Dauphin Privacy Policy

This Privacy Policy describes how and why your personal information might be collected, stored, used, and/or shared (processed) when you:

• Visit the website https://dauphinpay.com/ (the “Website”) operated by MIBEXTECHNOLOGIES s.r.o., company number 17729998, registered address at Chudenicka 1059/30, Hostivar, 102 00 Prague 10, Czech Republic (the “Company”, “we”, “us”)
• Access and use payment services (the “Services”) provided to you by SatchelPay, UAB, legal entity code 304628112, registered address at Geležinio vilko g. 18A, Vilnius, Lithuania, a licensed electronic money institution, license No 87, supervised by the Bank of Lithuania (the “Satchel”). 

Personal information when you access and use the Services

The Company acts in the capacity of “promoter” or “introducer” under an agreement with the Satchel in respect of the provision of the Services to you and had developed technical and art solutions enabling you to communicate through the Website directly with Satchel’s internal systems, thereby creating an additional convenience and unique user experience for you.

When you use the Services, your communication with Satchel is conducted over a secure protocol from a web frame on the Website so that the Company does not have access to the data you exchange with Satchel. Therefore, the Company does not collect, store or process your personal data relating to the Services.

In all aspects of the Services, Satchel is the data controller with respect to your personal data, and your relationship with Satchel with respect to personal data is described in Satchel’s privacy policy, which is incorporated by reference to this Privacy Policy as set out in the SCHEDULE and is integral part of the agreement governing the relationship between you and Satchel providing payment services to you as Client.

Personal information when you visit the Website

We collect personal information that you voluntarily provide when you contact us via the “CONTACT US” form on the Website or via the Company’s contact email [email protected].

The personal information that we collect depends on the context of your interactions with us and may include the following:

• names
• email addresses
• phone numbers

We automatically collect certain information when you visit, use, or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical information. This information is primarily needed to maintain the security and operation of the Website, and for our internal analytics and reporting purposes.

We also collect information through cookies and similar technologies. To learn more about how we use these and your choices in relation to these tracking technologies, please refer to our Cookie Policy.

How do we process your information

We may process your personal information for the following purposes:

• To respond to your inquiries and solve any potential issues you might have with the Website.
• To send you details about changes to our terms and policies, and other similar information.
• To send you marketing and promotional communications, if this is in accordance with your marketing preferences.
• To develop and display personalized content and advertising tailored to your interests, location, and more.
• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
• To determine the effectiveness of our marketing and promotional campaigns.
• To improve and protect the Website functionality.
• To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

If we want to use your information for any other purpose, we will ask you for consent and will use your information only on receiving your consent and then, only for the purpose(s) for which grant consent unless we are required to do otherwise by law.

How do we share your information

We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. The categories of third parties we may share personal information with are as follows:

• Marketing agencies
• Data storage service providers
• Website hosting service providers
• Communication & collaboration service providers
• Software engineering & web design service providers
• Data analytics services

We also may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of the Company’s assets, financing, or acquisition of all or a portion of our business to another company.
• Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to adhere to this Privacy Policy. Affiliates include any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
• Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.

We have contracts in place with such third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.

How long do we keep your information

We will retain your personal information with us for as long as we need it to fulfill the purposes for which it was collected as detailed in this Privacy Policy. We may need to retain certain information for longer periods such as record-keeping / reporting in accordance with applicable law or for other legitimate reasons like enforcement of legal rights, fraud prevention, etc. 

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

What are your privacy rights

Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask us to share (port) your personal information to another entity, withdraw any consent you provided to us to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. To exercise these rights, you can write to us at [email protected]. We will respond to your request in accordance with applicable law.

You may opt-out of direct marketing communications or the profiling we carry out for marketing purposes by writing to us at [email protected].

Do note that if you do not allow us to collect or process the required personal information or withdraw the consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.

