Privacy Notice

This privacy notice aims to give you information on how Yeeld (‘we’/’the firm’) collects, uses, discloses, transfers, stores and processes your information when you use our services, including any data you may provide through your use of our services.
At Yeeld, we understand that your privacy is important. We respect and value the privacy of everyone:
- Who visits www.yeeld.com (the “Site”)
- The Yeeld app
- Uses any of our applications/services through app or website
We only collect and use your Data as described in this Privacy Notice (“Notice”) and as permitted by Data Protection Legislation (UK GDPR).
It is important that you read this privacy notice together with any other privacy notice/statement or fair processing notice we may provide on specific occasions when we are collecting or processing information about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
To navigate through our Privacy Notice just click on the links below. Capitalised terms used in this Notice are defined in the Glossary below.
1.1 Who does this privacy notice apply to?
This notice applies to:
- Our service users who access our services such as our website or content anywhere on the web/Yeeld app,participate in our surveys and focus groups and other users;
- Our clients, suppliers and business partners; and
- Other persons who interact with us, when you call us or email us.
This notice applies to you whether you act in your personal capacity or as an employee or agent of an organisation.

Our Site is owned and operated by Yeeld Technologies Limited.
This privacy notice explains how we, Yeeld Technologies Limited, a company registered in England at Level 18 40 Bank Street, Canary Wharf, London, England, E14 5NR (“Yeeld”, “we”, “us”, or “our”) and our affiliated companies Yeeld Financial Services LTD, Yeeld Investments LTD and other brands process your personal data (“you”, “your”) when you use our website, Yeeld app or other services.
For the purposes of the Data Protection Legislation, we are the data controller which means that we are responsible for determining the purposes for which and means of how your Data is Processed.
If you have any concerns about how we Process or protect your Data or would like to contact us about any aspect of this Notice, please get in touch with our Group Data Protection Officer, who oversees our handling of Data, and who can be contacted at compliance@yeeld.com
This Notice should be read together with our cookies policy, and our Site terms of use.

We will collect Data about you from the following sources:
From you (for example, when you create an account, make a payment, tell us about your preferences or respond to our campaigns, communicate with us, or use our Site or Apps);
From usage of our products and services.
From public sources of information such as public records or social media postings;
From providers about your interactions on the Site and from cookies and tracking devices on your devices where you have permitted their use via Yeeld app;
From third parties, advertisers, and other companies. We may also receive information from other parties in accordance with our responsibilities as a regulated financial services business.
We will collect Data about you from the following sources:

When we collect the Data
Type of Data we hold
Details
When you sign up for Yeeld Account
Your personal and contact details
Information including your name, date, place of birth, home address, email address, telephone number, username and password, details of the device you use, copies of your identification documents and any other information you provide to prove your eligibility to use our services, country of residence, tax residency.
When you sign up/use Yeeld’s services
Account information
Information about your account with us, including your login details for our Site, username for Yeeld, details of your bank account(account number, Sort Code, IBAN), unique customer identification, your registration information, payment method information, details of your debit card/credit card including card number, expiry date and CVC (or other debit/credit cards you register with us), marketing preferences, complaints details and any notes added to your account.
When you sign up/use Yeeld’s services
Visual images
Such as videos and photographs of you, your image in photo or video form, and facial scan data extracted from your photo or video (known as ‘biometric data’), to verify your identity during onboarding as part of our Know-Your-Customer (KYC) checks, to authenticate you as an authorised user of our services, or to detect and prevent fraud.
When you sign up/use Yeeld’s services
Financial information
Such as information that allows us to understand your creditworthiness or your payment method, including bank account or payment card details, information you provide when you sign up for wealth and trading products, including details about your employment and salary.
From external sources
Transactions, and account history
We will also receive information about you when you register with us, information about other people (such as a joint account holder, your spouse or family) when we ask you to give us this information to enable us to comply with our obligations under KYC, anti-money laundering and other laws and to assist with fraud monitoring. We collect personal data from third parties or other people, such as credit reference agencies, financial or credit institutions, official registers and databases, as well as joint account holders, fraud prevention agencies and partners who help us to provide our services. This includes your credit record, information about late payments, information to help us check your identity, information about your spouse and family (if applicable in the context of an application for credit that you make) and information relating to your transactions. Sometimes other Yeeld customers may give us information about you. For example, a yeeld customer may tell us that you have behaved inappropriately and provide us with evidence to support their claim.
When you use our website/ social media
Lifestyle and demographic
Such as information available publicly on your social media profile where you connect with or contact us through your social media account.
When you get in touch
Your communications via our Site and Yeeld App
Such as chat conversations via the Site, your recorded telephone conversations with our customer support staff and emails, mobile network and operating system so we can analyse how our app works and fix any problems, IP address and device ID, location if you've authorised tracking, so we can help protect you against fraud, whether your device uses a virtual private network (VPN), a unique device identifier (for example, your device's IMEI number, or the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use, information stored on your device, including if you give us access to contact information from your contacts list, information on transactions and your use of Yeeld’s products including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received, details of device used to arrange the payment and the payment method used.
When you use our website
How you use the Site
Such as which pages you visit, which content you view and what links and buttons you click. This information may be collected through cookies or similar technologies. For more information, please see our cookie policy.
When you sign up/use Yeeld’s services
General Location information
The device or computer you use to access Yeeld App will provide us with your IP address. The IP address tells us which city, county or country you are accessing the Site from but does not give us detailed information about your location.
When you sign up/use Yeeld’s services
Device and other technical information
Such as the unique device identifier and other information about the device’s hardware and software.
When you sign up/use Yeeld’s services
Advertising and direct marketing preferences and responses
Such as your interaction with offers and competitions, including any requests to stop receiving marketing communications. This information may be collected through cookies or similar technologies. For more information, please see our cookie policy.
When you sign up/use Yeeld’s services
Sensitive Information
We may also Process Data about you that is sensitive in order to meet our legal and regulatory obligations and to protect our business. This includes Data as required by the Financial Conduct Authority (FCA), the Anti-Money Laundering Regulations and the Proceeds of Crime Act and otherwise any other information to fulfil our legal and regulatory obligations as a regulated financial services business.

