Data protection policy

The principles on how Combo Cards processes personal data are described in this Policy.
The Policy applies if you visit our Website or/and use, have used or have expressed an intention to use or are in other way related to any of the services provided by us.

  1. Definitions
    1. “Personal data” means any information about personal or factual circumstances of a specific or identifiable natural person, such as e.g. name and surname, date of birth, place of birth, identification document (including type of identification document, issue date, ID number, issuing authority), address, telephone number, mobile phone number, e-mail address, IP address, online identifier, location data, /images and information on transactions and accounts.
    2. “Policy” means this Data protection policy.
    3. “Processing” means any operation carried out with Personal data (incl. collection, recording, storing, alteration, grant of access to, making enquiries, transfer, etc.).
    4. “Processor” means a natural or legal person, public authority, agency or other body which processes Personal data on behalf of Combo Cards.
    5. “Profiling” means any form of automated processing of Personal data consisting of the use of Personal data to evaluate certain personal aspects relating to you, in particular to analyse or predict aspects concerning that your performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
    6. “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with applicable law shall not be regarded as recipients.
    7. “Third party” means a natural or legal person, public authority, agency or body other than you, we (asa Controller), Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process personal data.
    8. “we”, “us” or “our” or “Combo Cards” means Combo Cards.
    9.  “Website” means website at
    10. “you” or “your” refers to individual who use, have used or have expressed an intention to use or are in other way related to any of the services provided by us.
  2. General provisions
    1. The purpose of this Policy is to inform you about Processing of your Personal data.
    2. By giving us your Personal data, you consent to us processing that Personal data for the purposes stated in this Policy.
    3. We ensure, within the framework of applicable law, the confidentiality of Personal data and have implemented appropriate technical and organisational measures to safeguard Personal data from unauthorized access, unlawful Processing or disclosure, accidental loss, modification or destruction.
    4. We may use authorised Processors for Processing of Personal data. In such cases, we take needed steps to ensure that such data processors Process Personal data under our instructions and in compliance with applicable law and require adequate security measures.
    5. We are not responsible for the processing of Personal data by any person acting as a data controller, and such processing is not covered by this Policy.
  3. Categories of personal data
    1. Personal data may be collected exactly from you, from your use of the services, from external sources (public and private registers, open sources) or other third parties. Personal data categories which we may primarily, but not only, collect and processes are:
      1. Identification data: name, and surname, date of birth, place of birth, identification document (including type of identification document, issue date, ID number, issuing authority), your selfie (photo).
      2. Contact data: address, telephone number, mobile phone number, e-mail address.
      3. Data about tax residency: data about the country of residence, tax identification number, citizenship.
      4. Family data: information about your family and other related person’s.
      5. Professional data: educational or professional career, occupation.
      6. Financial data: accounts and accounts data, payment instruments and payments instrument data, ownership, transactions, credits, income, liabilities, your financial experience and reputation, as well as other related data collected during the provision of services.
      7. Data on origin of assets or wealth: data regarding your transaction partners and business activities.
      8. Data about due diligence: data about payment behavior, data that enables us to perform our due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with national and international sanctions.
      9. Data processing by performing an obligation arising from law: data resulting from enquiries made by investigative bodies, notaries, tax administrators, courts and bailiffs.
      10. Communication data: data collected when you visit us or communicate with us via telephone, visual and/or audio recordings, e-mail, messages and other communication mechanisms, data related to your visit at Website or communicating through other channels (for example, mobile application).
      11. Data related to contractual obligations: the performance or the failure of the agreements, executed transactions, submitted applications, requests and complaints, service fees and charges.
      12. Data about the relationships with legal entities: data for the execution of transactions on behalf of the legal entity in question.
