OKTO Privacy Policy

Data protection is of high importance for OKTO, and we want to be open and transparent with our processing of your personal data.

We therefore have a policy setting out how your personal data will be processed and protected.

1. Who is the controller of your personal data?

The companies OKTOPAY LIMITED (for the EU – except for any following referenced specific EU territories), Netlink SA for Greece) and OKTOPAY Deutschland GMBH for Germany are registered E-Money Distributors of Sureswipe E.M.I. PLC, authorised Electronic Money Distributors (the “EMD”) (hereinafter referred to as “OKTO”) are the controllers of your personal data under applicable law for the respectively noted territories.

  • For OKTOPAY LIMITED (EU – except for any following referenced specific EU territories)
    Address: Mnasiadou & Strasikratous 10 ELMA HOUSE, 2nd Floor,
    1065, Nicosia Cyprus
    Company registration number: HE400907
    Contact e-mail for personal data issues: dpo@oktopay.eu
  • For NETLINK SERVICES AND INFORMATION SYSTEMS SINGLE MEMBER SA (Greece)
    Address: 10-12, Dorilaiou Str., 11521, Athens Greece
    Registration number (GEMI): 5525901000
    Contact e-mail for personal data issues: gdpr@netlink.gr
  • For OKTOPAY Deutschland GmbH (Germany):
    Address: Am Zirkus 2, Berlin, Germany,10117
    Registration number: HRB 234364 B
    Contact e-mail for personal data issues: dpo@oktopay.eu

2. Under which legal framework do we process your personal data?

Your personal data are processed under the provisions of the the Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

3. Where do we store your data?

Unless otherwise provided in this Policy, the data we collect from you is stored within the European Economic Area. However, please note that we may transfer your personal data to collaborating companies which are based in countries outside the European Union (“EU”) and the Member States of the European Economic Area (“EEA”).

You should bear in mind that the data protection laws in many of these countries outside of the EU and EEA may not offer the same level of protection as those in your home country, and therefore are not considered by an adequacy decision of the European Commission, to provide for an adequate level of data protection comparable to the level of protection in the EU. However, we have appropriate safeguards in place to protect your personal data as required under data protection laws, including by implementing contractual safeguards on the basis of the EU Standard Contractual Clauses.

4. Your rights

Right to access:
You have the right to request information about the personal data we hold on to you at any time. For this purpose, you can send us an e-mail to dpo@oktopay.eu.

Right to portability:
Whenever OKTO processes your personal data by automated means based on your consent or based on an agreement, you have the right to get a copy of your data on a structured, commonly used and machine readable format. You can also request to have your data transferred to a third person. This only includes the personal data you have submitted to us.
In order to exercise the above right, you can send us an e-mail at dpo@oktopay.eu.

Right to rectification:
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
If you have an OKTO account, you can edit your personal data under your account.
You can also send us an e-mail at dpo@oktopay.eu.

Right to erasure:
You have the right to ask for your personal data, which are processed by OKTO, to be eased at any time, especially when:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • The processing of your data is based on your consent, and you withdraw that consent
  • Your data have been illegally processed.

The above right does not exist in particular where:

  • The processing of your data is necessary to establish, exercise or defend legal rights
  • The processing of your data is necessary to comply with a legal obligation of OKTO that requires processing.

In any case, we will notify you whether or not your claim is satisfied, and in the event of non-satisfaction, the reasons involved in it. In order to exercise the above right, you can send us an e-mail at dpo@oktopay.eu.

Right to object:
You have the right to object to the processing of your personal data which is based on legitimate interest of OKTO. In that case, we will not continue to process the personal data unless we can demonstrate compelling and legitimate grounds for the processing which overrides your interest and rights or to establish, exercise or defend legal rights.
In order to exercise the above right, you can send us an e-mail at dpo@oktopay.eu.