Our legal basis for using your personal data will be one of the following:
Legal Obligations
We need to collect and store your personal data for Anti-Money Laundering, Counter-terrorist financing and anti-proliferation financing purpose to comply with wider law and regulations
Executing contracts and agreements
In order to provide our services and execute contractual agreements, we need to collect certain personal data
Legitimate interests
We have legitimate reasons to collect and use your personal data. This is checked to be reasonable and balanced against your individual rights
Public Interest
We process your personal and sensitive personal data to adhere to government regulations, with law enforcement and to support you if it’s necessary to protect your economic well-being and prevent or detect unlawful acts
Consent
Where you've agreed to us collecting your personal data, or sensitive personal data, for example when you tick a box to indicate you’re happy for us to use your personal data in a certain way.
How do we use your data?
We use your Data in the following ways, and for the following reasons:

What we use your Data for
The basis on which we can use your Data
To register you as a new user on the app.
We need to Process this information to meet our contractual obligations.
To allow you to use our services (including managing your payments).
We need to Process this information to meet our contractual obligations and to comply with our legal and regulatory obligations.
To communicate with you about updates to the app, our services, and any changes to our terms and conditions or Privacy Notice.
We need to Process this Data to meet our contractual obligations; to comply with our legal and regulatory obligations; and it is in our legitimate business interests to keep accurate records.
To receive feedback from you on our products and services.
We need to Process this Data to meet our contractual obligations and it is in our legitimate business interests to understand how we can improve our products and services. You do not have to provide us with this information.
To run our promotional events such as competitions and offers which may be of interest to you.We may send you marketing material about our offers and events via email or text. You may opt- out of direct marketing at any time (see below).
We need to Process this information to meet our contractual obligations.We need to Process this Data as it is in our legitimate business interests to provide you with a personalised experience when you use our services. Where necessary, we Process this Data based on your consent.
To provide customer support services.
It is in our legitimate business interests to respond to any communications we receive from you. If you do not wish to provide us with this information, we may not be able to respond fully to your queries.
To train our staff (for example our call staff).
It is in our legitimate business interests to provide you with a helpful service.
To maintain and administer our Site and App.
It is in our legitimate business interests to maintain our IT services and network security, to maintain our system; and we need to Process this information to comply with our legal and regulatory obligations.
To improve our app, products and services, and experiences, such as by understanding analytics.
It is in our legitimate business interests to better understand your preferences, update our app and develop our business strategy.
To comply with our legal and regulatory obligations as a financial services business. This may involve verifying your identity and age.
We need to process this information to comply with our legal and regulatory obligations and it is in our legitimate business interests as well as public interests to prevent fraud and illegal activities on our app.
To protect our business from money laundering, terrorist financing and other illegal activities. We may identify you electronically using technology such as cookies.
We need to Process this information to comply with our legal and regulatory obligations under financial services, anti- money laundering, anti- fraud, and anti- terrorism laws. We also Process this information in the public interest and it is in our legitimate business interests to protect our business from any illegal or abusive use of our Site.
To provide you with advertising which is relevant to you, and to understand your advertising preferences.
It is in our legitimate business interests to understand how you use our Site and how we should develop our marketing strategy.
In relation to legal action, or when acquiring or selling a business.
It is in our legitimate business interest to be able to protect ourselves through legal action and todevelop the business through acquiring or selling parts of our business.
To provide location-based services.
It is our legitimate interests with your consent (to track you when location services are on).

