PRIVACY POLICY

Last updated: October 7, 2023

1. Introduction.GateWellPayments LTD cares about your privacy and the protection of your Personal Data.This Privacy Policy (“Notice”) explains the general principles on how the GateWellPayments LTD, its licensors, affiliates (“GATEWELLPAYMENTS”, “we”, “our” or “us”), collect and use information when you visit our website at winway.one(“Website”), use any of our services (“Services”) that we provide to you, or if you interact with us in any other way, e.g. contact us via social media pages. This Notice explains what Personal Data we collect from you, through our interactions with you or your organization and through our Website, products or services, and how we use it. It also describes your choices regarding access, correction, and erasure of your personal information.By communicating with us through the Website or our Services, you (“you,” “your”, “client”, “client representatives”, “data subject”) may be explicitly asked to confirm acceptance of this Notice.Reference in this Notice to “your Personal Data” means any information that can be used to directly or indirectly uniquely identify, contact, or locate you as a private individual (“Personal Data”).We process Personal Data under this Notice and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) (“GDPR”) and the national data protection laws, as applicable towards the GateWellPayments LTD (“Data Protection Law”).

2. The Scope of the Notice.2.1. This Notice describes how we process Personal Data in connection with:2.1.1. all matters related to you as a data subject, such as the obtains Personal Datafrom the forms filled out on the Website, browsing our site, providing the information, taking steps prior to entering the agreement with you, your organization and further processing for the performance of the agreement;2.1.2. our Demo Mobile App or Web Demo on the Website, other events,and marketing initiatives;2.1.3. cookies that are used on our Website or live chat operation;2.1.4. all our statutory obligations with respect to the GDPR, any relevant Data Protection Law, and any other laws and regulations that may be applicable to us.

3. Principles of Personal Data processing.3.1. We adhere to the principles of Personal Data protection as envisaged in the GDPR and Data Protection Law and in accordance with these principles, Personal Data is:3.1.1. Processed fairly and lawfully and in a transparent manner in relation to the data subject;3.1.2. Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;3.1.3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;3.1.4. Kept accurate and up to date;3.1.5. Retained in a form permitting identification of Data Subjects for no longer than is necessary for the purposes for which they are processed;3.1.6. Not retained longer than necessary;3.1.7. Processed in a manner that ensures appropriate security;3.1.8. Provide training and support for staff who oversee Personal Data; and3.1.9. Responding appropriately when data subjects seek to exercise their statutory rights of access, correction, and objection.

4. The legal basis for processing your Personal Data.We process your Personal Data on the basis of:• your consent;• contractual relationship between us;• legal obligations to which we are subject to; and / or• our legitimate interest to ensure the quality of our services, ensure security, protection of our financial interests, ensure risk management, spread information about our services and events, keep business relationships with our clients, partners and third parties, provide good customer service, understand and improve how private individual are using our Website.We limit the processing of your Personal Data to the scope of purpose for which the data was collected. In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time. However, it may limit the services offered to you if the collection and processing is required by the law.Access to your Personal Data will be restricted to personnel who are required to process the Personal Data to fulfil their professional responsibilities and their duties to you as the Data Subject. Your Personal Data shall not be stored or processed longer than necessary with respect to the data processing purposes that we have referred to as referred above.We have taken the appropriate technical and organizational measures to ensure the secure processing of your Personal Data. Your Personal Data shall be processed in such a manner to ensure confidentiality and data integrity.

