logo

Privacy Policy

What are the purposes of this Privacy Policy

This Privacy Policy gives you information about how Collect & Pay CY Ltd collects and uses your personal data through your use of this website, including any data you may provide when you register as our customer depending on the service/products you use.

We place great importance on the protection of your privacy and are committed to handling your personal data in a transparent manner. All personal information is collected and processed in line with the relevant EU legal framework and specifically in compliance with the requirements of the General Data Protection Regulation (GDPR) (EU) 2016/679, the applicable Law for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) as amended and/or replaced from time to time, and any other related applicable legislation. This Privacy Statement describes the policies and practices regarding our collection and use of your personal data and sets forth your privacy rights.

In this Privacy Policy, any reference to “you”, “your”, “yours” is a reference to any of our customers, potential customers, visitors of our website, and/or an authorised person on your account which includes any of your shareholders, beneficial owners, principals, directors, representatives, contact persons and staff members.

This policy is applicable to the Data Subjects who are accessing or applying to use the services of Collect & Pay CY Ltd. offers or may offer in the future, either on their own account or on behalf of a business, potential personnel, suppliers or other person that may interact with Collect & Pay CY Ltd.

This policy is not applicable to any information collected offline or via channels other than this website. Please read this Privacy Policy carefully. We recommend that you print off a copy of this Privacy Policy and any future versions in force from time to time for your records.

Collect & Pay CY’s leadership is fully committed to ensuring continued and effective implementation of this policy and expects all Employees and Third Parties to share in this commitment.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

Who we are

Collect & Pay CY (hereinafter referred to as “the Company”, “we”, “our”, or “us”) is a limited liability company duly incorporated under the Laws of the Republic of Cyprus with registered No. HE 448401 and having its registered address at Thessalonikis 13 Str, P.C. 3025, Limassol, Cyprus.

The Company is in process of authorisation by the Central Bank of Cyprus (“CBC”) to provide payment services in accordance with the provisions of the Provision and Use of Payment Services and Access to Payment Systems Laws of 2018, as amended (the “PI Law”) and the Electronic Money Laws of 2012 and 2018, ensuring compliance with safeguarding requirements for client funds and strong customer authentication (SCA) as mandated by PSD2’s Regulatory Technical Standards (Commission Delegated Regulation (EU) 2018/389).

Definitions

These definitions should help you understand this Privacy Policy.

  • “Personal Data” or “Personal Information” means any information that identifies or can be used to identify an individual, directly or indirectly, including, but not limited to, first and last name, date of birth, email address, occupation, work performance data, gender or other demographic information. It is any information (including opinions and intentions) which relates to an identified or Identifiable Natural Person. Personal Data is subject to certain legal safeguards as mentioned above, which impose restrictions on how organizations may process Personal Data.
  • “Processing” of Personal Information means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
  • “Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Information.
  • “Customers” means an individual or legal entity that is authorized to use the services of Collect & Pay CY.

Our principles

When handling your personal information, we adhere to the following principles:

  1. Legal, Fair, and Transparent Processing: We handle your personal data in a manner that is lawful, equitable, and clear. This involves informing you about how your data is being used (transparency), ensuring that our processing aligns with the description we have provided (fairness), and relying on one or more lawful bases as defined by GDPR (lawfulness).
  2. Purpose-Driven Collection: Your personal data is gathered solely for specific, clearly communicated, and legitimate reasons. We do not use or process your data beyond these intended purposes unless legally permitted. This ensures that data collection and use are aligned with the original intent and kept within appropriate boundaries (purpose limitation).
  3. Data Relevance and Necessity: We only collect and process personal data that is relevant and necessary to achieve the specific purpose. We avoid handling any more information than what is essential for the intended processing (data minimisation).
  4. Accuracy and Currency: We take reasonable measures to keep your personal data correct and up to date. If we discover that any data is inaccurate or outdated, we promptly correct or delete it to ensure it remains reliable and suitable for its intended use (accuracy).
  5. Limited Storage Duration: Your personal data is retained only for as long as necessary to fulfill the purpose for which it was collected. Once that purpose has been achieved, we securely delete or anonymize the data to prevent identification of the individual (storage limitation).
  6. Security and Confidentiality: We implement appropriate technical and organizational safeguards to protect your personal information against unauthorized access, processing, loss, destruction, or damage. These measures ensure the confidentiality, integrity, and security of your data (security and confidentiality).

