Privacy policy

This privacy policy applies to the use of the Mastercard prepaid card issued by Edenred Payment Solutions on behalf of Injoye — Payshift SAS, and to the management of the personal data of cardholders.

In accordance with the General Data Protection Regulation (RGPD — Regulation (EU) 2016/679), Injoye — Payshift SAS and Edenred Payment Solutions are committed to guaranteeing confidentiality, security and transparency regarding the collection and processing of user data.

Injoye — Payshift SAS is responsible for processing for transactions related to the use of the card and access to third-party payment services. Edenred Payment Solutions acts as a subcontractor in the context of card issuance and management, in accordance with the obligations of the RGPD.

The personal data collected includes: name, first name, email address, email address, transaction data (amount, date, location), login details, insurance contract number, card number, and any supporting document sent for identification (KYC).

Data is collected and processed for the following purposes:
- Management of the activation, use and follow-up of the card;
- Identity verification (KYC/anti-money laundering);
- Payment processing and third party payer management;
- Monitoring of insurance guarantees and available limits;
- User support and customer service;
- Compliance with legal and regulatory obligations.

Data may be transmitted, within the strict limits of the above purposes, to the following entities:
- Edenred Payment Solutions (card issuer);
- The user's partner insurer;
- Technical service providers and payment service providers;
- Authorized administrative or judicial authorities, in case of legal request.

Personal data is kept for the duration of the insurance contract, extended for a maximum of 5 years from the end of the contractual relationship, in accordance with retention obligations in the fight against money laundering and the financing of terrorism.

Each user has the following rights:
- Right of access, rectification, deletion and portability;
- Right to oppose or limit processing;
- Right to file a complaint with the CNIL (www.cnil.fr).
Requests can be sent by email to: privacy@pennypet.io

Appropriate technical and organizational measures are implemented to ensure the security of personal data against loss, unauthorized access, disclosure, or alteration. These measures include the encryption of sensitive data, segregated access, enhanced authentication, and system monitoring.

No transfer of personal data outside the European Union is carried out without a contractual framework in accordance with the European Commission's standard clauses or with a level of protection recognized as adequate.

This policy may be updated at any time in the event of legal, technical or functional changes.