Privacy Policy

We are collecting different categories of data depending on Your request of services, Your relationship with our clients (e.g. consumer of our client, employee of our client etc.), requirements of the LAWS and our legitimate interests conducting our business.

Separately from other data, there are specified category of data as cookies. We are using cookies when you are using our web based Platforms (e.g. browsing websites, applications of MULTIPASS, sending email and text messages, communicating through social media accounts). The cookies mostly relate to the necessity of providing services You have explicitly requested (e.g., to open a website or some section of it, making payments etc.) or Your authentication during the login process.

Additionally, when You are visiting our websites, we may collect certain information automatically from your device in order to provide services requested by you, ensure security and for statistical purposes; automatic collection might include Your IP address, device type, browser-type (such as Chrome, Safari, Firefox or Internet Explorer), Your operating system and carrier, as well as details of any referring website or exit pages.

Please find additional information on usage of cookies HERE.

Depending on relationship (client, employment, partner agreement, website user, our customer’s end-client etc.) MULTIPASS collects only the minimal personal data that is absolutely necessary for achieving processing purposes (e.g. conclude the employment contract, make a payment, detect fraud, prevent identity thefts, send You special offers, handle Your requests and claims, render customer support etc.).

If you are our customer’s end-client, please refer to the information HERE.
You could find the main groups of processing purposes HERE.

Note that we may process Your personal data for more than one lawful ground depending on the specific purpose for which we are using Your data. For example, when You have closed the account (contractual obligations) we will still keep processing minimal personal data to comply with AML laws (legal obligation) or to protect/ exercise our legal claims (legitimate interests).

For the most part in rendering our services, the legal basis of processing will be our contractual obligations, Your consent or our legitimate interest. Please contact us if You need details about the specific legal ground we are relying on to process Your personal data in each case.

The controller (also operator of website) involved in processing is liable for confidentiality, integrity and availability of Your data, as well as for the damage caused by his activities which infringe the LAWS and/ or Your privacy. A processor shall be liable only where it has not complied with the obligations of the LAWS specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.

If MULTIPASS processes the data of the representative of business partner or the data of its electronic payment service users, MULTIPASS shall be liable as a controller.

If you are the end-customer of MULTIPASS client, this client uses MULTIPASS systems to process your payment and both MULTIPASS and this client are controllers of your personal data for different purposes.

MULTIPASS might also be a controller for some data of payment cards in order to comply with legal and contractual obligations (e.g. record-keeping).

When the data is collected, we will definitely either inform You on the current controller or it will arise out of the document/ web form you are filling in.

If You are providing personal data of other data subjects, You shall be solely liable for obtaining consent from them or using other legal basis for their data processing (e.g. contract, power of attorney etc.) and inform them on MULTIPASS’s policies about their personal data transmitting and processing by MULTIPASS.

Where MULTIPASS collects personal data to comply with LAWS or under the terms of a contract where You are a party of and you fail to provide Your data when requested, we may not be able to perform the contract (for example, to provide you with electronic payment services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Generally, we do not share Your data with third parties.

The only way MULTIPASS is doing so, when it has a legal basis and processing purpose for doing so. Disclosing Your data, we require recipients to follow LAWS and data protection measures when they process Your data.

Our Platforms and services may contain links to third-party websites, products and services. We may also use or offer products or services from third parties − for example, a third-party app.

When You use third party service or are clicking a link to a third party website, our Privacy policy is not applicable. Please, contact the relevant third party to obtain their privacy rules. Depending on processing purposes, we might share Your data with affiliated companies of MULTIPASS, our services and goods suppliers, as well as other third parties. Other detailed information on our sharing practices you can find HERE.

Considering the state of art and costs of implementation, the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity for Your rights and freedoms posed by the processing, MULTIPASS ensures and permanently improves security measures to protect Your data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

To achieve the highest security level, we are performing organizational and technical measures. The most typical measures you could find HERE.

The scope of Your rights (as data subjects) is set under each current processing purpose and legal basis which will be informed to You when MULTIPASS collects / You are providing Your data to us.

In case we are a processor, the main contact for data subjects should remain data controller. In such cases we will definitely provide possible support in contacting the relevant controller.

Every time MULTIPASS collects Your data as the controller, we will inform You at least of the identity of the controller, the purposes of data processing and sources where to find additional information.

In the event we are collecting Your data from other controllers (processors) You will be also informed in a timely manner.

So, our communication is made in intelligible, plain and clear way, but texts are not burdensome, we will not inform you on details you already know.

In case the processing of Your data is based on consent, You will definitely have the right to withdraw your consent at any time. Please be informed that the withdrawal of consent is not affecting the lawfulness of processing based on consent before its withdrawal.

There might also be other cases where Your rights to be informed are limited.

