Bravapay - Privacy Policy

Privacy Policy

Last Updated November 15, 2023

Bravapay has developed this Privacy Policy to explain how Bravapay collects, retains, processes, shares, and transfers your Personal Data when you use Bravapay’s Services.

Bravapay collects customer information required to provide MSB services in accordance with Canadian laws including the Proceeds of Crime and Terrorist Financing Act (PCMLTFA) and associated regulations, The Personal Information Protection and Electronic Documents Act (PIPEDA) and related Canadian Privacy Laws. This includes enabling Bravapay to verify your identity to utilize Bravapay Services.

1. Definitions
2. What Personal Data Do We Collect?
3. Why Do We Retain Personal Data?
4. How Do We Process and Use Personal Data?
5. Do We Share Personal Information?
6. How Do We Use Cookies and Tracking Technologies?
7. What Privacy Choices Are Available to You?
8. User Rights
9. How Do We Protect Your Personal Data?
10. Can Minors Use Our Services?
11. Additional Information

Account means a Bravapay service account.

Device Information is information that can be obtained automatically from any type of electronic device and utilised to access the website or services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device’s IP address; information about your device’s web browser; Geolocation Information; and biometric data.

Geolocation Information signifies data that pinpoints your current location with a fair degree of specificity, such as longitude and latitude coordinates collected from GPS, Wi-Fi, or cell site triangulation. To access our services, you may be asked to provide permission to share your current location.

Bravapay means Bravapay Ltd. MSB registration number M21407031 incorporated in 2020 in Alberta Canada. In this Privacy Policy, Bravapay is sometimes referred to as “we,” “us,” or “our,” depending on the context.

Personal Data means personal information that can be associated with an identified or identifiable person. Full name, postal address (including billing and shipping addresses), phone number, email address, occupation, payment card number, account number, account information from other financial accounts, date of birth, and information from documents issued by the government (such as the licence or passport number, Social Insurance number, etc.) are all considered to be "Personal Data".

Process means any technique or procedure we employ to use Personal Data or sets of Personal Data, whether manual or automated, including gathering, recording, organising, structuring, storing, adapting, or altering, retrieving, consulting, disclosing by transmission, disseminating, or otherwise making Personal Data available, aligning, or combining, restricting, erasing, changing, or destroying Personal Data.

Services means any products, services, content, features, technologies, or functions, and all related websites, applications, and services offered by Bravapay.

Website means the website or other online properties through which Bravapay offers the Services and which have posted or linked to this Privacy Policy.

Technical Usage Data refers to data that we gather from your computer, phone, or other electronic device that you use to access Bravapay Services. Your IP address, information on how pages are loaded or viewed and other usage and browsing data collected through Cookies are all examples of technical usage data that explains how you use Bravapay Services.

User indicates a person who utilises Bravapay services or visits the Bravapay website.

2. What Personal Data Do We Collect?

Registration and use information: We may gather Personal Data as required to deliver and provide the Services offered by Bravapay. We may require the following:

Name, postal address, telephone number, email address, occupation, and other contact information.
Bank account information including account number, transit number, branch numbers and other associated banking information collected from User Bank statements.
Source of funds information.
Identification information to establish an Account. We may require you to provide us with additional Personal Data with your consent or as required by law.

Transaction and experience information: When you use our Services we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for services, merchant information, Device Information, and Technical Usage Data.

Associated users: We may gather Personal Data such as name, postal address, phone number, and financial account details of participant receiving or sending money in User transactions.

Information about you from third-party sources – We obtain information from third-party sources such as merchants, data providers, and credit bureaus, where permitted by law.

3. Why Do We Retain Personal Data?

For the purposes of conducting business and to satisfy legal and regulatory requirements, Bravapay retains Personal Data.

Data Retention.
Except where otherwise permitted or required by applicable law or regulation, Bravapay retains User data for the lifetime of a User Account or for a period of 7 years. Bravapay may indefinably retain some data if it's necessary for regulatory safety, security, and fraud prevention reasons.

Deletion.
Users can request to have their accounts deleted at any time. In response to such requests, the Company deletes any data that it is not required to keep for regulatory, tax, insurance, or legal proceedings.

Please contact us if you no longer want us to store or use your information.

4. How Do We Process and Use Personal Data?

We may Process your information for the following reasons:

To operate the Website and provide Bravpay Services.
Initiate a payment, send, or receive money, add value to an account, or pay a bill.
Authenticate your access to an Account.
Communicate with you about your Account, the Bravapay Website, Bravapay Services, or Bravapay staff.
Establish a connection between your Account and a platform or account owned by a third party.
Examine applications, verify information, examine creditworthiness and other financial standing, and compare data for accuracy.
Keep your Account and financial information up to date.
To oversee the performance and functionality of Bravapay Services and the Website, as well as to manage the demands of our business. For instance, we investigate how users use our services and analyse user behaviour.
To manage risk and protect the Website, Bravapay Services and Users from fraud by verifying your identity. Bravapay’s risk and fraud tools use Personal Data, Device Information, Technical Usage Data, and Geolocation Information from websites that offer Bravapay Services to help detect and prevent fraud and abuse of Bravapay Services.
To fulfil our commitments and uphold the terms of our Website and Services, we must also abide by all relevant laws and regulations.
To fulfil your requests, such as contacting you in response to a query you sent to our customer care department.