5. Categories of Personal Data we process, purpose and legal basis for processing.5.1. Regarding the Services, we may process the following categories of your Personal Data:5.1.1. Consent to Personal Data processing.Personal Data shall be processed with the consent of the data subject. Giving consent, the data subject shall accept the Privacy Policy by opt in box “I agree with the Privacy Policy” or consent must be obtained in writing or electronically form for the purposes of documentation.5.1.2. Personal Data processing for a business relationship.Your Personal Data can be processed in order to establish, execute and terminate a business relationship agreement. Prior to an agreement – during the agreement initiation phase – Personal Data can be processed to prepare bids or purchase orders to the service or to fulfill other requests and consultations that relate to agreement conclusion and to be contacted during the agreement preparation process using the information that You have provided. Any restrictions requested by the You must be complied with.We process the following Personal Data for this purpose: Name and Surname, Phone, Email address, IP-address, personal description.5.1.3. Personal Data processing for marketing purposes.We may send you information materials, news or events related to our services, as well as information about the most current events and any upcoming events related to our services that may be interested to you. Your Personal Data can be processed for marketing purposes or market and opinion research, provided that this is consistent with the purpose for which the data was originally collected. The data subject must be informed about the use of his/her Personal Data for marketing purposes and must provide us with consent via his/her email address or phone number.If Personal Data is collected only for marketing purposes, the disclosure from the data subject is voluntary and shall be informed that providing Personal Data for this purpose is voluntary.If the data subject refuses the use of his/her Personal Data for marketing purposes, it can no longer be used for these purposes and must be blocked from use.We process the following Personal Data for this purpose: Name and Surname, E-mail address, phone number.5.1.4. Personal Data processing pursuant to legal obligations.The processing of Personal Data is permitted if the legislation requests, requires or allows this. The categories and extent of Personal Data processing must be necessary for the legally authorized data processing activity and must comply with the relevant statutory provisions and regulations.5.1.5. Personal Data processing pursuant to legitimate interest.Personal Data can also be processed if it is necessary for a legitimate interest of the GATEWELLPAYMENTS. Legitimate interests are generally of a legal (e.g. collection of outstanding receivables, in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights, your legal rights and the legal rights of others) or commercial nature (e.g. avoiding breaches of agreement) or improvement of our service. Personal Data may not be processed for the purposes of a legitimate interest if, in individual cases, there is evidence that the interests of the data subject merit protection, and that this takes precedence. Before Personal Data is processed, it is necessary to determine whether there are legitimate interests that merit Personal Data protection.5.1.6. Personal Data processing using Cookies.We use cookies to obtain information about your use of our Website. Cookies allow us to provide you with a more streamlined and accessible experience when using the Website. The information does not comprise any data that would allow us to individually identify you as a natural person. We will process your Personal Datausing cookies for the duration of the period in which you have granted us consent. For further information, please see GateWellPayments LTD Cookie Policy on Website.With regard to each of Your visits to our Website, we may automatically collect the following information:• technical information, including the Internet protocol (IP) address used to connect Your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;• information about Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products You viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.5.1.7. Automated decision-making and profiling.Automated Personal Data processing of Personal Data (i.e. profiling) that is used to evaluate certain aspects (e.g. evaluating specific related the data subject of personal aspects, especially for the analysis or prediction of aspects in connection with the behavior, financial condition, performance of the data subject,) cannot be the sole basis for decisions that have negative legal consequences or could significantly impair the data subject. The data subject shall be informed of the facts and results of automated individual decisions and the possibility to respond.Taking into account the results of profiling, our employees may perform additional supervision or analysis of a data subject and take an individual decision. However, in some situations, the offer to receive an additional service or to change the cooperation conditions can be sent to a client automatically.5.1.8. Special category of Personal Data.We do not seek to collect or process sensitive Personal Data for You. If at any time we will need to process such sensitive Personal Data in the future due to the changes in the purposes of Personal Data processing, the processing shall be carried out in accordance with the principles set out in the GDPR and Data Protection Law.5.1.9. Processing of children’s Personal Data.Our Notice is not to knowingly provide services to or collect Personal Data and information from persons under 18 years of age. Our Website is not directed or intended for children under this age. If you are under 18 years of age, you should not provide Personal Data or information on our Website. If you are the parent or guardian of a person under the age of 18 whom you believe has disclosed Personal Data or information to us, please immediately contact us at info@gwp.digital so that we may delete and remove such person’s data from our system.

6. Your rights subject to Personal Data processing.We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.You may, at any time, exercise the following rights with respect to our processing of your Personal Data:a) Right to access: You have the right to request access to any data that can be considered as your Personal Data. This includes e.g. the right to be informed on whether we process your Personal Data, what Personal Data categories are being processed by us, and the purpose of our data processing;b) Right to rectification: You have the right to request that we correct any of your Personal Data if it is inaccurate or incomplete;c) Right to object: You are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for marketing purposes or when we otherwise base our processing of you on legitimate interest;d) Right to erasure: You may also request that your Personal Data be erased subject to certain statutory exceptions if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data should be erased to enable us to comply with a legal requirement;e) Right to data portability: If we process your Personal Data based on your consent or on the basis of a mutual contractual relationship, you may request that we provide you with that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may also request that the Personal Data shall be transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;f) Right to withdraw your consent: In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time;g) Opt-out from marketing: We will also give you the opportunity to opt out of our communication with you whenever we send you information about us, the events that we organize or any other information that we believe may be of interest to you. Additionally, you can also opt out at any time by contacting us.When providing Services to your, there may be circumstances where our statutory obligations that will prohibit us from disclosing or erasing the Personal Data that we store and process. Moreover, such laws, regulations or rules may prevent you from exercising other data subject rights as well.If you have complaints on how we process your Personal Data, or you would simply like to know more about our Personal Data processing activities, feel free to contact us at any time by using the information noted below.For questions or concerns relating to the processing of your Personal Data and this Notice, please contact us either by emailing to to our designated Data Protection Officer at info@gwp.digital or at the GATEWELLPAYMENTS registered address: Lielirbes street 17A-22, Riga, Latvia, LV-1046;If cooperating with us cannot achieve the realization of your data subject’s rights, you do have the right to lodge a complaint with a Data Protection Authority (“DPA”), The Data State Inspectorate in Latvia: http://www.dvi.gov.lv/en/ if you think that your Personal Data is being processed incorrectly or your data subject’s rights have been violated by us. You can lodge a complaint by contacting the DPA that is local to your jurisdiction i.e., the location of the alleged violation of your data subject rights or the inappropriate processing or your data, or the place you live and work.

