintain, improve and optimize the functionalities of the Application and the Services;
(b) Improve the service provided to Users;
(c) To provide an additional level of security in the Application and against possible fraudulent activities, as well as to prevent, investigate and discover cases of fraud, which jeopardize the security of the Company or may cause damage to Users or third parties. To this end, the Company may carry out automated data processing for the purpose of analyzing data on the User’s behavior in the use of the Services;
(d) To evaluate the risk prior to registration, or to the execution of any payment transaction, for which the Company may adopt automated decisions based on the User’s data contained in suspicious activity information files (money laundering, solvency and risk). Depending on the result of such searches in information files, the Company may deny registration in the Application, the execution of any payment transaction and/or the use of the Services to the User; and
(e) Manage, process and respond to requests for information, complaints, incidents or queries from the User;
(f) For statistical and usage analysis purposes of the Application.

4.4. Purposes based on the Company’s compliance with a legal obligation, which include all processing necessary for:

(a) That the Company may comply with any of its legal obligations, such as those derived from payment services regulations, prevention of money laundering and financing of terrorism, tax, accounting, judicial, etc.
(b) Comply with those obligations, requirements and requests derived from control bodies or control authorities, as well as any other competent public administration, body or court.

4.5. Purposes based on the express and unequivocal consent of the User (granted, for example, by marking the corresponding box by the User):

(a) The anonymization of the User’s biometric data to improve the verification algorithms and security used by the Application;
(b) The use of the geolocation data of the Device to be able to consult the available Establishments nearby based on their geolocation.

4.6. In the event that the information is used for a different purpose, the Company will request the User’s prior consent.

5. Data recipients

5.1. The Company is the main recipient of the data collected from the User.

5.2. Notwithstanding the foregoing, the data may be communicated to third parties in the following cases:

(a) To suppliers of the Company who carry out activities necessary for the correct provision of the Services by the Company, who act as data processors and who, in any case, undertake to use the data under conditions of confidentiality and in accordance with the purposes for which they have been collected.

Such providers include payment processors, legal counsel, software developers, identity verification providers, fraud prevention services, the Merchants, the Incentive Service Partners, etc.

(b) To other companies of the Company’s group of companies for internal administrative purposes and the management of the Services, which act as data processors and which, in any case, undertake to use the data under conditions of confidentiality and in accordance with the purposes for which they have been collected.
(c) To the control bodies or control authorities, as well as any other competent public administration, body or court, in compliance with the laws in force.

5.3. In general, the Company does not carry out international transfers of data to countries outside the European Economic Area. In the event that the Company sends the User’s personal data to third countries outside the European Economic Area, the Company will adopt and implement appropriate safeguards for the protection of the User’s personal data when sending to the third country.

6. Data retention period

6.1. The Company will only store the User’s data to the extent that they are necessary for the purpose for which they were collected and according to the legal basis that legitimizes their treatment.

6.2. In general, the Company will keep the User’s personal data for as long as he/she is registered in the Application and, in any case, as long as the User does not exercise his/her rights of deletion, cancellation or limitation of processing, or withdraws his/her consent.

6.3. In the event that a User exercises the above rights, for technical reasons, the Company may need up to ninety (90) calendar days to carry out the removal of his or her data from the Application.

6.4. Notwithstanding the foregoing, the Company may keep the data duly blocked, without making use of them: (i) as long as they may be necessary for the exercise of its right of defense against potential claims or in the event that legal, judicial or contractual liabilities may arise that should be addressed and for which their recovery may be necessary; or (ii) if for any other reason, the Company is obliged by the legislation in force, during the entire period in which it is obliged.

7. User Rights

7.1. The User may exercise the following rights:

Right of access: to be informed whether or not your personal data is being processed, for what purpose, to whom it is communicated, and to have access to it.
Right of rectification: to obtain the rectification of inaccurate or incomplete data in respect of which he/she is interested.
Right of deletion: to obtain the deletion of your data when they are no longer necessary for the purposes for which they were collected.
The right to limit data processing and data portability, in the cases provided for in the applicable regulations.
Right of opposition: to request the cessation of the processing of his/her data, for all or some purposes. In the event that the processing is carried out for research, statistical purposes or data anonymization processes, in order to exercise this right it will be necessary for the User to prove well-founded and legitimate reasons relating to a specific personal situation that justify it.
The right not to be subject to automated individual decisions, including profiling, to be informed about the making of such decisions and to challenge, where appropriate, such decisions.

