This website is maintained by iQ Payments Oy (‘PayiQ,’ ‘we’ or ‘us’).

PayiQ takes data protection seriously. We follow the principles included in this data protection policy to protect your privacy. Thus, this data protection policy is included in the applicable payiq.net websites, and it is part of the general terms of use of the website concerned.

This data protection policy concerns our website and your personal data related to its use and processed by PayiQ. We recommend that you get to know this data protection policy in order to find out which personal data we may collect through our website and how we process this data. We may also process your personal data through a service we provide (see below).

PayiQ is required to comply with the EU General Data Protection Regulation and the Act on the Protection of Privacy in Electronic Communications. PayiQ is committed to the protection of your personal data according to the requirements under this Regulation and the Act on the Protection of Privacy in Electronic Communications.

We always process your personal data in a reliable way. We are always open about how we process your personal data. We take all reasonable measures to protect your personal data from misuse and to keep it secure. We will inform you on who you should contact, should you have questions about how your personal data is processed.

Party collecting your personal data:

iQ Payments Oy (2564925-2)

Contact person for matters related to the processing of personal data:

Riikka Pöyry

Address: Maariankatu 4 C, 20100 Turku

Telephone: +358 10 419 2222

E-mail: riikka.poyry@payiq.net

How we collect personal data:

We mainly collect personal data directly from you (for instance as you contact us by telephone, as you send us messages such as e-mails, as you fill in our questionnaires or forms, as you order our publications or as you use our website or our social media pages). We may also collect your personal data concerning the use of our website or process your personal data which you provide in connection with the use of a contact form. If you do not provide us with the personal data we request, we may not be able to offer you a service or procedure you request. The processing of your personal data is based on your consent, which you give by accepting this data protection policy.

In some cases, it may be necessary to collect your personal data from third parties. For instance, we may collect your personal data from your employer if your employer is our customer or wishes to become our customer, or from public sources. The collection of data from third parties is only applicable if it is necessary to provide justified benefits to us or to third parties, such as your employer.

In some cases, the processing of your personal data may be necessary in order for us to meet our statutory obligations.

Which personal data we collect

You do not need to separately register your personal data in order to use our website. We mainly collect personal data which visitors to our websites provide voluntarily and which must be provided for the purposes for which the data is collected. For instance, you may provide us with personal data, such as your name and your e-mail address, to register for the use of certain services we provide, to send us e-mail or to receive e-mail from us through our website.

Some data is necessary in order for us to allow the use of our website and its properties (this includes cookies, which are required in order for us to provide the services you request).

We collect the following personal data:

• name, job title, contact details
• identifiers for the use of the website (IP addresses, cookies etc.)
• objects of interest and behavior on our website

If you wish to receive our news or marketing material or are interested in the services we provide, we may request various contact details depending on the type of material you have requested and permitting us to discuss your needs with you. In this case, the personal data we collect may include your name, your e-mail address, your street address and your telephone number.

If you decide to log in to our website using the login service provided by a third party, confirming your identity and linking us with your social media login details (such as LinkedIn, Google or Twitter), we shall collect data and contents required for registration or login and data and contents which the social media service provider shares with us with your consent. This data may include your name and your e-mail address. We do not collect data belonging to particular personal data groups on our website.

Purposes for which we collect personal data

We shall only process your personal data for purposes indicated in this data protection policy, unless you have separately given your consent to processing for other purposes.

PayiQ collects and processes personal data for various purposes, such as:

• the provision of our services, including technical solutions and applications
• answering your inquiries
• maintaining and enabling a connection to our customers, our partners and stakeholders and keeping them up to date on our services, our product development and other topical subjects
• allowing you to register for various areas on our website
• confirming your identity
• for recruitment purposes
• requesting you to provide feedback
• monitoring the functionality, usability and security of our website
• meeting our statutory obligations or our obligations from the point of view of the authorities
• for internal statistical purposes concerning our databases and their website
• profiling visitors to our website based on user content
• targeting our marketing communications based on the use of our website
• for other purposes related to business activities.

