iCard Privacy Policy

Last update: 15th of December 2017

This Privacy Policy governs your use of products, services, content, features, technologies or functions offered by the iCard Service and all related applications and services (collectively “iCard Service”) (including, without limitation, when you provide any information in relation to your use of the iCard App).

You accept and consent to this Privacy Policy when you sign up for, access, or use the iCard Service. By accepting and consenting to this Privacy Policy, you expressly consent to our use and disclosure of your personal information and direct us to do so in the manner described in this Privacy Policy.

1. General

1.1 This Privacy Policy is inseparable part of the Legal Agreement for iCard, which is applied to your use of the iCard Service and other legal documents (if applicable).

We, meaning iCard as Financial Institution, Member of Card Organizations and company supporting the iCard Mobile App and any other party, proving services to you (also referred to as “Client”), under the above mentioned Legal Agreements, give utmost importance to the protection of personal data of our customers. In the following Privacy Policy, we inform the Client about the collection, use and processing of Client personal data when applying, registering or using our iCard Service and all elements, included in the iCard Service, including our Mobile App, E-money account and Cards, jointly referred to as “Service”.
All customer data is collected, transferred and maintained in accordance with the principles incorporated within applicable legislation as per the Legal Agreement and within the EC Directive 95/46 on the protection of personal data. The personal data regarding the Client that is provided by the Client as well as by third parties such as state and international authorities, which have competence in the prevention of frauds, is preserved in electronic form on servers, collocated in specially designed premises class A with the highest level of communication coverage, security and control of access.
1.2. Client has to read this Privacy Policy carefully in order to understand our views and practices regarding Client personal data, how it is used and how it is treated by us. Client has to download and save this Policy. If Client does not agree with this Privacy Policy, Client must not use our Service (as defined in the Legal Agreement). By providing personal information to us and by maintaining contractual relations with us after Client has already obtained knowledge of this Privacy Policy, we will assume that Client has consented to the collection, use and disclosure of personal information about the Client in accordance with the terms set out in this Privacy Policy unless Client notifies us otherwise.
1.3. This Privacy Policy may be revised from time to time because new features may be added to our Service or because of amendments in legislation or other regulatory reasons. We may amend this Policy at any time by posting a revised version in the Mobile App. The revised version will be deemed effective from the moment of its publication. In addition, if we propose to change this Privacy Policy in a substantial manner, we will provide the Client with at least 30 days prior notice of such a change via the Mobile App. After the expiration of these 30 days, Client will be considered as having expressly consented to all amendments to the Privacy Policy. If Client disagrees with the terms of this Privacy Policy, Client may terminate its Agreement for the Service at any time according to the methods prescribed in the Agreement for the Service.
1.4. Not a Framework Contract: For the avoidance of doubt, this Privacy Policy does not constitute a "framework contract" for the purpose of the EU Payment Services Directive (2007/64/EC) or any implementation of that directive in the European Union or EEA (including, without limitation any national laws implementing the EU PSD).

2. Collection of Information

2.1. Collection and processing of Information in case of opening and using iCard Account
To open, maintain, use and close the E-money Account and payment instruments, associated with the iCard Account and to use the Service provided by us, Client must provide:
  • First name and surname
  • Date of birth
  • Place of birth
  • Email address
  • Nationality
  • Registered address
  • Mobile telephone number
  • Identification document
  • Type of identification document
  • Issue date
  • ID number
  • Issuing authority
  • or other details as may be requested.