7.2. Likewise, the User has the right to withdraw his/her consent at any time, without retroactively affecting the processing of personal data carried out up to that moment.

7.3. The User may exercise the aforementioned rights, free of charge, under the terms and conditions provided for in the legislation in force, by contacting the data protection officer of the Company, at:

7.4. To exercise their rights, the User must accompany their request with a copy of their ID card or equivalent document proving their identity. In the event that a legal representative or volunteer acts on behalf of the User, the Company may require the documentation proving the representation that it deems appropriate.

7.5. In the event that you do not receive a satisfactory response, wish to obtain further information about your rights or wish to make a complaint, you may contact the Spanish Data Protection Agency (Calle Jorge Juan nº 6, 28001, Madrid – www.aepd.es).

8. User Responsibilities

8.1. No User may use the identity of another person or communicate personal data of another person. It is forbidden to provide false, outdated, erroneous, inadequate, rude or impertinent data, as well as data contrary to law, morality or public order.

8.2. Users shall be responsible for the veracity of the data provided and shall guarantee, both to the Company and to third parties, that the data provided are true, accurate, truthful and updated, and that their provision does not contravene the law, morality or public order.

8.3. The User shall be responsible for the security of his/her password. The Company recommends that the User always logs off at the end of a session to ensure that others cannot access his or her personal data.

8.4. The User should be aware that the User himself/herself may publish or disclose some of the personal data included by the User in his/her Account, as well as communicate to the Company unsolicited data of the User (e.g. his/her social networks in case he/she contacts the Company by such means). The publication, disclosure or communication by the User himself/herself of such personal data to any third party (including, where applicable, the Establishments and the Incentive Program Partners where the User uses the Services), will immediately determine that such personal data is outside the scope of application of this Privacy Policy. The Company shall not be liable in any case for the publication, disclosure or communication by the User of his/her personal data, in the above terms.

9. Security measures

9.1. The Company has adopted the appropriate technical and organizational measures to ensure an appropriate level of security for the data it processes as data controller and has implemented other additional technical means and measures within its power to prevent alteration, loss, processing or unauthorized access to the data. Notwithstanding the foregoing, the Company reminds the User that security measures in the technological field are not impregnable.

10. Modifications

10.1. The Company reserves the right to modify the terms of the Privacy Policy without prior notice. Any modification of the Privacy Policy shall become effective upon its publication.

11. Applicable Law

11.1. The processing of personal data provided by the User shall be governed by the provisions of Spanish law and, in particular, by Regulation (EU) 2016/679 of 27 April 2016, General Data Protection Regulation, Organic Law 3/2018 of 5 December, on the Protection of Personal Data and guarantee of digital rights, and other applicable regulations on the subject.

Cookies Policy and similar technologies

What are advertising identifiers? Technologies similar to cookies, called advertising identifiers, are used in mobile applications.

Advertising identifiers are provided by the manufacturers of the operating systems under the privacy policy of the companies owning the operating systems (e.g., Apple in case of the iOS operating system, or Google in case of the Android operating system).

Like cookies, advertising identifiers are used to improve the User’s experience and display advertising tailored to the User’s browsing habits.

Contextual information about the User can be used for this purpose:

User’s Device Information: keyboard language settings, Device type, connection type used by the Device.
Device Location, if the User has accepted the geolocation permissions of the Application.
Use of the Application by the User (based on the User’s interaction with the Application interface).

How can I disable advertising identifiers?

Instructions on how to disable advertising identifiers can be found in the help instructions of the manufacturers of the operating system that operates your Device. In any case, deleting the advertising identifiers will not eliminate the advertisements on the Device, but will only prevent the advertisements from being personalized according to the contextual information collected from the User.