The protection of private individuals’ personal data is a fundamental right, protected by the Charter of Fundamental Rights of the European Union and the General Data Protection Regulation (GDPR). PaveNow is committed to stand behind and uphold the fundamental rights which have built the foundation of the European Union. Especially in the world of today where human fundamental rights cannot be taken for granted. Thus we at PaveNow are committed to protecting the privacy of our customers and other parties with whom we interact, such as people applying for a job with us or visiting our website.
We wrote this privacy policy to let you know:
1. who we are;
2. why we process personal data;
3. when and how we collect personal data;
4. what types of personal data we process and for whom;
5. with whom we share personal data;
6. for how long we store personal data;
7. what your rights are and how you can contact us; and
8. how changes can be made to this privacy policy.
But first - what is personal data?
In legal jargon, ‘personal data’ is any information relating to an identified or identifiable natural person (the ‘data subject’). In the EU, personal data and your privacy is regulated by law, the GDPR. According to the GDPR, any information that can be used to identify a person or be linked to that person is personal data. Examples of personal data are name, identification number, contact information, online identifiers such as IP address, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
1. Who are we?
We are PaveNow, a Polish fintech company, whose purpose is to design financial platform for small and medium enterprises (SME’s)
Our formal company name is PAVE POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with KRS registration number 0001031636, and our Tax identification NIP number is 7011141512. Our registered address is CHMIELNA UL. 73, 00-801 WARSAW.
We are the data controller and responsible for the processing of the personal data described in this privacy policy.
2. Why do we process personal data?
This privacy policy applies to you if you are, or sign up to become, an PaveNow customer, and/or you are, or sign up to become an authorised user on PaveNow’s customer side. It further applies to our business partners, if you apply for a job with us or if you visit our website or communicate with us. This privacy policy also applies to you if you make a card purchase (we refer to you as a “cardholder”) with a merchant who is a customer of ours.
According to the GDPR, we need to have a purpose and a legal basis for our processing of personal data. At PaveNow, the legal basis for processing personal data is either:
(i) the agreement you have, or is about to enter into, with us;
(ii) legal obligations we are bound by, such as anti-money laundering regulations; or
(iii) our legitimate interest, such as providing customer support or keeping you informed about product updates.
In very rare cases we may also process your personal data if we have received your explicit consent to do so. In such a case you can always withdraw your consent at any time.
We process personal data for the following data subject categories:
• Corporate customers and its authorised users
• Consumer customers
• Business partners
• Cardholders
• Website visitors and people contacting us via our contact form or email
• Applicants for a job with us through LinkedIn, our website or a recruitment agency
We process personal data in order to provide our services, to perform in our business relationships, to communicate, to comply with legal requirements or to review job applications, as detailed below:
a. Administration and management of our relationship with you
for example, reviewing your customer application, setting up your payment account, providing customer support or keeping you informed about product updates
Legal basis: (i) Agreement or (ii) Legitimate interest. Our view is that providing you with customer support if you need it and keeping you up to date on the products and services available to you creates benefits and meaningful knowledge you
for example, assessing your job application and conducting a background check
Legal basis: Legitimate interest. Our view is that it is in both your and our interest to review your application and assess if you are the right person for the position and to find a good fit. It is also in our interest to avoid harm or legal liability of various types.
b. Provision of payment services
for example, execution of payment orders, issuance of a payment card or processing of card transactions
Legal basis: Agreement
c. Business development
for example, compiling statistics and analysing the data in order to improve our services, user experience and communication
Legal basis: Legitimate interest. Our view is that you as our customer or person contacting us benefit from improvements to our services, user experience and communication
d. Compliance with legal requirements
for example, under (i) the anti-money laundering and anti-terrorist financing legislations, including sanctions and PEP checks, transaction monitoring and screening, identity verification, (ii) the payment services act, or (iii) the accounting and auditing legislation
Legal basis: Legal obligation
e. Fraud protection
for example, assess, protect and defend our customers, ourselves and the financial system from fraud
Legal basis: Legitimate interest. Our view is that both our customers, we and the financial system benefit from secure and trustworthy relationships
f. Legal claims or reorganisations
for example, assess or defend legal claims against us or in connection with a reorganisation, transfer of business, merger, IPO or acquisition.
Legal basis: Legitimate interest. In our opinion, it is in our legitimate interest to be able to defend ourselves against legal claims and to be able to reorganise or scale-up our business
3. When and how we collect personal data
We start processing personal data about you directly when you interact with us, such as by signing up for our services, visiting our website, contacting us or applying for a job with us.
