The Confidentiality Policy (hereinafter – the “Policy”) explains how EITHERWAY IT KFT processes, collects, uses and transfers personal data of users who use the software products corresponding to the Company located on the Internet at: https://either-way.com/ (hereinafter – the “Website”/”Platform”), or any other software products owned by the Company in applications or on the websites of other service providers.

The company has great respect for the confidential (personal) information of all persons, without exception, who have visited the Website, as well as those who use the services provided by the Website; In this connection, the Company seeks to protect confidentiality of personal data (information or a set of information about the individual who is identified or can be specifically identified), thereby creating and providing the most comfortable conditions for using the Website’s services for each user.

This Privacy and Data Protection Policy (hereinafter referred to as the “Policy”) establishes the Company’s procedure for processing personal data, the types of collected personal data, the purposes of using such personal data, the Company’s interaction with third parties, security measures to protect personal data, conditions of access to personal data, as well as the contact information for the user about accessing, making changes, blocking or deleting their personal data and addressing any questions, which you may have regarding the practice of protecting personal data.

1. Collection and Processing of Personal Data

Purposes of Processing Personal Data

The Company processes and collects information about Users in various forms, including their personal data. As used in this Policy, “personal data” is information that includes any information that by itself or in combination with other information identifies or can identify a User.

The company will process the personal data of Users only in accordance with the current legislation on data protection and confidentiality. The Company needs certain personal data in order to provide users with access to the Platform and provide services.

Collection of Personal Data

The Company collects information about Users when the latter use the company’s services on the platform. When Users use the services of a third-party service provider, the services of the Company can be embedded in their systems, and the Company automatically receives the information that Users have provided them to provide certain services that the Company offers.

Use of Personal Data

The company can use the personal data of users in order to:

• operate, maintain and improve the Platform, products and services;
• provide the Users with the Company’s services;
• process payments or payment transactions made by users through the Platform;
• comply with applicable law and make legal requests, including responding to the requests from government agencies;
• ensure compliance with the Policy;
• protect the rights, privacy, safety or property of individuals;
• and also as described in the section “Sharing of Personal Data” below.

2. Exchange of Personal Data

The Company can transfer personal data of Users as follows:

• Third Parties designated by Users. The company can transfer personal data to third parties if the User has given his consent to it.
• Service providers for the Company. The Company may transfer the personal data of Users to the service providers that provide the necessary services to the Company, such as banks or other financial institutions, to process Users’ transactions and perform other financial transactions.
• Other cases. The company may transfer personal data of users if the company deems it necessary or appropriate: (A) to comply with laws; (B) to comply with lawful requests and legal procedures, including the requests from government agencies to comply with national security requirements or decisions; (C) to ensure compliance with the Policy; (D) to protect the rights, privacy, safety or property of individuals.

3. Platforms of other Sevices

The platform may contain links to third party sites and functions. This Policy does not apply to the privacy policy of such services. These services have their own confidentiality policies and the Company is not responsible for their websites, functions or policies. Please read the confidentiality policies of such services before sending any data to them.

4. International Data Transfers

The information, including personal data, which the Company receives from users, may be transferred, stored and processed by the company outside the country in which the User lives, where the data protection and privacy laws may provide a level of data protection lower than in other parts of the world. By using our Platform and providing consent, you consent to this transfer, storage and processing. The company will take all reasonable and necessary steps to ensure the safe handling of personal data in accordance with this policy.

5. Safety

In order to ensure the security of transmission and storage of data of payment cardholders when providing the relevant services, the PayAdmit software product has been certified for compliance with the Payment Card Industry Data Security Standard (hereinafter – “PCI DSS”) and ensures compliance with the specified standard on an ongoing basis.

Compliance with PCI DSS means:

• fulfillment of all requirements of VISA and Mastercard international payment systems in accordance with the rules for making payments and data protection means;
• definition and development of the company’s security policy;
• ensuring the reliable encryption of data and their transmission over the network only in encrypted form;
• differentiation of access to data based on the job responsibilities and authorities with real-time access control;
• determination of stringent requirements for the development, testing and implementation of software with the provision of multi-stage security control of data processing;
• implementation of a regular system scanning process in order to detect vulnerabilities and their subsequent elimination;
• implementation of constant monitoring of the user data security both at the time the user carries out transaction and for the stored user data;
• continuous updating to the current and protected versions of the software used.

6. Storage of Personal Data

The Company will store the personal data of Users for a reasonable period of time necessary for the Users to use the platform unless a longer storage period is required or permitted by law (for example, for regulatory purposes).

7. Rights of Personal Data Subject

The company informs you about your rights as a personal data subject, which are regulated by the Law “On Protection of Personal Data”, namely:

• to know about the sources of collection, the location of their personal data, the purpose of their processing, the location or place of residence (stay) of the owner or manager of personal data, or give an appropriate order to receive this information to the authorized persons, except where prescribed by law;
• to receive information about the conditions for providing access to the personal data, including the information about third parties to whom his personal data is transferred;
• to access your personal data;
• to receive, no later than thirty calendar days from the date of receipt of the request, except as otherwise provided by law, an answer about whether his personal data is being processed, and also receive the content of such personal data;
• to present a reasoned demand to the personal data owner with the objection to the processing of their personal data;
• to submit a reasoned demand to change or destroy your personal data by any owner and manager of personal data, if these data are processed illegally or are unreliable;
• to protect their personal data from illegal processing and accidental loss, destruction, damage due to the intentional concealment, non-provision or untimely provision of data, as well as the protection against the provision of information, which is inaccurate or defaming the honor, dignity and business reputation of the individual;
• to submit complaints about the processing of your personal data to the Human Rights Commissioner or to a court;
• to apply legal remedies in case of violation of legislation on the protection of personal data;
• to include clauses about limiting the right to process your personal data when giving a consent;
• to withdraw consent to the processing of personal data;
• to know the mechanism of automatic processing of personal data;
• to be protected from an automated solution, which has legal implications for it.

For updating, accessing, amending, blocking or deleting your personal data, revoking consent to the processing of personal data that you provided to the Company in accordance with this Policy, or if there are any comments, wishes or claims regarding your personal data, processed by the Company, please contact the Company via email at [email protected].

8. Policy Change

The amendments and additions may be made to this Policy from time to time and without prior notice to the user about it, including when the legislative requirements are amended.

In the event of significant amendments to this Policy, the Company will post a message on its Website and indicate the date of entry into force of these amendments. If you do not deny accepting them in writing within the specified period, this will mean that you agree with the corresponding amendments to the policy.

We ask you to review the Policy from time to time in order to be aware of any amendments or additions.