Transfer and disclosure of personal data

We may transfer the personal data you provide via our website to our subcontractors who process your personal data for and on behalf of us (storage, processing or backup of personal data) according to the data protection obligations we follow, including the transfer of personal data across national borders.

We do not disclose your personal data to third parties (other than those mentioned above) unless this disclosure is permitted and required in legislation which binds us.

We do not sell your personal data or otherwise offer it to third parties for their direct marketing purposes.

Data security

PayiQ has taken appropriate technical and organizational measures and has appropriate technical and organizational practices for protecting your personal data against misplacement, misuse, modification or destruction.

PayiQ stores your personal data in printed and electronic form. Materials containing personal data are stored in locked premises which are only available to designated individuals whose duties require authorized access to them.

To the extent that the data may not be in a manually written form, the database containing personal data is included in the system which is only available to designated individuals whose duties require authorized access to it. Access to the databases and systems is only possible by means of personal usernames and passwords which are assigned specially for this purpose. We have limited access rights and authorizations to use information systems and other storage platforms so that only individuals who must be able to examine and process them for statutory processing purposes are able to do so. In addition, the database and system usage events are registered to the log data in our IT systems.

Our employees and other individuals processing personal data are committed to meeting the obligation of secrecy and to maintaining the confidentiality of the information received in connection with the processing of personal data.

We shall only store your personal data as long as necessary and to the extent which is necessary in terms of the original or compatible purposes for which the personal data is collected, or until we are requested to delete the data (if this takes place earlier). We take all reasonable measures to ensure that inaccurate, incorrect and dated personal data is deleted or corrected without unnecessary delay.

Usage of Cookies

We may use cookies from time to time. A cookie is a unique text file that a Web site can send to your browser software. Cookies enable a service to tailor information presented to you based on your browsing preferences. We may use cookies to personalize your pages at our services and support system, or to remember you when you register for products or services. If you do not want us to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a service tries to put a cookie in your browser software. Rejecting cookies may affect your ability to make use of some of the products and/or services.

We may also use cookies to track your visit to our services. While our servers may automatically log your IP address, this information does not identify you and you remain anonymous.

Your rights

In terms of the processing of your personal data, you have the following rights:

a) the right to receive our confirmation that your personal data is being processed or not processed, and if such personal data is processed, the right to gain access to your personal data and the following information: (i) processing purposes; (ii) personal data groups concerned; (iii) recipients or recipient groups to whom personal data has been disclosed or to whom it is intended to be disclosed; (iv) where possible, the intended storage period for the personal data or, where this is not possible, the criteria for determining this period; (v) the right to request the correction of your personal data or the limitation of processing your personal data or to oppose such processing; (vi) the right to file a claim with the supervisory authority; (vii) if personal data is not collected from you, all information available on the origin of the data.

b) the right to withdraw your consent at any time without any effect on the legality of the processing carried out based on your consent before the withdrawal takes place;

c) the right to demand that we correct without unnecessary delay any inaccurate and incorrect personal data related to you, and the right to request the completion of incomplete personal data, for instance by providing additional clarification, taking into account the purposes for which the data was processed;

d) the right to oblige us to delete your personal data without unnecessary delay provided that (i) the personal data is no longer required for the purposes for which it was collected or for which it was otherwise processed; (ii) you withdraw your consent on which the processing was based, and there are no other legal grounds for data processing; (iii) you oppose data processing based on your particular personal situation, and there are no legitimate reasons for data processing; (iv) your personal data has been processed in violation of the law; or (v) the personal data must be deleted in order to meet our statutory obligation based on European Union law or national legislation;

e) the right to oblige us to limit the processing of your personal data, if (i) you contest the correctness of your personal data, and data processing will be limited for a period during which we can confirm its correctness; (ii) the data is processed in violation of the law, and you oppose that deletion of your personal data, demanding instead the limitation of its use; (iii) we no longer require the personal data concerned for processing purposes, but you require this data to draft, file or defend a legal claim; or (iv) you have opposed the processing of your personal data on grounds related to your particular personal situation, while waiting for a confirmation of whether the data controller’s justified grounds override the grounds of the registered person;

f) the right to receive the personal data you have submitted to us in a structured, generally used and machine-readable form, and the right to transfer the data considered to another data controller without our preventing it, if the processing is based on the consent referred to in the EU General Data Protection Regulation and if the processing is carried out automatically;

g) the right to file a complaint with the supervisory authority, should you consider that the processing of your personal data is in violation of the EU General Data Protection Regulation.