7. The Recipients of Personal Data.When providing our services to our clients, we may be obliged to transfer Personal Data to third parties. This may include data transfer in the context of our services or legal procedure and litigation, as well as generally any services that we offer to our Clients.However, outside of the provision of our services, we do use the services of certain third parties to ensure the functionality of our services and the Website. We are required to transfer your Personal Data to these third-party service providers, including, but not limited:• ​Business partners, suppliers and sub-contractors for the performance of any agreement we enter into with You or them;•​ Advertisers and advertising networks that require the data to select and serve relevant adverts to You and others on the internet;• ​IT services, accounting, security or translation services providers;•​ our associates, audit firms, legal service providers, agents, attorneys or other representatives for compliance with legal obligations to which we are subject or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;• ​in the event that we sell or buy any business or assets, in which case we may disclose Personal Data to the prospective seller or buyer of such business or assets;• ​If we are under a duty to disclose or share Personal Data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use of our Website or any other agreements or to protect our rights, property, or safety, or those of our clients, or others.We have ensured that all third-party service providers to whom we transfer your Personal Data will follow our instructions with respect to how they process your Personal Data. The transfer of your Personal Data is regulated by the data processing agreements or data processing terms that exist between us and third-party service providers. Any third-party service providers, as data processors, must ensure that they process your Personal Data with the same level of care and diligence as we do and are legally liable to you and to us if the data processors act contrary to those warranties. Furthermore, these third-party service providers are required to implement technical and organizational measures to ensure an equal level of data protection to the one that we bring to our data processing efforts.We will take all necessary precautions to ensure that your Personal Data is treated securely and in accordance with the applicable GDPR and Data Protection Laws. For example, we may transfer your Personal Data based on:• an adequacy decision by the European Commission;• standard data protection clauses elaborated by the European Commission;• standard data protection clauses elaborated by a DPA;• using other applicable safeguards and derogations where it is allowed by the GDPR and Data Protection Laws.Please note that in cases when we transfer or disclose information to any third parties, we always carefully consider the conditions under which Personal Data shallbe processed and stored after transfer to other entities both in European Union (EU)/European Economic Area EEA) and outside EU/EEA.

8. Security measures and technical solutions.We take reasonable measures, including administrative, technical and organizational, to ensuring physical and environmental security of Personal Data, encrypting Personal Data, providing computer network protection, personal device protection, data backup and other protection measures thus also protecting your Personal Data from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction.Within the framework of processing of your Personal Data, access to your Personal Data is restricted to our authorized staff who need it for the performance of their work duties and who process your Personal Data in compliance with the technical and organizational requirements for the processing of Personal Data specified in the GDPR and Data Protection Law. We regularly audit and test systems, train and instruct our staff, and also defines areas of responsibility in the processing of Personal Data.In the event that Personal Data in our possession or under our control is compromised as a result of a security breach (such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of Personal Data) we shall promptly take appropriate and reasonable steps to mitigate the effects of such a security breach, to the extent such efforts are within our reasonable control.Within the framework of the data protection system, appropriate processes have been developed to investigate any incident related to the security of Personal Data, which, if necessary, provide for notifying us.

9. Personal Data storage and retention.We will retain your Personal Data for no longer than is necessary for the purposes for which Personal Data shall be collected and processed for.Please note that after the retention period or if the legal basis for processing has ceased, we have the right to retain the documents and materials containing the Personal Data in its backup systems, from which the Personal Data will be deleted in the end of the backup retention cycle. We ensure that during the backup period and after the retention period or ceasing of the legal basis, applicable safeguards are in place, the Personal Data is put beyond use in the backup systems and the Personal Data are subsequently deleted as soon as possible, i.e., on our next deletion/destruction cycle.

10. Amendments to the Notice.We may amend this Notice to reflect changes in our processing methods and the best practices of data protection. If the Notice has been changed in any way, then the newest edition of this Notice will be published on our Website and, when changes are material, we will alert you. Your use of our Services after this Notice has been amended will be deemed to be your acceptance of the terms of this Notice, as amended.

11. Contacting us.If you have any questions regarding this Notice, please contact us using the information below:
GateWellPayments LTD
Company number 40203338114;
Lielirbes street 17A-22, Riga, Latvia, LV-1046;
E-mail:info@winway.one
Phone: +371 26555167