Privacy Policy

Newsletter sign-up Privacy Notice

This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

TransactPay is committed to safeguarding the privacy of your information. By “your data”, “your personal data”, and “your information” we mean any personal data about you which you or third parties provide to us.

We may change this Policy from time to time so please check this page regularly to ensure that you’re happy with any changes.

Who are we?

TransactPay (“we”, “us” or “our”) is the Data Controller for the personal data which you provide to us via this website. TransactPay is an e-money institution, authorised and regulated by the Gibraltar Financial Services Commission. Our registered office address is 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and our registered company number is 108217.

As a data controller we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

What type of personal data is collected from you?

We collect your email address when you sign up for our email newsletter.

How do we collect your personal data?

We collect information from you when you sign up for our email newsletter via our website and when we meet you at conferences (we add it to our database) – you indicate that you want us to follow up – include lawful basis. When we process your personal data we rely on legal bases in accordance with data protection law and this privacy policy. For more information see: On what legal basis do we process your personal data?

How and why your data will be used

Your information will be used to sign you up to receive our newsletters via email.

By signing up for our newsletter, you consent to our processing of your personal data and our lawful basis for processing is your consent. Extend this to exhibitions If you no longer wish to receive our newsletter, you are able to easily withdraw your consent by clicking on ‘unsubscribe’ at the bottom of the newsletter.

Who we will share your data with

Your data will be shared with employees of TransactPay and its group companies in the UK and Malta for the purpose of sending you newsletters. Your data may also be shared with the following organisations:

  • information security services organisations, web application hosting providers, mail support providers, network backup service providers and software/platform developers;
  • document destruction providers;
  • anyone to whom we lawfully transfer or may transfer our rights and duties under this agreement;
  • any third party as a result of any restructure, sale or acquisition of TransactPay or any associated entity, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us.
  • regulatory and law enforcement authorities, whether they are outside or inside of the EEA or the United Kingdom or Gibraltar, where the law requires us to do so.

How long we will hold your data (retention)

We will store your information for a period of five years after our business relationship ends in order that we can comply with our obligations under applicable legislation such as anti-money laundering and anti-fraud regulations. If any applicable legislation or changes to this require us to retain your data for a longer or shorter period of time, we shall retain it for that period. We will not retain your data for longer than is necessary.

Transferring data outside of the European Economic Area (“EEA”), Gibraltar or the United Kingdom (“UK”)

Your information is not processed outside of the UK, Gibraltar or the EEA.

[In the event that it becomes necessary for us to share your personal information outside of the UK, Gibraltar or the EEA, we will ensure the transfer complies with data protection law and all personal information will be secure. We will send your data to countries where the European Commission or the UK has made an adequacy decision or adequacy regulation, meaning that it has ruled that the legislative framework in the country provides an adequate level of data protection for your personal information. You can find out more about this here.

Where we send your data to a country where the UK has not made an adequacy regulation, our standard practice is to use standard data protection contractual clauses that have been approved by the UK government. You can find a copy of those clauses here.

If you would like further information please contact our Data Protection Officer on the details below.

Your information rights

You have certain rights regarding the personal data which we process:

  • You may request a copy of some or all of it.
  • You may ask us to rectify any data which we hold which you believe to be inaccurate.
  • You may ask us to erase your personal data (where applicable).
  • You may ask us to restrict the processing of your personal data.
  • You may object to the processing of your personal data (where applicable).
  • You may ask for the right to data portability.
  • If you would like us to carry out any of the above, please email your request to the Data Protection Officer at

How is your information protected?

We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with appropriate care and security. This section sets out some of the security measures we have in place.

We use a variety of physical and technical measures to keep your personal data safe and prevent unauthorised access to, or use or disclosure of, it. Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security and data protection policies which staff are required to follow when they handle your personal data.

How to get advice or make a complaint

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the EEA state where you work, normally live or where any alleged infringement of data protection laws occurred or in the UK. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority. Their contact details are as follows:

Gibraltar Regulatory Authority,

2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.

(+350) 20074636/(+350) 20072166

The supervisory authority in the UK is the Information Commissioner’s Office. You can contact them at the following website:


Our website may contain links to other websites. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

Changes to our Privacy Policy

We keep our Privacy Policy under review and we regularly update it to keep up with business demands and privacy regulation. We will inform you about any such changes. This Privacy Policy was last updated on 1st July 2022.

 How to contact us

If you have any questions about our Privacy Policy or the personal information which we hold about you or, please send an email to our Data Protection Officer at

Latest updates

View all

Transact Payments rebrands to TransactPay

Press Release
4 Jun 2024

The ultimate guide to BIN Sponsorship

Thought Leadership
Tapping a card on a card reader
30 May 2024