How do we keep your information safe

The security of your information is important to us and we will use reasonable security measures to prevent the loss, misuse or unauthorized alteration of your information under our control. However, given the inherent risks, we cannot guarantee absolute security and consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.

Third party links & use of your information

The Website may contain links to other websites that are not operated by us. This Privacy Policy does not address the privacy policy and other practices of any third parties, including any third party operating any website or service that may be accessible via a link on the Website. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

How can you contact us about your privacy issues

If you have any queries or concerns about the processing of your information that is available with us, you may email our Grievance Officer at MIBEXTECHNOLOGIES s.r.o., Chudenická 1059/30, email: [email protected]. We will address your concerns in accordance with applicable laws.

SCHEDULE 

Satchel Privacy Policy

Effective from April 07, 2021.

1. For the purpose of compliance with the relevant data protection legislation, the party controlling your personal data is SatchelPay UAB (hereinafter – “Satchel”, “us” or “we“). This policy (together with our Customer Agreement and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please, read the following carefully to understand the types of information we collect from you, how we use that information and the circumstances under which we will share it with third parties. By using Satchel Services on the website at https://dauphinpay.com/ (“Website”)  or in the mobile application DAUPHIN PAY (“App“) you are accepting and consenting to the practices described in this policy. Unless context otherwise requires, a reference to the Website shall be deemed to also refer to the App.

2. In order to show respect to your individual rights to privacy, Satchel processes the collected personal data in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, the General Data Protection Regulation and other legal acts such as the Directive No. 95/46/EC of the European Parliament. The employees, agents, and other parties who have access to your personal data are committed to ensuring its safety even upon termination of the contractual relationship.

3. It is possible that Satchel may engage data processors and third-parties, who will perform certain functions on behalf of Satchel. Satchel bears the responsibility to ensure that the latter treat sensitive data in compliance with the active legislation and given instructions. Satchel can also request certain security measures, and monitor their implementation. Under those circumstances, Satchel guarantees the imposition of the non-disclosure obligation, which will prevent parties from using information beyond the scale necessary to perform the given functions.

4. This Privacy Policy introduces the basic principles that Satchel follows when collecting, storing, and processing your personal data and other information related to you. It also outlays the aim of processing personal data, as well as the sources, recipients, and other important aspects of data processing in using the services of Satchel as a payment services provider

5. Providing personal data is necessary in order to continue using the services provided by Satchel. For instance, it is a required step in the Satchel account opening procedure. Personal data you provide is processed within the Satchel’s system in order to complete the established identification procedures.

6. By further proceeding with using Satchel Services on the Website, you acknowledge and confirm that you have familiarized yourself with the Privacy Policy, understood it, and agreed with its provisions. Satchel bears the right to update and revise the provisions, which implies that it is solely your responsibility to keep yourself familiarized with the latest version of this Privacy Policy.

Purposes, Recipients, and Information we may collect about you

7. The core reason for data collection is provision of Satchel services to individuals who transact within the System. As a payment service provider, Satchel is required by law to establish and verify your identity before it begins to cooperate with you and provide any sort of financial services. Satchel has the right to store any initially and further requested information throughout the retention period estimated by the relevant legislation. Therefore, the Client is obliged to provide valid and complete information.

8. PURPOSE: identification of Client’s identity, provision of payment services (account opening, transfers of funds, payment collection and other), implementation of other regulatory obligations imposed on Satchel as a payment service provider.

8.1. Personal data collected for the purposes listed above is processed within the following legal framework:

8.1.1. establishing and verifying the identity of the Client;

8.1.2. concluding agreements with the Client in order to proceed with fulfilling his requests;

8.1.3. executing financial transfers in compliance with applicable legislation;

8.1.4. following the “Know Your Client” provisions;

8.1.5. conducting systematic monitoring;

8.1.6. carrying out risk assessment;

8.1.7. ensuring the accuracy of data provided by the Client;

8.1.8. preventing possible money laundering, terrorist financing, and fraud; timely detecting, profoundly investigating and informing of such activity, acting in accordance with financial sanctions imposed on the Client;

8.1.9. effective performing of risk and organization management.

