MenuClose

Privacy Policy

Last Updated: 11.12.2024

At Sasono (“we,” “us,” or “our”), we take the privacy and security of your personal information seriously. This Privacy Policy explains how we collect, use, disclose, store, and protect your Personal Data when you use our services, visit our website (www.sasono.com), and engage with us as a customer or a visitor. 

This Policy also describes your rights with respect to the Personal Data we hold about you, in accordance with the EU General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection and privacy laws.

By accessing our website, using our services, registering an account, or otherwise providing Personal Data to us, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Customers: Individuals or entities who use our prepaid card services (“Sasono Cards”).
  • Website Visitors: Individuals who visit our public website (www.sasono.com) without necessarily registering for our services.

This Policy does not apply to services or websites operated by third parties. Where we link to third-party sites or services, their own privacy policies will govern.

2. Who We Are

Sasono is a prepaid card provider operating under a Money Services Business (MSB) license in Canada, offering services to customers within the European Union (EU) and Canada. We are committed to complying with all applicable data protection and financial regulatory obligations, including GDPR, PIPEDA, and relevant AML/KYC regulations.

3. Personal Data We Collect

3.1 Customers
When you register for and use our Sasono prepaid card services, we collect Personal Data necessary for account creation, verification, and compliance with financial regulations. This may include, but is not limited to:

  • Identification Information: Full name, date of birth, contact information (email address, phone number, postal address), and government-issued identification (e.g., passport or driver’s license number where required by law).
  • Financial Information: Payment details, transaction history, and card usage information.
  • Account Credentials: Username and encrypted password for accessing your account.

3.2 Website Visitors
For individuals who visit our website without registering, we may collect only the information you voluntarily provide through contact forms or newsletter sign-ups. This typically includes:

  • Contact Information: Name, email address, and any other information you choose to share in your inquiry.

We do not intentionally collect special categories of Personal Data (e.g., racial or ethnic origin, political opinions, religious beliefs, health information) or data relating to minors without parental consent. If you believe we have inadvertently collected such data, please contact us to request deletion.

4. How We Use Your Personal Data

We use your Personal Data for the following purposes, in accordance with applicable data protection laws:

  • Service Provision and Account Management: To create and maintain your account, process transactions, facilitate prepaid card services, and provide customer support.
  • Legal and Regulatory Compliance: To comply with financial regulations, anti-money laundering (AML) and know-your-customer (KYC) obligations, tax laws, and other statutory requirements.
  • Verification and Security: To verify your identity, prevent fraudulent or unauthorized activities, and ensure the security and integrity of our services.
  • Communication: To respond to inquiries, send you service-related notices, and provide updates about our policies, features, or services.
  • Marketing: To facilitate our marketing efforts towards potential and current customers. 
  • Consent-Based Communications: With your explicit consent, we may send you promotional and marketing communications. You can withdraw your consent at any time.
  • Website Operations and Improvements: For website visitors, to operate, maintain, and improve our website, including analyzing usage patterns and troubleshooting technical issues.

5. Legal Bases for Processing

We process Personal Data under several lawful bases as defined by the GDPR and other relevant laws, including:

  • Consent: We rely on your consent for certain activities, such as sending you marketing communications or processing optional forms you submit on our website.
  • Legal Obligations: As a licensed MSB, we must comply with certain financial and AML/KYC regulations, which may require the collection and processing of identification and transaction-related data.
  • Performance of a Contract: We process Personal Data necessary to provide our prepaid card services and fulfill contractual obligations.
  • Legitimate Interests: Where permitted by law, we may process Personal Data to further our legitimate interests, such as improving our services, ensuring security, or preventing fraud, provided that these interests are not overridden by your rights and interests.

6. Disclosure of Your Personal Data

We may disclose your Personal Data to the following parties for the purposes outlined in this Policy:

  • Service Providers and Business Partners: We use reputable third parties to support our operations, for example our KYC/AML operations and EU-based data hosting. These entities process Personal Data only as instructed by us and in accordance with applicable data protection laws.
  • Regulatory and Government Authorities: We may disclose Personal Data to financial regulators, law enforcement agencies, or other authorities when required by law or to protect our legal rights.
  • Professional Advisors: We may share Personal Data with auditors, lawyers, accountants, and other professional advisors in connection with obtaining advice or managing legal obligations.

We do not sell or rent your Personal Data to third parties for their direct marketing purposes.

7. International Data Transfers

All Personal Data is stored on Amazon servers located in the EU. We also operate in Canada and may store or process limited Personal Data in Canada. When transferring Personal Data between the EU and Canada, we ensure that appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, as required by applicable data protection laws.

We do not transfer Personal Data outside of the EU or Canada without ensuring that the receiving country provides an adequate level of protection or that standard data protection clauses or other appropriate measures are implemented.

8. Data Retention

We retain Personal Data only for as long as is necessary for the purposes described in this Policy or as required by law. For example:

  • AML/KYC Data: We retain identification and transaction records for the legally mandated retention period under financial regulations.
  • Account-Related Data: Information associated with your account is retained as long as your account remains active, and thereafter as required by legal obligations or for dispute resolution.
  • Contact Form Submissions: Data submitted through our website’s contact forms will be retained for as long as necessary to respond to your inquiry or as required by law.

Once the retention period expires, we securely delete or anonymize your Personal Data.

9. Data Security

We implement technical and organizational measures to protect your Personal Data against unauthorized access, loss, theft, alteration, or misuse. These measures include, but are not limited to:

  • Encryption of Data at Rest and in Transit
  • Access Controls and Authentication Measures
  • Regular Security Audits and Testing
  • Vendor Due Diligence and Contracts Ensuring Data Protection

In the event of a data breach that compromises your Personal Data, we will notify you and the appropriate supervisory authorities as required by applicable data protection laws.

10. Your Rights

Under the GDPR (for EU residents) and PIPEDA (for Canadian individuals), you may have the following rights:

  • Access: Request a copy of the Personal Data we hold about you.
  • Rectification: Ask us to correct inaccuracies or update your Personal Data.
  • Erasure: Request the deletion of your Personal Data, subject to legal limitations (e.g., legal retention requirements).
  • Restriction of Processing: Ask us to limit our processing of your Personal Data in certain circumstances.
  • Data Portability: Obtain a copy of your Personal Data in a structured, commonly used, and machine-readable format, where technically feasible.
  • Objection: Object to our processing of your Personal Data, where such request is legally permissible.
  • Withdraw Consent: If we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact us at dpo@sasono.com. We will respond to your request in accordance with applicable data protection laws.

11. Children’s Privacy

Our services are not directed to individuals under the age of majority in their respective jurisdictions. We do not knowingly collect or process Personal Data from minors without verifiable parental consent. If you believe a minor has provided us with Personal Data, please contact us so we can take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business operations, legal obligations, or industry best practices. The “Last Updated” date at the top of this Policy indicates when it was last revised. We will provide notice of material changes, where required by law, such as by posting a prominent notice on our website or sending you an email notification.

Your continued use of our services after any changes to this Privacy Policy indicates your acceptance of the revised Policy.

13. Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer at:

Email: dpo@sasono.com

We will do our best to address your concerns promptly and in accordance with applicable legal requirements. If you are not satisfied with our response, you may have the right to file a complaint with a supervisory authority, such as the Office of the Privacy Commissioner of Canada or a Data Protection Authority within the EU.

By using our services or visiting our website, you acknowledge that you have read and understand this Privacy Policy and agree to the collection, use, and disclosure of your Personal Data as described herein.