Privacy Policy

Website Privacy Notice

This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

TransactPay is committed to safeguarding the privacy of your information. By “your data”, “your personal data”, and “your information” we mean any personal data about you which you or third parties provide to us.

We may change this Policy from time to time so please check this page regularly to ensure that you’re happy with any changes.

Who we are

Transact Payments Limited, trading as ‘TransactPay’ (referred to throughout this document as “TransactPay”, “we”, “us” or “our”), is the Data Controller for the personal data which you provide to us via this website. TransactPay is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217.

As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

What type of personal data we collect from you

We collect your email address, name, phone number and physical address.

How we collect your personal data

We collect the above information from you when you sign up for our email newsletter via our website, when you send us enquiries by email, when we meet you in-person, such as at conferences or exhibitions or when you speak to you on the phone. When we process your personal data, we rely on legal bases in accordance with data protection law and this privacy policy. For more information about this, please see: On what legal basis do we process your personal data?

How and why your personal data will be used

Your information will be used to sign you up to receive our newsletters via email and we will save it to our database.

The legal basis we use to process your personal data

By signing up for our newsletter and by providing us with your personal information over the phone, by email or at events where we meet you in person, you consent to our processing of your personal data. Our lawful basis for that processing is your consent. If you no longer wish to receive our newsletter, you are able to easily withdraw your consent by clicking on ‘unsubscribe’ at the bottom of the newsletter.

Who we will share your data with

Your data will be shared with employees of TransactPay in Gibraltar and its group companies in the UK and Malta for the purpose of sending you newsletters. Your data may also be shared with the following organisations:

• information security services organisations, web application hosting providers, mail support providers, network backup service providers and software/platform developers;
• document destruction providers;
• anyone to whom we lawfully transfer or may transfer our rights and duties under this agreement;
• any third party as a result of any restructure, sale or acquisition of TPL or any associated entity, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us.
• regulatory and law enforcement authorities, whether they are outside or inside of the EEA or the United Kingdom or Gibraltar, where the law requires us to do so.

How long we will hold your data (retention)

If we are legally required to, we will store your information for a period of five years after our business relationship ends. If any applicable legislation or changes to this require us to retain your data for a longer or shorter period of time, we shall retain it for that period. We will not retain your data for longer than is necessary.

Transferring data outside of the European Economic Area (“EEA”), Gibraltar or the United Kingdom (“UK”)

Your information is not generally processed outside of the UK, Gibraltar or the EEA.

If it becomes necessary for us to share your personal information outside of the UK, Gibraltar or the EEA, we will ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the European Commission, Gibraltar or the UK has made an adequacy decision or adequacy regulation, meaning that it has ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about this here and here.

If we send your data to a country where the UK, Gibraltar or the EEA has not made an adequacy regulation, our standard practice is to use standard data protection contractual clauses that have been approved by the UK government. You can find a copy of those clauses here.

If you would like further information on data transfer, please contact our Data Protection Officer on the details below.

Your information rights

You have certain rights regarding the personal data which we process:

• You may request a copy of some or all of it.
• You may ask us to rectify any data which we hold which you believe to be inaccurate.
• You may ask us to erase your personal data (where applicable).
• You may ask us to restrict the processing of your personal data.
• You may object to the processing of your personal data (where applicable).
• You may ask for the right to data portability.
• If you would like us to carry out any of the above, please email your request to the Data Protection Officer at DPO@transactpay.com.

How your information is protected

We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with appropriate care and security.

These are some of the security measures we have in place:

• We use a variety of physical and technical measures to keep your personal data safe.
• We have detailed information and security policies to ensure the confidentiality, integrity, and availability of information.
• Your data is stored securely on computer systems with control over access on a limited basis.
• Our staff receives data protection and information security training on a regular basis.
• We use encryption to protect data at rest and anonymization where applicable.
• We have adequate security controls to protect our IT infrastructure and staff computers including but not limited to Identity and Access Management, Firewalls, VPN, Antivirus, Advanced Email Threat Protection and more.
• We conduct regular audits such as PCI-DSS to ensure we are following adequate security controls to protect your data.

While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to the applicable mobile app, website or other services over the internet. However, once we receive your information, we make appropriate efforts to ensure its security on our systems.

How to get advice or make a complaint

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.

The General Data Protection Regulation (EEA), the Data Protection Act 2018 (UK) and the Data Protection Act 2004 (Gibraltar) also give you right to lodge a complaint with a supervisory authority, in particular in the EEA state where you work, normally live or where any alleged infringement of data protection laws occurred or in the UK or Gibraltar. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority. Their contact details are as follows:

Gibraltar Regulatory Authority,

2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.

(+350) 20074636/(+350) 20072166   info@gra.gi

The supervisory authority in the UK is the Information Commissioner’s Office. You can contact them at the following website: https://ico.org.uk/

Other websites

Our website may contain links to other websites. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

Changes to our Privacy Policy

We keep our Privacy Policy under review and we regularly update it to keep up with business demands and privacy regulation. This Privacy Policy was last updated on 24^th July 2024

 How to contact us

If you have any questions about our Privacy Policy or the personal information which we hold about you or, please send an email to our Data Protection Officer at DPO@transactpay.com.