In some cases, we may share your Data with third parties in order to support your needs, provide you with services, or comply with our legal obligations. We may also share Data with third parties if it is in the public interest or the sharing is in our legitimate interest or the legitimate interest of another organisation.
The other organisations we may share your Data with are typically:
- Members of the Yeeld technologies LTD (Yeeld group) for the purposes in section 4
- Third-party suppliers and service providers for the purposes identified above – in particular, we work with platform services (to provide financial services and account management functions), cloud providers (to host the Site), affiliate platform services, business intelligence and analytics platform provider, investment services provider, companies that help us with functional analytics, our insurance providers and other third companies that give us benefits, customer support software services, data storage services, payment service providers, know-your-customer and anti-money laundering services as well as enhanced due diligence and anti-fraud services, financial services regulators (such as the FCA).
- Business partners and other organisations to help us meet our contractual and regulatory obligations, including audit, legal and compliance services.
- Affiliates and third parties whom you have opted out of marketing communications with, have been barred or have self-excluded so that we can ensure that you do not receive unsolicited promotional material.
- Identity verification and fraud prevention agencies such as other financial services businesses, banks, credit card companies and similar agencies which investigate and prevent underage, fraudulent, criminal or suspicious activity, or any other behaviour we are legally required to investigate. We will also pass on your information if we have reason to believe you have undertaken such activity.
- Analytics and search engine providers and other selected organisations which provide us with feedback about our Site or Apps and aid us in improving their optimisation.
- Statutory authorities when we are required to comply with a request for information, a court order to disclose your Data, a regulatory investigation from a relevant governmental or financial or regulatory authority, our legal obligations including our requirement to report suspicious behaviour.
- Regulator, law enforcement or fraud prevention agencies as well as legal professionals, courts and other adjudication services to investigate any actual or suspected criminal activity.
We may also share your Data with third parties:
- If we consider selling or acquiring businesses or assets, in which case we will share your Data with the counterparty.
- If Yeeld, or any of its group companies, becomes insolvent (i.e., becomes subject to administration or liquidation processes).
- If we, or substantially all of our assets, are acquired by a non-Yeeld Group entity. If we need to enforce our terms and conditions.
- To protect our safety, rights or property, or the safety, rights or property of our customers, staff and others by sharing information with other companies and organisations such as the local police.
- Where we are required by law, we may share your Data with regulators or other financial services organisations.
Our Partners who help to provide our services: Wealthkernel, Caxton.

We will not keep your Data for longer than is required for the purposes for which we collected it, including for the purposes of satisfying any legal requirements. The length of time for which we retain your Data will depend on what we are using it for as set out in this Notice, the nature of the Data and how sensitive it is. For example, we will keep your email address while dealing with your enquiries but, even when you unsubscribe, we are required to continue to retain your email address to ensure that we do not send you any email communications in the future and for our know-your- customer (“KYC”) purposes.
Please note, however, that we may be subject to legal and regulatory requirements to keep your Data for a longer period. We may also extend the retention times where the Data is needed to investigate a crime, handle a claim or resolve a complaint. As a general rule, we keep your Data based on the criteria below:

Type of Data
Typical Retention Time
Information
Marketing consents
Until you no longer consent
If you withdraw consent, we will keep this information on a ‘suppression list’ so we don’t contact you
Customer call recordings
[24] Months
Extended retention may be applied on a case by case basis
Customer Data
Seven years from the date your account is closed (As long as necessary for legitimate reasons)
We will only continue to retain this Data where this is:
- Legally required under financial services regulations or tax legislation or other regulations; or
- Required to exercise or defend our legal rights

We primarily store and Process our Account data within the UK. We may store the data we collect from you outside the UK, or transfer it to organisations outside the UK. However, if we transfer your Data outside the UK, we ensure a similar degree of protection is afforded to it to safeguard your Data in accordance with Data Protection Legislation, which can include by:
- (i) ensuring that your Data is only processed in countries which provide adequate data protection laws (in accordance with the Data Protection Legislation);
- (ii) requiring recipients to sign up to strong contractual commitments that ensure the protection of your Personal Data
- (iii) taking any other measures that comply with Data Protection Legislation.