8.2. The processing of the following data is a priority in accordance with above listed provisions: name, surname, personal identification number, address, date of birth, identity document information, photo, direct video transmission recording, citizenship, email address, phone number, payment account number, IP address, current activity, current public function, and any other data required by the Law on Prevention of Money Laundering and Terrorist Financing.

8.3. The relevant information is collected and processed on the grounds of a legal obligation imposed on Satchel as the payment service provider by the Law on Payments of the Republic of Lithuania, the Law on Electronic Money and Electronic Money Institutions of the Republic of Lithuania and the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania. Therefore, in order to open an account and/or use the payment services of Satchel, the Client is obliged to provide a full set of requested documents.

8.4. Parties that might be among the recipients of Client-related data:

8.4.1. supervisory authorities;

8.4.2. credit, financial, payment and/or electronic money institutions (subject to the Customer’s consent and in the scope of the Personal data solely specified by the Customer);

8.4.3. pre-trial investigation institutions;

8.4.4. the State Tax Inspectorate;

8.4.5. payment service agents or other representatives of Satchel (if their services are essential for carrying-out an operation);

8.4.6. beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction;

8.4.7. debt collection and recovery agencies;

8.4.8. companies processing consolidated debtor files;

8.4.9. lawyers and law firms;

8.4.10. auditors;

8.4.11. credit / debit card processing service providers;

8.4.12. identity verification service providers;

8.4.13. sanction / PEP screening providers;

8.4.14. vendors of software development and support services;

8.4.15. transaction monitoring service providers;

8.4.16. risk management tools providers;

8.4.17. website domain hosting providers;

8.4.18. cloud service providers;

8.4.19. other Satchel suppliers with the purpose of proper fulfillment of Satchel services.

8.5. Clients’ Personal data may be transmitted to third parties not specified above for specified and legitimate purposes only, and only to third parties who have the right established by laws and other legal acts to receive personal data in the countries of the European Union and the European Economic Area. When the processing of Customer information described above may involve sending it to countries outside of the EEA, Satchel will take all reasonable steps to ensure that the Clients’ data is treated securely and in accordance with this Policy.

9. PURPOSE: Debt management.

9.1. Under this provision, Client-related information is processed in order to manage issues related to debt collection, submission of claims, demands, lawsuits and other documents.

9.2. Processing of the following data can be involved: name, surname, personal identification number, address, date of birth, data from an identity document, email address, phone number, payment account number, IP address, payment account statements.

9.3. Groups of data recipients: companies processing consolidated debtor files, credit, financial, payment and/or electronic money institutions, lawyers, courts, pre-trial investigation institutions, the State Tax Inspectorate, debt collection and recovery agencies, other entities having a legitimate interest.

9.4. Third countries may also obtain access to the data, yet only in the case it/its national is directly involved in your payment transfer execution.

10. PURPOSE: Supporting and managing relations with Clients, preventing disputes and collecting evidence (recording phone conversations), correspondence of business relations with the Clients.

10.1. Processing of Client’s data can be involved for reasons of:

10.1.1. protecting the interests of the Client and/or Satchel;

10.1.2. preventing disputes, providing evidence of business communication with the client (recordings of conversations, correspondence);

10.1.3. ensuring the top-level quality of services provided by Satchel;

10.1.4. executing Client’s requests, following the obligations levied by law or other legal documents.

10.2. The following Client-related information may be processed: name, surname, address, date of birth, email address, phone number, IP address, payment account statements, phone conversation recordings, correspondence with the client.

10.3. Data recipients: supervisory authorities, companies processing consolidated debtor files, lawyers, bailiffs, courts, pre-trial investigation institutions, debt collection and recovery agencies, other entities having a legitimate interest, other entities under an agreement with Satchel, strictly upon reception of a separate consent from you.

