PRIVACY AND COOKIE POLICY FOR EU USERS

  1. INTRODUCTION
    At AstroPay we understand the importance of treating the personal data of our business partners, website visitors and other persons we may interact such as potential users with in a confidential and private manner. AstroPay is committed to following the requirements and obligations in relation to data privacy in accordance with applicable law, including the EU General Data Protection Regulation (“GDPR”). Therefore, we have secure and adequate data processing procedures in place. AstroPay is short for and the brand name of the AstroPay Group under which the legal entity Larstal Denmark ApS, c/o Regus Søborg, Automatikvej 1, 3. sal, 2860 Søborg, Denmark, business registration number 42457590, (“Larstal Denmark”) belongs. Larstal Denmark is the data controller for the processing of your personal data but for the purpose of the brand and the general recognisability, Larstal Denmark is referred to as AstroPay in this privacy and cookie policy (“Policy”).  Below, AstroPay has provided an overview of the processing activities in which personal data are processed, including among others the purpose thereof and the legal basis. If you have any question about this Policy or you wish to exercise your data subject rights pursuant to Chapter III of the GDPR and according to section 8 of this Policy, please contact AstroPay by sending an email to dataprotection@astropay.com.
  1. CATEGORIES OF PERSONAL DATA, PURPOSE, AND LEGAL BASIS
    1. Website visitors. When you visit AstroPay’s website: www.AstroPay.com (“Website”), AstroPay will process personal data about you, for instance, cookies, browser type and version, IP-address, and length of visit. The purpose of using cookies is, to improve your user experience on our website, to provide functionality, to generate statistics, to target the marketing of our products to your needs, and to remember your preferences. Find more information about your use of cookies in Section 7 below. The legal basis for the processing of your personal data is AstroPay’s legitimate interests and it is AstroPay’s assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are to provide you with a website that works optimally, a good website experience and marketing activities. In certain cases, the legal basis for the processing of your personal data in this regard is your consent, which you will be asked to give when you visit the Website, cf. Art. 6(1)(a) of the GDPR.
    2. Contact persons at a business partner and other persons AstroPay interacts with. As a contact person at a business partner and as other persons we interact with, e.g. resellers, affiliates or potential Users, AstroPay processes your personal data when you communicate with AstroPay, e.g., via emails in connection with AstroPay’s existing contractual relation with the company you are employed with or in connection with the conclusion or termination of a contract. AstroPay processes ordinary personal data about you, including your name, email address, telephone number, position, etc. The legal basis for such processing of your personal data is that the processing is necessary for the purposes of legitimate interests pursued by AstroPay and it is AstroPay’s assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. AstroPay’s legitimate interests are fulfilment of our contractual obligations, maintaining and enhancing business relationships, invoicing for the services your company provides to AstroPay and/or vice versa, communicating with you if you have any questions related to our services or vice versa, and for documentation purposes in the event you agree on matters relating to our services in writing via email. In some cases, processing of personal data is necessary in order to comply with a legal obligation to which AstroPay is subject, for instance in relation to the obligation on the preservation of accounting records pursuant to the Danish Bookkeeping Act. In such cases, the legal basis for the processing is Art. 6(1)(c) of the GDPR.
    3. Online contact form inquiries and live chat support function. When you use our online contact form or our live chat support function, we process the information you provide in order to deal with your inquiries, such as name, email address, phone number and the content of your inquiry. AstroPay will not process special categories of personal data (sensitive personal data) about you, e.g. health information, unless you have provided us with such information in your inquiry. AstroPay kindly encourages you not to submit such sensitive personal data. The legal basis for the processing of personal data is AstroPay’s legitimate interests and it is Euro-DK’s assessment that our legitimate interests override your interests or fundamental rights and freedoms, cf. Art. 6(1)(f) of the GDPR. The legitimate interests pursued are to provide support to our business partners by answering the inquiries and business development.
    4. Social media. We use certain social media to get in touch with our customers and potential customers, as well as promote our marketing initiatives. If you have been to these sites and “liked” or “followed” our fan page or have been in contact with us through these sites, we will process your personal data. We only process information about your name and email. If you contact us via social medias, we process your information based on our interest in being able to contact you and respond to your inquiries (GDPR art. 6(1)(f)). The information will come from you and the social media through which you contact us. We have a so-called joint controllership with the social medias that we use as we both use your data for our own purposes. You can read more about the social media´s processing of your personal data in the following:
      • Facebook’s Privacy Policy and about Facebook’s joint controllership here.
      • LinkedIn´s processing of your personal data in LinkedIn’s Privacy Policy and about LinkedIn’s joint controllership here.
      • Pinterest´s processing of your personal data here and about the joint controllership here.
      • YouTube´s processing of your personal data here.
      • Twitter´s processing of your personal data here.
      • Tik Tok´s processing of your personal data here and about the joint controllership here.

Information processed in connection with social media that involves direct communication via the social media is deleted immediately. Posting on, for example, Facebook pages or in public groups are not deleted as a post or comment on Facebook pages or in public groups is considered public spaces. You can read about public spaces here.

  1. RECIPIENTS OF YOUR PERSONAL DATA
    Where relevant, AstroPay may disclose or transfer your personal data to affiliates of AstroPay, business partners or other collaborators for business purposes. Such third parties also include social media providers, as described in section 6 below. In certain specific cases, e.g., in connection with disputes, including when the disclosure of your personal data is necessary for the establishment, exercise or defense of AstroPay’s legal claims, AstroPay may disclose your personal data to our advisers or other relevant third parties provided it is deemed necessary and lawful. Certain recipients process personal data on behalf of AstroPay and may only process your personal data in accordance with documented instructions given by AstroPay and further terms and conditions stated in a data processing agreement entered into with AstroPay. These data processors are not permitted to process your personal data for their own purposes.
  1. TRANSFER OF YOUR PERSONAL DATA TO A THIRD COUNTRY (OUTSIDE OF EU/EEA)
    In certain cases, your personal data may be transferred to countries outside of the EU/EEA. AstroPay ensures that such transfer will be carried out in accordance with the applicable data protection laws. This entails that any party outside of the EU/EEA that will receive your personal data will ensure an adequate level of protection, for example, by entering into the EU standard contractual clauses (“SCCs”) with AstroPay. AstroPay will ensure the implementation of supplementary safeguards if deemed necessary in the specific case. You may receive a copy of the legal basis for transfers upon request. Please contact dataprotection@astropay.com.
  1. STORAGE OF YOUR PERSONAL DATA
    AstroPay will only store your personal data as long as it is deemed necessary to fulfil the purposes for the processing of your personal data.
    1. Website visitors Personal data collected via cookies through use of our website are stored for different periods depending on the type and purpose of the cookie in question. See section 7 below. Personal data collected in relation to the use of social media will be erased when the content is deleted or when you withdraw your response to our content (likes, sharing, etc.). See more in section 6 below. 
    2. Contact person at a business partner and other persons we interact with. If you are a contact person at a business partner or other persons we interact with, AstroPay will store personal data about you as long as AstroPay communicates with you because you are AstroPay’s point of contact, 3 years after termination of the contractual relationship, or until it is no longer necessary for the establishment, exercise, or defense of a legal claim. 
    3. Inquiries via online contact form and communication via live chat function. The inquiries and communication, e.g. from potential customers, will be deleted 1 year from the inquiry is resolved, unless it is deemed necessary to store such inquiries for documentation purposes e.g., due to a dispute, including for the establishment, exercise or defense of legal claims. 
    4. Bookkeeping material AstroPay will store your personal data to the extent it is necessary for bookkeeping purposes such as personal data related to invoicing. Such personal data will be stored for a period of 5 years from the end of the financial year to which the accounting records relate. The purpose is to comply with the legal obligation pursuant to the Danish Bookkeeping Act.
  1. SOCIAL MEDIA
    Our website uses social media plug-ins (“Plug-ins”) from the social networking sites Facebook, Instagram, LinkedIn, YouTube, TikTok, and Twitter. When you visit our social media sites on Facebook, Instagram and LinkedIn or our Website where social media Plugins have been installed, our social media service providers collect and process your personal data using cookies, subject to your consent to the service provider, as applicable. Such collection and processing take place even if you have no account on the social media. If you access our website using such a Plug-in, your browser will contact the server of the underlying social networking site, load the visual presentation of the Plug-in, and present it to you. While this is happening, the social networking site receives information concerning your visit to our website, as well as further data such as your IP address. AstroPay receives anonymous demographic and geographic statistics from the social media on the visitors on our website and our social media sites. AstroPay is a joint data controller with our social media providers for personal data collected and processed in connection with your visit to our social media sites and our website. It means, among other things, that you may contact both AstroPay and the social media providers to exercise your rights under the GDPR. The social media providers have primary responsibility for ensuring compliance with the GDPR and responding to requests from visitors on their sites. If you are registered as a user of the special media providers, you may exercise your rights via your account settings on their sites. We have no influence on the amount of data that social networking sites collect via an active Plug-in. For more information, please consult the relevant data privacy notice: 
    Facebook: www.facebook.com/policy
    Instagram: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0 
    LinkedIn: https://www.linkedin.com/legal/privacy-policy 
    YouTube: https://www.youtube.com/intl/ALL_ie/howyoutubeworks/our-commitments/protecting-user-data/
    TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=en
    Twitter: https://twitter.com/en/privacy.
  1. USE OF COOKIES
    When you visit www.AstroPay.com for the first time, you will be asked to give your explicit consent to the use of cookies on the Website or decline the use of all or some of the cookies. Please note that the use of functionality cookies does not require your consent, as such cookies are necessary for the function of the Website. We encourage you to accept the cookies used by the Website, because it will help us improve you and other people’s experience when visiting the Website. If you decline the use of cookies, there may be a variety of functionalities on the Website, which you cannot utilise. When you use our website, we do not register any information that can identify you directly, such as name and address. However, we register how you navigate around the site, so we can learn more about how our site is used, and we register your IP-address, which can identify indirectly.
