Privacy Policy

Privacy Policy

Last updated: December 21, 2025

This Privacy Policy explains how Our Company (“we”, “us”, or “our”) collects, uses, stores, and protects personal data in accordance with applicable European Union and Maltese data protection and financial services regulations, including but not limited to:

• Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR)
• The Data Protection Act (Chapter 586 of the Laws of Malta)
• Applicable anti-money laundering and counter-terrorist financing (AML/CFT) obligations
• Regulatory requirements applicable to financial institutions and payment service providers

Our Company forms part of the Our Paybypago Company Group, which includes our Maltese-registered financial institution, Paybypago Limited, and our USA companies: Pago Technology LLC and Paybypago LLC.

1. Data Controller

The data controller responsible for your personal data is:

Our Company
Registered address: 14 Vault Valletta waterfront, Floriana, Malta, FRN 1914

Email: info@paybypago.com

2. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identification data: name, surname, email address, telephone number, date of birth, nationality
• Corporate data (where applicable): company name, registration number, registration date, business address, directors, shareholders, and ultimate beneficial owners (UBOs)
• Due diligence and compliance data: information required to comply with AML/CFT, fraud prevention, sanctions screening, and card scheme requirements
• Technical data: IP address, browser type, operating system, device identifiers, log files
• Usage data: information on how you use our website and services
• Marketing preferences

We do not intentionally collect special categories of personal data unless required by law.

3. How We Collect Your Data

We collect personal data through the following means:

• When you submit information via our website (including contact forms, quote requests, or social media pages)
• When you communicate with us by email or other electronic means
• When you voluntarily participate in surveys or provide feedback
• Automatically through cookies and similar technologies
• From publicly available or third-party sources, including company registries and compliance databases, where permitted by law

4. Legal Bases for Processing

We process your personal data on one or more of the following legal bases:

• Performance of a contract or steps taken at your request prior to entering into a contract
• Compliance with legal obligations, including AML/CFT and regulatory requirements
• Legitimate interests, such as fraud prevention, network security, and service improvement
• Consent, where required, particularly for marketing communications

5. How We Use Your Data

We use your personal data to:

• Assess and process service requests and onboard customers
• Perform customer due diligence, compliance checks, and risk assessments
• Manage and administer customer relationships
• Prevent fraud, money laundering, and other financial crime
• Communicate with you regarding our services
• Send marketing communications where you have consented
• Comply with card scheme (Visa/Mastercard), acquiring bank, and regulatory requirements

6. Data Sharing and Transfers

We may share your personal data with:

• Group companies, including Paybypago LLC and Pago Technology LLC
• Acquiring banks, payment processors, card schemes, and compliance service providers
• Credit reference agencies and fraud prevention agencies
• Regulators, supervisory authorities, and law enforcement agencies where required by law

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory obligations.

In line with financial services and AML/CFT requirements, personal data is generally retained for seven (7) years following the end of the business relationship, after which it is securely deleted or anonymised using automated deletion processes within our PCI DSS–compliant systems.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• PCI DSS–compliant cloud infrastructure
• Encryption and access controls
• Regular security monitoring and audits

9. Marketing Communications

We may send you information about our products and services, and those of our group companies, where permitted by law.

You may withdraw your consent or object to marketing communications at any time by contacting us at info@paybypago.com.

10. Data Protection Officer (DPO)

Where required under Article 37 of the GDPR, Our Company has appointed a Data Protection Officer.

You may contact the Data Protection Officer regarding any matters related to the processing of your personal data and the exercise of your rights under data protection law at:

Email: dpo@paybypago.com

11. Your Data Protection Rights

Under the GDPR, you have the following rights:

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent at any time

Requests can be made by contacting us at info@paybypago.com. We will respond within one month, subject to legal limitations.

12. Cookies

We use cookies and similar technologies to enhance website functionality, analyse usage, and support marketing activities.

Types of cookies used:

• Strictly necessary / functionality cookies
• Analytics cookies
• Advertising and targeting cookies

You can manage or disable cookies through your browser settings. Further information is available at https://www.allaboutcookies.org/

13. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of such websites, and we encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. Updates will be published on this page with a revised “Last updated” date.

15. Contact Us

If you have any questions about this Privacy Policy or our data processing practices, please contact us:

Email: info@paybypago.com
Address: 14 Vault Valletta waterfront, Floriana, Malta, FRN 1914

16. Supervisory Authority

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Maltese supervisory authority:

Office of the Information and Data Protection Commissioner
Address: Floor 2, Airways House, Triq Il-Kbira, Tas-Sliema SLM 1549, Malta
Telephone: +356 2328 7100