CSC Group

PRIVACY POLICY & LEGAL

General

This Privacy Policy describes the type of personal information we collect from our Clients and sets out the terms on which we use and process that information.

"Personal data" means any information relating to an identified or identifiable person ("Data Subject"). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: name, a photograph, address, an e-mail, an identification number, location data, an online identifier (e.g. IP address), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

CSC Europe Limited ("CSC Europe" and/or "CSC") considers the protection and security of personal information a fundamental right of each individual and takes the processing of such information responsibly. This Privacy Policy determines our obligations on one side and Clients' rights on the other, as provided by the EU General Data Protection Regulation ("GDPR"), which came into force on 25 May 2018 and was made directly applicable to all EU Member States. The Policy also follows the requirements of the Law Providing for the Protection of Natural Persons with Regard to the Processing of Personal Data and for the Free Movement of Such Data (Law 125(I) of 2018).

Why We Collect Personal Information

CSC Europe Limited is an Electronic Money Institution operating under license No. 115.1.3.2 granted by the Central Bank of Cyprus.

As a regulated financial company, we collect Customers' data in order to comply with our legal obligations laid down by the rules governing our operations. CSC Europe uses personal information to identify and verify Customers, support proper management of accounts and transactions, and effectively reduce any exposure to fraud.

Our registered head office is located at:
23, Zachariadhes Court,
15, Nicodemou Mylona Street,
Larnaca, 6010,
Cyprus.

Please contact us if you have any questions about how your personal information is used by us at CSCGRP-Compliance@cscgroup.com or by writing to us at the registered address specified above.

Your Consent

By using our websites and our services, you agree to and accept the terms of this Privacy Policy and consent to the collection and use of your personal information in the manner described herein.

You also warrant that all data provided by you in the course of our business relationship is accurate and up to date.

Notification of Changes

This Privacy Policy may be revised over time and we may change this Privacy Policy at any time by posting a revised version of it on our website.

Unless we have legal grounds to do otherwise, we will provide you with at least 30 days' prior notice of the effective date of the revised Privacy Policy. We may post the notice on our website and/or send you the notice by e-mail. As of the effective date of the revised Privacy Policy, you will be considered as having consented to all changes to the Privacy Policy.

If you disagree with the terms of this Privacy Policy, you may end our agreement and close your account at any time. We encourage you to visit the Company's website periodically so as to keep updated on any subsequent changes in our Privacy Policy.

This policy was last updated on 2nd October, 2025.

Type of Personal Information and Documents We Collect

We collect personal information and documents about you when you apply to become a Client and open an account with CSC Europe. This information may include:

  • your name

  • date of birth

  • nationality

  • home address

  • details on occupation

  • contact information such as phone number and email address

  • identity verification information, including images of your government-issued identity document (passport, national ID card, or driving license)

  • residence verification information such as utility bill details or similar information

In some circumstances we may conduct a background check on your financial situation by obtaining information about your business and source of wealth, in order for us to comply with our legal obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Laws of 2007-2022 and the relevant Directives of the Central Bank of Cyprus.

Using Your Device

When you use CSC Europe services using any device, we may additionally collect and store device sign-on data (including but not limited to device ID) and location data in order to provide our services with the best user experience.

We also collect the Internet address (IP address) and other identifying information about the computer or device you use to access your account or use our services in order to detect possible instances of unauthorized access to your account.

We collect information on which pages of our website you visit, IP addresses, the type of browser you use, and the times you access our website.

Communications

When you communicate with us for customer service or other purposes (e.g. by e-mails, phone calls, faxes, etc.), we retain such information and our responses to you in the records of your account.

Cookie Policy

What Are Cookies?

A cookie is a small file of letters and numbers downloaded on to a device (computer, smart phone, etc.) when the user accesses certain websites. Cookies allow a website to recognize a user's device, remember essential information, and work in a better, more efficient way.

Different Categories of Cookies

First-Party Cookies

First-party cookies are set by the website that the user is browsing and they can only be read by that particular website.

Third-Party Cookies

Third-party cookies are set by a different organization to the owner of the website that is visited. For example, the website might use a third-party company who will set their own cookies to perform this service.

