Skip to content

Privacy Policy

Who we are?

Tpay LLC is a licensed payment service provider operating under the legislation of Georgia, acting as a data processor for the purposes of this policy (hereinafter referred to as the “Company”).

Tpay LLC identification code is: 402291220
Legal address: K. Marjanishvili St. №7, Chugureti District, Tbilisi, Georgia
Actual address: N. Ramishvili 3a, Tbilisi, Georgia

We, the Company, do affirm the following:

  • We are committed to safeguarding the confidentiality of your information;
  • Your data will not be processed in an unlawful manner;
  • Upon your request, we will furnish you with comprehensive and thorough details regarding the processing of your personal data.

Purpose of the Document

Our primary objective is to acquaint you with the procedures involved in the processing and utilization of your personal information by Company. The notification delineates the guiding principles we adhere to during the processing of your personal data and highlights the legal safeguards in place for your protection.

It encompasses the information that the Company acquires as part of its customer relationship with you, and this data is also utilized for direct marketing purposes, adhering to the regulations of Georgia and GDPR/UK GDPR as applicable.

How is your protection ensured by the law?

Your rights are safeguarded under the laws of Georgia and the General Data Protection Regulation (GDPR/UK GDPR). You are entitled to receive information regarding the processing of your personal data, as stipulated by law, within the determined timeframe therein.

We will only process your personal data if:

  • You have explicitly given consent for the processing of data for one or more specific purposes;
  • Processing is essential to fulfill an obligation arising from a transaction concluded between us or to engage in a transaction at your request;
  • Processing is mandated by law;
  • Processing is necessary to fulfill obligations imposed on us by law/regulation;
  • As per legislation your information is accessible to the public or if you have voluntarily made it publicly accessible;
  • Processing of data is essential for safeguarding significant public interests;
  • Processing of data is imperative for reviewing your application (to render services), and/or
  • Processing of data is grounded on other legal basis.

The table below outlines the objectives of processing your personal data for each particular scenario, referencing the applicable legal grounds:

TYPE OF PERSONAL INFORMATION WHAT DO WE USE YOUR PERSONAL INFORMATION FOR OUR LEGITIMATE INTERESTS: LEGAL BASIS
Contact information, socio-demographic, transaction-related, behavioral data, technological, communication, location-related data
  • To manage our relationship with you
  • To meet your requests, explore novel ways of collaboration, and advance the development of our business.
  • To plan and execute marketing activities.
  • To study how customers use our products and services.
  • To conduct various surveys for the purpose of product and service improvement/development.
  • To receive the advice or recommendations related to our products and services.
  • For the developent and management of our brands, products, and services.
  • Updating information, identifying products and services tailored to your interests, and delivering pertinent information to you;
  • Developing new products and services;
  • Establishing a client focus group to introduce innovative products and services;
  • Efficiently fulfilling our legal obligations.
  • Your consent;
  • Implementation of contractual obligations;
  • Our lawful Interests;
  • Our legal responsibilities.
Financial data, contact information, transaction-related information, contractual, communication data, location-related data, documentary records, open data and public records; Special categories of data (including biometrics).
  • To provide products and services.
  • To handle and oversee customer payments.
  • To administer fees on customer accounts.
  • To adequately fulfill our legal responsibilities and contractual commitments;
  • Ensuring adherence to pertinent regulations on our part.
  • Your consent;
  • Implementation of contractual obligations;
  • Our lawful Interests;
  • Our legal responsibilities.
Financial data, contact information, socio-demographic details, transaction-related information, contractual, location-related data, open data and public records, social relations-related data, documentary records, communication data; Special categories of data (including biometrics).
  • To identify, investigate, report, and prevent financial crimes.
  • For the management of risks associated with us and our clients.
  • To comply with relevant laws and regulations for us.
  • To respond to complaints and to find the ways for their resolution.
 Enhancing and refining measures against financial crime, along with meeting other legal requirements.
  • Our lawful Interests;
  • Our legal responsibilities.
Financial data, contact information, socio-demographic details, transaction-related information, contractual, location-related data, open data and public records, social relations-related data, documentary records, communication data; Special categories of data (including biometrics). Exercising rights and fulfilling obligations under the agreement Implementation of contractual obligations.
  • Implementation of contractual obligations;
  • Our lawful Interests;
  • Our legal responsibilities.

Personal Data Groups

We process different types of personal information, which we group as follows:

Personal data types Description
Financial Details regarding your financial status, encompassing completed transactions, your financial products, payment arrears.
Contact information Actual and legal address, telephone number, email and/or other contact information.
Socio-demographic Details regarding your citizenship.
Transaction related Information related to accounts, Bank account number, information about operations carried out on accounts.
Contractual Information about your products and provided services.
Locational Data regarding your location collected by the Company when you utilize electronic devices.
Behavioral Details about how you use our products or services.
Technological Details about the technology or devices you utilize while using our products or services.
Open Data and Public Records Information about you collected from public sources, which may include data from public voter lists, along with other legally accessible information on the internet.
Communications Information about you acquired by the Company, gathered from both physical documents and through communication channels such as emails and telephone.
Social Relations Details regarding your family members (marital status) and individuals for emergency contact.
Documentary Information about you reflected in various documents and their copies. Such documents include passport, identity document, birth certificate, driver's license and other documents that identify you.
Special categories of data (including biometrics) Biometric data.

