-
Book demo
Schedule a demo to explore how our solutions can streamline your payment processes.
- Live updates
- Advanced risk analytics
- Full SCA compliance
Multi-Scheme Support One platform. Every major scheme.Merchant Simulator Test safely. Launch confidently.Command & Control Granular delegation. Total oversight.Experiment & Test Smarter changes. Safer decisions.Advanced Reporting Real-time clarity. Compliance without the scramble.Transformational Troubleshooting Total visibility. Zero guesswork. -
Book demo
Schedule a demo to explore how our solutions can streamline your payment processes.
- Live updates
- Advanced risk analytics
- Full SCA compliance
3DS ACS for Issuers & BaaS Platforms Secure, frictionless cardholder verification.3DS ACS for Traditional Banks Secure, frictionless cardholder verification.3DS ACS for Fintechs & Neobanks Secure, frictionless cardholder verification.3DS Server (MPI) for Acquiring Banks Secure, frictionless cardholder verification.3DS Server (MPI) for Single Merchants Secure, frictionless cardholder verification. -
Book demo
Schedule a demo to explore how our solutions can streamline your payment processes.
- Live updates
- Advanced risk analytics
- Full SCA compliance
- Developers
Introduction
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This privacy policy (Privacy Policy) describes Apata's policies and practices regarding its collection and use of your Personal Data, and sets out your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new Personal Data practices or adopt new policies related to privacy. In this notice, when we talk about Personal Data we mean any information that relates to an identifiable natural person.
Apata Services
Apata provides a 3DSecure solution for its client's Mastercard, Visa and Discover cards to facilitate the authentication of e-commerce transactions by their direct or indirect customers.
Processing Personal Data
| Category of Data Subjects | Types of Personal Data being Processed | Purpose of Processing | |
|---|---|---|---|
Apata clients' cardholders
| Name, account information, account number, account identifier, billing address, email address, home phone number, mobile phone number, work phone number and transaction time and date. | Authenticating cardholders' payments. | |
| Shipping address, browser IP address and functional details, card/token expiry date, device channel and information, DS details (including reference number, transaction ID and URL), EMV payment token indicator, instalment payment data, merchant details, message version number, notification URL, purchase details (including amount, currency, currency exponent, date and time), SDK details (including app ID, encrypted data, ephemeral public key (QC), maximum timeout, reference number, transaction ID and transaction type). | Tracking payment trends of individuals for risk profiling and fraud prevention purposes. | ||
| Users of Apata’s secure portal | Name, email address, work organisation. | To provide authorised access to Apata’s secure portal to support use of Apata services. | |
| Clients and prospective clients | Name, email address, work organisation, position. | For general business purposes such as fraud management, sales, account management, customer support, compliance, escalation, business continuity, administration, contract management. | |
| Recipients of newsletters and mailings | Name, email address, work organisation, position. | Contact details for receipt of Apata newsletters or direct mailings. | |
| Job applicants | Name, email address, home phone number, mobile phone number, social media handles, education details & professional qualifications or credentials, employment history, right to work information, professional & personal interests, references. | Facilitate employment or contracting relationships with Apata, including customary HR and compliance purposes and compliance. |
From time to time, Apata receives personal data about individuals from third parties. Typically, information collected from third parties will include further details on your employer or industry. We may also collect your personal data from a third party website (e.g. LinkedIn).
Sharing Information with Third Parties
We do not sell Personal Data to anyone and only share it with third parties who are facilitating the delivery of our services. In order to provide Apata Services, we may share your data with trusted third party service providers (e.g. data hosting providers) as necessary to provide their services to us. Prior to sharing any Personal Data with third party service providers we ensure their commitment to protecting the security and confidentiality of your Personal Data.
We do not otherwise reveal your Personal Data to third parties unless: (1) you request or authorise it; (2) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (3) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (4) to address emergencies or acts of God; or (5) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
Data Subject Rights
The European Union's General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and other countries' privacy laws provide certain rights for Data Subjects. Data Subject rights under GDPR include the following:
- Access the Personal Data we hold about you.
- Rectification of any Personal Data we hold about you that may be inaccurate.
- Request that we erase your Personal Data (subject to certain limitations).
- Restrict processing in certain circumstances.
- Object to processing in certain circumstances.
- Transfer your Personal Data to another organisation.
Data Storage and Retention
Personal data is stored by Apata on the servers of third-party cloud-based infrastructure, located in the EU. Apata retains service data for the duration of the client' business relationship with Apata and for a period of time thereafter, to analyse the data for Apata's own operations, and for historical and archiving purposes associated with Apata's services. Apata retains prospect data until such time as it no longer has business value and is purged from Apata systems. All Personal Data that Apata controls may be deleted upon verified request from Data Subjects or their authorised agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at privacy@apata.io.
International Transfers
We may transfer your Personal Data outside the country of your residence, to countries where our service providers operate. Where we do so, we comply with applicable laws and contractual obligations in relation to such transfer. To the extent that your Personal Data is subject to GDPR, such transfers will only be made in accordance with GDPR and any other applicable EU privacy regulations.
Children's Data
We do not knowingly attempt to solicit or receive information from children.