Session Cookies

Session cookies are stored only temporarily during a browsing session and are deleted from the user's device when the browser is closed. Session cookies help our websites remember what you chose on a previous page, avoiding the need to re-enter information. Session cookies expire after a browser session ends, so are not stored long term.

Persistent Cookies

Persistent cookies are saved on the computer for a fixed period and are not deleted when the browser is closed. Persistent cookies are used where the website needs to know who you are for more than one browsing session. For example, these types of cookies are used to store preferences so that they are remembered for the next visit.

Cookies That We Use

We use two cookies which are essential for our backend server software (ColdFusion) to work properly: CFID and CFTOKEN. These are used as a pair to create a unique session ID in order that our web systems can uniquely identify a visitor's session.

This information is not used or stored outside of our systems. No personal information of any kind, related to the visitor, is collected or stored in these cookies. These are session cookies and will expire when your session expires (i.e. when you close your browser or navigate to another page).

We use third-party and persistent cookies to provide you with additional website functionalities.

Additional information about cookies can be found at: http://www.allaboutcookies.org/

By continuing to use our websites, you agree to the use of these Cookies and to our Cookie Policy.

How We Use Your Personal Information

We use your personal information to service your account and to improve our service to you.

We strictly observe the following principles when using your personal data:

  1. We do our very best to ensure that your personal information is processed lawfully, fairly and in a transparent manner.

  2. We limit the personal information collected from you to what is necessary in relation to the purposes for which it is processed and try to maintain this information accurate and up to date.

  3. We store your personal data for no longer than is necessary for the purposes for which it is processed. We will retain and use your information as required to comply with our legal obligations.

  4. We apply necessary measures to process Customers' data in a manner that ensures its security, integrity and confidentiality.

CSC collects your personal information for the below stated purposes and you agree that we may use that information to:

  1. verify your identity and comply with applicable laws and regulations relating to the prevention of money laundering and terrorist financing

  2. process your transactions

  3. manage risk, detect and prevent fraud or other illegal uses of our services

  4. help us in responding to your requests for services and support

  5. contact you and communicate to you information and updates related to your use of our services and any other important information

  6. detect or remediate violations of our policies and applicable agreements

Our Communication With You

We communicate with our Customers via email to provide the requested services. We may also communicate with Customers by phone to:

  • Resolve complaints or claims

  • Respond to requests for customer service

  • Inform on illegitimate use of accounts or suspicious transactions

  • Confirm information concerning a Customer's identity, business, or account activity

We use your email or physical address to confirm the opening of your account, to send you activation code of your pre-paid card, to send you information about changes to our products and services, and to send notices and other disclosures required by law.

We may communicate with you as described above by SMS to send you transaction notification alerts or tokens to process certain transactions on your account.

Disclosure of Your Personal Information to Third Parties

There are circumstances in which we may need to share your personal data. We may need to do this in order to help us carry out our operations.

In processing your transactions we may disclose your personal information to third parties, to legal and regulatory authorities.

Disclosure to Third Parties

Your information will not be sold, exchanged, or shared with any third parties without your consent, except where required by law.

Third-party service providers are contractually bound with us to protect and use your personal data only for the purposes for which it is disclosed and we ensure that such third parties are subject to the same protective rules as those described in this Privacy Policy.

Third parties cannot use personally identifiable information about our Customers for any secondary purposes without your explicit consent.

You agree that we may share your personal information with:

  1. third-party service partners, who are acting on our behalf as data processors, with any member of our group or with our ultimate holding company

  2. selected third parties including business partners or agents for the performance of any contract we enter into with them or with you

Third-Party Sites

If you open a CSC Europe account directly on a third-party website or via a third-party application, any information that you enter on that website or application (and not directly on a CSC Europe website) will be shared with the owner of the third-party website or application.

These sites are governed by the Merchant's own privacy policies and you are encouraged to review their privacy policies before providing them with personal information. CSC Europe is not responsible for the protection of personal data policy of those Merchants.