10.4. No third country may be granted access to such data.

11. PURPOSE: Informing the client about services. In this case, Client’s data is processed in order to inform the Client about the services provided by Satchel, their prices, specifics, for sending system and other messages related to the services provision by Satchel.

11.1. This provision implies processing of the following Client’s data: email address, phone number.

11.2. The Client hereby acknowledges and agrees that he/she is aware that such messages shall be perceived as necessary under the General Payment Service Agreement and/or its supplements concluded with the Client, which differentiates them from direct marketing messages.

11.3. Data recipients: no third-party shall receive access to data described in this provision.

12. PURPOSE: Direct marketing. In this case, Client’s data is processed in order to inform the Client concerning the offers related to services provided by Satchel.

12.1. This provision implies processing of the following Client’s data: email address, phone number.

12.2. With this provision the Client acknowledges and confirms that he/she is aware of the fact that the data listed above may be processed for the purpose of direct marketing. The Client maintains the right to disagree and to object this clause at any time by informing Satchel via email to [email protected]. The email must provide valid information necessary to identify the data subject.

12.3. Data recipients: The procedure of data processing may involve search or social networking systems (objections to data processing may be filed within the framework that the websites of these systems provide). No other persons shall receive access to data described in this provision.

13. Personal data collected for the purposes specified in this Privacy Policy will only be processed for legitimate purposes in ways complying with legal requirements.

14. No third-party shall be granted access to the Client-related data marked as “personal” without prior Client’s consent. Situations when it is required to do so by applicable law or for the purpose of services provision shall be viewed as exception.

Profiling

15. Satchel may use automated means of personal data processing, following the provisions of risk management-related legislation, and systematic monitoring of transactions with the goal of fraud prevention; such profiling is justified by legitimate interests and legal duties of Satchel.

16. Following the aims of direct marketing and statistical analysis, Satchel may perform profiling through the use of Google, Facebook and other analytics tools.

Cookie policy

17. Cookies are used in order to distinguish you from other users of Satchel Services on the Website. This helps to ensure your pleasant experience when using Satchel Services and also allows improving its organisation. In technical terms, cookies are small files containing a string of characters that are sent to a person’s computer upon visiting the website. Cookies allow Satchel to recognize a user’s browser upon the next visit to the Website, and may detect the user’s preferences and other information.