Security of your data in digital channels

Within the scope of service provision, the Company is empowered to observe your actions while utilizing its digital platforms. The objective of this observation is to study and analyze consumer behavior.

When using the Company's electronic platforms, we may process information regarding your device's ID, model, brand, name, OS version, etc.

How do we collect your personal data?

We collect your personal information from the following sources:

  • When you become our customer and engage with our products or services;
  • Upon registration for our online services;
  • During telephone conversations or visits to the Office;
  • Through the use of our and/or members’ of the company group (including but not limited to JSC TBC Bank) digital channels;
  • When you submit documentation to us or send letters via mail or email;
  • Through transactions with third parties, where we obtain personal data from them;
  • From publicly available sources.

Cookies

On our website, we track user behavior through "cookies" to facilitate the user's experience and enhance the quality of website functionality.

"Cookies" are small files stored on the user's computer, tablet, or mobile device during site visits. They persist on the device and are sent to the website when the same address is accessed again.

Your rights

You have the right to receive information about the collection and processing of your personal data, obliging us to provide comprehensive details upon your request.

You can request access to your data as well as the transfer of its copies. In accordance with the law, you also have the right to request blocking, modification, correction, update, completion, addition, transfer, termination of data processing, erasure, or destruction of your data if it is incomplete, inaccurate, outdated, or if its collection and processing were conducted unlawfully.

It is important to note that we operate in compliance with the legislation of Georgia. Consequently, there may be limitations on the deletion of personal data. These limitations may arise from anti-money laundering, tax, commercial banking, consumer protection laws, and/or other legal acts.

Information Obtained from Third Parties

In accordance with the law and within the legally defined boundaries, we retain the right to request and receive your personal data from third parties. This includes electronic data from the State Services Development Agency's database and other administrative bodies.

Who do we share your data with?

Personal information about you may be disclosed as mandated by law or to entities involved in delivering the product or service you have chosen. For instance:

  • If you possess debit, credit, and/or other card types, we may furnish comprehensive transaction information to entities assisting us in offering these services (such as international and/or local payment systems, correspondent/intermediary Banks, Commercial Banks).

Your information may also be shared with member companies of the TBC Group for the purpose of providing services, creating and developing products, and offering.

In the event that we use the services of third parties or other providers as part of our core business, we may need to share your personal data with them to perform specific tasks. Services that we may receive from third parties requiring us to share your data may include, but are not limited to, the following areas:

  • Designing, developing and maintaining internet-based tools and applications;
  • By the system used in the identification/verification process;
  • IT service providers who may provide applications or infrastructure (such as cloud) services;
  • Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;
  • Identifying, investigating or preventing fraud or other misconduct by specialised companies;
  • Carrying out Banking/financial arrangements.

Your personal data may also be shared if there are any structural changes within the Company in the future. For instance, if the Company decides to fully or partially divest its assets or undergo a reorganization.

Under the outlined circumstances, data will only be transferred to third parties if all legal requirements are met, and these third parties commit to proper data processing and confidentiality.

In the event that you decline to share data with third parties in accordance with the applicable legislation, the provision of services to you may be interrupted.

International Transfer

If your personal data is transferred internationally, it will be executed in adherence to the regulations set forth by the applicable legislation. Nevertheless, during such transfers, we will exert every effort to ensure that data is transferred securely and with complete confidentiality, fully complying with this Privacy Policy.

If you are living in EU/EEA and fall under the definition of a data subject according to the General Data Protection Regulation (GDPR), and if the data is shared outside the European Union and the European Economic Area, the data may be shared under various circumstances, including:

  • The country receiving the information ensures adequate protection guarantees in line with the legislation of Georgia and/or the decision of the European Commission.
  • In cases where legislation does not stipulate appropriate safeguards, and/or there is no relevant decision by the European Commission, we may transfer personal data to a third country or international organization only if we implement suitable measures as per the applicable legislation and/or GDPR. Furthermore, information about these measures can be obtained through the communication channels specified in this policy.

Processing of Personal Data for Direct Marketing Purposes

We process your personal data for marketing purposes, deeming it necessary to provide you with information about products and offers tailored to your preferences.

We process your data to comprehend your preferences and interests, aiming to offer content that aligns with your needs.

Your personal data for direct marketing purposes is processed with your explicit consent.

You retain the right to contact us at any time and request the termination of data processing for direct marketing purposes. We commit to fulfilling your request within 7 (seven) business days upon receiving such a request.

However, it is important to note that you will continue to receive mandatory notices concerning products and services already available to you, including notifications of any changes to such products and/or services.

Retention Period of Your Personal Data

We process and retain your data for the duration mandated by law and to fulfill our obligations.

You have the option to submit a request to withdraw your consent for the processing of personal data, including direct marketing, to the Company at any time. Consent can only be revoked if the basis for processing your data is your consent.

In the event of withdrawing consent, there is a possibility of service interruption, and we may be unable to provide you with an optimal service.

If you choose to withdraw your consent for data processing, kindly reach out to us through one of the communication methods specified in this policy.

Privacy Policy Changes

This document undergoes periodic updates by the Company.

Modifications to the document will be implemented by publishing them on the Company's website, and it is advisable to regularly review these changes. Personal notification of alterations will only be provided if required by applicable law.

How to Contact Us

If you wish to exercise your rights granted to you by legislation and this document, you can visit the Company's office or write to us at the email address provided below: