Privacy Policy

Monri as Data Controller

Monri Payments d.o.o., Ulica grada Vukovara 269 F, Zagreb, Personal Identification Number: 82551932122 (hereinafter: Monri), as a data controller, looks after the protection of your privacy. With this Personal Data Protection Policy, we want to inform you on the manner in which we collect and process your personal data, and at the same time familiarize you with your rights in accordance with the General Data Protection Regulation EU 2016/679.

You can contact us on the phone numbers or via the contact form available on our website www.monri.hr in the Contact section.

 

Data Protection Officer

Monri implements modern technical and organizational measures to protect users’ personal data, and for all questions related to the protection of personal data we have appointed a Data Protection Officer whom you can contact at [email protected] or in writing at the address Ulica grada Vukovara 269 F, Zagreb, with the indication “for the Data Protection Officer”.

 

What personal data we collect

  1. When signing up for our newsletter

If you wish to receive notifications about our products and services, you can subscribe to our newsletter via the website. In that case, we only process your e-mail address only while you receive the newsletter. By subscribing, you give us your consent, which you can withdraw at any time by unsubscribing from the newsletter. Providing your e-mail address and subscribing to the newsletter, which represents your consent, are conditions for receiving the newsletter.

 

  1. If you want to become a member of the Monri team

On our website, you can find job postings for open positions or you can send us an open application in which you can write what you want to do and how you see the continuation of your career in our team and send us your resume. We process basic information about the candidate, contact information, information about education and work experience, as well as other information that the candidates themselves submit in their resume, and which are necessary for us to consider for the purpose of establishing an employment relationship, or for us to take actions before concluding an employment contract. If you have applied for an open position, we process your personal data only during the selection process and then store it for a period of 24 months, while if you sent us an open application, we will store it based on your consent until we have a need for a new employee of your profile, and for a maximum period of two years. If you have sent an open application, and after that you no longer want your resume to be stored with us, please inform our officer of the withdrawal of your consent and your data will be deleted.

 

  1. When you contact us via the contact form, e-mail or phone

On our website, you are provided with a contact form through which you can send us your inquiries as well as the telephone numbers of our services. The legal basis for processing this personal data is consent. In this case, we process your name and surname, e-mail address, telephone number, as well as other data that you provide, solely for the purpose of responding to your inquiry and only for as long as necessary to provide such a response.

 

  1. When you use our products and services

Monri provides its users with a wide range of services related to card payments, fiscal cash registers, and related services. Please note that Monri may act either as a data controller or as a data processor when providing its services, depending on the specific contractual relationship with the business partner.

 

SinglePOS

When using our SinglePOS service, which allows the acceptance all forms of card payments, we collect only specific card data such as the card number and expiration date. These data are protected by encryption and stored in an encrypted format, without any personal information through which we could identify the data subject.

Card data is used solely and exclusively for the purpose of providing you with the service of processing card transactions at the points of sale of our contractual partners.

 

SoftPOS

The SoftPOS service is a mobile application for devices using the Android operating system, enabling the acceptance of card payments. This mobile application enables smartphones to perform transactions by reading contactless payment cards via NFC and provides the necessary security monitoring and protection throughout the entire process. During the use of the service, personal data of the data subject is not collected. However, because the application is installed on a mobile device, information regarding that device is collected, specifically:

  • Device information – such information relates to the operating system and version, communication ports, processor, memory speed, screen size, current power status, memory usage, installed applications, developer mode status, device system time, device runtime, application startup timestamp, chip architecture, etc.
  • Application usage information – duration of access, access times, IP address, event information (e.g., abnormality reports, errors, crashes, restarts, upgrades), etc.
  • Device location information
  • Payment transaction data – including specific card data necessary for transaction processing, which is stored in a highly encrypted format.

 

When using the service, we will request various permissions and consents for applications and application-related information, depending on the type of device you are using, all for the purpose of ensuring a secure transaction environment for you and the cardholders. The mobile applications on the device where SoftPOS is installed, which we may access, include: Storage, Network, Location, NFC, Battery, Camera, Bluetooth, Recording, and a List of installed applications.

All of the aforementioned data is processed solely and exclusively for the purpose of providing a secure card transaction processing service. During the execution of the transaction itself, we process specific card data from which the data subject cannot be identified.

 

WebPay and WSPay

Our WebPay and WSPay services are intended for the secure execution of online payments. While providing these services, Monri may process the following personal data: first and last name, address, postal code and city, telephone number, e-mail address, and IP address. Additionally, card number, card expiration date, and CVC number are also collected. These data are entered directly by the data subjects on the websites of our contractual partners or in our payment form, and the purpose of processing is to facilitate transactions for the payment of purchased products/services. Monri collects only the personal data of data subjects that is necessary for the execution of such transactions. In this regard, it should be noted that Monri does not store the card verification (CVC) number, but forwards it to the issuing bank.

When making online payments, you may also use the tokenization service. Tokenization is the process of storing card data in WSPay, within a secure PCI DSS L1 environment, following verification of the accuracy of the entered data and with Strong Customer Authentication (SCA). The purpose of this process is to enable customers to make faster payments without re-entering card data during subsequent purchases at an online point of sale. Tokenization, i.e., the storage of your card data, is carried out solely on the basis of your consent.

 

Retention period of your personal data

Your personal data is stored within the time limits prescribed by law, for the duration of your consent or contractual relationship with Monri, and, in accordance with the principle of storage limitation, no longer than is necessary to achieve the purpose of processing, and no longer than five years from the execution of the transaction.

 

  1. When you visit our website – Cookies

A cookie is information that can be stored on your computer or other device such as a tablet or mobile phone when you visit a website. The cookie saves your settings, i.e. preferences for the website, such as preferred language, sorting, etc. In that way, the content of the website adapts to your needs. Cookies can store a variety of information, including some personal information, but only if you enable them.

We use cookies in order to determine and analyse website traffic as well as to provide you with a better experience in using all services through our website.

 

You can disable cookies by blocking them on your computer through the Internet browser settings, but this may have a negative effect on the use of website. Learn more about cookies in our Cookie Policy.

 

With whom we share your personal data

We may share your data with third parties:

  • processors who provide us with a specific service that involve data processing, and who have a contractual obligation to maintain confidentiality and security of your personal data;
  • providers of other service with whom we cooperate in order to provide our services, so-called third parties;
  • government authorities at their request.

 

Data transfers to third countries

The data controller has entrusted the performance of bookkeeping and accounting tasks to an affiliated company based in the Republic of North Macedonia, acting as a data processor. Consequently, the personal data of the data subjects (mainly consisting the name and surname of authorized representatives and other relevant individuals) associated with the clients and suppliers of the data controller may be transferred to the specified third country solely and exclusively for the described purpose, for which transfer appropriate protective safeguards in the form of the European Commission’s Standard Contractual Clauses have been concluded between the data controller and the processor and which are made available to data subjects by the Data Protection Officer of the data controller.

 

Your rights 

Right of access

 

 

You can request confirmation of whether your personal data is being processed at any time, as well as detailed information about the processing, in particular about the purpose of the processing, about the type/categories of personal data that are being processed, including access to your personal data, about the recipients or categories of recipients, and about the intended period in which personal data will be stored.

 

Right to rectification

 

 

You have the right to obtain without undue delay rectification of inaccurate personal data and completion of incomplete personal data.

 

Right to erasure

 

 

You have the right to request deletion of your personal data. If the request is warranted and if the legal regulations do not obligate us to store the data, the data will be deleted without undue delay.

 

The right to restriction of processing

 

 

You have the right to request the restriction of the processing of your personal data in cases provided for in the General Data Protection Regulation EU 2016/679. We particularly emphasize that you can restrict the processing of personal data based on legitimate interest as a legal basis for processing.

 

The right to object

 

 

You have the right to object to the processing of your personal data in all cases provided for in the General Data Protection Regulation. We particularly emphasize that you can object to processing based on legitimate interest as a legal basis for processing and restrict or completely prohibit processing.

 

 

In order to ensure and simplify the exercise of your rights, we have prepared a request form for exercising the rights of data subjects, which you can send to our data protection officer at dpo-monri@monri. com. It is possible that we ask you to prove your identity in certain cases.

If your personal data is processed based on your consent, you may withdraw your consent at any time, but this will not affect the lawfulness of processing based on consent prior to its withdrawal. 

In the event that you believe that there has been a breach of your personal data and a violation of the provisions of the General Data Protection Regulation, you may submit a complaint to the supervisory authority – the Personal Data Protection Agency.

 

Security of personal data processing 

We collect and process personal data in a manner that ensures appropriate security and confidentiality in their processing and enables effective application of data protection principles, reducing the amount of data, scope of processing, storage period, and data availability. For this purpose, we have implemented adequate technical and organizational security measures to ensure a level of security matching the risks posed by data processing and the nature of the personal data being protected, taking into account the characteristics and costs of their implementation.

Since the services that Monri provides include processing of card data, they are collected and processed at high levels of protection in accordance with the PCIDSS standard, with the application of cryptographic methods.

We regularly review processes that may pose a risk to the rights and freedoms of individuals and have taken appropriate protective measures to safeguard personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, especially in cases where processing involves the transmission of personal data over a network and against all other illegal forms of processing.

 

Amendments and entry into force

Monri regularly reviews, supplements, and changes this Personal Data Protection Policy to always reflect the current state of personal data collection and processing. All modifications and amendments come into effect on the date of publication on this website.

The latest modifications and amendments were published on March 25, 2024.