5. Do We Share Personal Information?

Bravapay may share your Personal Data or other information for the following reasons:

Regulatory & Legal: We may disclose Personal Data as required to meet legal, regulatory, insurance, security, or industry self-regulatory requirements.

We may share information about you with other parties as permitted or required by law, including:

If we must follow a regulation, legal procedure, or law.
In response to a subpoena, court order, or other legal procedure or demand that applies to Bravapay, to law enforcement agencies, other government officials, or other third parties.
If we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
To investigate infringements of the terms of service or other agreements that apply to any service and to enforce those agreements.
To protect our property, Services, and legal rights.

Affiliates and Service Providers: We might disclose Personal Data to outside service providers who work under Bravapay’s direction and on our behalf for various services including compliance, administrative, billing, collections, marketing, information technology and/or data hosting or processing services.

Some providers outside of Canada, including the United States, and other countries. Reasonable due diligence, vetting, and contractual measures are taken to protect your Personal Data while handled by these service providers which are subject to applicable Canadian and foreign legal and privacy requirements.

Parties related to transactions: When you use Bravapay Services, such as merchants, and their service providers: We may share information about you and your Account with the parties involved in processing your transactions. This includes other Users you are sending or receiving funds to/from, merchants and their service providers. The information might include:

Personal Data and account information necessary to facilitate the transaction.
Information to help other participant(s) resolve disputes and detect and prevent fraud, and other financial crimes.
Aggregated data and performance analytics to help merchants better understand Users and to help merchants enhance Users’ experiences.
With other third parties for our business purposes or as permitted or required by law, we may share information about you with other parties for Bravapay’s business purposes or as permitted or required by law, including:
- If we must follow a regulation, legal procedure, or law.
- In response to a subpoena, court order, or other legal procedure or demand that applies to Bravapay, to law enforcement agencies, other government officials, or other third parties.
- If we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
- To investigate infringements of the terms of service or other agreements that apply to any service and to enforce those agreements.
- To protect our property, Services, and legal rights.
- To help assess and manage risk and prevent fraud against us, our Users, and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals and merchants.
- To banking partners as required by card association rules for inclusion on their list of terminated merchants.
- To businesses with whom we intend to merge or be purchased.
- To support our audit, compliance, and corporate governance functions.

6. How Do We Use Cookies and Tracking Technologies?

The following types of cookies may be used when you visit our website.

Our Cookies: We use "first-party cookies" that might be either temporary or permanent. These cookies are essential for the effective operation of the Site and the provision of certain services and functions. Some of these may be manually turned off in your browser, although doing so can compromise the Site's operation.

Personalization Cookies: Personalization Cookies are used to recognize repeat visitors to the Website. We use these cookies to record your browsing history, the pages you have viewed, and your preferences each time you visit the Website.

Security Cookies: Security risk detection and prevention are aided by security cookies. These cookies enable user authentication and safeguard user data from unauthorised parties.

Site Management Cookies: To prevent unexpected logoffs and ensure that any data you provide is preserved from page to page, site management cookies are employed to keep your identification or session on the website. Although you cannot disable individual cookies in your browser, you may do so for all cookies.

Control of Cookies?
Most browsers are configured by default to allow cookies. However, you can refuse cookies by changing the settings in your browser. Please be advised that such setting may impact the Site's accessibility and usability.

Other Tracking Technologies:
We may also use web beacons, pixel tags, and other tracking technologies in addition to cookies to further customise the Website and improve your experience. A "pixel tag" or "web beacon" is an object or picture that is embedded in a web page or email. They are used to gather other statistical data, such as the number of people who have viewed emails and browsed websites. They simply gather a small amount of information, such as the cookie number, the time and date that a page or email was seen, and a description of the page or email that they are located on. Pixel tags and web beacons cannot be turned off. However, by managing the cookies that interact with them, you can restrict its use.

7. What Privacy Choices Are Available to You?

Choices Relating to the Personal Data We Collect.

Personal Data. You may decline to provide Personal Data when it is requested by Bravapay, but certain Services or all the Services may be unavailable without providing the Personal Data required by Canadian Money Service Business regulations and acts.

Location and other device-level information. The device you use to access the Website or Services may collect information about you, including Geolocation Information and User usage data that Bravapay may then collect and use. Please utilise the settings on your device to learn more about your options to limit the collection and use of such information.

Choices Relating to Cookies.

You might have options to control your cookie preferences. For example, your browser or internet device may allow you to delete, disable, or block certain cookies and other tracking technologies. You can learn more by visiting AboutCookies.org. You may choose to enable these options, but doing so may prevent you from using many of the core features and functions available on a Service or Site.

