Data Protection Policy
ARES Computer Inh. Pascal Papara as a software as a service business takes its responsibilities with regard to the management of the requirements of the EU GDPR seriously.
This Policy is addressed to the Company’s clients as well as to those individuals who will provide their personal data for processing (hereinafter – Data Subjects).
The Company is a Processor of personal data under Article 28 of the EU GDPR and is engaged by the the Company’s client (hereinafter – the Controller) to process his or her personal data for the agreed purpose, established in a separate data protection agreement. In certain cases the Company may serve as the Data Controller under Article 24 of the EU GDPR.
The Company confirms that the personal data are submitted by the Data Subjects directly to the Company’s servers located in the EU, so that our corporate clients outside the EU and EEA would not need to have access to the personal data of the Data Subjects unless it is necessary under applicable laws.
Scope of the Policy
The purpose of this policy is to ensure that ARES Computer Inh. Pascal Papara shall comply with the provisions of German law and the EU GDPR when processing personal data. Any serious infringement will be treated seriously and may be considered under disciplinary procedures.
The company adheres to the principles of data protection as laid down by the EU GDPR. In accordance with those principles personal data shall be not transferred outside the countries of the European Economic Area or the EU without adequate protection and kept only as long as necessary. Service Users can request a deletion of data. Excluded are deletions within contracts signed using aml-now.eu where different laws can apply based on contracts a user has signed with a 3rd party.
ARES Computer Inh. Pascal Papara is responsible for establishing policies and procedures in order to comply with the EU GDPR. The key person in this area is our Data Protection Officer, whose contact info is firstname.lastname@example.org .
Data Protection Officer’s responsibilities
Data Protection Officer holds responsibility for the compliance with subject access rights and ensuring that data is processed in accordance with the Data Protection Act 2018 and the EU GDPR.
Staff members who process personal data must comply with the requirements of this policy. Staff members must ensure seceurity, undisclosing, and swiftly information about data breaches and support to solve breaches with the Data Protection Officer. If uncertain, they need to contact the Data Protection Officer.
Where external companies are used to process personal data on behalf of ARES Computer Inh. Pascal Papara, responsibility for the security and appropriate use of that data remains with ARES Computer Inh. Pascal Papara. Third-party processor may be chosen only when it provides sufficient guarantees about its security measures to protect the processing of personal data.
Specific measures to ensure data protection
Any personal data storage or processing shall be made on the basis of respective Service Agreements, Non Disclosure Agreements and Data Processing Agreements compliant with the EU GDPR.
ARES Computer Inh. Pascal Papara uses an API interface that makes it possible to submit the data directly to the Company’s secure servers. Data is always securely stored on the servers located in German data-centers. All information gathered is secured by pseudonymization and preserveed as long as it is necessary for the clients under applicable European laws.
All persons dealing with personal data shall be officially authorized and must undergo background checks and special periodical training. Additionally the company shall be audited frequently by an security audit institution. Biometic information that is provided to the company will not be disclosed at any point to 3rd Parties.
Data of children will not be processed. The Company tends not to transfer the personal data to or provide access to it from the countries outside the EU and the EEA.
If applicable, the Company complies with certain Asian data protection laws requiring to abstain from collecting and processing the resident registration numbers, passport number and some other data. Relevant zones on identity documents of the nationals of certain Asian countries are hidden in order to protect relevant personal data.
The Company is working on preventing any unauthorized physical access, damage and interference to Company’s information and information processing areas. In particular, the Company has established, removable media blocks, restricted entries for authorised personnel. Data is stored in secured Data-Centers located in Germany.
The Company holds external, independent, penetration tests conducted on a periodic basis.
Our IT and container infrastructure is continuously monitored and audited for change. Critical systems and information are protected with strong authentication mechanisms.All networks connections are protected by firewalls and are monitored by cyber security solutions to detect intrusions and suspicious activity.All our computers servers utilise full disk/volume encryption and are installed with antivirus/malware protection which is automatically updated to the latest version and signatures available. User information is encrypted using AES-256 at rest as well as in transit.
Data protection breaches
Where a Data Protection breach occurs, or is suspected, it should be reported immediately to the Data Protection Officer or the CEO. The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.
Data subjects’ rights
Each Data Subject providing his/her personal data to the Company has the following rights that the Company fully respects:
Right to obtain confirmation as to whether or not his or her personal data are being processed (Article 15 EU GDPR);
Right to obtain rectification of inaccurate personal data without undue delay (Article 16 EU GDPR);
Right to erase personal data or “right to be forgotten” (Article 17 EU GDPR);
Right to restrict data processing, in particular when the accuracy of the data is contested (Article 18 EU GDPR);
Right to receive communications as to rectification or erasure of personal data or restriction on processing (Article 19 EU GDPR);
Right to receive personal data in the form that is machine-readable and ready for transmission to another controller (Article 20 EU GDPR);
Right to object data processing (Article 21 EU GDPR);
Right not to be subject to a decision based solely on automated processing (Article 22 EU GDPR).
The personal data we collect:
name and surname,
passport or any identity card data,
The purposes for collecting personal data
The Company collects and processes the personal data for the purpose of identification and client diligence compliance in accordance with KYC and AML compliance laws governing the intended business relationship.
Also it allows to log-in via 2FA to connected services using your mobilephone.
The Company subjects the personal data to semi-automated reading, verification of the authenticity and other automated processing of photos and scanned copies of documents and with further check against the data in multiple databases, including inter alia International politically exposed persons (PEPs) and Sanctions, Country Specific Sanctions Lists, Criminal Lists, Financial Lists and publicaly released usernames and password combinations to prevent using aml-now.eu for identity stealing. In that cases manual verification vie Video-Ident will be used. If this fails, data will be forwared to authorites as report of suspicious behavior or attempt of a criminal act.
Once the personal data is not any more necessary for the purposes of applicable compliance rules, the Company shall erase the data completely off its servers without leaving any backup copies or, based on the same condition, transfer the data to the relevant Controller.
Consent to personal data processing
This Policy is constantly reviewed and rectified in order to provide best compliance with the EU GDPR and applicable national laws.
If you have any request or complaint regarding the above, or you want to exercise any of the right granted to you by applicable laws, please contact us at email@example.com or via phone +49(0) 203 XXX XXX