Privacy Policy
Introduction
Monri Payments d.o.o., Ulica grada Vukovara 269D, Zagreb, PIN: 82551932122 (hereinafter: Monri) is committed to protecting your privacy. With this Personal Data Protection Policy, we would like to inform you about the ways in which Monri collects and processes your personal data and to introduce you to your rights with regard to the processing and protection of such data, as well as the ways in which you can exercise your rights in compliance with Regulation (EU) 2016/679 of the European Parliament and of the European Council from 27 April 2016 (General Data Protection Regulation).
For any questions and information, you can contact us by phone or via the contact form available on our website www.monri.hr under the section: “Contact”.
Monri as a Data Controller or Processor
Monri Payments d.o.o., Ulica grada Vukovara 269D, Zagreb, PIN: 82551932122, acts as a data controller or processor, depending on the specific contractual relationship with the business partner, and processes the personal data of its users in accordance with the General Data Protection Regulation as well as other relevant personal data protection legislation.
Data Protection Officer
Monri undertakes modern technical and organizational measures to protect the personal data of its data subjects. For all questions related to personal data protection, a Data Protection Officer has been appointed, whom you can contact at: [email protected] or in writing to the address: Ulica grada Vukovara 269D, Zagreb, with the designation: “for the Data Protection Officer”.
Data Subjects
This Personal Data Protection Policy applies to all individuals whose identity is established or can be established during the collection and processing of personal data. It particularly refers to users, clients, potential collaborators and all other natural persons whose personal data Monri collects on any legal basis (Data Subjects).
Principles of personal data processing
Monri processes personal data in keeping with the following principles of personal data protection: the principle of lawfulness, fairness and transparency, the principle of purpose limitation, the principle of data quantity reduction, the principle of data accuracy, the principle of storage limitation, the principle of integrity and confidentiality, and the principle of reliability. Consequently, personal data is collected for explicit and legitimate purposes and shall not be processed in a manner that is in contradiction of the legitimate purpose of the processing. Personal data processing is limited exclusively to the processing necessary and relevant to attain its purpose, while undertaking all reasonable measures in order to ensure that the data being processed is accurate and up-to-date. Personal data is stored only for as long as it is necessary to attain the purpose of the processing, all in accordance with the stipulated protection measures. The processing is implemented in conjunction with appropriate data security, encompassing protection against unauthorized destruction, loss, alteration, unauthorized disclosure of or access to personal data.
What personal data is collected
- Newsletter subscription
If you would like to receive information about Monri’s products and services, you can subscribe to the newsletter via our website. In that case, we only process your e-mail address and solely for the duration of your subscription. By subscribing to the newsletter, you give your consent, which you can withdraw at any moment by unsubscribing from the list of recipients. Providing information about your e-mail address and subscribing to the newsletter, both of which represent your consent, is a condition for receiving the newsletter.
- If you want to become a member of the Monri team
You can find publicized vacancies on our website, and you can also send us an open application, together with your CV, stating what you want to do and how you see your career continuing in Monri’s team. In the course of the selection process, we process the candidate’s basic personal data, contact information, information about their education and acquired work experience, as well as all other information that you yourself provide in your CV, and which is necessary to assess employment opportunities and to undertake actions before concluding an employment contract. If you are applying for a specific publicized vacancy, we process your personal data solely during the selection process, and then store it for a period of up to 24 months. In the case of an open application, we will store it on the basis of your consent until a need arises for a new employee matching your description, and for a maximum period of two years.
If you have submitted an open application and do not want your CV to be stored with us subsequently, it is sufficient to inform our data protection officer about the withdrawal of consent and your data will be deleted.
- When you contact us via the contact form, e-mail or telephone
On our website there is a contact form available with which you can send us your inquiries, and the telephone numbers of our services are also listed. The legal basis for the processing of personal data in this case is your consent. We process your name and surname, e-mail address, telephone number, and any additional data that you provide to us of your own accord, solely for the purpose of responding to your inquiry and for as long as it is necessary to respond to your inquiry.
Monri provides customer support via certain telephone numbers. If you contact us for the purpose of obtaining customer support, before starting the call with our employee, you will be informed that the conversation is being recorded. The legal basis for recording the conversation is our legitimate interest since its purpose is to ensure the quality and improvement of our service as well as to quickly and efficiently resolve your inquiries and complaints. The recordings are stored for a period of up to three months.