You may have an option regarding the use of cookies and other tracking technologies when you use a Service or visit parts of a Website. For example, you may be asked if you want the Service or Website to “remember” certain things about you, and we will use cookies and other tracking technologies to the extent that you permit them.

Choices Relating to Your Registration and Update of Account Information.

Contact us if you have questions about your Account information or other Personal Data.

We may not be able to provide you with access to your personal information in certain circumstances, such as where your request includes personal information about a third party that cannot be removed, or when the information you are requesting is protected by legal privilege.

Choices Relating to Communication.

Notices, Alerts, and Updates:

Marketing:We may send you marketing content about our Website, Services, and products through various communication channels, for example, email and messaging applications. You may opt out of these communications by following the instructions in the communications you receive.

Informational and Other: In addition to notifications containing critical information and other messages that you request from us; we shall send you communications that are mandated or necessary to transmit to Users of our Services. You may not opt out of receiving these communications. However, you may be able to adjust the media and format through which you receive these notices.

8. User Rights

The right to correction - You have the option to ask the Company to change any data that you think is incorrect. Furthermore, you are entitled to ask the Company to complete any information that you feel is lacking.
The right to deletion - In some circumstances, you may be able to ask that the Company delete your personal data, Bravapay will delete requested personal data unless it is required to maintain the information by law.
The right to request a restriction on processing - In certain circumstances, you may be able to ask that the Company put restrictions on how it uses your personal data.
The right to object to processing - Under some circumstances, you may have the right to object to how the Company is processing your personal data.

Users who voluntarily give Bravapay their personal information required to deliver Services do so in accordance with the Service Agreements of Bravapay Ltd. The Policy and the provisions of this Service Agreements must be followed for the storage, retrieval, transfer, and destruction of the personal data given. Bravapay will respond to your request within the time frame allowed by the relevant privacy law.

9. How Do We Protect Your Personal Data?

Data Encryption: We use encryption technology, such as Secure Socket Layer (SSL) and Transport Layer Security (TLS), to secure data transmission between your device and our servers. This ensures that your data remains confidential during transfer.

Access Control: Only those employees with proper authorization and a need to know are allowed access to your personal information. We implement strict access controls and regularly review access permissions. All access required two factor authentication.

Data Storage: Your data is stored on secure servers with robust security measures. These servers are in secure data centers to prevent unauthorized physical access.

Firewalls and Intrusion Detection: We employ firewalls and intrusion detection systems to monitor and prevent unauthorized access to our network. Unusual activities are promptly investigated.

Data Minimization: We only collect and store data that is necessary for the purpose of providing our services. Unnecessary data is not retained.

Employee Training: Our staff is trained on data protection, security best practices, and privacy policies to ensure the secure handling of personal data.

Data Backups: Regular data backups are maintained to prevent data loss in the event of system failures or other unexpected incidents.

Third-Party Vendors: When we use third-party vendors or service providers who may have access to personal data, we ensure they meet our security and privacy standards.

Data Retention: We retain personal data only for as long as it is necessary for the purpose for which it was collected and as required by applicable laws.

User Responsibilities: You play a crucial role in data security. Protect your login credentials and access codes, and promptly report any suspicious activity to us.

Legal Compliance: We comply with all relevant data protection laws and regulations applicable in our jurisdiction. Your data privacy rights are respected.

10. Can Minors Use Our Services?

Bravapay is committed to complying with applicable laws and regulations, including those related to the protection of minors online. Bravapay Services are intended for individuals who have reached the age of majority in their respective jurisdiction. By using our Services, you represent and warrant that you meet the age of majority requirements in your jurisdiction.

11. Additional Information

Changes to This Privacy Policy.
We may revise this Privacy Policy at our discretion to reflect changes to our business, the Website, Services, or applicable laws. The revised Privacy Policy will be effective as of the published effective date.

If there is a significant change in the new version, we will notify you at least 45 days in advance by posting a notice of the change on the "Policy Update" page of our website. We also may notify Users of the change using email or other means.

Data security breach notifications.
Bravapay makes sure that it manages any actual or suspected issues involving information systems and data under its control in an effective manner.

Bravapay will send emails to customers informing them of any data security breaches that necessitate notifying them.

Therefore, users are required to keep their registered email address up to date. Customers are expected to contact us and provide an updated email address and contact information whenever their email address on file changes. A client consents to receive electronic notice of such a breach by continuing to use Bravapay's Services.

How to contact us
If you have an inquiry about Bravapay's privacy practices or how we and our service providers treat your personal information, please click here to contact us about your Bravapay account or transaction or in relation to any privacy related matter you have questions or concerns about.

Bravapay has policies and procedures to receive, investigate, and respond to your privacy related complaints and questions. We will investigate all complaints we receive and if we find a complaint justified, we will try to resolve it.

If you are not satisfied, you may file a complaint with the Office of the Privacy Commissioner of Canada:

30, Rue Victoria, Gatineau, QC J8X 2A1
Toll-free: 1-800-282-1376
Phone: (819) 994-5444
https://www.priv.gc.ca/en/