Open Acquiring Ltd together with its affiliates (collectively, “OPAC”) is a rapidly expanding international FinTech business headquartered in Mauritius. We provide customized payment solutions and process personally identifiable information (PII) on behalf of merchants which act as data controllers.
In addition to meeting our clients’ and business partners’ security expectations, we take a pragmatic methodology to information security and ensure that all privacy risks are identified, and necessary measures are taken to protect as far as possible personally identifiable information. OPAC is implementing and maintaining appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject.
While emerging as a leading premium payment service provider, we are committed to a sustainable growth based on sound security and privacy principles adherent to all applicable personal data regulations.
Security activities include but are not limited to:
- Regular conducting penetration and vulnerability tests of its payment solutions in line with PCI DSS requirements as well as conducting periodic onsite audits and addressing all significant vulnerabilities;
- Monitoring payment systems and receiving audits by an accredited body against PCI DSS requirements;
- Regular review and monitoring of systems OPAC has deployed.
- Adherence to privacy by design principles as guiding principles for all development of systems processing personal identifiable information takes
- Requirement for all vendors and subcontractors processing PII on our behalf or accessing our payment solutions to comply with applicable PCI DSS requirements.
Further we are committed to follow the basic principles for processing PII as defined by the EU GDPR:
- Lawfulness, fairness and transparency – All PII are processed lawfully, fairly and in a transparent manner in relation to the data subject as agreed with the controller.
- Purpose limitation – OPAC collects PII only for specified, explicit and legitimate purposes and not further processes in a manner that is incompatible with those purposes; At no time PII is used for other purposes other than that agreed with the controller.
- Data minimisation – OPAC ensures that collection and storage of PII is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy – OPAC ensures that data are accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Storage limitation – PII is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed or as legally required.
- Integrity and confidentiality – PII is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Accountability – While OPAC is acting as processor of PII, OPAC is supporting the controller of PII in its responsibility to demonstrate compliance.
In case of any concern or question, please contact our Data Protection Officer at firstname.lastname@example.org