Types of Personal Data We May Collect and Handle

We gather and process various categories of personal information that you or your representatives provide in connection with our products and services. Additionally, we may obtain and process personal data legally acquired from other members of our corporate group, government agencies, business partners, or sources that are publicly accessible (such as online registries, websites, security checks, and social media).

We collect your personal data when you engage with:

The personal information you provide to us includes, but is not limited to, when you:

  • Complete any forms or documents
  • Contact us via phone, email, our platform, or online banking platform
  • Register to open an account or access our services
  • Conduct transactions or place orders
  • Respond to our inquiries or participate in surveys
  • Register for the use of our platform
  • Set your preferences related to certain products and services
  • Reach out to us for any reason

This personal data may include, among other things:

  • Government-issued identifiers and other ID details, such as passport number, ID card, social security number, tax residency information, tax ID, or any other documentation provided for verification purposes
  • Contact details, including your name, surname, billing and shipping addresses (with proof of address, e.g., utility bills), phone number, fax, email address, country of residence, device information (phone, computer, tablet), and location data
  • Personal attributes such as date of birth, place of birth, nationality
  • Financial information like transaction data, IBAN, details of your payment methods—including card details (number, expiration date, CVC/CVV), financial institution information, and data related to purchases or services (location, time, merchant details, ATM information)—as well as wealth sources, income, and tax-related info
  • Details about your authorized representatives’ roles and authority
  • Data regarding your transactions and interaction with our products and services, including deposit and withdrawal details, timestamps, amounts, currencies, exchange rates, beneficiary and merchant information, and ATM details
  • Data on your trading activities, including the products traded, their performance, past transactions, investments, and preferences for specific product types
  • Employment and professional details, such as your CV, professional memberships, job title, responsibilities, and qualifications
  • Records of correspondence or calls with us, which may include your name, email, phone number, company name, and other personal details shared during communication
  • Your user ID (which is assigned automatically but can be changed) and other registration info
  • Photos or videos taken for identity verification purposes (as part of our Know Your Customer (KYC) procedures)
  • Data from publicly accessible sources used to perform due diligence checks to meet anti-money laundering and sanctions compliance requirements
  • Photos, videos, or images captured during events you attend or events sponsored by us, for promotional, marketing, or archival purposes. This content may be used across our website, social media, printed materials, and other marketing channels

If you provide personal information about other individuals (such as your representatives, secretaries, or employees), or request us to share their data with third parties, you confirm that you have informed them of this Privacy Notice beforehand.

Other Data

Whenever you access our website, platform or any other systems or tools we offer, we gather the following data:

  • Technical Details: This includes your IP address, login credentials, browser type and version, time zone settings, operating system and platform, device type, and unique device identifiers (such as your device’s IMEI number or MAC address).
  • Visit and Online Behavior Data: Information about your interactions during your visit, such as the links you've clicked, services you've viewed or searched, page load times, errors encountered during downloads, duration spent on specific pages, how you interact with pages (scrolling, clicking), and the methods you use to leave a page (subject to your cookie preferences).
  • Company Information: Details like your company name, the products and services offered, and the jurisdiction in which your company operates.

Purposes for Processing Your Personal Data

We may utilize your personal data for the following reasons:

  • To fulfill and manage our obligations arising from our business relationships and/or agreements with you, including, but not limited to, the provision of our financial services.
  • To process transactions and payments securely.
  • To carry out customer onboarding and acceptance procedures, communicate with customers, and maintain customer relationships.
  • To enroll or register you for new payment features offered through our payment networks.
  • To support the growth and development of our business with existing or potential clients.
  • To operate, manage, and oversee the affairs and functions of our business.
  • To maintain and improve our IT infrastructure, including systems related to human resources, administration, management, and policies.
  • To monitor for potential risks such as fraud, money laundering, terrorism financing, or other criminal activities.
  • To develop and implement identity verification procedures to ensure compliance with legal and regulatory requirements.
  • To conduct market research and execute marketing campaigns.
  • To ensure the content on our website or platform is delivered in the most effective way and to maintain the safety and security of our digital platforms.
  • To enable you to use interactive features available on our website or platform.
  • To administer and manage our website or platform effectively.

