Respecting the right to privacy of those who entrusted EPMAP Ltd, we would like to declare that we process the data collected in accordance with applicable regulations and under conditions ensuring their security.
In order to ensure the transparency of the processing that we carry out, we present the current EPMAP Ltd, the principles of personal data protection, established on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “the GDPR”).
The Controller, i.e. the entity deciding on the purposes and means of personal data processing is the EPMAP Ltd. – a private company limited by shares incorporated in the Republic of Cyprus under registration number HE388513, with it registered seat at Modestou Panteli 4, 4003 Limassol, Cyprus and using the trade name of MAPePay. In matters related to the processing of your personal data, you may also contact us by e-mail at: dpo@mapepay.eu
In the performance of our business functions, we process personal data for the following purposes:
| Purpose of processing | Legal basis and retention period | Legitimate objective, if any |
| Conclusion of the contract and performance of the contract with the customer, legitimate interests of the Controller. | Article 6(1)(b) and (f) GDPR For the duration of the contract, and at the end of the contract until the expiry of claims arising therefrom, in principle 3 years, maximum 6 years. | EPMAP Ltd in connection with actions taken to conclude the agreement or its execution, contacts the employees/cooperators of clients and contractors for a justified purpose. |
| Dealing with complaints. | Article 6(1)(b) and (c) GDPR For a period of 3 years after the settlement of the complaint. | N/A |
| Recovery of debts or defense against legal claims | Article 6(1) (b) and (f) GDPR For the duration of the proceedings for the assertion of claims, i.e. until they are finally concluded, and in the case of enforcement proceedings until the claims are finally satisfied. | The Controller, in connection with the assertion of claims or defense against any legal claims, any litigation, may process the data of employees/cooperators of customers or contractors for a legitimate purpose. |
| Archiving of documents, i.e. contracts and settlement documents | Article 6(1)(c) GDPR For the periods indicated by law, or, if not indicated for certain documents, for the period until their storage falls within the legitimate objective of the Controller regulated by the time of possible redress | N/A |
| Conducting marketing activities without using electronic means of communication | Article 6(1)(f) GDPR Until you object, i.e. show us in any way that you do not want to stay in contact with us and receive information about our actions | Conducting marketing activities to promote our business. |
| Conducting marketing activities using electronic communication means | Article 6(1)(a) and (f) GDPR These activities, due to other applicable regulations, are in some instances carried out on the basis of the consents held. Until such time as you withdraw your consent, i.e. show us in any way that you do not wish to remain in contact with us and receive information about the actions we take, and after it is revoked for the purpose of demonstrating that we have properly fulfilled our legal obligations and in connection with potential related claims (up to 6 years after withdrawal of consent) | Conducting marketing activities to promote our business using e-mail addresses and telephone numbers. |
| Conducting recruitment | Article 6(a), (b), (c) and (f) GDPR Up to 6 months from the end of the recruitment process, and in the case of consent to further recruitment processes no longer than one year. | The Controller without the additional consent of the data subject may store the data of candidates for work who have not been recruited until 6 months after the end of the recruitment process based on the legitimated interest of the Controller due to the fact that the employed employee/co-employee may not prove himself/herself at the position or may resign. |
| Human resources management – employees and associates | Article 6(1)(a), (b), (c) and (f) GDPR Article 9(2)(b) GDPR In accordance with the applicable regulations obliging to archive labor law, social security, tax or other employment documents. If the period of storage of selected documents is shorter, the Controller will observe this shorter period. In the case of commercial contracts, these contracts will be kept until the expiry of the limitation periods for filling claims arising from them. | The processing for CCTV purposes is made under the legitimate interest of the Controller |
| Money laundering and terrorist financing | Article 6(1)(c) of the GDPR The processing of data is necessary to fulfil a legal obligation to the Controller. Pursuant to applicable regulations on preventing money laundering and financing terrorism, obliged institutions shall keep the documentation concerning the client as specified in the applicable laws. | N/A |
If the time limits for the assertion of possible claims are shorter than the periods for storing settlement documents for tax purposes, we will keep these documents for the time necessary for tax and settlement purposes as specified in the applicable regulations.
Data recipients
In connection with the operation of EPMAP Ltd will disclose your personal data to the following entities:
Rights regarding the data processing and voluntary submission of data
Each person whose data is processed by EPMAP Ltd is entitled to:
Moreover, the person whose data is processed by EPMAP Ltd has the right to lodge a complaint with the supervisory authority, i.e.:
Do you have to provide EPMAP Ltd with your personal data?
The data is necessary for the conclusion of agreements and settlement of the conducted business activity and for EPMAP Ltd to meet the legal requirements. This means that in order to use the services offered by EPMAP Ltd or become its employee/cooperator you must provide your personal data.
For the rest (in particular for the purpose of data processing by EPMAP Ltd for marketing purposes) the provision of data is voluntary.
Transfers of data to third countries
The provision of services by EPMAP Ltd may require the transfer of personal data to entities providing services to EPMAP Ltd in other countries, including countries outside the European Economic Area. In case of transfer to countries which do not provide an adequate level of personal data protection, EPMAP Ltd applies safeguards in the form of standard data protection clauses adopted by the European Commission. The data subject has the possibility to obtain a copy of his or her data.
Processing of personal data by automated means
Your personal data may be processed in an automated manner (including profiling).
MAPePay – Copyright © 2024-2025. All rights reserved.
MAPePay is a brand name of EPMAP Limited, a company registered in Cyprus with registration No. ΗΕ 388513, authorised as an Electronic Money Institution (EMI) by the Central Bank of Cyprus (CBC) with license No. 115.1.3.32 /2021.
Support: info@mapepay.eu Telephone: +357 22 254 989
Address: Sofouli 2, Chanteclair Building, 6th Floor, Office 602, 1096 Nicosia, Cyprus.
Apple, the Apple logo, iPhone, iPad, and iPod touch are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc., registered in the U.S. and other countries. MAPePay application is not affiliated with, endorsed by, or sponsored by Apple Inc.
