As of the date stated above:
WHEREAS, all references to APS in this GDPR Guidelines shall mean APS International Ltd or the APS International Ltd Affiliate/Agent that enters a business relationship with the Customer for the provision of Services and all references to APS International Ltd shall be construed accordingly.
NOW THEREFORE, in consideration of the promises made herein and the regulations stated, the parties agree as follows:
All capitalized terms used but not defined herein shall have the same meaning as set forth in this policy document. Lower case terms used but not defined in this GDPR Guidelines, such as “personal data”, “personal data breach”, “processing”, “controller”, “processor”, “supervisory authority” and “data subject”, will have the same meaning as set forth in Article 4 of the GDPR.
This GDPR policy applies to the collection, storage and processing of personal data by APS International Ltd on behalf of Customers. In this context, Customer is the controller or possessor of Customer personal data and APS International Ltd is the collector and processor of such personal data.
APS INTERNATIONAL Ltd GDPR Data Processing Guidelines
Data collection and Processing by APS International Ltd shall be governed by the GDPR under Union or governing Member State law as set forth in the Guidelines. In particular, APS International Ltd shall:
(a) collect and process the personal data only on documented instructions or implied consent from Customer, including with regards to transfers of personal data to a third country or an international organization, unless required to do so by the Union or Member State law governing such personal data; in such a case, APS International Ltd shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(b) ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) take all measures required pursuant to Article 32 of the GDPR;
(d) respect the conditions referred to in this section C for engaging another processor;
(e) taking into account the nature of the data collected and processed, assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
(f) assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to APS;
(g) at the choice of Customer, delete or return all the personal data to Customer after the end of the provision of services relating to processing and delete existing copies unless Union or governing Member State law requires storage of the personal data; in which case the customer will be informed of member state regulatory requirement, upon request. Customers who wish to opt out can either unsubscribe themselves or send a request to APS to de-register them or opt them out as requested. Requests can be sent via emails: [email protected] and by phone +44 121 643 3003.
(h) make available to Customers all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to requests, including verbal and written, conducted by Customer or another auditor mandated by Customer.
The subject-matter and duration of the processing, the nature and purpose of the processing, the type of
personal data, the categories of data subjects and the obligations and rights of Customer are set forth in
the GDPR Guidelines, in particular:
(a) The subject-matter of the processing is the personal data provided by the Customer to APS in respect of the products and services under the Guidelines.
(b) The duration of the processing is the duration of the provision of the products and services by APS to the customer up to and including any data storage time limits set by Regulatory requirements.
(c) The nature and purpose of the data collected and processed is in connection with the provision of the products and services offered by APS and its Agents and Affiliates.
The types of personal data APS International Ltd collects and processes:
The personal data APS International Ltd, It’s Agents and affiliates collect and process may include full name, email addresses, home postal addresses, office/institution postal address, telephone number, mobile phone numbers, business cards and job titles, work section, username and passwords for accessing and using the products and services, education, certifications, professional background and training; gender, photographs, card data (for processing transactions only) bank account data (for direct deposit payments or evidence of sources of fund); government issued identification, including passport numbers (for identification); date of birth (for identification and marketing); nationality (for identification); sanction and watch list data; connection data- IP addresses and computer location details; locale data; other unique identifiers such as IP addresses or device IDs; marketing and advertising responses and preferences; results data from the products and services which may include other third-party data and other types of personal data identified in the GDPR, and/or documents, images or other content containing Personal Data submitted by or at the direction of Customer as part of our registration, transaction processing and AML/TF compliance requirements.
The categories of data subjects may include representatives and end users, including employees, contractors, temporary personnel and its Affiliates, regulators, and other individuals/partners whom personal data is submitted to APS by or at the direction of Customers as part of a transaction process.
On termination of Customer’s business relationship, APS International Ltd shall delete or return personal data, when requested, in accordance with the terms and timelines for the products and services set forth in the GDPR regulation, unless Union, governing Member State, or other applicable law requires storage of the personal data.
APS customers can see the details we hold of them by clicking on the “my account” button after they signed in on their customer portal. This will display the information we hold of you.
APS International Ltd may engage other processors for the processing of Customer personal data in accordance with GDPR safeguards. APS International Ltd shall maintain a list of such processors, which APS International Ltd may update from time to time. At least 14 days before authorizing any new such processor to process personal data, APS International Ltd shall update the list. Customer may object/opt out to the change or use of the new processor without penalty, by initiating the GDPR dispute resolution process, or in the absence of a dispute resolution procedure, and without prejudice to any applicable refund or termination rights Customer has under the Guidelines. APS International Ltd shall use reasonable endeavours to change, modify or remove the affected products or services, in order to avoid the collection and processing of Customer personal data by such new processor to which Customer reasonably objects.
Data Subject Rights
APS International Ltd shall, to the extent legally permitted, promptly notify Customer of any data subject requests received by APS International Ltd and reasonably cooperate with Customer to fulfil its obligations under the GDPR in relation to such requests. Customer shall be responsible for any reasonable costs arising from APS providing assistance to Customer to fulfil such obligations.
APS International Ltd will ensure that, to the extent that any personal data originating from the UK or European Economic Area (EEA) is transferred to a country or territory outside the UK or EEA that has not received a binding adequacy decision by the European Commission or a competent national data protection authority, such transfer will be subject to appropriate safeguards that provide an adequate level of protection in accordance with the GDPR.
Security of Data collection and Processing
(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of data collection and processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the collected and processed personal data.
Personal Data Breach
APS International Ltd will notify Customer without undue delay after becoming aware of a personal data breach and shall reasonably respond to Customer’s request for further information so that Customer may fulfil his/her obligations under Articles 33 and 34 of the GDPR.
The rights set out in Section C.(3)(h) are subject to the notice, confidentiality and other requirements for conducting audits set forth in the Guidelines. In the absence of such requirements in the Guidelines, the
following shall apply: Audits shall be:
(a) subject to the execution of appropriate confidentiality undertakings or relying on similar obligations in the Guidelines;
(b) conducted no more than twice per year unless a demonstrated reasonable belief of non-compliance with the Guidelines has been made, upon thirty (30) days written notice and having provided a plan for such review; and
(c) conducted at a mutually agreed time and in an agreed manner.
If there is any conflict or inconsistency between the terms of this GDPR Guidelines and the terms of the Guidelines, the terms of this GDPR Guidelines will control to the extent required by law. Otherwise, the terms of the Guidelines will control in the case of such conflict or inconsistency.
This GDPR Guidelines and any dispute or claim arising out of or in connection with it or its subject matter or formation (including any non-contractual disputes or claims) shall be governed by and construed in accordance with the governing law set forth in the Guidelines.
The parties irrevocably agree that exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this GDPR Guidelines or its subject matter or formation (including non-contractual disputes or claims) shall be the jurisdiction agreed to by the parties in the Guidelines, by default it shall be primarily assumed to be the UK / EEA member state of the customer.
By default, APS International Ltd shall assume consent is given by customers who intentionally sign up to our platforms (including our website, mobile apps and customer transactions software portals) and/or uses any of APS products and services. Customers have the right to opt out of any data collection and processing activity conducted by APS International Ltd, its Agents and Affiliates, as long as it is reasonable and does not violate any regulatory requirement in respect of the use of such product or service.
For further information or clarification, please contact: The Data Protection Officer, APS International Ltd, 26 Moat Lane, City Gate House, Birmingham; B5 5BD: Tel: +44 121 643 3003, Email: [email protected]
Authorized representative and on behalf of APS INTERNATIONAL LTD
Lamin Sanneh: CEO- APS INTERNATIONAL LTD