We collect personal data directly from you or your organisation and from external sources. We also process personal data that accumulates from your use of our products or services.
4. Types of personal data we process and for whom
We process the following categories of personal data:
(i) Contact information - such as your name, address, title/position, email address and phone number
• Corporate customers (including prospect applicants applying for our services)
• Business partners
• People contacting us (if you decide to share it with us)
• Job applicants
(ii) User account data and interactions - for example, how you use our services, if and how you use our mobile app, our customer portal or our website
• Corporate customers
• Website visitors
(iii) Technical information - for example, login information, device, IP address, verification data of payment transactions, timestamps and status of the transaction (strong customer authentication), language settings, browser settings, time zone, operating system, platform and screen resolution, crash reports data analysing technical issues or faults (if any) etc
• Corporate customers
• Business partners (who are using our introducer portal)
• Website visitors (IP address, browser settings, device)
(iv) KYC (‘know your customer’) information - first name, last name, e-mail address, phone number, address, date of birth, proof of residence/utility bill, passport/ID copy and selfie/video with sound recording for your representatives and authorised users (including document numbers, issuing country, nationality and country of residence), information about your company, your purpose with the account and the use of our services and background information collected by us as a part of the business account application process
• Corporate customers (including prospect applicants applying for our services) and its authorised users
(v) Transaction data - such as account numbers/IBAN, payment orders, date of payment order, name of payor and payee, transaction history, card number, CVC code (which is the last three digits of the number on the back of your card) and expiry date of the card, purchases you make with the card and dates of purchases
• Corporate customers
• Cardholders (card number and card related data)
(vi) Complaints management - information you provide to us via email to complaints@pavenow.io, if you would like to make a formal complaint regarding the payment services
• Corporate customers
(vii) Customer support information - Any personal data that you provide to us when contacting our customer support team
• Corporate customers
• People contacting us
• Business partners
(viii) Job application information - information included in your cover letter and your CV (e.g. age, date of birth, education, work experience, hobbies and interests etc), grades, certificates, current notice period, notes from interviews, salary expectations, other information you or your references may provide to us etc. At a later stage of the recruitment process, we will also carry out a background check of the applicant
• Job applicants
(ix) Biometric information - We use third-party providers for identity verification and fraud prevention purposes. These biometric information service providers, acting as our data processors, collect a copy of your ID documentation and your live picture or video with sound recording for identification purposes and employ facial recognition technology to verify your identity.
When you use biometric data, including Touch ID or Face ID, to unlock our mobile app on your device or to provide authorisation, this biometric information is kept on your device and is not sent to us. We only receive the approval or rejection values in respect of any given biometric identification taking place on your device.
• Corporate customers
5. With whom we share personal data
As electronic money institutions are subject to statutory requirements for professional secrecy and confidentiality, we only share your personal data in certain specific cases.
In order to provide the payment services to you, we share personal data with our trusted partners that process personal data on our behalf, including:
• Suppliers of payment processing services;
• Payment card personalisation bureau (if you have applied for a physical payment card);
• Suppliers of identification services;
• Suppliers of screening services to prevent anti-money laundering, fraud and similar crimes; and
• Suppliers of IT systems and cloud services.
We have carefully reviewed our service providers and secured that their processing of your personal data is compliant with EU standards and the GDPR.
Your personal data will also, when applicable, be shared with the following parties which themselves are data controllers of the processing of personal data:
• our correspondent banks, for example, regarding the execution of pay-outs to beneficiaries, holding client funds and safeguarding legal interests
Legal basis: Agreement
• card schemes (Mastercard or Visa) (if you have applied for a payment card or you are a cardholder)
Legal basis: Agreement
• authorities, such as the Financial Police and the Financial Supervisory Authority, if such a disclosure is prescribed by law
Legal basis: Legal obligation
As PaveNow provides international payment services, we are sometimes required to share personal data with parties operating outside the EU. In these cases, we ensure that the data is transferred in accordance with the applicable requirements of the GDPR, primarily the standard contract clauses (SCC) and complementary safety measures, or if available, other means in compliance with the GDPR.
If PaveNow engages in a merger, acquisition, reorganisation or sale of some or all of PaveNow’s assets or shares, financing, initial public offering or similar transactions or proceedings, or steps in contemplation of such activities (such as due diligence), PaveNow may share personal data with third parties, subject to standard confidentiality arrangements.
6. For how long?
We store your personal data for the purposes set out above during the term of our contractual relationship with you or your organisation, for as long as we otherwise have meaningful contact with you or as may otherwise be required by law.
When the purpose for which your personal data was collected is no longer relevant, we will stop processing your personal data and either delete or anonymise it in a secure manner. We may retain your personal data for a longer period of time to the extent required by our automated disaster recovery backup systems or if we deem it necessary to assess or defend legal claims or protect ourselves from fraud.
Under mandatory law, we are required to keep your personal data due to:
• Anti-money laundering and anti-terrorism legislation for a minimum of five and a maximum of ten years
• Payment service legislation, for a period of three years
• Bookkeeping legislation, for a period of seven years
If you terminate your agreement regarding payment services with us, we are required under mandatory law to keep your personal data for a minimum period of five years.
Please note that if you have submitted an application to use the payment services but for any reason do not become a customer with us (irrespective of if you withdraw or we reject your application), we are required under mandatory legislation to keep your personal data for a minimum period of five years.
7. Your rights
- Access - You have the right to request an extract of the personal data we process about you.
- Rectification - You have the right to request that we correct or complete any information you believe is inaccurate or incomplete.
- Erasure - Depending on the legal basis used for the processing of your personal data, you can ask us to delete your personal data if (i) there is no good reason for us to continue using it, (ii) you gave us consent (permission) to use your personal data and you have now withdrawn that consent, (iii) you have objected to us using your personal data, (iv) we have used your personal data unlawfully, or (v) the law requires us to delete your personal data. However, in most cases we will be required to deny your request in full or in part due to our obligations under mandatory law.
- Restrict - You have the right to request that we restrict the processing of your personal data, e.g. when you consider that the information is inaccurate and has requested rectification.
- Objection - You have the right to object to our processing of your personal data with legitimate interests as a legal basis. If you object to the processing in such cases, we may only continue to process your data if it can be shown that there are decisive legitimate reasons why the data must be processed that outweigh your interests, rights and freedoms or if the processing takes place to determine, exercise or defend legal claims.
- Data Portability - With regard to personal data that you have provided to us, you may have the right to request a transfer to another provider. If you want to request such a transfer, please contact it.admin@pavenow.io.
8. Contacts and Complaints
Please do not hesitate to reach out to our customer support team in case you have any questions regarding how we process your personal data. You can send an email to it.admin@pavenow.io.
You are also welcome to contact our data privacy team directly on it.admin@pavenow.io if you have any concerns regarding data privacy or our processing of your personal data.
Please be informed that you have the possibility to lodge a complaint with the Polish Authority for Data Protection i.e. Urzad Ochrony Danych Osobowych (UODO) if you are not satisfied with our processing of your personal data.
Information how to lodge a complaint is available on the website UODO:
https://uodo.gov.pl/en/664/1408
Contact Information to UODO:
Office of the President for Personal Data Protection
Urzad Ochrony Danych Osobowych
Stawki 2
00-193 Warsaw
Poland
Tel. +48 22 531 03 00
Fax +48 22 531 03 01
kancelaria@uodo.gov.pl
9. Changes to this privacy policy
We may need to change this privacy policy, for example when we add features to the services, because of changes in law or regulations or due to evolving industry standards. When this privacy policy is changed we will let you know by updating the date at the top of this privacy policy. You may also be informed through information on our website www.pavenow.io. Please revert to this privacy policy on a regular basis to stay up-to-date about our data processing practices and your rights.
10. Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Currently no providers added. Will be updated when such third-party is added.
These Terms and Conditions ("Terms") set forth the terms and conditions under which Pave Poland Sp. z o.o. ("PaveNow," "we," "our," or "us") offers its software-as-a-service ("Service") to you, the Customer ("you" or "your"). By accessing or using the PaveNow platform, you agree to be bound by these Terms.
If you do not agree with these Terms, you may not use our Services.
1.1. Company Information
Pave Poland spółka z ograniczoną odpowiedzialnością has its registered office in Warsaw, at Chmielna 73, 00-801 Warsaw, registered in the entrepreneurs' register maintained by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under the number KRS 0001031636, with tax identification number NIP 7011141512 and share capital of PLN 2,250,000
1.2. Scope of Services
PaveNow provides cloud-based software for small and medium enterprises (SMEs), specifically focusing on automating expense management, invoice generation, and financial reporting.
1.3. Acceptance of Terms
By using the PaveNow platform, you acknowledge that you have read, understood, and agree to comply with these Terms.
1.4. Modifications
PaveNow reserves the right to modify these Terms at any time. You will be notified of any significant changes, and your continued use of the Service after the modifications constitute your acceptance of the new Terms.
3.1. Eligibility
To use the PaveNow platform, you must be at least 18 years old and capable of entering into legally binding agreements. You must also be authorized to act on behalf of your business or entity.