Who We May Share Your Personal Data With

In certain situations, we might share the personal information we have collected about you with the following types of recipients:

  • Our affiliated companies: To deliver our products or services to you, as well as to verify, update, or collect your personal data in accordance with applicable anti-money laundering regulations, we may share your information with our group companies, including their employees, service providers, directors, and officers, provided we have obtained your prior consent.
  • Third-party financial and credit institutions, payment networks, and partners: Entities such as Visa and other payment systems, intermediaries, payment service providers, and financial institutions located either within Cyprus or internationally. Such sharing is necessary to facilitate transactions and provide other services you request.
  • Card production, personalization, and delivery providers: Companies responsible for manufacturing, customizing, and sending your personalized cards.
  • Global compliance databases: To adhere to our Know-Your-Customer (KYC) and Due Diligence procedures, we may share your personal information with international compliance databases.
  • Third-party service providers and partners: When necessary to deliver our services—such as processing payments, transactions, or providing value-added services—we may disclose your personal data to trusted service providers if you have requested the relevant service or purchased a premium offering.
  • IT and technology service providers: Companies offering technical expertise, cybersecurity testing, data storage, record management, logistics, and other subcontracted services.
  • Cloud service providers: Providers of cloud computing and storage services to manage your data securely.
  • Our clients: We might share certain personal data you have provided or that we have received about you as a payer with our clients to help them fulfill their legal or contractual obligations towards you.
  • Legal or regulatory authorities: Under specific circumstances, we may disclose your personal data to auditors, regulatory agencies, or law enforcement authorities to comply with applicable laws and regulations.
  • Persons acting on behalf of beneficial owners or shareholders: Individuals or entities such as payment recipients, beneficiaries, account nominees, intermediaries, correspondent banks, and agent banks acting on behalf of our clients or contractors.
  • Business transfer scenarios: If we sell part of our business, assets, or merge with another company, personal data may need to be shared with prospective buyers or partners.
  • Security companies: Providers of CCTV and security services involved in monitoring or safeguarding our premises during meetings or visits.
  • Individuals or organizations you authorize: If you ask us to share your data with specific third parties, we will do so accordingly.

Use of Your Personal Data for Marketing Activities

When offering our products and services to you, and provided that local laws permit, we will assume you consent to us reaching out via push notifications, email, SMS, or postal mail to share information about our offerings, promotions, and updates. We obtain your explicit consent before sending marketing communications via electronic means (e.g., email, SMS, push notifications), as required by the ePrivacy Directive (Directive 2002/58/EC).

Where permitted by law, we may also use your personal information to tailor marketing messages about our products and services, making them more relevant to your interests. This may involve analyzing your transactions and how you engage with our services. You have the right to object to such profiling for direct marketing purposes.

You can modify your preferences through your account settings at any time to opt out or unsubscribe from receiving direct marketing communications. Please note, even if you choose to opt out, you may continue to receive general information about our products and services via our platform.

Legal Grounds for Processing Your Personal Data

We use your personal data solely for the purposes for which it was originally collected, unless there are valid reasons to use it for other compatible purposes. The processing of your personal data for the aforementioned purposes is grounded on the following legal bases:

  • Compliance with a legal obligation: Processing is necessary to meet our obligations related to fraud prevention, anti-money laundering measures, and other regulatory requirements.
  • Performance of a contract: Processing is necessary to establish, maintain, or fulfill our contractual commitments to you as our customer or payer.
  • Legitimate interests: Processing is necessary for our legitimate interests or those of third parties, such as protecting your safety, preventing fraud, managing and improving our services, conducting direct marketing, assessing risks, resolving inquiries or disputes, pursuing legal claims or defenses, sharing information with service providers, auditors, and technology partners, monitoring our relationship with you, and safeguarding the security and integrity of our IT infrastructure.
  • Consent: Processing is based on your explicit consent when you have granted us permission to process your personal data.

