Privacy policy

Last amended on 05.12.2023

Privacy Policy

This Privacy Policy ("Policy") is privacy statement related to processesing of " your personal data by PashaPay" LLC. Protection of your personal data is significant to us and we strive to ensure your personal data is fully protected.
Through this Policy, you can get detailed information about us and the purposes for which we collect and process your personal data, the third parties to whom we transfer and disclose your personal data, as well as how we ensure the protection of your personal data and how long we keep this data.

1. About us

"PashaPay" Limited Liability Company (TIN: 1300615891) is a payment services provider ("PashaPay") corporated in the Republic of Azerbaijan and located at 153 Nefchilar Avenue, Baku city, AZ1010.
- E-mail: support@m10.az
- Phone number: 8810

2. Data we collect

We may collect the following information about you through the m10 Platform("Platform"), including software(s) owned and legally affiliated with PashaPay, payment terminals, ATMs, websites and other channels to provide quality service and ensure the use of the Platform :
2.1. Your name, surname, father name;
2.2. Birth date and place;
2.3. Your residential / registered address;
2.4. Information about your identity document;
2.5. Necessary financial information including but not limited to the following:
2.5.1. Your payment account information;
2.5.2. Details regarding the organization that issued your payment card and the payment service provider servicing to your account;
2.5.3. Credit, debit or other payment card details as well as information regarding your preferred method of payment;
2.5.4. The amount of funds in your bank account or other payment accounts;
2.5.5. Your credit history;
2.5.6. Loan repayment schedule;
2.5.7. Your payment transaction details (transaction number, date and amount, recipient's name and address, merchant point, merchant category code (MCC) and any additional information enabling idendification the transaction).
2.6. Your device data, including but not limited to the following:
2.6.1. The IP address of the phone, computer or other device;
2.6.2. Device model, type of operating system, browser and other information;
2.6.3. Real-time location data;
2.6.4. Other information about the device that allows you to be identified (for example, device IMEI number, MAC address, etc.);
2.6.5. Statistics usage data: Your activity on our products and any additional information regarding your usage, including but not limited to web history, search history and performance diagnostics data.
2.7. E-mail address;
2.8. Telephone number;
2.9. Audio, video, visual or other similar information: Call logs when you talk to customer care, etc.;
2.10. Employment details (place of work, years of experience, amount of salary and other relevant information), as well as social insurance credentials;
2.11. Biometric data (fingerprint, facial image, and voice recording, etc.);
2.12. Cookies. We may use cookies to collect your personal information when accessing our web pages. Cookies are information located in small text files that allow to identify your device. Our primary aim in processing this data is to analyse your behaviour. We acknowledge that regardless of the type of cookies we use, if the data allows you to be identified, that data is considered personal data and must be processed in accordance with the legislation;
2.13. A list of your contacts (phone numbers, email addresses, and including associated usernames) subject to your consent.

3. Data collection process

Your personal data that we hold consists of information that you and any third party (resource) provide to us or that we collect from other sources. We categorise your personal data based on the source of collection as follows:
3.1. Information we receive directly from you. We process data from this category mostly. It includes details like first and last name, father name, address, birth date and place, financial data and other relevant data.
3.2. Information we collect from you when you use the platform. This information primarily comprises the data we gather about your device, along with the data we acquire during your utilization of our platform and goods.
3.3. Information we collect from open sources. We may collect data about you from publicly available sources. Such publicly available sources includes websites, social media networks and professional media and others.
3.4. Information provided by third parties. This information comprises of personal details such as name, surname, father name, address, date and place of birth, family composition and financial, insurance and other related data. We are provided this information by third parties. As the determination of the legal basis for the transfer of this data is at the discretion of the third party that owns the data, we shall not be held responsible for this.