We understand that protecting and managing your personal data is of utmost importance. Any personal data we collect, process will be dealt with carefully and securely. To maintain the confidentiality, availability and integrity of your personal data and to ensure your data is not improperly used or disclosed, we have put in detailed information security and data protection policies which our employees, partners and all stakeholders are required to follow when they handle your personal data.
Furthermore, we regularly train our employees on data protection and information security training. Personal data is stored on secure computer systems with access management controls in place to limit physical, system and information access to only authorised employees. Yeeld has strict policies in place that control how we share your personal data with other companies. Before sharing personal data with any company, we thoroughly:
- vet the company in advance
- assess the security controls the company has in place to protect your personal data.
We have separate information security policies in place that demonstrate how data will be kept secure from unauthorised access.
While the nature of the internet means that the transmission of information may not be totally secure, we have implemented security measures to prevent your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Where you use a password to access certain services or features of Yeeld app, please keep this confidential and do not share it with anyone.Unfortunately, we cannot guarantee the complete security of the information transmitted via the internet. While we have implemented security measures, any transmission is at your own risk.

You can tell us whether or not you wish to be contacted for marketing purposes and, if so, how we can contact you. We will obtain this information from you when we first collect your Data and we may ask you what kind of communication you would like to receive from us.
You can opt-out of receiving marketing communications from us at any time by following the instructions below:
- Email marketing: to opt-out from emails, use the unsubscribe link provided within any email you receive or manage your preferences by emailing compliance@yeeld.com or by telephoning 02080505813.
- SMS Marketing: to opt-out from SMS, you can use the STOP code provided in any SMS you receive or manage your preferences by emailing compliance@yeeld.com or by telephoning 02080505813.
- Call Marketing: to opt-out of being contacted by telephone for marketing purposes, you can manage your preferences by emailing compliance@yeeld.com or by telephoning 02080505813.
- Post Marketing: to opt-out of receiving marketing by post, you can manage your preferences by emailing compliance@yeeld.com or by telephoning 02080505813.
- Push notifications: to opt-out of receiving push notifications, you can disable push notifications on your device or browser settings.
Please be aware it may take up to 28 days for your request to take effect. Please note you will still receive other important information about our product and services.

Your rights
How to exercise your rights
Right to access and receive a copy of the Data we hold about you./ ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else;
It is generally free for you to request access to your Data by contacting our data protection representative by

emailing compliance@yeeld.com or by telephoning 02080505813.

You have the right to request:
- Whether your personal data is being processed
- The purpose of the processing
- The categories of personal data being processed
- The purpose of the processing
- How long it will be stored
- The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data
- The right to lodge a complaint with the ICO
- Where the personal data are not collected from you directly, any available information as to their source;
- The existence of automated decision- making, including profiling.
If your request is repetitive or excessive, we may refuse to comply or we may charge you a fee.
Right to correct any inaccurate Data we hold about you.
You can amend, correct, delete or edit your Data if you wish to, please contact our customer support team by telephoning 02080505813.
Right to require us to delete your Data if (for example): (i) we no longer need the Data for the purpose we originally collected it for; (ii) we only collected it with your consent, and you now withdraw your consent; or (iii) you object to how we are Processing your Data.
You can request erasure of your Data by contacting our customer support team by telephoning 02080505813.
This process is not reversible and subject to approval.
Right to request that we restrict the Processing of your Data if (for example): (i) you believe that the Data we hold on you is inaccurate; (ii) you have the right to request that we erase your Data but would prefer us to restrict our Processing instead; or (iii) we no longer need the Data for the purpose we originally collected it for but you require the Data for legal actions.
You can request the restriction of Processing of your Data by contacting our customer support team by telephoning 02080505813. Once you have requested this you can change your mind at any time by contacting us again. Your account will not be accessible while the restriction is in place.
Right to request a copy of the Data we hold on you in a structured, commonly used and machine-readable format. You can also request that we transfer this to a third party on your request. Please note that this right may not apply to all of your Data.
In some circumstances, you can request the transfer of your Data to a third party by email to compliance@yeeld.com The request must include which Data you would like to be transferred, to whom it should be transferred and by which method.
Right to restrict our processing of your personal Data, including for marketing purposes. Please note that in some cases, we may demonstrate that we have legitimate grounds to Process your information which overrides this right.
You can object to Processing of your Data by contacting our customer support team by telephoning 02080505813 Once you have objected you can change your mind at any time by contacting us again. Your account will not be accessible while the restriction is in place.
Right to not be subject to a decision based solely on an automated process, such as profiling, which results in you being significantly affected or produces legal effects concerning you.
You can exercise this right by contacting our customer support team by telephoning 02080505813.
Right to withdraw your consent where we only Process your Data based on your consent. You can withdraw your consent to receive marketing communications from us at any time and for free.
To exercise your right to withdraw your consent to receive marketing communications please see section 10 above.

We may, from time to time, change or update this Privacy Notice in line with legal requirements or if our business changes. All changes to this Privacy Notice will be published on this page of the Site.
Each change will become effective on publication. We recommend that you revisit and read this Privacy Notice regularly to ensure that you are up-to-date with the current terms. If we change the way we use your personal data, we’ll update this notice and, if appropriate, let you know by email, through the Yeeld app or through our website.
This Notice was last reviewed and updated in October 2024.

Yeeld may collect data about you even if you are not a Yeeld customer. This might be if you use our website, pay or get paid by a Yeeld customer, or are named as a beneficiary for a Yeeld customer.
The information we might collect and hold about you may include:
- Your name
- Your contact details
- ID documents such as driving licence, passport
- Payment details including card details
- Your transaction history
- Social media details
We will use your data for contractual purposes to facilitate payments, send receipts, answer your queries, to identify and verify you when you sign up or get in touch, check your records against fraud prevention agencies and prevent illegal activities. Also, we might need to use your data for legitimate interests which do not override your rights. We also sometimes make automated decisions to take certain actions such as freezing transactions, fraud detection or to market our products and services. If you want us to review an automated decision please email compliance@yeeld.com.
We may share your data with our partners if it’s necessary (please refer to section 5), social media companies, law enforcement agencies and other Yeeld’s sister companies. We will keep you information for 6 years or as long as necessary for regulatory and legal purposes.

Term
What this means
Data
Information relating to an identifiable person, who can be directly or indirectly identified in particular by reference to an identifier, or which is otherwise defined as ‘Personal Data’ under Data Protection Legislation.
Data Protection Legislation
Data Protection Act 2018 (UK GDPR), EU General Data Protection Regulation 2018 (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003, and any other applicable laws relating to the protection of Data.
Process, Processing or Processed
Accessing, collecting, obtaining, recording, holding, disclosing, using, altering, deleting, erasing or destroying Data, or carrying out any operation(s) on the Data or as otherwise defined under applicable Data Protection Legislation.

Transact Payments Limited (“TPL”, “we”, “our” or “us”) is the issuer of your account and card and is an independent Data Controller for the personal data which you provide to us. TPL is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217.
Payload Ltd is the Program Manager for your account and card program and is an independent Data Controller for any personal data which you provide which is related to facilitating the management of the card program. Payload Ltd is incorporated and registered in England and Wales with registered office at Epworth House, 25 City Road, London, England, EC1Y 1AA and company registration number 14606631.

We collect information from you when you either apply online or via a mobile application for a payments card which is issued by us or a payments account is opened in your name. We also collect information when you use your card or account to make transactions. We may also process information from the Program Manager, other third-party payment partners and service providers. We also obtain information from third parties (such as fraud prevention agencies) who may check your personal data against any information listed on an Electoral Register and/or other databases. When we process your personal data we rely on legal bases in accordance with data protection law and this privacy policy. For more information see: On what legal basis do we process your personal data?

Contract
Your provision of your personal data and our processing of that data is necessary for each of us to carry out our obligations under the contract (known as the customer terms and conditions or similar) which we enter into when you use our payment services. At times, the processing may be necessary so that we can take certain steps, or at your request, prior to entering into that contract, such as verifying your details or eligibility for the payment services. If you fail to provide the personal data which we request, we cannot enter into a contract to provide payment services to you or will take steps to terminate any contract which we have entered into with you.
Legal/Regulatory Contract
We may also process your personal data to comply with our legal or regulatory obligations.
Legitimate Interests
We, or a third party, may have a legitimate interest to process your personal data, for example:
- To analyse and improve the security of our business;
- To anonymise personal data and subsequently use anonymised information.