3.2. Account Registration
To access our services, you must create an account by providing accurate and up-to-date information. You agree to maintain the confidentiality of your account credentials and are responsible for all activities that occur under your account.
3.3. Verification of Information
PaveNow reserves the right to verify your identity and the accuracy of the information provided during the registration process. Failure to provide accurate information may result in suspension or termination of your account.
4.1. Expense Management Automation
PaveNow provides automated solutions for managing expenses, including the ability to upload and process invoices and receipts.
4.2. Invoice Generation
The platform allows users to generate invoices based on the data they input or upload.
4.3. Financial Reporting
PaveNow offers customizable financial reporting tools, allowing customers to generate reports based on their transactional data.
4.4. Third-Party Integrations
PaveNow may integrate with third-party services (e.g., payment gateways, accounting platforms). The use of these services is subject to the respective third-party’s terms of service.
5.1. Subscription Plans
PaveNow operates on a subscription-based model. Subscription plans, pricing, and features are outlined on our website. By selecting a subscription plan, you agree to pay the applicable fees.
5.2. Payment Terms
Subscription fees are due at the beginning of each billing cycle (monthly or annually) and are non-refundable. Payment can be made through the accepted payment methods provided on our platform.
5.2.1. Przelewy24: Payments are supported by Przelewy24, which offers the largest number of payment methods in Poland and is the undisputed leader in this respect.
High security for card transactions is ensured through the use of 3D Secure (Verified by VISA and MasterCard SecureCode), as well as SSL EV (Secure Sockets Layer Extended Validation). This system ensures high levels of security by preventing payment card numbers from being sent to the online store or stored anywhere. The customer is guaranteed that their card number is known only to them and their bank.
The security of transactions is further ensured through the use of the SSL EV protocol, providing an additional layer of protection during online payments on the PaveNow platform.
Details about their regulation are available at: https://www.przelewy24.pl/en/regulations
5.3. Fee Adjustments
PaveNow reserves the right to adjust subscription fees and will notify customers of any changes. Adjustments will only take effect at the start of the next billing cycle.
5.4. Late Payments
If payment is not received on time, PaveNow may suspend your account until the outstanding balance is paid. Continuous failure to pay may result in account termination.
6.1. Proper Use of Services
Customers agree to use PaveNow only for legitimate business purposes and in compliance with all applicable laws and regulations.
6.2. Account Security
You are responsible for maintaining the confidentiality of your account credentials and must immediately notify PaveNow of any unauthorized access or use of your account.
6.3. Prohibited Activities
You agree not to:
7.1. Ownership
All intellectual property rights in the PaveNow platform, including software, logos, trademarks, and content, are owned by Pave Poland Sp. z o.o.
7.2. License
PaveNow grants you a limited, non-exclusive, and non-transferable license to use the platform solely for business purposes.
7.3. Restrictions
You may not:
8.1. Privacy Policy
PaveNow is committed to protecting your privacy. The use of personal data is governed by our Privacy Policy, available at https://www.pavenow.io/en/privacy-policy
8.2. Data Security
PaveNow uses industry-standard security measures to protect your data. However, we do not guarantee that the platform will be free from unauthorized access or data breaches.
9.1. Termination by Customer
You may terminate your subscription and close your account at any time by providing written notice to PaveNow.
9.2. Termination by PaveNow
PaveNow reserves the right to terminate or suspend your account if you violate these Terms or engage in prohibited activities. Upon termination, all outstanding fees will become due immediately.
9.3. Effect of Termination
Upon termination of the agreement, your access to the platform will be terminated, and all data will be permanently deleted unless required to be retained by law.
10.1. Disclaimer
PaveNow provides its services "as is" and makes no warranties regarding the accuracy, reliability, or availability of the platform.
10.2. Limitation of Liability
PaveNow shall not be liable for any indirect, incidental, or consequential damages, including loss of profits or data, arising from your use of the platform.
10.3. Force Majeure
PaveNow shall not be liable for any delay or failure to perform its obligations under these Terms due to circumstances beyond its reasonable control, including natural disasters, war, or technological failures.
11.1. Governing Law
These Terms are governed by and construed in accordance with the laws of Poland.
11.2. Dispute Resolution
Any disputes arising from these Terms shall be resolved amicably. If a resolution cannot be reached, disputes shall be submitted to the exclusive jurisdiction of the courts of Poland.
For any questions or inquiries regarding these Terms, you can reach us at:
Pave Poland Sp. z o.o.
Chmielna 73, 00-801 Warsaw, Poland
it.admin@pavenow.io