Right to object to direct marketing:
You have the right to object to the processing of your personal data for direct marketing purposes.
You can state your preference by the following means:

  • following the instruction in each marketing e-mail
  • sending an e-mail to dpo@oktopay.eu

Right to restriction:
You have the right to request the restriction of processing of your personal data under the following circumstances:

  • If you question the accuracy of your personal data and until OKTO verifies their accuracy.
  • If processing of your data is unlawful and you object to their erasure by asking instead restriction of their use.
  • If OKTO no longer needs your personal data for the purpose of processing, but the data is necessary to establish, exercise or defend legal rights
  • If you object to the processing of your data by OKTO which is based on legitimate interest of the latter and until the existence of OKTO’s legitimate grounds overriding your freedoms or rights has been verified.

In order to exercise the above right, you can send us an e-mail at dpo@oktopay.eu.

Right to lodge a complaint with the competent data protection authority:
If you consider OKTO to process your personal data in an incorrect way, you can contact us at dpo@oktopay.eu. You may also lodge a complaint with the Commissioner for personal data protection in Cyprus or any other competent supervisory authority.

5. Updates to our Privacy Policy:

We may need to update our Privacy Policy. The latest version of the Privacy Policy is always available on our websites www.oktowallet.eu, www.oktopayments.com and www.oktocash.eu.

6. Creation of OKTO account, deletion of OKTO account, ordering and delivery of OKTO card and provision of services related to the OKTO account and the OKTO card

Why do we use your personal data?

We will process your personal data in order to proceed to the creation of your OKTO Account, in case you submit to OKTO an Account Deletion Request, to ask for the issuance and deliver to you the OKTO Card that you have requested, and in order to provide you with services related to the OKTO Card and Account according to our terms and conditions.

Your personal data is being used to identify you, to confirm your personal details, and to verify that you are at least 18 years old.

OKTO will also use your personal data for the following purposes:

  • To provide you with location-based information if you permit access to your location (you can disable the collection of precise location information via the setting of your device)
  • To provide you with push notifications regarding your transactions if you permit such notifications (you may change push notifications settings on your device)
  • To facilitate the transfer of funds from your OKTO Account to other users that are included in your contact list if you permit access to your contact list (you can disable access to your contact list on your device)
  • To facilitate the transfer of funds from your OKTO Account to your other accounts or cards if you choose to add other accounts or cards (if you do not consent to the processing of data regarding your accounts or cards, please do not use the function for adding other accounts or cards)

What types of personal data do we process?

We will process the following categories of personal data:
* Identification data such as name, surname, date of birth, nationality, national ID or passport details, photo
*Contact data such as but not limited to your residence address, working address, phone number, email
* Your OKTO username & password
* Financial data and data concerning your financial situation, such as TIN (if required for the issuance of invoices or other tax related purposes), tax certificate, data related to your profession, salary/income, wealth, source of income, source of wealth, annual turnover and the purpose of your OKTO Account
* Financial/Transactional data such as how you use our service, transactional data (frequency, amounts, locations, recipients, transactions number, currency, banking information [iban])
* Data regarding your OKTO Card details (CVV, Card number)
* Data regarding your personal location and your contact list: Before that, we will inform you and ask your consent for the cases in which it is required.

Who has access to your personal data?

OKTO is obliged to disclose your personal data to Sureswipe E.M.I. PLC which is an Electronic Money Institution (EMI) licensed by the Central Bank of Cyprus (authorisation number 115.1.3.26). OKTOPAY Ltd, Netlink SA and OKTOPAY Deutschland GMBH are registered E-Money Distributors of Sureswipe E.M.I. PLC , authorised Electronic Money Distributors (the “EMD”) of Sureswipe E.M.I. PLC, the electronic money institution (the “EMI”) OKTO and Sureswipe E.M.I. PLC will process your personal data as independent controllers. By accepting this Privacy Policy, you are implicitly accepting the Sureswipe’s Privacy Policy. You can find more information with respect to the processing of your personal data by Sureswipe E.M.I. PLC in Sureswipe’s Privacy Policy at the following link: https://revsto.com/wp-content/uploads/Revsto-Privacy-Statement-2023.pdf

