Privacy & Data Protection Policy

0. GENERAL PROVISIONS

This Privacy & Data Protection Policy (the "Policy") explains how wemopay.net ("Wemopay", "Platform", "we", "us") collects, uses, shares, transfers, and protects personal data when users access our software products via https://wemopay.net or when Wemopay functionality is embedded into third-party services and applications.

Data Controller

For the purposes of applicable data protection laws (including the GDPR where it applies), the data controller is:

SPARKPAY SOLUTIONS INC. (Newfoundland and Labrador, Canada)

Company №: 01098 | Incorporated: 2025-02-07

Registered Office: 167A Elizabeth Ave, St. John's, NL, Canada, A1B 1S8

Contact email for privacy matters: [email protected]

We value privacy and treat personal data as a critical asset. This Policy describes:

  • what personal data we collect and why;
  • how we process and store it;
  • when we share it with third parties;
  • how we secure it;
  • cross-border transfers;
  • the rights available to data subjects under GDPR (where applicable);
  • how to contact us regarding your data.

1. COLLECTION AND PROCESSING OF PERSONAL DATA

1.1. Purpose and Legal Compliance

We process personal data in accordance with the GDPR (where applicable) and other relevant privacy and data protection laws.

"Personal data" means any information that identifies or can reasonably be used to identify an individual, either directly or in combination with other information.

Depending on the context, processing may be necessary to:

  • provide the Platform and deliver requested services;
  • comply with legal obligations (including financial, regulatory, and security requirements);
  • protect users and the Platform from fraud, abuse, and security threats;
  • communicate with users and provide support;
  • maintain and improve product performance and reliability.

Where required, we rely on consent and/or other lawful bases available under applicable law (for example, contract performance, legal obligation, legitimate interests).

1.2. How We Collect Personal Data

We may collect personal data when you:

  • create an account, use the Platform, or configure payment settings;
  • initiate or manage transactions (including settlements, refunds, reconciliation, and reporting);
  • contact support or interact with our communications;
  • use the Platform in a way that generates technical and security logs (e.g., IP address, device and browser data, timestamps, event logs).

If Wemopay is integrated into a third-party service, we may receive the data necessary to provide our services within that integration (for example, transaction, technical, and operational data).

1.3. How We Use Personal Data

We may use personal data to:

  • operate, maintain, and improve the Platform and related services;
  • provide user support, service messages, and operational communications;
  • process payments, settlements, refunds, chargebacks, and related transaction workflows;
  • detect, prevent, and investigate fraud, abuse, and security incidents;
  • comply with legal and regulatory obligations and respond to lawful requests by authorities;
  • enforce our policies, contractual terms, and acceptable use rules;
  • protect the rights, privacy, safety, and property of users, Wemopay, and third parties;
  • as otherwise described in Section 2 ("Sharing of Personal Data").

2. SHARING OF PERSONAL DATA

We share personal data only when necessary and on a need-to-know basis, including:

Parties designated by you

We may share personal data with third parties at your request or with your explicit consent.

Service providers and payment partners

We may share personal data with trusted vendors and partners (including banks, financial institutions, payment processors, infrastructure and hosting providers, analytics/security providers, and compliance service providers) strictly to operate transactions and provide Platform functionality.

Legal and security reasons

We may disclose personal data when we reasonably believe it is necessary to:

(A) comply with applicable laws or regulations;

(B) respond to lawful requests by public authorities;

(C) enforce our terms and policies; or

(D) protect rights, privacy, safety, or property.

We do not sell personal data as a standalone commercial product.

3. THIRD-PARTY PLATFORMS

The Platform may contain links to third-party websites and services. This Policy does not apply to third parties' privacy practices. Third parties operate under their own policies and terms, and we are not responsible for their content, features, or data handling. Please review their privacy notices before providing personal data to them.

4. INTERNATIONAL DATA TRANSFERS

Wemopay may transfer, store, and process personal data outside your country of residence, including in jurisdictions with different data protection laws. Where cross-border transfers occur, we take appropriate safeguards to protect data in line with this Policy and applicable legal requirements (for example, contractual protections and security controls, where applicable).

5. SECURITY

We use organizational and technical measures designed to protect personal data and payment information against unauthorized access, alteration, loss, misuse, or disclosure. Measures may include:

  • internal security policies and controls;
  • encryption for data transmission where appropriate;
  • role-based access controls and least-privilege access;
  • secure development and testing practices;
  • vulnerability scanning and remediation;
  • monitoring for suspicious activity;
  • timely updates and security patching.

Where applicable to our card-data environment, we maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS).

No system can guarantee absolute security, but we continuously improve safeguards to reduce risk.

6. STORAGE AND RETENTION

We retain personal data only for as long as necessary to provide the Platform and deliver services, unless a longer retention period is required or permitted by law (including regulatory, accounting, auditing, and dispute-resolution obligations). After the retention period, data is deleted or anonymized where feasible.

7. RIGHTS OF DATA SUBJECTS (GDPR)

Where GDPR applies, you may have rights including:

  • to access your personal data and obtain confirmation of processing;
  • to request correction of inaccurate data;
  • to request deletion in legally applicable cases;
  • to object to processing or request restriction in certain situations;
  • to withdraw consent where processing is based on consent;
  • to be informed about certain automated processing and request human review where legally required;
  • to lodge a complaint with a supervisory authority.

To submit a request, contact: [email protected].

8. POLICY CHANGES

We may update this Policy to reflect changes in law, technology, or Platform operations. If changes are material, we will post an updated version on the Website and indicate the effective date. We encourage users to review this Policy periodically.