LAKS Pay App – Privacy Notice
1. About this Privacy Notice
- This is the privacy notice (Notice) of LAKS GmbH, Sebastianplatz 7/11, 1030 Vienna, Austria. LAKS is the data controller for the purpose of this Notice.
- This Notice, together with our Terms of Use, sets out the basis on which any data obtained as a result of your downloading, installing, or using the LAKS Pay App (hereinafter “APP”) will be processed.
- We will post any changes we may make to our Notice directly on the APP, on our Website or communicate them to you by email.
- The Notice currently in place is dated April 2, 2024.
2. What personal data do we collect from you?
- We only request the absolute minimum amount of data needed to fulfil the requirements of the payment networks (Card schemes, Token service providers, Bank issuers, etc.) to provide the service of tokenizing consumers payment cards to the consumer owned LAKS wearable device. No sensitive information will be logged by the APP.
- We collect personal data that you provide to us by registering for an account, using interactive features, adding a payment card. Such personal data may consist of:
Data | Source | Stored | Transmitted |
Email address | Cardholder/ Consumer | Yes | Yes |
Primary Account Number (PAN) | Cardholder/ Consumer | No | Yes |
Cardholder Name | Cardholder/ Consumer | Yes | Yes |
CVV / CVC | Cardholder/ Consumer | No | Yes |
Card Expiration Date | Cardholder/ Consumer | No | Yes |
Secure Element (chip) ID | Wallet provider | Yes | Yes |
Device (wearable) ID | Wallet provider | No | Yes |
Last 4 Digits of PAN (FPAN) | Payment Card Network | Yes | Yes |
Last Transactions Data | Payment Card Network | No | Yes |
Device Location | App – Cardholder/ Consumer | No | Yes |
Device IP address | App – Cardholder/ Consumer | No | Yes |
Consumer Language | App – Cardholder/ Consumer | Yes | Yes |
- Through your use of the APP, we may also gather certain automatically generated information about your use of the APP that does not identify you individually. We may collect and store such information automatically whenever you interact with the APP. For example, we may collect information about your mobile device, i.e. operation system type and version and the hardware model, your IP address, device ID or preferred language every time you visit the APP. We may also collect information regarding customer APP usage patterns. This information does not, however, contain anything that can personally identify you; it is used to analyze and improve the APP and to provide our customers with a fulfilling APP experience.
- Please note that no data collected from you or your mobile phone is permanently stored locally on the APP or your mobile phone. No client secret credentials will be stored in the mobile application. If you choose to enable alternative authentication email and password will be stored in OS protected secure storage.
3. On which basis do we process your personal data?
- We process your personal data for the purposes indicated or obvious at the time of collection and (i) which is necessary for the performance of a contract, in particular to provide you with the wallet payment system and tokenization of your payment card, or (ii) to which you have agreed, for example by checking a box ; or (iii) for which we are required by applicable laws, for example to comply with data retention requirements regarding data relevant for financial reporting; or (iv) for which we rely on other legitimate interests, which include:
- delivering and improving our products or services;
- management of customer, client, vendor and other relationships, sharing intelligence with internal stakeholders, implementing safety procedures, and planning and allocate resources and budget;
- monitoring, detecting and protecting the organization, its systems, network, infrastructure, computers, information, intellectual property and other rights from unwanted security intrusion, unauthorized access, disclosure and acquisition of information, data and system breaches, hacking, industrial espionage and cyberattacks;
- protecting and developing industry standards; sharing intelligence about individuals or concerns that may have a negative or detrimental impact; and following industry best practices; or
- complying with industry standards, regulatory requirements and other requirements related to fraud prevention and anti-money laundering.
4. For which purposes do we process your personal data?
We process your personal data for the following purposes:
- If If you register an account with us, then we process the data required to fulfil the requirements of the payment networks (card payment schemes such as Mastercard and Visa, token service provider(s), payment card issuers/banks, etc,) in order to provide the service of tokenizing consumers payment cards to your LAKS Wearable and thereby enabling the payment feature of your LAKS Wearable.