We will also disclose your personal data to Paynovate SA (hereinafter “PNVT”), which issues for you the OKTO Card according to the Card Terms and Conditions. . PNVT will process your personal data as an independent controller in accordance with its privacy policy, a copy of which can be found at the following weblink: http://www.oktowallet.eu/wp-content/uploads/2023/09/Privacy-Policy-Paynovate-2.pdf

In case the OKTO Services, as these are defined in the OKTO Consumer Terms and Conditions set forth on www.oktowallet.eu, are used for available transactions with gaming operators, we may also need to disclose some of your personal data to the respective gaming operators. The gaming operators will process your personal data as independent controllers in accordance with their own privacy policies. Please note that we bear no responsibility for the processing of your personal data made by entities which act as (independent) controllers.

Additionally, we disclose your personal data to third companies which provide to us cloud services, ID and address verification services, to our partners that provide to us clearing and other relevant services, to our accountants, auditors and tax advisors. We may disclose your data to courier companies to the extent required in order to deliver the OKTO Card to you.

What is the legal basis for processing your personal data?

The processing of your personal data is necessary in order for OKTO to fulfil its obligations for the provision of e-money related services to you under the agreement that is being concluded between you and OKTO when you ask for the creation of an OKTO Account and the issuance of an OKTO Card.
We will also process your personal data in order to comply with our legal obligations.

How long do we save your data?

We will keep your personal data for as long as you maintain an OKTO Account and for 5 years after the deletion of your OKTO Account, unless we are obliged to keep your personal data for a longer time period in order to comply with the applicable legislation or if there is an open litigation and your personal data is required in order for us to enforce our rights.
Your personal data required for tax related matters will be kept for 10 years, unless otherwise provided in the applicable legislation.

7. Provision of the OKTO.EXPRESS service

Why do we use your personal data?

We will process your personal data in order to issue a personalised OKTO.EXPRESS Paycode in order to provide our merchants clients with the OKTO.EXPRESS service. The OKTO.EXPRESS service allows you to fund/top-up of the online account which you hold with the aforementioned merchant client of ours. Please note that after the issuance and payment of OKTO.EXPRESS Paycode, no refund or cancellation is possible. For more information you may contact the aforementioned merchant clients directly.

Your personal data is being used in order to issue a personalised OKTO.EXPRESS Paycode, after we have identified you and confirmed your personal details.

What types of personal data do we process and how do we access this information?

We will process the following types of personal data:
* Identification data such as first name, surname, ID number, ID type, ID expiration date, Date of Birth

The aforementioned data is transferred by our merchant clients with which you hold an online account to OKTO/Sureswipe when you choose (through the merchant clients’ website(s)) to use the OKTO.EXPRESS service in order to top up your account.

Who has access to your personal data?

OKTO is obliged to disclose your personal data to Sureswipe E.M.I. PLC, as an electronic money distributor of the latter. Sureswipe E.M.I. PLC is an Electronic Money Institution (EMI) licensed by the Central Bank of Cyprus (authorisation number 115.1.3.26). OKTO and Sureswipe E.M.I. PLC will process your personal data as independent controllers. By accepting this Privacy Policy, you are implicitly accepting Sureswipe’s Privacy Policy. You can find more information with respect to the processing of your personal data by Sureswipe E.M.I. PLC in Sureswipe’s Privacy Policy at the following link: https://revsto.com/wp-content/uploads/Revsto-Privacy-Statement-2023.pdf

Additionally, we may disclose your personal data to third companies which provide us with cloud services and/or verification services.

What is the legal basis for processing your personal data?

We will process your personal data in order to comply with legal obligations including among other the applicable AML and/or tax legislation.

How long do we save your data?

We will keep your personal data for five (5) years following the issuance of the personalised OKTO.EXPRESS Paycode unless we are obliged to keep your personal data for a longer time period in order to comply with the applicable legislation.

8. Provision of the OKTO.DIRECT service

Why do we use your personal data?

We will process your personal data in order to provide you with the OKTO.Direct Service. The OKTO.Direct service allows you to participate at the games of chance offered by the Gaming Machines Operators by depositing stake monies and / or withdrawing funds (winnings and/or due to technical reasons unused stake monies) on Connected Gaming Machines of the Gaming Machines Operators. Please note that deposit may be used only for participating at the games of chance on the Connected Gaming Machine and may not be used for any other purpose or in any other industry and withdrawal is possible only in case of winnings or of unused stake monies due to a technical issue. For more information you may contact the aforementioned Gaming Machines Operators directly.

Your personal data is being used in order to be able to provide you the OKTO.Direct Services, in order to wager, identify and confirm your personal details for the use of the OKTO.Direct Service (deposit stake monies and withdrawal of winnings and, in case of a technical issue, unused monies).

What types of personal data do we process and how do we access this information?

We will process the following types of personal data:
* Identification data such as first name, surname, mobile telephone number

The aforementioned data is collected and processed to confirm it is you, via an OTP message on the mobile phone number you have provided which you will be called to enter in the respective screen of the OKTO Direct web App as well as within the framework of using the OKTO.Direct service in order for you to be able to deposit funds to be used as stake monies and withdraw winnings and unused monies.

*Any document for proof of IBAN which may be requested in order to confirm your details within a Refund Procedure, as provided in the OKTO.Direct Service T&Cs.

Who has access to your personal data?

We may disclose your personal data to third companies which provide us with cloud services.

What is the legal basis for processing your personal data?

We will process your personal data in order to comply with our legal and/ or regulatory obligations.

How long do we save your data?

We will keep your personal data for five (5) years following each transaction via OKTO.Direct Service unless we are obliged to keep your personal data for a longer time period in order to comply with the applicable legislation.

9. Compliance with AML obligations

Why do we use your personal data?

The services provided to you by OKTO constitute e-money related services and OKTO acts as distributor of Sureswipe E.M.I. PLC. Sureswipe E.M.I. PLC is obliged to conduct a series of checks and controls in order to confirm that you are not using their services for the purposes of money laundering or terrorist financing. In this context Sureswipe E.M.I PLC is obliged to verify your identity, your address and information related to your source of income.

What types of personal data do we collect?

We will collect your:
* Identification data such as name, surname, date of birth, nationality, national ID or passport details, photo
*Contact data such as but not limited to your residence address, working address, mobile phone, email
* Financial/Transactional data such as how you use our service, transactional data (frequency, amounts, locations, recipients, transactions number, currency, banking information [iban])

Who has access to your personal data?

Your personal data is forwarded to Sureswipe E.M.I. PLC which acts as an independent controller, to collaborating companies which provide to us ID and address verification services as well as services related to AML checks (on PEP, sanction lists etc). Your personal data may be disclosed to the competent authorities if this is required in order for Sureswipe E.M.I. PLC to comply with the applicable legislation (i.e., mainly with obligations regarding reporting of suspicious transactions). Please note that the competent authorities will process your personal data as independent controllers.

What is the legal basis for processing your personal data?

The processing of your personal data for your account is based on the obligation to comply with AML legislation.

How long do we save your data?

We will keep your personal data for 5 years following the termination of our relationship, unless we are obliged to maintain your personal data for a longer period in order to comply with the AML legislation.

10. Direct Marketing

Why do we use your personal data?

We will process your personal data to send you newsletters and marketing offers via e-mail and/or phone calls.
In order to optimise your experience as an OKTO user, we will provide you with relevant information and send you offers.

What types of personal data do we process?

We will process the following categories of personal data:
* contact information, such as e-mail address and telephone number
* name

Who has access to your personal data?

Your personal data that is forwarded to third parties is only used to provide you with the services mentioned above. As a result, recipients of your personal data may be media agencies and technical suppliers for distribution of promotional messaging.