Used Cookies

Name	Description and Purpose	Duration
cf_clearance	Used to set time of cache to be drawn	1 year
crmcsr	Data is transmitted to the СRM for future user identification	Session
utm_link	Used to store UTM and avoid it loss while navigating between pages	2 hours
AEC	Authentication and security	146 days
APISID	Google authentication; used for user identification	394 days
DSID	Google advertising; used for ad targeting	41 hours
HSID	Security and user authentication; helps prevent unauthorized access	394 days
NID	Preferences and advertising; stores user preferences and serves targeted ads	183 days
S	Security and user authentication	Session
SAPISID	Google services authentication; helps identify users across Google services	394 days
SID	Google services authentication; helps identify users across Google services	394 days
SIDCC	Security and user authentication; prevents fraudulent use of user credentials	365 days
SSID	Security and user authentication; helps protect user data	394 days
__Secure-1PAPISID	Secure Google authentication; enhances security during authentication process	2 years
__Secure-1PSID	Secure Google services authentication; enhances security during authentication process	394 days
__Secure-1PSIDCC	Secure user authentication; enhances security during authentication process	1 year
__Secure-1PSIDTS	Secure Google services authentication; enhances security during authentication process	1 year
__Secure-3PAPISID	Secure Google authentication; enhances security during authentication process	394 days
__Secure-3PSID	Secure Google services authentication; enhances security during authentication process	394 days
__Secure-3PSIDCC	Secure user authentication; enhances security during authentication process	1 year
__Secure-3PSIDTS	Secure Google services authentication; enhances security during authentication process	1 year
__Secure-ENID	Secure user authentication; enhances security during authentication process	366 days
__id – Session	Authentication; used to identify and authenticate users	Session
_ga	Google Analytics tracking; used to distinguish users	400 days
_ga_5XVQVY5JRW	Google Analytics tracking; used to distinguish users across multiple sessions	400 days
_ga_PHVG60J2FD	Google Analytics tracking; used to distinguish users across multiple sessions	337 days
_gat_UA-205402903-1	Google Analytics tracking; used to throttle request rate	15 minutes
_gat_gtag_UA_205402903_1	Google Analytics tracking; used to throttle request rate	15 minutes
_gcl_au	Google Ads conversion tracking; used for attribution purposes	5 days
_gid	Google Analytics tracking; used to distinguish users	24 hours
ar_debug	Authentication and debugging; used for debugging purposes	87 days
gclid	Google Ads conversion tracking; used for attribution purposes	30 days
id	Authentication and user identification; used to identify users across sessions	400 days
cmplz_rt_banner-status	Consent management; stores user’s acceptance status of cookie banner	1 year
cmplz_rt_consented_services	Consent management; records services consented by the user	1 year
cmplz_rt_functional	Consent management; manages user’s preference for functional cookies	1 year
cmplz_rt_marketing	Consent management; manages user’s preference for marketing cookies	1 year
cmplz_rt_policy_id	Consent management; stores the policy ID related to cookie consent	1 year
cmplz_rt_preferences	Consent management; manages user’s preference for cookie settings	1 year
cmplz_rt_statistics	Consent management; manages user’s preference for statistical cookies	1 year

18. Like most website managers, Satchel monitors traffic of the website and automatically collects information on the number of visitors browsing the website, the domain name of Internet service providers of visitors, etc. Such cookies are required for technical reasons in order to ensure the sound and efficient Website operation (administer the Website, maintain security, measure or understand the effectiveness of advertising etc.), as well as track and target the interests of users and Clients in order to improve their experience.

19. The person visiting the Website automatically agrees to the cookie policy unless indicates otherwise through altering the settings.

20. In case of altering the settings, the functionality of the Website may change.

Restriction of data processing

21. You have the following rights

21.1. THE RIGHT OF ACCESS TO DATA: to be informed as to whether or not Satchel is processing your personal data, and access to the related information.

21.2. THE RIGHT TO RESTRICTION OF PROCESSING: you have the right to ask us not to process your personal data for marketing purposes by contacting us at [email protected]

21.3. If, for whatever reasons, you believe that the processing of your personal data is taking place under conditions of violation of your rights and legitimate interests protected by applicable legislation, you may address the supervisory authority.

22. You are free to contact Satchel in case you are willing to learn details, or voice an objection to data processing via email at [email protected]. The individual communicating must provide information that will enable the identification of his/her identity, along with a copy of a personal identification document or an electronic signature.

Unrelated websites

23. Satchel bears no responsibility for ensuring protection of Client’s sensitive data on unrelated third-party websites, even in case these websites were accessed through a link provided on the Website. Activity on such websites is regulated by their individual Privacy Policy.

Information security

24. It is a priority of Satchel to provide highest-level security to our Clients concerning all the information and sensitive data we receive access to. Relevant legal, administrative, technical and physical security measures are undertaken in order to protect this information from unauthorized access, use, copying, accidental or unlawful erasure, alternation, or disclosure, as well as from any other unauthorized form of processing.

Law and jurisdiction

25. These Privacy policy provisions are subject to the law of the Republic of Lithuania. All disputes regarding the provisions of the Privacy Policy shall be settled by negotiation and, in case of failure, the dispute shall be taken to courts of the Republic of Lithuania.

26. For the purpose of the relevant data protection legislation, the data controller is SatchelPay UAB of Geležinio vilko g. 18A, Vilnius, LT-08104, Lithuania.