Disclosure to Legal Authorities

We may share your personal information with Regulators, law enforcement agencies, data protection authorities, government officials or other authorities in the following situations:

  1. in connection with a formal request, subpoena, court order, or other legal procedure

  2. when we believe in good faith that the disclosure is necessary to prevent money laundering, terrorist financing, tax evasion, or other illegal activity

  3. when disclosure is necessary to investigate violations of this Privacy Policy or our Terms and Conditions or to prevent financial loss

By submitting your personal data, you consent to this disclosure, transfer, or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

How We Store Your Personal Information

The personal information you provide to us is stored on our servers securely. Payment transactions are encrypted using strong encryption algorithms.

You are responsible to keep strictly confidential any security credentials provided to you for access to our site and to your personal account. We ask you not to share them with anyone.

Retention of Your Personal Information

In order to comply with our legal obligations regarding the prevention of money laundering and countering terrorist financing, we are required to keep the following documents and information about our Customers for at least five (5) years after the end of the business relationship:

  1. Copies of documents and information required for compliance with the Customer due diligence requirements as determined in the Prevention and Suppression of Money Laundering and Terrorist Financing Laws of 2007-2022

  2. Relevant evidence and records of transactions, which are necessary for the identification of transactions

  3. Relevant correspondence documents with Customers

We can retain personal documents and information of our Customers for an additional five (5) years where further retention of documents and information is justified for the purpose of prevention, detection or investigation of money laundering and terrorist financing.

By submitting your personal data, you agree to this storing and retention of your records. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Security of Your Personal Information

We use a variety of security measures to ensure the confidentiality of your personal information and protect your personal information from loss, theft, unauthorized access, misuse, alteration, or destruction.

We conform to the PCI DSS standards and the General Data Protection Regulation (GDPR) for protection of data and have implemented security measures including, but not limited to:

  • Restricted access to personal information

  • Strict policies on user access

  • Transport Layer Security (TLS) to ensure the confidentiality of your information during transmission over internal or public networks

  • Systems hardening to protect our servers from vulnerabilities and attacks

  • Periodic testing to ensure that our security measures are adequate

  • Audit trails to track changes on your personal information

To prevent data loss, the information is backed up regularly. All our databases use encryption to protect data at rest. Furthermore, all sensitive data is encrypted before being transferred electronically. Integrity controls are in place to prevent data alteration.

Only authorized personnel are permitted access to your personal information, and these personnel are required to treat the information as highly confidential. The security measures will be reviewed regularly in light of new and relevant legal and technical developments.

Your Rights to Protection of Personal Data Under the GDPR

As an individual, you have certain rights under the GDPR regarding the use of your personal information. These rights include the following:

  • You have a right to access your personal information and know what data we hold on you and for what purpose it is processed. You can request us to provide you with this information made in writing, by either email or letter, together with photographic identification or additional documents we may require to confirm your identity. We will reply to you within one month of the receipt of your request. That period may be extended by two further months where necessary in case your request is more complex. In such a situation we will inform you of any such extension together with the reasons for the delay. We will reply to you by electronic means, unless otherwise requested by you.

  • You have the right to obtain without undue delay the rectification of inaccurate personal data we maintain for you. You can review the personal information you have provided us and make any desired changes to such information, or to the settings for your account, at any time by logging in to your account.

  • You have the right to object to or restrict the processing of your personal information at any time.

  • You can instruct us to share your personal information with other parties subject to your written direction and explicit consent to do so.

  • You can withdraw your consent to process your personal data at any time.

You can send these requests to: CSCGRP-Compliance@cscgroup.com or by post to the registered address of our Company.

If You Wish to Complain

Our Company is responsible for ensuring that our day-to-day procedures comply with this Privacy Policy. If you want to exercise your right to access your information, have any questions about this Privacy Policy, or wish to lodge a complaint about how your personal data is used by CSC Europe, you can contact us electronically at the email address given above or by writing to our registered address.

Upon receipt of your complaint we will investigate it and respond to you within one month. Where this deadline cannot be observed, we will explain to you the reason and will notify you of the extended time for reply.

Your Right to Lodge a Complaint With the Supervisory Authority

Where you believe that CSC Europe has not resolved your complaint in a satisfactory manner, you have the right to complain to the Supervisory Authority. Their details are:

Office of the Commissioner for Personal Data Protection of Cyprus
1, Iasonos str., 1082 Nicosia
P.O. Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy