Personal Identifiable Information
Personal data points that Coda Payments collects from Codashop users in its capacity as an independent data controller.
Personal and contact details of the players such as first name, last name, email address, phone number (depending upon the product/service/use case);Account details of the players such as in-app/in-game ID/publisher affiliation;Device data such as IP address;Correspondence data;Order data such as transaction ID etc.Cookies and/or statistical/analytical data;Documentation that help us verify the accuracy of the information provided by our users if it is required for fulfilling certain obligations or for providing certain services;Social media links or public profiles of our users if they submit it; andUser account passwords.
Personal data points that Coda Payments may share with the publishers (Depending upon the terms of the Data Processing Agreements and the relevant data privacy regulations as well as the purpose / requirement):
Personal and contact details of the players such as first name, last name, email address, phone number;Account details of the players such as in-app/in-game ID/publisher affiliation;Device data such as IP address;Correspondence data;Order data such as transaction ID etc.
Personal data points that Coda Payments collects from publishers1. Professional and contact details of publisher’s authorized signatories and employees;2. KYC and compliance information; and
Coda Payments's role as a Data Controller
1. Coda Payments's role in the data processing arrangement is that of an independent data controller, as such, our template reflects a controller to controller arrangement along with a provision for controller to processor transfers (Coda Payments as a processor) in the off chance that data is transferred to Coda Payments by the publisher in the capacity of a data controller and to safeguard the publisher interests therein.
2. This is owing to the hybrid nature of Coda Payments's business model, wherein Codapay is provided as a bundled service along with Codashop. In a normal payment service provider model Coda Payments would have been a data processor.
3. Codashop is an independent e-commerce website / marketplace operated by Coda Payments through which Coda Payments provides content monetisation service to publishers. It has its own user base, these users visit Codashop to purchase content or top-up their in-game accounts with in-game currencies (digital goods) which are posted for sale on the Codashop website.
5. As such, both the parties are independent controllers of the data they collect directly from the end users.
Coda Payments adopts an insight driven framework for implementation of our data security program. A data dictionary/glossary is consolidated to record all types of sensitive data, which will cross-reference the policies and procedures required in the data classification. This is used in conjunction with a data loss prevention platform to detect and block leakage of sensitive data, followed by continuous assessment and updates of the underlying controls to ensure the relevancy and effectiveness of changing threats, business practices and landscape.
Coda Payments implements encryption standards based on industry best practices and to meet regulatory/compliance requirements such as AES-256 database encryption algorithms to protect the sensitive data at rest and where applicable, TLS1.2 and above, with reputed certificate authority signed certificates with 2048 bit RSA keys to secure the sensitive data in transmit.