The requests related to delivering on your rights shall be submitted to our contact person mentioned at the top of our data protection policy. Should you wish to leave our mailing list, you may use our cancellation link which is included in each e-mail.

Changes to the data protection policy

PayiQ regularly monitors this data protection policy and, where necessary, may modify it by updating the information included at its own discretion. Should we update the data protection policy, we shall record the date of the update in the data protection policy. The updated data protection policy shall be in force and applicable to you and your personal data from this date onwards. We recommend that you read this data protection policy regularly in order to be informed of the potential updates. This data protection policy was last updated on 17 April 2018.

The purpose of this Code of Conduct is to communicate our common set of ethical values and business principles to our stakeholders and to give internal guidance in our daily pursuit of building the Information Society. We encourage the associates and other business partners within its sphere of influence to adopt the principles in this Code of Conduct.

Our business operations are based on high ethical standards. We promote fair competition in accordance with applicable laws. It is expected that employees compete vigorously and fairly in the conduct of business.

In every country in which we operate we shall abide by the laws and regulations of that country. In situations where the law does not give guidance, we apply our own standards based on our corporate values and culture. In cases of conflict between mandatory law and the principles contained in this Code of Conduct, the law shall prevail. It is the responsibility of all employees to be aware of relevant laws or to seek legal advice to ensure compliance.

Business Practices

Safeguarding Corporate Assets

Safeguarding our assets – both tangible and intangible (such as intellectual property rights) – is vital to our business success. Employees have a duty to use our assets only for legitimate business purposes and to protect them from loss or unauthorized use. In no event may our assets be used for unlawful or improper purposes.

Conflict of Interest

In order to operate in a fair and open manner, it is important that every employee and the members of the Boards of Directors avoid any situation or interest which might interfere with their judgment regarding their responsibilities to the company, other employees, customers, suppliers and other partners. Should such a conflict of interest arise, it must be reported immediately by the person subject to the conflict to his/her immediate superior.

Gifts and Bribes

No gifts or similar benefits may be offered by an employee of our company nor accepted if it is considered as a contravention of any applicable law or code of local business practice. Gifts or similar benefits may only be offered to a third party if modest in value and if they are consistent with reasonable hospitality given in the ordinary course of business. No bribes or kickbacks may be offered to any third party.

Political Involvement

We observe neutrality with regard to political parties and candidates. Neither our name nor any resources controlled by us shall be used to promote the interests of political parties or candidates without a prior written consent.

Insider Trading

We expect our employees to act in the way required of insiders, even if they are not in fact registered as insiders. Employees must keep all information and secrets that relate to our present and future business operations strictly confidential. It is prohibited to misuse or disclose to any third party any information about our business operations or information about specific projects.

Accounting and Reporting

All accounting and reporting by us must be reported in accordance with generally accepted financial accounting practices and accounting records must give a true and fair view of the financial position. We shall strive to provide disclosure that is open, fair, relevant, timely and understandable.

Human Rights and Workplace Practice

Human rights

We support and respect the principles set out in the Universal Declaration of Human Rights.

Non-discrimination and Equal Opportunities

We hire and treat our employees in a manner that does not discriminate with regard to gender, nationality, religion, race, age, disability, sexual orientation, political opinion, union membership, or social or ethnic origin. We promote the idea that all employees shall be treated with equal respect and dignity. Furthermore, we promote a culture of equal opportunities and diversity where appointments to jobs, rewarding and personal success depend on individual ability and performance.

Labor

We do not accept child labor nor other forms of compulsory and forced labor. We support the freedom of association and all employees have the right to be a member of a trade union and to bargain collectively.