    1. What are cookies. A cookie is a text file that is sent to your browser from our website and saved on your computer, phone or whichever device you use to access the internet. However, the meaning of the word “cookies” in this Policy and in the cookie consent text also includes other kinds of automated data collection, e.g. Flash-cookies (Local Shared Objects), Web Storage (HTML5), JavaScript’s or cookies placed by the use of other kinds of software.  There are basically two types of cookies – so-called session cookies and persistent cookies. Session cookies are information units that are deleted when you close your web browser. Persistent cookies are information units that are stored on your computer until they are deleted. Persistent cookies delete themselves after a certain period but are renewed each time you visit the Website. AstroPay uses both session and persistent cookies. Read more about this below in section 7.6 where you will also find an overview of the specific cookies we use.
    2. The purpose of cookies. Cookies may be used for a number of purposes, but in essence they are used to save information about your activity on the internet. Cookies contain information that later in time can be read by a web server on the domain that issued the cookie in question. This means that the relevant website remembers you the next time you visit it. We collect information via cookies in order to improve your user experience on our website and products, to provide and improve usability and functionality, to generate statistics, analysis and website performance reviews, to remember your preferences, marketing purposes, tracking of your location and to customize our advertising on social media platforms. The benefit for you is that you will save time next time you visit the Website, as you do not have to enter the same information again and that the content will be adjusted to your preferences.
    3. How long are cookies stored? Cookies can be stored for varying lengths of time on your browser or device. Session cookies are deleted from your computer or device when you close your web-browser. Persistent cookies will remain stored on your computer or device until deleted or until they reach their expiry date. Find information on the specific retention periods of the various cookies in the cookie declaration below.
    4. Types of cookies. There are 4 varieties of cookies which operate on our website: 
      1. The essentials. Some cookies are essential for you to be able to experience the full functionality of our website. Without these cookies, most parts of our website will not work as they should.
      2. The customizers. These cookies (also called functional cookies) allow our website to remember your preferences, helping you to customise your experience. That way we can remember you when you return to our website, avoid showing you notifications you have already seen and dismissed, show you payment options and offers available in your country or specifically for you, provide you with Live Chat Support and other services of the sort. 
      3. The performance improvers. These cookies tell us about how you use the Website and they help us in making it better. For example, these cookies count the number of visitors to our website and see how website visitors move around when they are using it. This gives us invaluable information to understand user preferences and design to improve our website accordingly. These are the cookies that allow us to give you a better service every day. 
      4. The advertisers. These cookies (also called advertising cookies) are used to track the effectiveness of our ad campaigns on third party websites, which you may have seen or even got to know about AstroPay through them. These cookies are placed on our website by our third-party service providers, may remember your web browsing activity and may be used to understand your demographics, such as age and gender.
      5. Third party cookies. In order to further develop and improve the Website, we use cookies from certain third parties. The purposes are preparation of statistics and analyses of online behavior. The third parties place the cookies on your computer on our behalf and prepare the statistics, etc. Third parties used are listed in the cookie declaration below.
      6. Cookie declaration. Cookie declaration last updated on 16th September 2022 by WordPress.org:
“Account Holder Data” means the account number, the name, the address and any other relevant information of the Account Holder required from time to time by the Processor necessary to process the proposed Transaction;
“Account Holder” means the person in the Territory in whose name an account is registered with the Processor;
Accelerated Settlement Means the Processor advancing to the Merchant funds form Customer’s Transactions upon Merchant’s request (not earlier than certain calendar days (specified in the Schedule A) from the day the Transaction is made and not later than the Availability Date).
“Affected Country” has the meaning specified in Clause 11.8;
“Affected Services” has the meaning specified in Clause 11.7;
“Agreement” means these Terms, the Merchant Agreement Form and the Schedules attached thereto;
“Applicable Legislation” means all applicable legislation, regulations, any and all directives and/or guidelines of any applicable regulatory or governmental authority relating (as the context requires) to each Party's business and obligations under and/or pursuant to this Agreement, including the highest standards and international practices of the specific industry which the Merchant operates;
“AstroPay Prepaid Card/Voucher” means a virtual Prepaid Voucher operated by the Processor which allows a person to spend the pre- purchased amount of it and, where permitted, to receive Payout Card;
“Authorization Code” means an identification number, which is provided by the Processor to the Merchant, indicating that payment for a particular Transaction has been authorized;
“Authorization Data” means all the data the Processor requires to be transmitted by the Merchant (including the Account Holder data or the Cardholder Data) prior to the Processor authorising a Transaction in accordance with Clauses 8.1 and 8.2 below;
“Authorization Request” means the request for payment to be taken for a particular Transaction which is made in accordance with Clause 8.1 below;
“Authorized Transaction” means a Transaction which complies with the requirements set out in Clause 8.5 below;
“Availability Date” means the date when the funds specified in Clause 6.2.1 will be available for payment, which will be after certain calendar days (specified in the Schedule A) has elapsed from receiving payment through the Payment Processing Services;
“Bank” means a bank with which Processor maintains an account, which must be subject to regulation as a financial institution by its respective national financial supervisory authority or authorities;
“Business Day” means any day other than: (i) a Saturday or Sunday; (ii) a holiday and/or; (iii) a day on which banking institutions are Authorized by law in Malta or UK by a regulatory order to be closed;
“Card” means a debit card, a credit card or the AstroPay Prepaid Voucher, as applicable;
“Cardholder” means the holder of a Card;
“Card Association” means any organization owned by a financial institution that licenses bank credit or debit card programs;
“Card Data” means in relation to a Card: Card number, Card expiration date, Card security code (CVV), amount and the currency of the Card, as applicable;