We never pass on, sell or swap your personal data for marketing purposes to third parties.

What is the legal basis for processing your personal data?

The processing of your personal data is based on your consent.

Right to withdraw your consent:
You have the right to withdraw your consent at any time by sending an e-mail to dpo@oktopay.eu, and the right to object to the use of your personal data for direct marketing purposes.
When you do so, OKTO won’t be able to send you any further direct marketing offers, or information based on your consent.

You can opt out from direct marketing by the following means:
• following the instruction in each marketing e-mail
• sending an e-mail to dpo@oktopay.eu

How long do we save your data?

We will retain your personal data for direct marketing purposes until you withdraw your consent or object to the use of your personal data for direct marketing purposes.

11. Customer Service

Why do we use your personal data?

We will process your personal data to manage queries, to handle complaints, enquiries, and technical support matters.
We may also contact you if there is a problem with your OKTO Card and/or your Account.

What types of personal data do we process?

We will process any data you provide to us, including the following categories:
* contact information such as name and surname, address, e-mail address and telephone number
* transactions history and information on payments
* all correspondence relating to the matter in question and the personal data contained therein

Who has access to your personal data?

Your personal data is forwarded to third parties, such as technology providers and other cooperating companies, only if necessary, in order to handle your requests and/or your complaints. Also, we may share your data with our legal advisors if required to handle complaints or requests.

What is the legal basis for processing your personal data?

The processing of your personal data is based on our agreement when your request/complaint is related to it. Otherwise, it is based on our legitimate interest to provide you with satisfactory services.

How long do we keep your personal data?

We will keep your personal data for five years from the final settlement of the request, enquiry, complaint, query or other matter.

12. Prevention of misuse and crime

Why do we use your personal data?

We will use your personal data to detect, prevent and deal with misuse of our services and to prevent and investigate cases of fraud and/or other criminal acts.

What types of personal data do we process?

We will process the following categories of personal data as an example:
* contact information such as name, address, telephone number and e-mail address
* financial data, data related to your profession and salary/income
* information on the transactions made via OKTO Card

Who has access to your personal data?

Your personal data is forwarded to third parties only for purposes mentioned above.
We may share your personal data with insurance companies, legal authorities and consultants, law enforcement authorities to complete investigations. Some or all of the above recipients may have an independent right or obligation to process your personal data acting in that case as controllers.

What is the legal basis for processing your personal data?

The processing of your personal data to prevent misuse of our services is based on our legitimate interest.

How long do we keep your personal data?

We will keep your data for the time we need to prevent and/or report potential fraud and other offences.

13. Cookies policy

We use “cookies” to collect information about you and your activity across our website. A cookie is a small piece of data that our app stores on your computer, and accesses each time you visit, so we can understand how you use our app and website. This helps us serve you content based on preferences you have specified. For more general information on cookies, please see the Wikipedia article on HTTP Cookies.

Use of Cookies
We use cookies for a variety of reasons detailed below. Unfortunately, in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to our app and/or website. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

How we use different types of cookies

Performance cookies are used in the tracking of how you use a website/app during your visit, without collecting personal information about you. Typically, this information is anonymous and aggregated with information tracked across all site users, to help companies understand visitor usage patterns, identify and diagnose problems or errors their users may encounter, and make better strategic decisions in improving their audience’s overall website experience. These cookies may be set by the app/website you’re visiting (first-party) or by third-party services. We use performance cookies on our app and website.

Functionality cookies are used in collecting information about your device and any settings you may configure on the app/website you’re visiting (like language and timezone settings). With this information, websites/apps can provide you with customised, enhanced or optimised content and services. These cookies may be set by the website/app you’re visiting (first-party) or by third-party service. We use functionality cookies on our app/website, and in specific Google Analytics (Third Party). Our app and website use Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the app and ways that we can improve your experience. These cookies may track things such as how long you spend on the app so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.

This Policy has been updated on 26/10/2023