Personal Data & Information Security Policy

The website you visit belongs to WorldBridge – Payment Institute SA with the distinctive title PayLink (head office: 42 Zalokosta Street, Chalandri p.c. 15233, Greece, Business Registry No 001056101000), contact phone 2109005000, (hereinafter referred to as ”Company”).

    I.        Information Security Policy

The protection of information and their processing systems is of strategic importance for the Company in order to achieve its short-term and long-term goals and at the same time, to ensure the protection of personal data of customers who receive its services and all other entities, the personal data of which he manages (employees, agents, suppliers).

The Company recognizes the importance of information and information systems for the execution of its business functions, applies the Information Security Policy to:

  • Ensure the confidentiality, integrity and availability of the information it manages.
  • Ensure the proper operation of its information systems.
  • To timely manage incidents that may jeopardize the Company’s operations.
  • To comply with the legal and regulatory requirements.
  • To improve the level of Information Security on an ongoing basis.

Therefore the Company:

  • Has the appropriate organizational structure to monitor issues related to Information Security.
  • Defines the technical means to control and restrict access to information and information systems.
  • Determines the classification of information according to its importance and value.
  • Describes the necessary actions to protect the information during processing, storage and transfer.
  • Determines the information and training of the employees and Associates of the Company in Information Security.
  • Determines the management of Information Security incidents.
  • Describes the means to ensure the business continuity in cases of malfunction of information systems or in cases of disasters.

The Company periodically makes information security risk assessments and adopts the necessary measures to manage those risks. Applies an assessment framework to evaluate the effectiveness of Information Security procedures which provides performance indicators, describes the methodology measurement and provides periodic reporting, which are reviewed by the Management in order to continuously improve the system.

The Information Security Officer is responsible to oversee and monitor the Information Security policies and procedures and take the necessary initiatives to eliminate all those factors that could jeopardize the availability, integrity and confidentiality of its information.

All employees of the Company, its Associates and any other third parties who have access to the Company’s information and information systems, are responsible to comply with the Information Security Policy.

The Company is committed to the ongoing monitoring and compliance with the regulatory and legislative framework and to apply and improve the efficiency of the Personal Data Management System and Information Security.

I.          Personal Data Protection Policy

The Company as Data Processor recognizes the criticality of the protection of personal data of individuals and their lawful and appropriate processing. In this context, the Company complies with the basic principles of personal data processing, respects the rights of individuals and ensures that the personal data in its possession:

  • are collected for specific, explicit and lawful purposes, as recorded in the Data Processing Record, and are collected with the consent of the natural person where required.
  • are processed only for the purposes for which they have been collected and / or for legal and regulatory reasons and / or to defend the legal interest of the Company.
  • are not further processed for another purpose.
  • are appropriate, relevant and limited to the minimum necessary for processing purposes.
  • are legally processed in accordance with the rights of natural persons, are accurate and are updated, when required and especially before critical decisions are made for natural persons.
  • are not stored for a period longer than that required for the purpose of processing and / or for the compliance of the Company with legal and regulatory obligations.
  • are safely stored from unauthorized access, loss or destruction.
  • are transmitted to third parties only under the condition that an adequate level of protection is ensured.

All the Company’s employees as well as third parties who perform personal data processing operations on behalf of individuals comply with the above.

The Company in order to ensure the above:

  • implements a Personal Data Management and Information Security System that covers all its activities for monitoring and controlling the implementation of this policy, as well as evaluates its effectiveness in terms of compliance with the regulatory framework and best practices for the protection of personal data.
  • implements procedures to meet the rights of individuals.
  • informs individuals in a clear manner about the processing of their personal data.
  • applies the personal data management to all corporate operations and procedures related to their processing.
  • has defined roles and responsibilities related to data management.
  • provides clear instructions to its employees and third parties who perform work on its behalf for the secure use and transmission of data in accordance with the Personal Data Management System.
  • ensures that the transmission to and the processing of data by third parties is carried out in accordance with the regulatory framework for data protection as well as this policy.
  • plans, adopts and monitors the implementation of a system of indicators and targets for the safe and legal management of data.
  • invests in the continuous training, awareness and education of its employees in matters of personal data protection as well as in the continuous improvement of know-how and its dissemination to all staff.
  • has all the necessary resources for the effective implementation of the Personal Data Management System.
  • has appointed a Data Protection Officer.
  • communicates this policy to all staff and ensures its continuous upgrading, in order to achieve full compliance with the applicable regulatory framework.

The Company is committed to the ongoing monitoring and compliance with the regulatory and legal framework and the ongoing implementation and improvement of the efficiency of the Personal Data Management System and Information Security.