Furthermore, for the purposes of funding the iCard Account of the Client, Client may choose to provide information about its credit card, debit card or other payment instrument. We may generate and send to mobile phone number of the Client verification codes as well as to request the Client to enter them as a confirmation of certain actions. This required information is necessary for us in order to process transactions, issue new passwords (if applicable) in case the Client forgets or loses his/her password, in order to protect Client, us or other customers of ours against identity theft, credit card fraud as well as to contact Client should the need arise in administering the iCard Account of Client. In order for us to provide our Service Client acknowledges and permits us his/her/its to have access to the contact list/address book, in the Client’s smart phone in order to find, keep track and use of the mobile phone numbers of other users of the Service provided by us.
2.2. If Client sends to us correspondence, including post mails, e-mails and faxes, we will retain such information in the record made for Client´s iCard Account. We will also retain customer service correspondence and other correspondence from us to Client. We retain these records in order to assess and improve the provision of customer service, as well as to investigate potential fraud and violations of the terms and conditions of the iCard Service. In addition, phone calls from Client to us and vice versa will be monitored and/or recorded for purposes of quality improvement of the service, as well as for purposes of security and fraud detection.
2.3. In order to fulfill its legal obligations to prevent fraud and money laundering and/or to protect all of its customers against potential fraud, we may obtain information about Client from third party agencies, including financial history details, court judgments and bankruptcies, from credit reference and fraud prevention agencies when the Client opens his/her iCard Account and at any time when we deem necessary to protect from fraud or to minimize our financial risks. If the overall payment volumes which the Client sends or receives through the iCard Service are high, in some circumstances we will conduct a background check on Client business by obtaining information about Client and its business from a Credit Reference or Fraud Agency. If Client owes us money, we may conduct a credit check on Client by obtaining additional information about the Client from a Credit Reference or Fraud Agency, to the extent permitted by law.
2.4. In addition to the personal information provided by the Client or obtained from third parties, our Service use a technology which allows us to gather particular technical information i.e. address of Client’s internet protocol, operational system of the Client’s computer, Client’s browser type, traffic data, location data, weblogs and other communication data, whether this is required by us for purposes of control of risk and security, performance of regular obligations, inventory or other purposes. When Client accesses the Service using a mobile device (e.g. a smartphone), we may additionally collect and store device sign-on data (including device ID) and geolocation data in order to provide the services.
2.5. Collection and processing of Information in case of Video Identification Chat
In accordance with our Internal AML/FT Procedures we may identify the Client or the authorized user opening the iCard Account (in case of company or other entity, referred to as “user opening the account”) by means of online-based Video Identification Chat (“video call”), conducted by the employees of iCard AD, licensed as E-money institution, James Bourchier 76A, Sofia or in future its’ sub-contractor, a trusted third party, notified in this Privacy Policy, to which this task has been outsourced by the entity obliged to apply AML/FT measures.
We shall provide a secure video channel and the necessary level of direct visual communication connection with the mobile device of the Client or user opening his/her iCard Account via the iCard App.
By agreeing with this document, or downloading the iCard App, or other designated app by the iCard Service, and by initiating a Video Identification Call the Client or the user opening the account gives his/her consent to be recorded (audio and video) for the AML/FT purposes of the institution subject to AML/FT laws. We shall ensure that the Client or the user opening the account confirms its consent also within the Video Identification Call.
To achieve the effective execution of the Video Identification Call the Client or the user opening the iCard Account agrees to give us access to the camera of the mobile device and the Client or the user opening the account agrees that we take:
- photographs of the Client or the user opening the iCard Account; and
- photographs of the principal page of Client’s or user’s passport or of the front and rear sides of other ID document.
For the same purposes the Client or user opening the iCard Account agrees to allow us to download and read the chip embedder in the Passport/digital copy of the Passport (referred to as ePassport) of the Client or user opening the iCard Account. The personal data stored in the ePassport or other ID document will be read and encrypted via NFC technology.
We shall give instructions to the Client or user opening the account within the Video Identification Call and the Client or user opening the account agrees to follow them in order for us to 1) authenticate the presented passport or ID document; 2) to examine the integrity of the respective optical security features of the passport or ID document.
All of the information, photos and copies transmitted to us by the Client within the Video Identification Call shall be considered as personal information under the meaning of the applicable legislation and shall be treated in accordance with the rules of this Privacy Policy. All personal information shall be recorded and kept on secured Microsoft cloud space and on our cloud on secured servers and shall be treated in compliance with the applicable AML/FT and personal data protection laws.

3. Use of Information

3.1 By accepting this Privacy Policy, Client consents that we will use his/her/its personal information while providing its services to Client including:
- To verify the identity and financial information of the Client;
- To make fraud prevention checks, anti-money laundering/FT and credit checks;
- For opening, operating and administering and closing the iCard Account of the Client and the payment instruments associated to it and for provision of services that Client has requested;
- For opening, operating and administering and closing of other accounts, or services, or other payment instruments that Client has requested;
- To execute instructions of the Client for undertaking and receiving payments and transfers using the Service, including for verifying that Client has sufficient funds in his/her iCard Account and has any linked payment instruments to make such payment operations;
- To notify the Client about changes to the service(s) provided by us;
- To comply with financial and payment services regulations including retention of financial information and transactions information.
- To exercise our rights and perform our obligations resulting from the Agreement with the Client;
- To transfer our rights under the Agreement with the Client to a person established in a Member State of EEA, while at the same time complying with the provisions of the Agreement with the Client.

