Logo

PRIVACY POLICY

MAG.ONLINE — Online Payment Solutions OÜ

1. Introduction

Online Payment Solutions OÜ ("we", "us", or "our"), registered in Estonia under registration number 17449916, is the data controller in respect of personal data collected through the MAG.ONLINE platform.

This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with GDPR (EU 2016/679) and applicable Estonian law.

2. Data We Collect

2.1 Data You Provide:

  • Account data: name, email address, password (stored in encrypted form)
  • Profile data: photo, biography, languages, time zone
  • Payment data: payment method (tokenised — full card numbers are not stored), transaction history, Credits history
  • Communications: messages sent through the Platform, support correspondence records
  • Verification data: identity documents (where requested for KYC compliance)

2.2 Automatically Collected Data:

  • Usage data: pages viewed, actions taken, session duration
  • Technical data: IP address, browser type, operating system, device type
  • Location data: country/region (based on IP)
  • Cookies: as described in the Cookie Policy

2.3 Credits and Transaction Data:

  • MAG.ONLINE Credits top-ups: amount, currency, date, payment method
  • Credits usage: Credits spent on consultations, booking history
  • Specialist remuneration: amounts paid, payment history (for Specialists)

2.4 Data Received from Third Parties:

  • Payment providers (Stripe, PayPal, Adyen): transaction status, fraud check results
  • Identity verification partners: KYC results (where applicable)

3. Legal Bases for Data Processing

PurposeLegal Basis
Performance of contract (provision of services)Art. 6(1)(b) GDPR
Payment processingArt. 6(1)(b) GDPR
KYC/AML complianceArt. 6(1)(c) GDPR
Account maintenanceArt. 6(1)(b) GDPR
Marketing communicationsArt. 6(1)(a) GDPR (consent)
Analytics and Platform improvementArt. 6(1)(f) GDPR (legitimate interest)
Fraud preventionArt. 6(1)(f) GDPR (legitimate interest)

4. How We Use Your Data

4.1 Provision of Services:

  • Managing your account and profile
  • Processing bookings and MAG.ONLINE Credits
  • Facilitating communication between Clients and Specialists
  • Processing Specialist payouts

4.2 Security and Compliance:

  • Fraud prevention and unauthorised access prevention
  • AML/KYC compliance
  • Investigation of disputes and chargebacks

4.3 Platform Improvement:

  • Usage analysis to improve functionality
  • Resolution of technical issues

4.4 Communications:

  • Transactional emails (booking confirmations, payment notifications)
  • Marketing emails (with your consent only, with an unsubscribe option)

5. Data Sharing with Third Parties

5.1 Payment providers: Stripe, PayPal, Adyen — for payment processing and payouts.

5.2 Cloud service providers: for hosting and data storage (within the EEA or subject to appropriate safeguards).

5.3 Analytics tools: Google Analytics 4 (with IP anonymisation).

5.4 Legal authorities: where required by law or court order.

5.5 We do not sell personal data to third parties for commercial purposes.

6. International Data Transfers

6.1 Some of our providers may process data outside the EEA (for example, in the United States).

6.2 Such transfers are carried out subject to appropriate safeguards: Standard Contractual Clauses (SCCs), adequacy decisions, or other GDPR-compliant mechanisms.

7. Data Retention

Data TypeRetention Period
Account dataUntil account closure + 5 years
Transaction and Credits data7 years (tax and legal requirements)
Support communications3 years
Technical logs90 days
Marketing dataUntil consent is withdrawn

8. Your Rights under GDPR

You have the right to:

8.1 Right of access: obtain a copy of the personal data we hold about you.

8.2 Right to rectification: correct inaccurate or incomplete data.

8.3 Right to erasure ("right to be forgotten"): request the deletion of your data where there are legitimate grounds to do so.

8.4 Right to restriction of processing: restrict the processing of your data in certain circumstances.

8.5 Right to data portability: receive your data in a machine-readable format.

8.6 Right to object: object to processing based on legitimate interest.

8.7 Rights in relation to automated decision-making: not to be subject to decisions based solely on automated processing that produce legal effects.

To exercise your rights, please contact: contact@mag.online

Response time: 30 days (may be extended to 60 days in complex cases).

9. Data Security

9.1 We apply technical and organisational security measures, including:

  • Data encryption in transit (TLS 1.2+) and at rest
  • Access controls and role-based permissions
  • Regular security testing
  • Payment data processing through PCI DSS Level 1 providers

9.2 In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

10. Cookies

The use of cookies is governed by our Cookie Policy.

11. Changes to the Privacy Policy

11.1 We may update this Privacy Policy. We will notify you of material changes by email or through a notice on the Platform.

11.2 Continued use of the Platform after the changes take effect constitutes acceptance of the updated Policy.

12. Contact Details and Supervisory Authority

Online Payment Solutions OÜ
Email: contact@mag.online
Registration number: 17449916
Vesivärava tn 50-201, Tallinn 10152, Estonia

Supervisory Authority:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
www.aki.ee | info@aki.ee