Work Environment

A safe and healthy working environment shall be provided for all employees.

Environmental Practice

We support a precautionary approach to environmental challenges and a responsible way of conducting our own business operations.

Responsibility of Managers and Employees

It is the responsibility of our managers to make sure that both the content and the spirit of this document are communicated, understood and acted upon within their organizations and to encourage employees to reveal behavior that may be non-compliant with this Code of Conduct. Explicit or implicit approval of questionable actions will not be tolerated. Reports of violations of this Code of Conduct may be made anonymously and in confidence to the Board of Directors. Persons reporting violations in good faith will not be subject to retaliation. Failure to act in compliance with the Code of Conduct can result in appropriate disciplinary actions.

We seek continuous improvement in the way we conduct our business and encourage all managers and employees to take part in this process. This Code of Conduct is a part of the Corporate Responsibility Framework and covers our business operations in all countries. Our Code of Conduct will be regularly reviewed.

This Code of Conduct has been adopted by the Board of Directors.

PayiQ aims to provide social responsibility and accountability for the decisions that we make in respect of potential and present partners and employees. We do not discriminate people directly or indirectly on the basis of race, color, ethnic or national origin, sex, marital status, disability, sexual orientations, age and religious belief. As discrimination in employment is inextricably linked with discrimination in the rest of society, it is totally against of our vision of freedom and globalization.

We have taken active measures to eliminate all direct and indirect discrimination in our business practices and in the provision of services. These practices are promoted as the responsibility of the management, personnel, consultants, contractors, and anyone involved in our daily work.

We will seek to identify the needs of disadvantaged groups in our area of operation and ensure equality of opportunity of access to consideration for employment. Whenever appropriate we will provide training for such personnel to enable them to qualify for all positions within the company. No applicant or employee of the company will be treated less or more favorably on any of the discriminatory grounds referred to above. In order to achieve this, we have an Equal Opportunities Recruitment Policy regarding employment of personnel from within these groups.

In hiring consultants, contractors, and other agents, and in building partnership relations, we will be mindful of our commitment to equality of opportunity.

We aim to extend this policy further to incorporate our partners and associates whenever appropriate. The globalization of business has awakened the consciousness of the importance of equal opportunities. A growing number of companies worldwide are transforming their practices to a more equality aware direction. It is our common belief that joint cooperation and understanding in issues of equality will play a vital role not only in growing the global economy, but also in mutual commitment and business success.

PayiQ is aware of the impact that modern culture has on the exterior environment. It is our clear understanding that we need to successfully balance economy and ecology. Thinking about the environment is therefore natural for the company.

PayiQ applies the requirements of ISO 14000 standards to our processes and subscribes to the philosophy which emerged from the Rio Earth Summit as Agenda 21. We believe that “thinking globally and acting locally” can make a difference and that our actions today should not be at the expense of tomorrow’s world.

We have established technically and economically viable objectives to optimize the environmental performance of our services and daily work. Our main business revolves around the growing Information Society and the use of electronic rather than paper means of communication. We encourage our customers and partners to consider their own paper needs and not to duplicate the creation, issue and storage of paper, or data held in any form.

Equally, within our organization we have practical company policies of:

• Tracking of all incoming and outgoing environmentally relevant materials, including plastic bags, plastic sheets, electricity, water and refrigerant consumption;
• Re-using all paper and then recycling it;
• Increased usage of recycled paper within our organization;
• Donating spent toner cartridges and purchasing refilled cartridges;
• Reducing or eliminating hazardous substances, such as freon;
• Using public transport, walking or cycling whenever possible;
• Sharing cars on business journeys when it is possible;
• Keeping office temperatures at the lowest comfortable level;
• Using virtualization and remote access to manage servers;
• Regularly servicing heating systems and other equipment;
• Purchasing supplies locally where possible.

We aim to extend this policy further to incorporate our partners and associates whenever appropriate. A growing number of companies are transforming their practices to a more environmentally friendly direction. It is our common belief that joint cooperation in environmental issues will play a vital role in preserving the Earth’s natural resources.