- When using Monri’s products and services
Monri provides its users with a wide range of services related to card payments, fiscal cash registers and related services. Please note that Monri, when providing its services, may act in the capacity of a data controller or processor, depending on the specific contractual relationship with the business partner.
SinglePOS
When using our SinglePOS service, which enables the acceptance of all forms of card payments, we collect only certain card data such as the card number and the card’s expiration date, protecting the data by encryption and storing it in an encrypted format, all without any personal data through which we could identify the data subject.
We use card data exclusively and solely for the purpose of providing you with card transaction services at the points of sale of our contractual partners.
SoftPOS
The SoftPOS service is a mobile application for devices running the Android operating system and it enables card payments. This mobile application allows smartphones to perform transactions by reading contactless payment cards using NFC (Near Field Communication) technology and provides the necessary safety monitoring as well as protection throughout the entire process. When using the service, we do not collect personal data from data subjects; however, since the application is installed on a mobile device, we do collect data about said mobile device, including:
- Information about the device – such information pertains to the operating system and its version, the communication ports, the processor, memory speed, screen size, current power status, memory usage, installed applications, developer mode, device system time, device runtime, application launch timestamp and chip architecture, etc.
- Application usage information – access duration, access times, IP address, event information (e.g. reporting abnormality, error, crash, restart, upgrade) etc.
- Device location information
- Data on payments made, which include certain card data required to carry out the transaction, that data being stored in a highly encrypted format.
When using the service, we will ask you for various permissions and consents for the applications and information about the applications, depending on the type of device you are using, all in order to ensure a secure transaction environment for you and all card users. The applications on the mobile device on which SoftPOS is installed, to which we have access, are: Storage, Network, Location, NFC, Battery, Camera, Bluetooth, Recordings, and List of installed applications.
We process all of the above data exclusively and solely for the purpose of providing a secure card transaction processing service. While carrying out the transaction, we process certain card data but we cannot identify the data subject from that data.
WebPay and WSPay
Our WebPay and WSPay services are intended for secure online payments. In the course of providing these services, Monri may process the following personal information: name and surname, address, postal code and city, telephone number, e-mail and IP address. In addition, the card number, the card’s expiry date and the CVC number are also collected. The data subjects themselves enter this data on the websites of our contractual partners or in our payment form, and the purpose of the processing is to carry out payment transactions for purchased products/services. Monri collects only data subjects’ personal data that is necessary for effecting such a transaction. In line with the above, please note that Monri does not store the card’s control number (CVC), but rather forwards it to the bank which is the card issuer.
When making online payments, you can also use the tokenization service. It is a process of storing card data on WSPay, i.e. in a secure PCI DSS L1 environment, upon prior verification of the correctness of the entered data and by implementing an SCA (Strong Customer Authentication) so as to enable customers to pay quickly, without entering card data, when making a repeat purchase at an online point of sale. Tokenization, i.e. storage of your card data, is carried out solely on the basis of your consent.
Storage period of your personal data
Your personal data is stored within the time limits stipulated by law, for the duration of your consent or contractual relationship with Monri and, in keeping with the principle of storage limitation, not longer than it is necessary to attain the purpose of the processing, and no longer than five years from the completion of the transaction.
- When visiting a website – Cookies
A cookie is information that the website you are visiting stores on your computer or other device, such as a tablet or a mobile phone. Cookies can store various information, including personal data, but only if you allow them to do so. The purpose of cookies is to “remember” your settings – for example, selected language, content display method or your search preferences – which allows adaptation of the website content to your individual needs.
Monri uses cookies to analyze website traffic and to optimize its content, in order to provide the best possible user experience when using the available services.
You can disable the cookies by blocking them on your computer in your Internet browser settings, but please note that this may have a negative effect on the use of the website. You can find out more about cookies in our Cookie Policy.
With whom your personal data may be shared
Monri may share your personal data with third parties, including:
- data processors who provide specific data processing services, and who are subject to a contractual obligation of confidentiality and ensuring the protection of your personal data;
- providers of other services with whom Monri cooperates for the purpose of providing its services, so-called third parties;
- government authorities, at their request.
Data transfers to third countries
As the data controller, Monri has entrusted the performance of bookkeeping and accounting tasks to an affiliated company based in the Republic of North Macedonia, which acts as the data processor. Therefore, the personal data of the data subjects (consisting mainly of the name and surname of the authorized representatives and other relevant persons) related to the clients and suppliers of the data controller may be transferred to the specified third country, solely and exclusively for the described purpose. In the course of the transfer, appropriate safeguards are applied in the form of the European Commission’s Standard Contractual Clauses concluded between the data controller and the data processor and which are available to the data subjects concerned from the Data Protection Officer of the data controller.
Your rights
Right of access
|
You have the right to request information at any time about whether your personal data is being processed, as well as detailed information about the processing. This includes information regarding the purpose of the processing, the types or categories of personal data being processed, access to your personal data, information about the recipients or categories of recipients, and the intended storage period for the personal data.
|
Right to rectification
|
You have the right to obtain without undue delay rectification of inaccurate personal data and completion of incomplete personal data.
|
Right to erasure
|
You have the right to request deletion of your personal data. If the request is warranted and if the legal regulations do not obligate us to store the data, the data will be deleted without undue delay.
|
The right to restriction of processing
|
You have the right to request the restriction of the processing of your personal data in the cases provided for by the General Data Protection Regulation. In particular, we point out that you can restrict the processing of personal data based on legitimate interest as the lawful basis for the processing.
|
The right to object
|
You have the right to object to the processing of your personal data in all cases provided for in the General Data Protection Regulation. We particularly emphasize that you can object to processing based on legitimate interest as a legal basis for processing and restrict or completely prohibit processing.
|
In order to facilitate your exercise of rights in relation to the processing of personal data, we have prepared a Request for Exercise of Dana Subject Rights form. You can send the completed form to our Data Protection Officer at [email protected]. In relation to the above, Monri has the right to ask you to prove your identity in an adequate manner.
If your personal data is processed on the basis of your consent, you may withdraw your consent at any time, but such withdrawal of consent will not affect the lawfulness of the processing that was based on your consent before its withdrawal.
If you believe that the processing has resulted in a breach of your personal data and a violation of the provisions of the General Data Protection Regulation, you may file a complaint with the supervisory authority – the Personal Data Protection Agency.
Security of personal data processing
In order to facilitate your exercise of rights in relation to the processing of personal data, we have prepared a Request for Exercise of Dana Subject Rights form. You can send the completed form to our Data Protection Officer at [email protected]. In relation to the above, Monri has the right to ask you to prove your identity in an adequate manner.
If your personal data is processed on the basis of your consent, you may withdraw your consent at any time, but such withdrawal of consent will not affect the lawfulness of the processing that was based on your consent before its withdrawal.
If you believe that the processing has resulted in a breach of your personal data and a violation of the provisions of the General Data Protection Regulation, you may file a complaint with the supervisory authority – the Personal Data Protection Agency.
Technical and organizational measures for the protection of personal data
Monri has implemented appropriate technical and organizational protection measures that warrant a level of security appropriate to the risks associated with data processing and the nature of the personal data being protected, taking into consideration the characteristics and costs of their implementation.
In accordance with the provisions of the General Data Protection Regulation, Monri pays particular attention to the application of technical protection measures, in particular the encryption of personal data, which ensures its protection against unauthorized access during storage and transmission. Monri also applies appropriate protection measures to ensure the permanent confidentiality, integrity, availability, and resilience of the processing systems and services.
Given that the services provided by Monri include the card data processing, data is being collected and processed by implementing high levels of protection in accordance with the PCIDSS standard using cryptographic methods. In connection with the above, Monri regularly tests, evaluates, and assesses the effectiveness of technical and organizational measures to ensure the security of processing and conducts regular audits as well as risk assessments and/or after significant changes to the systems.
Monri ensures that personal data is only accessible to those who have authorized access to it. We would like to point out that all Monri employees who process personal data or participate in its processing act with due care, in accordance with applicable data protection regulations, internal rules, and security standards. Special attention is paid to upholding confidentiality and preventing unauthorized access to or misuse of personal data.
Amendments and Modifications and entry into force
Monri regularly reviews, amends, and modifies this Personal Data Protection Policy to always reflect the actual state of the collection and processing of personal data. All amendments and modifications shall enter into force on the date of publication on this website.
The last amendments and changes were published: 29 July 2025.