4. Disclosure of Information

4.1. We are not entitled to sell or rent any of personal information about the client to third parties in breach of its legal obligations. We will give access to the personal information about the Client only to those employees who need it in order to provide the iCard Service to the Client. We may disclose personal information about the Client only in limited amount of cases explicitly listed in this document, as well as to the third parties and their sub-contractors, listed in the List of Third Parties with whom personal information may be shared, where the List is made available to the Client prior to entry into Legal Agreement for the iCard Service.
4.2. We may disclose personal information about the Client to third parties if it is necessary for us in order to, among other things, fulfill the request of the Client, process Client’s payment details, provide support services and monitor fraudulent activities.
4.3. When Client sends money to another customer of the iCard Service or a merchant to whom Client wishes to pay, we will, at a minimum, pass on to the recipient the mobile phone number, the e-mail address and the identification number of Client’s iCard Account. Depending on the type of payment involved, we may also send other personal details such as name, address and country of residence of Client if the recipients request this information from us in order to improve the payment process, to reconcile payments with the commercial transaction or to conduct their own anti-fraud and anti-money laundering checks.
4.4. We will also disclose information about Client to our auditing company which will carry out professional auditing services for us and will assess our policies for Anti Money Laundering (AML) and Know Your Customer (KYC).
4.5. We may disclose aggregated commercial data on turnovers made via the Service to third parties that act as our sub-contractors and have a contractual obligation to preserve the confidentiality and where this information will be used by them only for the purposes of distributing the Service and/or support of the Client for use of the Service.
4.6. We will disclose information about the Client in the event that we are obliged by an effective law to do so. Such disclosure includes, without limitation, transaction information, account information, personal information and the contents of communications to: the court; the police; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies (other than tax related authorities), departments, regulatory authorities. If false or inaccurate information is provided by Client and fraud is identified, we will pass details to fraud prevention agencies and law enforcement agencies may access and use that information. We and other organizations may also access and use this information (including information from other countries) to prevent fraud and money laundering.

Specifically, you consent to and direct us to do any and all of the following with your information regarding the iCard Service:

a. Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations (including, without limitation, the Agencies referenced in the “Agencies” section of the Third Party Provider List) and other third parties, including our Group companies, that (i) we are legally compelled and permitted to comply with, including but without limitation the applicable laws on automatic exchange of information, such as Foreign Account Tax Compliance Act (“FATCA”) or Common Reporting Standard (“CRS”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our Legal Agreement (including without limitation, your funding source or credit or debit card provider).
If you are covered by the FATCA or CRS Law, we are required to give you notice of the information about you that we may transfer to various authorities.
b. Disclose information regarding your use of the iCard Service to intellectual property right owners if under the applicable national law of an EU member state they have a claim against us for an out-of-court information disclosure due to an infringement of their intellectual property rights for which our Services have been used;
c. Disclose necessary information in response to the requirements of the credit card associations or a civil, administrative or criminal legal process.
d. Disclose necessary information to the payment processors, auditors, customer services providers, credit reference and fraud agencies, financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies, agencies, marketplaces and other third parties. The purpose of this disclosure is to allow us to provide the iCard Services to you. We also set out in the list of third parties non-exclusive examples of the actual third parties to whom we currently disclose information regarding your use of the iCard Service or to whom we may consider disclosing information regarding your use of the iCard Service, together with the purpose of doing so, and the actual information we disclose. These third parties are limited by law or by contract from using the information for secondary purposes beyond the purposes for which the information was shared.
e. Disclose necessary information to your agent or legal representative (if applicable, such as the holder of a power of attorney that you grant, or a guardian appointed for you).
f. Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our active users. However, this aggregated information is not tied to personal information.
g. Share necessary information regarding your use of the iCard Service with third parties (if applicable) for their use for the following purposes:
i. Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk.
ii. Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).
iii. Shipping: in connection with shipping and related services for orders of cards.
iv. Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.
v. Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.

Mergers or Acquisitions: As with any other business, it is possible that in the future our business could merge with, or be acquired by, another company. If such an acquisition occurs, you consent to the successor company having access to the information maintained by us including information regarding your use of the iCard Service, and such successor company would continue to be bound by this Privacy Policy unless and until it is amended.

Third Party Agents or Distributors: If you chose to buy or otherwise obtain the Cards directly in a third party (such as Agent or Distributor) shop, store, premises or website or via a third party application, any information that you provide to this third party (and not directly to us) will be shared with the owner of the third party. These third parties are governed by their own privacy policies and you are encouraged to review their privacy policies before providing them with personal information. We are not responsible for the content or information practices of such third parties.

5. Information Security and Protection

5.1. We take the responsibility to ensure that the information about Client is secure. To prevent unauthorized access or disclosure of information we maintain physical, electronic and procedural safeguards that comply with applicable regulations to guard non-public personal information. Once the Client is logged into his/her iCard Account, all internet communication is secured using Secure Socket Layer (SSL) technology with High-grade security Encryption (AES-256, 256 bit keys, certified by StartCom Ltd). We restrict access to personally identifiable information of the Client only to employees who need to know that information in order to provide products or services to Client.
5.2. The security of the iCard Account and the payment instrument of Client also relies on protection by Clients of its identifying credentials of the iCard Account, the payment instruments or other functionalities of the service, including transfers via SMS. Client shall not share its identifying credentials with anyone. We will never ask Client to send its identifying credentials in an e-mail, although we may ask Client to enter this and other personal information in the iCard Account of Client for the iCard Service via the iCard App uploaded on the Client’s smart device or in other way as may be required by the Service. Any e-mail or other communication asking Client to provide personal information via email should be treated by Client as unauthorized and suspicious and should be reported to us immediately. If Client does share its identifying credentials with a third party for any reason, including because the third party has promised to provide additional services to Client, the third party will have access to Client’s iCard Account and to its personal information, and Client will be responsible for the actions taken by the third party by using Client identifying credentials. If Client believes someone else has obtained access to its identifying credentials, must change it immediately by logging in to the iCard Account of the Client via the iCard App and changing its settings, as well as to contact our Customer Service.

6. Contact with Client

6.1. We communicate with our Clients on a regular basis via email, SMS or push notifications sent via the Mobile App for the Services. We also communicate with Clients by e-mail or phone to resolve customer complaints or claims made by Clients; respond to requests for customer service; inform Clients if according to us their e-money accounts or any of their transactions have been used for an illegitimate purpose; confirm information concerning a Client's identity, business or account activity; conduct customer surveys; investigate suspicious transactions.
6.2. We use Client’s email, physical address or mobile phone to send an SMS, email or push notification to confirm the opening of an e-money account, to send notice of payments that sent or received through us, to send information about important changes to the products and services, and to send notices and other disclosures required by law. We will monitor and/or record telephone conversations with Client to offer additional security, detect fraud, take instructions by Clients correctly or to resolve complaints.
6.3. By using the Services, you might grant to us information like names, mobile phone number, email address or other about a person that is not registered for the iCard Service and does not have any legal connection with us. You acknowledge and agree that this person has granted to you permission to share such information with us and hold us harmless against any claims arising from the submission of information about third parties. We will not be liable for the content of the communication or the initiation of such communication. We are not sending unsolicited emails, SMS, messages etc. and any message, notification and other communication through functionalities of the iCard Service, including Virtual Gift Cards, initiated by You shall be sent on your behalf and not by us.

7. Accessing and Changing Information by Client

7.1. Client can review the personal information which is provided to us and make any desired changes to such information, or to the settings for the iCard Account of Client, at any time by logging in the iCard App and changing the preferences in the respective tab.

7.2. If Client closes his/her iCard Account, we will mark in our database the Client’s Account as "Closed", but will keep the information about Client, as we are required to retain certain records for a period of at least five years after closure. This is necessary in order to detect fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their e-money Account and opening a new e-money Account. However, if Client closes his/her iCard Account, the personally identifiable information about Client will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, or as required by law.
7.3. At the request of Client, we will also share with Client where the personal information of Client has been stored, what personal information we have about Client and for what purposes we use it. Client has legal right to such requests. They may be submitted to our Customer Service.