“Global Innovations” LLC
Privacy Policy
General Provisions
This Privacy Policy regulates the collection, use, storage, and protection of personal data of users and visitors of the “Epoint” platform (hereinafter referred to as the “Platform”) and the Company’s website, created by “Global Innovations” LLC (hereinafter referred to as the “Company”) for the provision of services related to its activities.
This Privacy Policy has been prepared in accordance with the Law of the Republic of Azerbaijan “On Personal Data” and other relevant legislative acts.
The Company is responsible for processing the personal data of users and visitors of the Platform and the website in accordance with applicable legislation.
Purpose of Processing Personal Data
The Company processes personal data for the purpose of providing services and fulfilling its obligations in accordance with the relevant context. The Company does not intend to use personal data for purposes not предусмотренные by law and bears responsibility in this regard.
Collection of Personal Data
The Company collects personal data directly or in the manner prescribed by applicable legislation with the consent of the personal data subject.
Main Definitions Used
The following key definitions are used in this Privacy Policy. Any terms not defined herein shall be interpreted in accordance with applicable legislation.
Personal data – any information that directly or indirectly allows the identification of a person
Personal data subject – an identified or identifiable natural person whose personal data is collected, processed, and protected
Operation – the execution of actions requested by the parties for the purpose of using services provided through the Platform
Partner – a party acting as a supplier of services provided through the Platform
Business entity – a party automating its activities through the Platform
End user – a party making payments and other transactions through the Platform without registration
Operator – a party carrying out transactions through the Platform on behalf of other parties
Collection and Processing of Personal Data
The collection and processing of personal data by the Company is carried out according to the user’s role on the Platform and the transactions performed.
With regard to end users, the Company does not directly obtain any personal data. The information specified below is received from a partner bank during transaction processing through the Platform. The Company receives the cardholder’s first and last name and an encrypted 16-digit PAN from the partner bank. The obtained personal data is processed for investigating possible transaction errors, identifying and resolving such errors, combating fraud, and AML/CFT purposes.
Personal data related to business entities is collected during registration on the Platform. In accordance with regulatory requirements, personal data related to directors, beneficial owners, and operators is also collected and processed. During these activities, the Company directly obtains from the merchant the director’s name, date of birth, ID card series and identification number, operators’ names, surnames, ID card series and FIN codes, and personal data related to beneficial owners. The obtained personal data is processed for investigating possible transaction errors, identifying and resolving such errors, combating fraud, protecting user rights and interests, and AML/CFT purposes.
Through the integrated “Google Analytics” tool, visitors’ IP addresses are collected to improve service quality and adapt the system to user experience needs.
Storage and Protection of Personal Data
The collected personal data is protected in accordance with applicable legislation and stored for at least 5 years or for the maximum possible period as required by law. The Company operates under the supervision of relevant authorities and implements technical infrastructure, information security measures, and other management systems based on best practices. Documents confirming the Company’s compliance are published in a dedicated section of the official website.
Transfer of Personal Data
The transfer of personal data to Partners for the purpose of providing services is not excluded, subject to the user’s consent. In all cases, it is ensured that the receiving parties undertake obligations regarding the protection of such data, and the Company guarantees that personal data will not be transferred to third parties except in cases предусмотренные by applicable legislation.
Archiving and Deletion of Personal Data
The archiving and deletion of personal data is carried out by the Company in accordance with the legislation of the Republic of Azerbaijan.
If the personal data subject submits a request for deletion of personal data and such deletion is possible, the Company shall carry it out and bear responsibility for fulfilling the request, or provide a justified refusal.
Updates to the Company’s Privacy Policy
The Company’s Privacy Policy is regularly updated, and all parties are informed of amendments and additions through notifications on the Platform. The planned date for updates to this policy document is indicated in advance in a dedicated section of the system.
Rights of the Data Subject
The personal data subject has the right to refuse consent for the collection of personal data, request the deletion of already collected data, submit complaints to the Company regarding the protection of personal data, and obtain detailed information from the Company regarding the matters specified in this Policy.
Contact Information
To submit complaints to the Company regarding the protection of personal data, you may contact the following email address: [email protected]
To file complaints regarding personal data protection, you may also contact the Central Bank of the Republic of Azerbaijan using the following phone numbers:
Contact numbers: (+994 12) 966 (Hotline), (+994 12) 493 5058