- We process your personal data also to comply with and enforce applicable legal requirements, our Terms of Use, relevant industry standards, contractual obligations and our policies.
5. To whom do we disclose and transfer your personal data?
- We may disclose your personal data to the following recipients or categories of recipients acting on our behalf and/or as partners (processors): Our third party service providers, limited to the purpose of the execution of their obligations; they are contractually bound to adhere to an adequate level of data protection when processing your personal data.
Our token service provider is Fidesmo AB, Regeringsgatan 111, 11139 Stockholm, Sweden (“Fidesmo”). Fidesmo is authorized and certified to act as token service provider by Mastercard and Visa as payment card schemes. This means that Fidesmo provides the services which allow your payment card to be tokenized with the LAKS Pay app and which ultimately enable the payment features of your LAKS Wearable. To this purpose, Fidesmo will receive and process, for the purposes named above, (i) certain data that you enter into the APP, as specified in Sct. 2.2 above; (ii) certain data that will be provided by the payment card schemes (Mastercard and Visa) to Fidesmo and which will be processed by Fidesmo according to the rules and security obligations issued by such payment card schemes, in order to carry out the tokenization services.
Fidesmo will provide certain data that you enter on the APP to the payment card schemes (Mastercard and Visa), as specified in Sct. 2.2, in order to provide the tokenization services and to ultimately enable the payment features of your LAKS Wearable. We may disclose your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of LAKS, our customers, or others. This includes exchanging data with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- We may disclose your personal data to an acquirer if LAKS or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- We may disclose your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of LAKS, our customers, or others. This includes exchanging data with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- We may internationally transfer your personal data, including to countries that are not considered providing an adequate level of data protection by the relevant regulatory bodies, for example to countries not considered by the European Commission or the Swiss Federal Data Protection and Information Commissioner to be providing such level. In such a case, we ensure the adequate protection of your personal data by having the recipients adhere to binding contractual obligations in accordance with applicable standards approved by the relevant regulatory bodies or by relying on other safeguards, such as self-certifications, approved by the relevant regulatory bodies. You may contact us for a copy of the contractual and other safeguards in place (see section 9 below).
6. For how long do we process your personal data?
We process your personal data:
- Data stored according 2.2 above, until you withdraw your consent for future processing, for example until you delete your account and/or Delete the APP on your wearable item;
- For as long as laws require us, e.g. legal retention obligations based on bookkeeping or tax laws and regulations.
7. When do we require your personal data?
If you wish to download and install the APP in order to use the contactless payment system embed in your APP, then we are required to obtain from you certain personal data to allow us to enter into this contract, for example, your name, email address, payment information or contact information.
Should you decide not to provide us the required information, we may not conclude this contract with you and your use of the contactless payment system will not be possible.
8. What are your rights?
- You have the right
- to request from us access to and rectification or deletion of your personal data;
- to request us to restrict the processing of your personal data, in particular to object to the processing of your personal data for direct marketing purposes; and
- to request from us to provide you or any person or entity you appointed with a digital file of your personal data (data portability).
- You may withdraw your consent that allows us to process your personal data for the indicated purposes at any time by deleting your account via the APP.
- To exercise the above rights, you may contact us as indicated below. Please note you have the ability in the settings menu of the APP to download what data is stored about you. This function collects all data stored about the customer/user in the Wallet provider server as well as the user management system and provides a link to a PDF file. This function will not display data stored at the respective payment network Token service providers or issuing bank systems as LAKS or its subcontractors does not have access to these systems.
- At any time you have the option to delete your account and create a new one with corrected information. Furthermore payment card tokens if found by the consumer to be incorrect can be deleted anytime and new tokens can be created.
- You also have the right to lodge a complaint with the competent authority.
9. How can you contact us?
For any questions or to exercise your rights, you may contact us as follows:
Postal address: LAKS GmbH, Sebastianplatz 7/11, 1030 Vienna, Austria
Email: [email protected]