You are entitled to receive a confirmation from MULTIPASS as to whether or not Your data is being processed by us, and if it is, You have a right to access the relevant data.

You are entitled to obtain from MULTIPASS without undue delay the rectification of inaccurate personal data. Considering purposes of processing You are also entitled to supplement incomplete personal data.

You are entitled to obtain the erasure of Your data from MULTIPASS. In cases set by LAWS we shall delete Your data.

Unfortunately, since the exceptional character of exercise of such rights the LAWS set restrictions when Your request might be refused.

In certain cases You You are entitled to file a request to restrict Your data processing. Notwithstanding the restriction of processing, we will still be entitled to:

• Store Your data;
• Process Your data in any manner, if:
  • You have consented to it;
  • We have to establish, exercise or defend our legal claims;
  • The rights of another person shall be protected;
  • There are reasons of important public interest.

You are entitled to transmit Your data, which You have provided to MULTIPASS, to another controller, where:

• the processing is based on consent or on a contract; and
• the processing is carried out by automated means.

Unfortunately, there might be cases when Your data transmission to another controller is not technically feasible. In this regard we will try to do our best in providing maximum support, so another controller receives Your data.

In case MULTIPASS processes Your data:

• in the performance of a task carried out in the public interest, or
• in the exercise of official authority vested in us, or
• for the purposes of the legitimate interests pursued by us or by a third party,

You are entitled to object to such processing, specifying in Your request the particular situation (reason for objection).

In such cases we will not process Your data unless we demonstrate compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

There are also other cases set by LAWS, when You are entitled to object, as well as the conditions under which the right to object might be exercised.

You are entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You, except where the decision:

• is necessary for entering into, or performance of, a contract between You and MULTIPASS as the controller; or
• is authorized by LAWS to which MULTIPASS is subject and which also lays down suitable measures to safeguard Your rights and freedoms and legitimate interests; or
• is based on Your explicit consent.

If we are not able to resolve any dispute or claim arising from Your data processing under this Policy in an amicable way, You are entitled to lodge a complaint with UK supervisory authority.

Please, be informed that each of Your rights and some of the principal provisions set herein might be restricted due to legislative measures, mostly to the advantage of other natural and legal persons, as well as national interests and public security.

MULTIPASS might transfer Your data to third country providing safeguards and security measures, so the level of Your data protection is not undermined. Such transfers might take place in cases, if:

• we have to perform an agreement concluded between You and MULTIPASS;
• we have to carry out pre-contractual measures in order to prepare a contract;
• if you consented to the proposed transfer;
• transfer is based on an international agreement, such as a mutual legal assistance treaty in force between the requesting third country and the UK;
• transfer is based on standard data protection clauses adopted by the relevant authority;
• other cases may be applicable (you shall be informed prior to any such transfer).

Due to the remote nature of our services, it is important for us to keep communicating through the same email (Verified Email), which was used by you to request a price quote or using our services. The Verified Email is the key communication channel for us, so we can give quick answers and not divulge your data to any malicious person. You might also submit a request through the voice call, but still we must use the Verified Email to reply, due to law requirements and in order to protect our legal claims.

Receiving Your request on exercising Your rights under this Privacy policy, we will process Your request without undue delay, and in any event within one month of receipt of the request, except in cases where we are not able to identify you (we are either not processing Your personal data or it was anonymized/ erased) or the requested fee was not paid. One-month period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform You of any such extension within one month of receipt of the request, together with the reasons for the delay.

In case Your requests are manifestly unfounded or excessive, MULTIPASS might refuse to act on the request explaining reasons or You might be charged a reasonable fee considering the administrative costs of providing the information or communication, or taking the action requested.

In case we have reasonable doubts concerning the identity of the natural person (also authorized representative) making the request, we may request the provision of additional information necessary to confirm the identity of such natural person.

You are entitled to receive one copy of Your data free of charge. For any further copies we may charge a reasonable fee based on administrative costs. The right to obtain a copy shall not adversely affect the rights and freedoms of others.

In case You have any questions regarding Your data processing by MULTIPASS, please kindly contact our Data Protection Officer at privacy@multipass.co.

The representative of the MULTIPASS in the European Union is the Representative Office of the Foreign Business “MultiPass Platforms Limited”, registration No.40006024820, legal address: Jeruzalemes Street 1, Riga, Latvia, LV-1010, info@multipass.co.

Any other questions regarding our services and current data processing shall be addressed to MULTIPASS.

MULTIPASS might make minor amendments to this Privacy policy which shall not leave a negative impact to Your privacy, except if LAWS set otherwise.

In case of material changes MULTIPASS will definitely publish such amendments and amended policy on our websites and, as far as possible, notify you either by email or by pop-up windows when you are entering our websites next time.

Actual version of the Privacy policy is published on our websites.

The Effective Date of Privacy policy: March 14, 2022