      13. Location data, for example, GPS coordinates.
      14. Information Technology data, for example, IP address, online identifier, information about device.
      15. Special categories of data, for example, Biometric data, such as facial images.
  4. Purposes of processing
    1. We collect your personal data primarily for the following purposes:
      1. the performance of contractual and pre-contractual obligations: handling (processing) of your application for services prior to entering into an agreement; conclusion and execution of agreements; keeping Personal data updated and correct by verifying and enriching through external and internal sources based on performance of an agreement or in order to take steps at your application prior to entering into an agreement or compliance with a legal obligation;
      2. the protection of your und our interest: assurance and examine the quality of services provided by us; providing proof of a transaction or of communication based on the performance of an agreement or in order to process your application prior to entering into an agreement or compliance with a legal obligation or your consent or our legitimate interests to prevent, limit and investigate any misuse or unlawful use or disturbance of our services; our legitimate interest to protect you, our employees, visitors and our and your assets;
      3. the prevention of abuse of services and provision of adequate services to ensure the safety of information and our digital services based on the performance of an agreement or in order to process your application prior to entering into an agreement or compliance with a legal obligation or your consent or our legitimate interests to have control over authorizations, access to and functioning of our digital services; to improve technical systems and IT-infrastructure based on our legitimate interests to improve technical systems and IT-infrastructure;
      4. the ensuring compliance with applicable laws and regulation to which we are subject, including laws and regulation related to tax, prevention of money laundering and funding of terrorism, reporting to competent authorities, and compliance with orders from any court or competent authority;
      5. the execution of transaction through the payment system to execute international transactions or/and domestic payments via credit institutions or/and domestic, European and international payment systems and to comply with rules and obligations of European and international standards and certification schemes based on the performance of an agreement or in order to process your application prior to entering into an agreement or compliance with a legal obligation;
      6. the promotion and marketing of our products and services: offering to you our additional services, including personalized offers, based on your consent or our legitimate interest to offer additional services. The performance of market analyses based on our legitimate interest to improve our services and to develop new products or your consent;
      7. risk assessment and analysis to carry out risk assessments in order to determine which services and on what terms can be offered to you, to comply with applicable law relating to risk assessments, capital requirements, internal calculations and analyses based on the performance of an agreement or in order to process your application prior to entering into an agreement or compliance with a legal obligation or our legitimate interests to a sound risk management.
    2. Providing your Personal data to us is optional. However, if you choose not to provide certain Personal data to us, we may not be able to deliver products or services to you.
    3. To better target advertisements, improve, and market our products and services, and for other promotional purposes, we may reasonably transform personal information into de-identified information removing or masking information that could be used to identify you and by aggregating or combining de-identified data with other information. If you don’t want us to use your data in anonymized or aggregate form for promotional purposes, contact us at
  5. Profiling and automated decision making
    1. Profiling is used to make analysis for advice, for automated decision-making about conclusion of the agreement and/ or continuation of the agreement, for risk management, for transaction monitoring to counter fraud and is based on our legitimate interest, compliance with a legal obligation, performance of an agreement or consent from you.
    2. Unless direct marketing has been restricted by you, we may process Personal data for the purpose of providing general and personalized offers of our services. Such marketing may be based on services you use and on how you navigate in digital channels.
    3. For personal offering and marketing based profiling, we ensure that you can make choices and use a convenient tool to manage your privacy settings.
  6. Processing of personal data
    1. Personal data will be processed by our employees and officers.
    2. Personal data may also be transferred to authorised Processors who act for or on our behalf, for further processing in accordance with the purpose(s) for which Personal data were originally collected. These Processors have contracted with us to only use your Personal data for the agreed upon purpose, and not to sell your personal information to third parties, and not to disclose it to third parties except as may be required by law, as permitted by us or as stated in this Policy.
  7. Recipients of personal data
    1. Personal data may be shared with other Recipients, such as:
      1. authorities (for example, supervision authorities and financial intelligence units, law enforcement authorities, bailiffs, notary offices, tax authorities);
      2. credit and financial institutions, intermediaries of financial services, third parties involved in execution of the transaction, settlement and reporting cycle;
      3. participants and/or parties related to domestic, regional and international payment systems, such as SWIFT;
      4. third parties that supervise and audit our operations;
      5. third parties maintaining registers (for example, credit registers, population registers, commercial registers);
      6. other persons who provide services to us, such as postal services.