7.7 Removal of cookies. You can always reject or deselect the location of cookies on your computer by changing the settings in your browser or by visiting the permanent representation of the cookie banner available on our website. Please note that if you opt out, there are many features and services on our website that you cannot use because they require the Website to remember the choices you make. Cookies that you have previously accepted can easily be deleted subsequently. If you use a computer with a newer browser, you can delete your cookies using the shortcut keys: CTRL + SHIFT + Delete. If the shortcut keys do not work and/or if you use a MAC, you must start by finding out which browser you are using, and then click on the relevant link with guidelines on how to opt out of cookies: Guidance – Firefox Guidance – Google Chrome Guidance – Edge Guidance – Safari Guidance – MS Edge. Note that if you use multiple internet browsers, you must delete cookies in all your browsers.

8. YOUR RIGHTS

AstroPay has implemented a number of measures to protect your personal data and ensure your rights. As a data subject, you can exercise the rights listed below. Please note that certain limitations may apply to your ability to exercise these rights, for example, when your right to obtain the information is found to be overwritten by essential considerations of private interests. The Danish Data Protection Agency has prepared guidelines regarding the data subjects’ rights. The guidelines can be accessed here. However, please note that the guidelines are only available in Danish. As a data subject you have the following specific rights, unless otherwise exceptionally provided by the data protection legislation: Right of access, Right of rectification, Right of erasure (“right to be forgotten”), Right to restriction of processing, Right to data portability, Right to object, Right to complain to the Data Protection Agency. If you disagree with the way in which AstroPay processes your personal data, you may file a complaint with the Danish Data Protection Agency, using the contact details that are available at www.datatilsynet.dk. However, we hope that you will contact us first, using the below contact details, so that we may reach agreement. Right to withdraw a former consent. If the processing of your personal data is based on your consent, cf. Art. 6(1)(a) of the GDPR, you have the right to withdraw your consent at any time. Please note that your withdrawal does not affect the lawfulness of the previous processing of your personal data which until your withdrawal has been based on your consent. If you wish to exercise any of the above-mentioned rights, or if you wish to withdraw a former consent, you are welcome to contact us at dataprotection@astropay.com. To process your request, we need you to provide us with the following information: 

  1. full name, address, contact telephone number and email address.
  2. Photocopy or scanned image of one or both of the following: 1) Proof of Identity, e.g. passport, photo driver’s license, national identity card, birth certificate. 2) Proof of Address, e.g. utility bill, bank statement, credit card statement (no more than 3 months old); current driver’s license;
  3. If you do not provide us with the above information (i+ii), AstroPay cannot identify you and is thus unable to handle your request.

9. QUESTIONS OR COMPLAINTS

If you have any questions relating to this Policy, you wish to exercise your rights as mentioned above, or you disagree with the way AstroPay processes your personal data, you can contact AstroPay at dataprotection@astropay.com. You can also file a complaint to the Danish Data Protection Agency, which is an independent public authority that is responsible for monitoring and enforcing the application of the GDPR. The Danish Data Protection Agency’s contact information is available on its website: www.datatilsynet.dk.

10. AMENDMENTS ON THIS POLICY

AstroPay has the right to modify this Policy regarding new technologies, regulatory requirements, or other purposes. For this reason, please visit this page periodically. Below is highlighted the date when the last version of this Policy has been uploaded.Date of the most recent version of this Policy: April 2024.