4. Our purposes for collecting your data

We adhere to the principle of "data minimization”, meaning we only collect and process your personal data for specific purposes. These objectives include:
4.1. To provide you with quality service. We need to process your personal data to provide the services you have ordered from us. For example, to open a payment account, we need to process your name, surname, father name, phone number, Personal ID card details, and other information, as well as your and the recipient's relevant information for money transfers.
4.2. Evaluating User Behaviour. We do not engage in social scoring, but it may be necessary to analyse user behaviour to customise our products and platforms accordingly. This will assist us in enhancing our services and offering you with the most appropriate products.
4.3. Financial and risk scoring (evaluation). We may evaluate your financial circumstances to provide you with suitable services. For instance, if sale of any product depends on your income, we may appraise your income using data we gather from being utilised the platform by you and from different sources.
4.4. Marketing. We process your personal data to offer you the services and products provided by us and our partners. For instance, we may process your information to offer products based on your interests. Similarly, we may contact you to offer our partners' loan products.
4.5. Improving the services provided by us. For instance, we may process your personal data for the purposes of developing new products and features, resolving existing issues, testing services, conducting research, and performing statistical analysis.
4.6. Ensuring security. We are enhancing our security measures to ensure the safety of your use of our services and products. For this purpose, we provide you with personalized security information to authenticate you and your operations.
4.7. Contacting you. We may contact you when you need us, for instance, to respond to a question you have sent to our customer care team.
4.8. Compliance with legislation. We may process your information to comply with current legislation or to enforce the requirements of the law.

5. Data storage

5.1. We reserve the right to store your data within our internal data processing centers and our cloud infrastructure. Currently, we store your data in the following:
5.1.1. In our internal data processing centers;
5.1.2. In the cloud infrastructure of "PASHA Technology" LLC.
5.2. We store your information for as long as is necessary to fulfill the purposes set forth in this Policy. Once it is no longer required to process your data according to this Policy, we will proceed to destroy the data and delete any duplicates.

6. Data security

We ensure the security of your information by implementing encryption, hashing, pseudonymization (aliasing), and other advanced organizational and technical measures. While data is stored in the data processing center or cloud infrastructre and during transmission, we encrypt it.

7. Data transfer

7.1. As we have explained above, we carry out the marketing of our own and our partners' products and improve them. In addition, we receive services from banks, individuals who provide us with technical support, consultants, and other third parties. For these purposes, we may sometimes transfer your data to third parties. Third parties include, but not limited to following:
7.1.1. Government bodies authorized to request certain information;
7.1.2. Courts;
7.1.3. Auditors;
7.1.4. Advisors;
7.1.5. Payment agents;
7.1.6. Technical, marketing, analytics, communications, technology, data and other service providers;
7.1.7. The entities that constitute the group of companies under the umbrella of “PASHA Holding” LLC;
7.2. The transfer of your necessary data to third parties for the execution of payment operations in accordance with the relevant legislation of the Republic of Azerbaijan will not be considered a violation of this Policy by us.
7.3. In all circumstances, the transfer of your personal data to third parties is carried out in compliance with the legislation of the Republic of Azerbaijan.
7.4. To provide our services, including the execution of payment transactions, as well as other purposes listed in this Policy, we may cross-border transfer your information, which is specified in paragraph 2 of the Policy, to international organizations, state or local self-governing bodies of other countries, legal or natural persons in accordance with the procedure established by legislation.

8. Amendments to the Privacy Policy

Please be advised that we may periodically update and make changes to this Policy. The updated or amended text of the Policy will be communicated to you at least 30 (thirty) days prior to the Policy comes into force, by means of a notification through the m10 Platform. If you do not raise objections regarding the changes within this period, these changes will be considered as accepted by you.

9. Liability

9.1. You are solely and fully responsible for the accuracy, up-to-dateness and completeness of the information you provide. In the event of inaccurate information, we reserve the right to suspend or terminate your registration and/or your use of our website and platform. We assume no liability for any adverse consequences that may arise from the provision of inaccurate information on your part.
9.2. You confirm that you have reached the age of adulthood and are fully authorized to use our website and Platform. Furthermore, if you are not at age of adulthood, you confirm that you have obtained the necessary consent from your legal representatives in accordance with the applicable laws to use our website and Platform.