    2. We may be legally required to disclose user personal information, if such disclosure is:
      1. required by subpoena, law, or other legal process; 
      2. necessary to assist law enforcement officials or governmental authorities; 
      3. necessary to investigate violations of or otherwise enforce our Terms of Use; 
      4. necessary to protect us from legal action or claims from third parties including users; and/or 
      5. necessary to protect the legal rights, personal/real property, or personal safety of our company, customers, third party partners, employees, and affiliates.  
    3. We will refuse government and law enforcement requests for personal information if we believe a request is too broad or unrelated to its stated purpose. However, we may decide to cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.
  8. Retention period
    1. Your personal data will not be stored for a time period exceeding the necessary term to the purpose of their collection, according to applicable law.
  9. User Rights and Responsibilities
    1. As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request that such information be deleted. You may amend or remove your account information at any time, using the tools provided in your account control panel.
    2. You are entitled to restrict or object to our use of your data, while retaining the right to use your personal information for your own purposes.
    3. If you ask us to delete specific personal information, we will honor your request unless deleting the information prevents us from billing for our products and services, conducting required audits, or carrying out other legitimate business functions, or we are required by law or contractual obligation to keep that information.
    4. Please feel free to contact us if you have any concerns or questions about how we handle your data and personal information at
  10. Data Processing and Data Storage
    1. The personal information we collect is stored and processed in any country in which Combo Cards, its subsidiaries, affiliates, or service providers operate. We only transfer user data within jurisdictions subject to data protection laws that reflect our commitment to protecting the privacy of our users.
    2. We only retain personal information for as long as necessary to provide our services. While we retain personal information, we will protect it by applying commercially acceptable means to prevent loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. That having been said, we would like to remind users that no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security of personal information.
    3. Whenever users request us to delete their personal information, or where user personal information is no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.
  11. Use of cookies and web beacons
    1. We may use Cookies. “Cookies” are small text files sent by a Website or mobile application (if you use it) so that the Website or mobile application can recall who you are; they serve as a memory, therefore, enabling a Website or mobile application to remember users who have already visited the site. Such cookies are stored on your access device.
    2. Our website uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
      1. Necessary cookies – vital to the basic performance of our website, like page navigation and access to secure areas of the website. These cookies identify you when you log in to your account. They enable critical authentication and validation, allow you to move freely through our website and use our services as you wish. These cookies are activated when you visit our website and remain active for the duration of your visit.
      2. Preference cookies – these cookies track which pages you visit frequently and how you use the website (including error messages), its links and help us provide you with a better service. These cookies are not used to collect your personal information for advertising purposes.
      3. Statistic cookies – these cookies help us to understand how visitors interact with the websites by collecting and reporting information anonymously.
      4. Marketing cookies – these cookies help us with our marketing and delivery of online advertising. We can use these cookies to promote our services or to display ads that are relevant and engaging for you and thereby more valuable for third party advertisers and us. Our advertising partners and we cannot gain personally identifiable information from these cookies.
      5. Third-party cookies – when you visit a web page within our website it is possible that they will place cookies on your device. We have no control over these cookies.
    3. If you want to restrict or block cookies set by our website, or delete existing cookies, you can do this in your browser settings. Your browser's help function or mobile phone guide must indicate how to do it.
  12. Links to other websites
    1. Our Website may contain links to websites operated by third parties. When connecting to such other websites you will no longer be subject to this Policy but to the privacy and data protection policy of the other website. We are not responsible for the privacy and data protection practices of these other websites and we encourage you to read the privacy and data protection statements of each website you visit, which may collect personal information.
  13. Changes to this policy
    1. At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our Website. Continued use by users of our Website after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.