Privacy Policy

Applies to: Users, Clients, Partners, and all individuals interacting with the services, websites, and systems of Paykassma (hereinafter, the "Company", "we", "us", or "our").

1. Introduction

1.1. This Privacy Policy is designed to provide comprehensive information about how Paykassma processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – "GDPR"), as well as other applicable laws and regulatory frameworks governing privacy and data protection.

1.2. Paykassma operates as a data controller and, where applicable, as a data processor for the purposes of delivering payment gateway services, software integrations, fraud prevention, anti-money laundering compliance, and platform functionality to our Clients and their end-users.

1.3. The protection of personal data, the rights of individuals, and the principles of transparency, security, and accountability are core to our data processing practices.

2. Scope and Applicability

2.1. This Privacy Policy applies to all personal data collected, processed, stored, or transmitted by Paykassma through its websites (including https://paykassma.com), mobile platforms, APIs, third-party integrations, communication channels, or any other interaction by which personal data is made available to us.

2.2. This Policy applies to the following categories of data subjects:

(a) Clients and their representatives;
(b) End-users of services processed via our systems;
(c) Visitors to our websites;
(d) Business partners and contractors;
(e) Job applicants;
(f) Any other individuals whose personal data we process in connection with our operations.

3. Types of Data Collected

3.1. The categories of personal data we may collect and process include, but are not limited to:

(a) Identity data: full name, title, date of birth, identification documents, national identification numbers;
(b) Contact data: email address, telephone numbers, residential and business addresses;
(c) Account data: login credentials, user identifiers, session metadata;
(d) Transaction data: payment details, bank account numbers, transaction history, currency preferences;
(e) AML/CTF data: beneficial ownership data, source of funds, KYC documentation, PEP/sanctions status;
(f) Technical data: IP address, browser type, operating system, geolocation data, device IDs;
(g) Communication data: call recordings, email content, chat logs, support tickets;
(h) Employment data: CVs, references, qualifications, and other data supplied in applications.

3.2. Special categories of data, such as biometric or health-related data, are not intentionally collected unless required for compliance or explicitly provided with consent.

4. Legal Basis for Processing

4.1. Paykassma processes personal data on the following legal grounds:

(a) Consent – where we have obtained clear, affirmative consent for specific processing activities;
(b) Contract – where processing is necessary for the performance of a contract with the data subject;
(c) Legal obligation – to comply with obligations under AML laws, tax laws, and other regulations;
(d) Legitimate interests – for fraud detection, service improvement, business analytics, and internal governance, provided such interests are not overridden by the rights of the data subject;
(e) Public interest – in limited cases involving regulatory reporting, crime prevention, or legal disclosures.

5. Purpose of Processing

5.1. We use personal data for the following purposes:

(a) To establish and maintain commercial relationships with Clients and users;
(b) To verify identities and conduct due diligence in compliance with AML/CTF laws;
(c) To facilitate transactions and provide payment processing services;
(d) To manage user accounts and service delivery;
(e) To detect and prevent fraud, abuse, or illegal conduct;
(f) To comply with legal and regulatory requirements;
(g) To communicate with Clients, partners, and stakeholders;
(h) To evaluate job applications and manage employment processes;
(i) To administer and improve our websites and systems.

6. Data Sharing and Recipients

6.1. Personal data may be disclosed to third parties where lawful and necessary, including:

(a) Service providers such as KYC/AML providers, cloud infrastructure, and security vendors;
(b) Financial institutions and payment service providers involved in transactions;
(c) Regulatory authorities, tax agencies, or law enforcement where required by law;
(d) Legal advisors, auditors, or professional consultants under confidentiality obligations;
(e) Business partners or affiliates, subject to appropriate safeguards.

6.2. We ensure all data recipients are subject to data protection obligations by contract, law, or equivalent mechanisms.

7. International Transfers

7.1. If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are implemented, including:

(a) Standard Contractual Clauses (SCCs) approved by the European Commission;
(b) Adequacy decisions by the European Commission;
(c) Binding corporate rules or certified frameworks where applicable.

8. Data Retention

8.1. We retain personal data for as long as necessary to fulfill the purpose for which it was collected, and to comply with legal obligations, including AML/CTF recordkeeping:

(a) Five (5) years from the termination of the business relationship;
(b) Longer periods where required by law, regulatory investigations, or contractual agreements.

8.2. Upon expiry of the applicable retention period, data shall be securely deleted or anonymized.

9. Data Subject Rights

9.1. Data subjects have the following rights under the GDPR:

(a) Right to access their personal data;
(b) Right to rectification of inaccurate or incomplete data;
(c) Right to erasure (‘right to be forgotten’) where applicable;
(d) Right to restrict or object to processing under certain conditions;
(e) Right to data portability;
(f) Right to withdraw consent at any time without affecting the lawfulness of prior processing;
(g) Right to lodge a complaint with a supervisory authority.

9.2. Requests to exercise these rights may be submitted to: [email protected].

10. Data Security

10.1. We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, accidental loss, or unlawful processing, including:

(a) Encryption at rest and in transit;
(b) Access control and authentication protocols;
(c) Network segmentation and intrusion detection systems;
(d) Regular security assessments and penetration testing;
(e) Internal policies governing information handling and incident response.

10.2. In the event of a data breach, we shall notify affected individuals and relevant authorities as required by law.

11. Cookies and Tracking Technologies

11.1. Our website uses cookies and similar technologies for the following purposes:

(a) Session management and site navigation;
(b) Analytics and performance monitoring;
(c) Personalization of content and user preferences;
(d) Advertising and third-party integrations.

11.2. Users will be provided with a Cookie Banner and/or Preferences Panel upon first visit and may update their choices at any time. Please refer to our separate Cookie Policy for detailed information.

12. Changes to this Privacy Policy

12.1. We reserve the right to amend this Privacy Policy from time to time. Any material changes will be notified via our website or other direct communication channels.

12.2. Continued use of our services after any updates shall constitute acceptance of the revised Policy.

13. Contact Information

13.1. For any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact:
Data Protection Officer (DPO)
Email: [email protected]

13.2. You may also contact your local data protection authority if you believe your rights have been violated.

This Privacy Policy is issued in English and may be made available in other languages. In case of discrepancies, the English version shall prevail.