When you either apply for a card or receive an account, we, or our partners or service providers, collect the following information from you: full name, physical address, email address, mobile phone number, phone number, date of birth, gender, login details, IP address, identity and address verification documents.
When you use your card or account to make transactions, we store that transactional and financial information. This includes the date, amount, currency, account balances and name of the merchant, creditor or supplier (for example a supermarket or retailer). We also collect information relating to the payments which are made to/from your account. If we are required by law to process additional personal data (for example, if we suspect that there may be fraud related to the use of your card or the payment services linked to it), we will also process that extra personal data.

We use your personal data to:
- Set up your account (including processing your application for a card and printing your card, if applicable), creating your account and verifying your identity;
- Maintain and administer your account, including processing your financial payments, processing the correspondence between us, monitoring your account for fraud and providing a secure internet environment for the transmission of our services;
- Comply with our regulatory requirements, including anti-money laundering obligations; and
- improve our services, including creating anonymous data from your personal data for analytical use, including for the purposes of training, testing and system development.

When we use third-party service partners, we have a contract in place that requires them to keep your information secure and confidential.
We may receive and pass your information to the following categories of entity:
- The program manager, co-brand provider of the website/app through which you access the account and/or card and the wallet platform provider which provides the infrastructure for the account provision;
- Any banking partner which provides underlying banking services;
- Identity verification agencies to undertake required verification, regulatory and fraud prevention checks;
- Information security services organisations, web application hosting providers, mail support providers, network backup service providers and software/platform developers;
- Document destruction providers;
- Mastercard, Visa, digital payment service partners or any third party providers involved in processing the financial transactions that you make;
- Anyone to whom we lawfully transfer or may transfer our rights and duties under this agreement;
- Any third party as a result of any restructure, sale or acquisition of TPL or any associated entity, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and
- regulatory and law enforcement authorities, whether they are outside or inside of the United Kingdom (UK) or European Economic Area (EEA), where the law requires us to do so.

To deliver services to you, it is sometimes necessary for us to share your personal information outside the UK/Gibraltar e.g.:
- With service providers located outside these areas;
- If you are based outside these areas;
- Where there is an international dimension to the services we are providing to you.
These transfers are subject to special rules under Gibraltar data protection law.
These countries do not have the same data protection laws as Gibraltar. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the Gibraltar Government has made an adequacy decision meaning that it has ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about adequacy regulations here and here.
Where we send your data to a country where no adequacy decision has been made, our standard practice is to use standard data protection contract clauses that have been approved by the United Kingdom government and/or the European Commission. You can obtain a copy of the European Commission’s document here and the UK’s document here.
If you would like further information, please contact our Data Protection Officer on the details below.

You have certain rights regarding the personal data which we process:
- You may request a copy of some or all of it;
- You may ask us to rectify any data which we hold which you believe to be inaccurate;
- You may ask us to erase your personal data (where applicable);
- You may ask us to restrict the processing of your personal data;
- You may object to the processing of your personal data (where applicable); and
- You may ask for the right to data portability.
If you would like us to carry out any of the above, please email your request to the Data Protection Officer at DPO@transactpay.com.

We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with appropriate care and security.
These are some of the security measures we have in place:
- We use a variety of physical and technical measures to keep your personal data safe;
- We have detailed information and security policies to ensure the confidentiality, integrity, and availability of information;
- Your data is stored securely on computer systems with control over access on a limited basis;
- Our staff receives data protection and information security training on a regular basis;
- We use encryption to protect data at rest and anonymization where applicable;
- We have adequate security controls to protect our IT infrastructure and staff computers including but not limited to Identity and Access Management, Firewalls, VPN, Antivirus, Advanced Email Threat Protection and more; and
- We conduct regular audits such as PCI-DSS to ensure we are following adequate security controls to protect your data.
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to the applicable mobile app, website or other services over the internet. However, once we receive your information, we make appropriate efforts to ensure its security on our systems.

- We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.
- The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
- The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority. Their contact details are as follows:
  Gibraltar
- Regulatory Authority,
  2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.
  (+350) 20074636/(+350) 20072166 info@gra.gi

Privacy Policy