1. Introduction
B2B Fintech Solutions SL, CIF: B67552141 (“Pigari”, "us", "we", or "our") operates the Pigari.com website, the Pigari web application, the Pigari mobile app and the Pigari Debit Mastercard® (the "Service"). To the extent that any personal data is shared within our affiliates (the “Pigari Group”) this Privacy Policy also represents the Pigari Group’s undertakings in regards to your privacy and the security of your personal data.
At Pigari we take your privacy very seriously. By visiting our site, downloading our app, requesting our Pigari Mastercard and using our Services, you are accepting the practices and guidelines set out in this document (henceforth referred to as the "Privacy Policy"), so please take a few minutes to read it over carefully.
2.Purpose
This Privacy Policy aims to provide you with some helpful information regarding our use of your personal data and to help you understand the rights you have in connection with your personal data.
This Privacy Policy informs you of our policies regarding the collection, use and disclosure of Personal information when you use our Service.
We will not use or share your information with anyone except as described in this Privacy Policy.
3. What is Personal Data?
Personal data is widely defined by European Data Privacy law and includes all types of information that directly or indirectly can identify a natural person. This means that name, address, phone number are considered personal data, but that log data, encrypted data or other types of electronic ID such as an IP-Address can also be classified as personal data, if they can be connected to a natural person.
4. What is Processing of Personal Data?
Processing is similarly defined very widely by European law and includes almost every action taken in relation to personal data - for example collection, registration, organization, structuring, storage, adaption, transfer or deletion.
5. What Does this Privacy Policy Cover?
This privacy policy concerns data for which Pigari is a ‘data controller’ - in other words, where we decide the purpose and means by which personal data is processed.
This policy does not cover personal data that we process on behalf of our customers - the legal agreements which relate to this processing can be found at pigari.com/legal - namely our Terms and Conditions, in conjunction with our Data Processing Addendum which we strongly encourage our customers to sign and return to us.
6. Who’s Data Does Pigari Control?
6.1 Representatives of Customers and Pigari users: Pigari is also the data controller in relation to both account
Administrators as well as in regard to the personal data provided by Pigari users when accepting an Administrators’
invitation and activating their Pigari profile.
6.2 Executive Directors, LLP Members or Designated Members, Board Members, Beneficial Owners and other individuals within the scope of Pigari’s Know-Your-Customer (KYC) policy: Pigari is the data controller for
personal data obtained when our customers register for our services and during the registration process provide
information regarding their corporate structure and permit us to pull applicable data from public registries.
6.3 Leads: Pigari is also the data controller for representatives of potential customers who are either website
visitors who submit personal data through any of the forms on our websites or otherwise contact us through our
customer support or people who might be interested in our services and/or products whose information we have
received from other sources e.g. Facebook, LinkedIn or similar.
6.4 Prospects: In some situations you may have been contacted by a Pigari Business Development Representative
who has determined that you may be interested in a demonstration and/or trial of the Pigari service. In this case
some limited personal information may be controlled and processed by Pigari to offer this demonstration and
answer any questions you may have about our product.
6.5 Website visitors and individuals interacting via webchat, emailing or telephoning our support: Pigari
controls some personal data of individuals visiting our website, particularly behavioural and tracking details: e.g.
location data, behavioural patterns, personal preferences, IP-number, cookie identifiers, unique identifier of
devices you use to access and use the services and our websites. Further, Pigari controls personal data
regarding individuals who interact with our team either via webchat, email or telephoning our support.
6.6 Candidates: Pigari is the data controller for candidate’s personal data obtained in the recruiting
process.
7. Types of data, purposes of processing and lawful basis for processing
7.1 Representatives of customers and Pigari users
Categories of personal data we may process
Identification information: e.g. identification number, ID or equivalent
Contact information: e.g. name, address, phone number, photo, email or equivalent
For existing customers:
- Behavioural and tracking details: e.g. location data, behavioural patterns, personal preferences, IP-number,
cookie identifiers, unique identifier of devices you use to access and use the services and our websites
| Purpose of processing | Legal basis for the processing |
|---|---|
| To provide our services and products. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To confirm your identity and verify your personal and contact details. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To establish, exercise or defend a legal claim or collection procedures. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To comply with internal procedures. | Pursue the legitimate interest of Pigari. |
| For customer analysis, to administer Pigari's services, and for internal operations, including troubleshooting, data analysis, to develop and inform you about product enhancements, testing, research and statistical purposes. | Pursue the legitimate interest of Pigari. |
| To ensure that content is presented in the most effective way for you and your device. | Pursue the legitimate interest of Pigari. |
| To prevent misuse of Pigari's services as part of our efforts to keep our services safe and secure. | Pursue the legitimate interest of Pigari. |
| To carry out risk analysis, fraud prevention and risk management. | Pursue the legitimate interest of Pigari. |
| To provide you with information, news and marketing about our and similar services. | Pursue the legitimate interest of Pigari. |
7.2 Executive Directors, LLP Members or Designated Members, Board Members, Beneficial Owners and other individuals within the scope of Pigari’s Know-Your-Customer (KYC) policy
Categories of personal data we process
Identification information: e.g. identification number, ID or equivalent.
Contact information: e.g. name, address, phone number, email or equivalent.
Information related to legal requirements: e.g. customer due diligence and anti-money laundering requirements.
| Purpose of processing | Legal basis for the processing |
|---|---|
| To provide our services and products. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To confirm your identity and verify your personal and contact details. | To comply with applicable laws. |
| To establish, exercise or defend a legal claim or collection procedures. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To comply with internal procedures. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To prevent misuse of Pigari's services as part of our efforts to keep our services safe and secure. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To carry out risk analysis, fraud prevention and risk management obligations, insurance risks and to comply with capital adequacy requirements. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To comply with applicable laws, such as anti-money laundering and bookkeeping laws, and rules issued by our designated banks and relevant card networks. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
7.3 Leads, website visitors, individuals interacting via webchat, emailing or telephoning our support
Categories of personal data we may process
- Contact information: e.g. name, address, position, business phone number, email or equivalent
For existing customers visiting our website:
- Behavioural and tracking details: e.g. location data, behavioural patterns, personal preferences, IP-number, cookie identifiers, unique identifier of devices you use to access and use the services and our websites
| Purpose of processing | Legal basis for the processing |
|---|---|
| To confirm your identity and verify your personal and contact details. | Consent (if details submitted to Pigari), Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To provide and market our services and/or products to you. | Pursue the legitimate interests of Pigari. |
| To provide the support you seek from us. | Pursue the legitimate interests of Pigari. |
7.4 Prospects and referrals
Categories of personal data we may process
- Contact information: e.g. name, address, position, business phone number, email or equivalent
| Purpose of processing | Legal basis for the processing |
|---|---|
| To confirm your identity and verify whether you could be interested in the Pigari Service. | Comply with applicable laws and pursue the legitimate interest of Pigari. |
| To provide and market our services and/or products to you. | Pursue the legitimate interests of Pigari. |
| To answer any questions about our services | Pursue the legitimate interests of Pigari. |
7.5 Candidates
Categories of personal data we may process
- Contact information: Name; Address (if provided); Phone Number; Email or equivalent.
| Purpose of processing | Legal basis for the processing |
|---|---|
| To assess and recruit potential employees. | Consent (if details submitted to Pigari), Comply with applicable laws and pursue the legitimate interest of Pigari. |
| Contact the candidate for future jobs. | Consent - to retain for a period of 12 months. |
8. What personal data does Pigari collect from third parties?
We process personal data obtained from selected third parties such as fraud detection agencies, other financial institutions and other information providers, and from publicly available sources including population registers, company registration offices, enforcement authorities, as well as services such as LinkedIn. Further, in connection with payment processing we collect information from third parties such as banks and payment service providers.
Other external resources from which we may collect information are sanctions lists, registers held by credit-rating agencies and other commercial information providers providing information on e.g. beneficial owners and politically exposed persons.
9. Ways we will never use personal data
We will never use your personal data for any other purposes than those listed in this Privacy Policy. The only exception being if we obtain your written consent, or inform you of a new purpose for processing that is also compatible with the original purpose for which we collected the personal data, in accordance with applicable laws and regulations.
We will not share personal data with third parties for them to use for their own marketing purposes without ensuring that there is a lawful ground to do so.
We do not sell your personal data to third parties.
10. Automated decision making
Currently, Pigari does not carry out any such processing that is defined as solely automated decision making, including profiling, under the General Data Protection Regulation (“GDPR”) that has ”legal effects” or has otherwise significant effects.
11. Policy regarding sharing of data with third parties
Pigari Group We may share personal information with members of the Pigari Group for the purposes set out in this Privacy Policy.
Third party service providers Where necessary to provide our services we may disclose personal data about you to identify you and perform an assignment or agreement with companies that we cooperate with in order to perform our services. These services include, but are not limited to, secure identification solutions and between parties in the financial system such as banks.
Our designated banks and relevant card networks may also come to process your personal data for their own fraud prevention and risk management.
Third parties that are data processors Some of the third parties that we share personal data with are data processors. A data processor is a party that processes personal data on our instructions and on our behalf.
We collaborate with carefully vetted suppliers, which include processing of personal data on behalf of us. Examples include suppliers of IT development, maintenance, hosting and support but also suppliers supporting us with marketing and customer support.
When we share your personal data with data processors we only share them for purposes compatible with the purposes for which we have collected the data (such as performance of a contract). We always control all data processors and ensure that they can provide adequate guarantees as regards security and confidentiality of personal data. We have written agreements in place with all data processors through which they guarantee the security and confidentiality of personal data that they process on our behalf and limitations as regards third country transfers.
Third parties that are data controllers Some of the third parties that we share personal data with are independent data controllers. This means that we are not the ones that dictate how the data that we provide shall be processed. Examples are authorities, acquirers and other financial institutions. When your data is shared with independent data controllers their data policies and personal data processing principles apply.
Authorities We also disclose personal data to authorities to the extent we are under a statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcement authorities and supervisory authorities in relevant countries. We may also be required to provide competent authorities information about your use of our services, e.g. revenue or tax authorities, as required by law, which may include personal data such as your name, address and information regarding card transactions processed by us on your behalf through your use of our services.
12. Third country transfers?
If we transfer your personal data to a third country, i.e. a country outside of the European Economic Area (“EEA”) we will comply with all applicable laws in respect of such transfer, including making sure that your personal data is kept secure, and ensure that appropriate safeguards are in place to ensure there is adequate protection.
Our preferred basis for transfer is the use of Standard Contractual Clauses. You can access a copy of the relevant EU model-clauses used by us for transfers by browsing to www.eur-lex.europa.eu and searching for 32010D0087.
To the extent that any personal data is transferred to service providers in the US we base such transfer on Standard Contractual Clauses and the EU-US Privacy Shield. To learn more about Privacy Shield, which is an agreement on protection of personal data between the EU and the US, please read here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en or https://www.privacyshield.gov/welcome
13. Security and integrity
We take security seriously.
We always process personal data in accordance with applicable laws and regulations, and we have implemented appropriate technical and organizational security measures to prevent that your personal data is used for non-legitimate purposes or disclosed to unauthorized third parties and otherwise protected from misuse, loss, alteration or destruction.
The technical and organizational measures that we have implemented are designed to ensure a level of security appropriate to the risks that are associated with our data processing activities, in particular accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal data including access control to premises, facilities, systems and data, disclosure control, input control, job control, availability control and segregation control.
14. Storage of personal data
We will not process personal data for a longer period than is necessary for fulfilling the purpose of such processing, as set out in this Privacy Policy. Your personal data will be anonymized or deleted once it is no longer relevant for the purposes for which it was collected.We only retain your personal data to ensure compliance with our legal and regulatory requirements.
If we keep your data for other purposes than those of the performance of a contract, such as anti- money laundering purposes, bookkeeping and regulatory capital adequacy requirements, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.
The data retention obligations will differ within the Pigari Group subject to applicable local laws.
See below for examples of the retention periods that we apply:
- Preventing, detecting and investigating money laundering, terrorist financing and fraud: minimum five (5) years after termination of the business connection
- Bookkeeping regulations: five (5) years
- Details on performance of an agreement: up to ten (10) years after end of customer relationship to defend against possible claims
The above is only for explanatory purposes and the retention times may differ from country to country.
15. Your rights
While Pigari is in control of some of your personal data it’s important that you know that you have a range of important rights under EU law.
Please note that there are exceptions to these rights, so access may be denied e.g. where we are legally prevented from making a disclosure.
Your rights in connection to your personal data
Right to be informed. You have the right to be informed about how we process your personal data. This is done via this Privacy Policy. However, you are always welcome to contact us if you have any further questions.
Right of access. You have the right to access the personal data that we hold about you. In this respect, you may receive a copy of the personal data that we hold about you. For any further copies, we reserve the right to charge a reasonable fee based on our administrative costs. To exercise this right, please contact us as set out below. Please note that most personal data that we process about you is visible for you in your Pigari Account.
This right means that you have a right to:
- receive a confirmation about what personal data we process about you
- get access to your personal data, and
- receive supplementary information (which corresponds to the information that is provided in this Privacy Policy).
Please note that we may ask you to provide further information about yourself in order for us to be able to identify you and handle the request in an efficient and secure way. This will sometimes oblige you to send in a signed copy of a valid ID.
Right to rectification. We ensure that inaccurate or incomplete Personal Data is erased or rectified. You have the right to rectify any inaccurate or incomplete personal data that we hold about you.
Right to erasure of your personal data (”Right to be forgotten”). You have the right to erasure if:
the personal data is no longer necessary for the purposes it was collected or processed for (and no new lawful purpose exists)
your particular situation gives you the right to object to processing on grounds of legitimate interest (see more below) and there is no justified reason for continuing the processing;
the lawful basis for the processing is your consent, and you withdraw your consent, and no other lawful grounds exist,
processing the personal data has been unlawful, or
there is a legal obligation for us to erase the data.
Please note that due the fact that we provide financial services we are in many cases obliged to retain personal data on you during your customer relationship, and even after that, e.g. to comply with a statutory obligation or where processing is carried out to manage legal claims. This means that we will keep any KYC data that we have about you during such a time period as we are required according to applicable anti-money laundering regulations.
Right to restrict the processing of your personal data. You have the right to request us to restrict the processing of your data (meaning that the personal data may only be held by us and may only be used for limited purposes) if:
the personal data we have about you is inaccurate,
the processing is unlawful and you ask us to restrict the use of the personal data instead of erasing it,
we no longer need the personal data for the purposes of the processing, but if we still need it for the establishment, exercise or defence of legal claims, or
you have objected to the processing claiming that the legal basis of legitimate interest is invalid and are waiting for the verification of this claim. Right to object to the processing of your personal data
Where our lawful basis for processing your data is our legitimate interests, you have the right to object to the processing of your data if:
- you can show that your interests, rights and freedoms regarding the personal data outweigh our interest to process your personal data, or
- we process your personal data for direct marketing purposes, including but not limited to profiling.
This means that we will cease such processing unless we:
- demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or
- require the personal data in order to establish, exercise or defend legal rights.
If you choose to object to our further processing of your personal data as described in this Privacy Policy, please note that we may no longer be able to provide you with the services you have requested and may therefore terminate relevant agreements with you, see relevant terms and conditions for more information. In addition, we may continue to process your personal data for other legitimate purposes, such as to fulfil an agreement with you, to protect our interests in connection with legal proceedings and to fulfil our legal obligations.
If you have received marketing from us, you may at any time object to the marketing by contacting us at [email protected] or opt out by following the instructions in the marketing material.
Right to data portability You have the right to data portability:
for personal data that you provided to us, and
if the legal basis for the processing of the personal data is the fulfilment of contract or consent.
We will send a copy of your data in a commonly used and machine-readable format to you or a person/organization appointed by you, where technically feasible and where the exercise by you of this right does not adversely affect the rights and freedoms of others.
16. How to exercise your rights
Send us an email at [email protected] and we’ll do our best to help.
You can also always contact us by sending a letter to B2B Fintech Solutions SL, Att: Privacy Function, Cl Prat De La Riba 11 B, 2-1, 08150, (Parets Del Valles) Barcelona, Spain.
If you are unhappy with our processing of your personal data you may lodge a complaint with or contact the Spanish Data Protection Authority (AEPD), at C/ Jorge Juan, 6, 28001-Madrid, phone no. +34 901 233 144. You may also seek a remedy through local courts if you believe your rights have been breached.
17. Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor use of the website and to compile statistical reports on website activities. You may set your browser not to accept cookies. However, in a few cases some of our website features may not function as a result.
Our website thus uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.
18. Third-party websites and services
Our websites and services may from time to time contain links to third party websites that are not controlled by us. If you visit such websites or use such services, please be aware that this Privacy Policy does not apply for such third parties’ processing, and we encourage you to carefully review how such third parties process personal data before using their websites or services.
19. Changes to this Privacy Policy
We are constantly working on improving and developing our services, products and websites, so we may change this Privacy Policy from time to time. We will not diminish your rights under this Privacy Policy or under applicable data protection laws in the jurisdictions in which we operate. If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law. Please review this Privacy Policy from time to time to stay updated on any changes.