Automated Decision-Making and Profiling

We do not rely solely on automated processes to make decisions that significantly affect you. However, certain aspects of your personal information may be processed automatically to assess specific personal characteristics and other relevant factors, helping us predict potential risks or outcomes in the following situations:

  • Performing data assessments such as verifying your identity, checking your address, and reviewing payment transactions. These steps are part of our efforts to prevent fraud, comply with anti-money laundering regulations, and combat the financing of terrorism. This allows us to operate our services effectively and ensures that decisions are fair, consistent, and based on accurate information.
  • Promoting our services and products, subject to your explicit consent.

Your Rights

You are entitled to certain rights regarding how we handle your personal information:

  1. Right of Access: You have the right to request a copy of the data we hold about you. This includes confirmation of whether we process your personal data, and if so, access to the data itself along with additional details such as the purposes of processing, the types of personal data involved, and the categories of recipients who receive this data. Requesting a copy of your data will not infringe upon the rights and freedoms of others.
  2. Right to Rectification: You can ask us to correct any inaccurate or incomplete personal information we hold about you. You have the right to have incorrect data corrected and, where applicable, to have incomplete data filled in, considering the purposes for which we process your information.
  3. Right to Erasure (“Right to be Forgotten”): You may request that we delete your personal data under certain circumstances, such as:
    • When the data is no longer necessary for the purpose it was collected or processed.
    • When you withdraw your consent, and there is no other legal ground for processing.
    • When you object to processing, and there are no overriding legitimate reasons for continuing.
    • When the data has been unlawfully processed.
    • When erasure is required to comply with a legal obligation.

    Please note that, as a regulated financial institution, we may not be able to fulfill all deletion requests, especially when processing is necessary for:

    • Complying with legal obligations imposed on us, such as retaining transaction data for at least 5 years under Cyprus Law 188(I)/2007 on the Prevention and Suppression of Money Laundering.
    • Serving the public interest.
    • Establishing, exercising, or defending legal claims.
  4. Right to Restrict Processing: You can request a restriction on processing your data if any of the following apply:
    • You contest the accuracy of the data, and we need time to verify its correctness.
    • The processing is unlawful, and you oppose erasure, requesting restriction instead.
    • We no longer need the data for processing purposes, but you require it for legal claims.
    • You have objected to processing based on our legitimate interests, pending verification of whether those interests outweigh your rights and freedoms.

    When processing is restricted, we will retain your data but will only process it further with your consent, for legal claims, to protect others’ rights, or for important public interests.

  5. Right to Data Portability: You can request to receive the personal data you shared with us in a structured, commonly used, machine-readable format. You also have the right to transmit this data to another organization or request us to do so if:
    • The processing is based on your consent or a contract.
    • The processing is automated.
  6. Right to Object: You may object to the processing of your personal data at any time, based on your particular situation, if the processing is justified on our legitimate interests. If you exercise this right, we will cease processing unless we can demonstrate compelling grounds that override your interests or rights, or if the processing is necessary for legal claims. If you object to processing for direct marketing purposes, we will stop such activities immediately.
  7. Right to Withdraw Consent: If our processing of your data relies on your explicit consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the legality of processing carried out before your revocation.

How to Exercise Your Rights

If you wish to exercise any of the rights mentioned in the previous section, please send an email to [email protected].

Please note that we may ask you to verify your identity before processing your request. Some rights are not absolute; exceptions or limitations may apply. For example, we may decline to provide information if doing so would disclose personal details of another individual, or refuse to delete data we are legally required to retain, have a legitimate interest in keeping, or need to access to comply with legal requirements.

All requests to access your personal data must be made in writing. We will do our best to respond within one month. For complex or multiple requests, this period may extend up to three months.

We reserve the right to charge a reasonable fee to cover the costs of providing the information or to refuse requests that are clearly unfounded or excessive.

While we aim to assist you to the best of our ability, if you are dissatisfied with our response, you have the right to file a complaint with the Office of the Commissioner for Personal Data Protection:
Office of the Commissioner for Personal Data Protection
Kypranoros 15, Nicosia 1061, Cyprus
Email: [email protected]

How long we keep your data

The period for which we retain information about you will vary depending on the type of information and the purposes we use it for.

We will keep your personal data for as long as we have a business relationship with you. Once our business relationship ends, we will keep your personal data for five years, as required by Cyprus Law 188(I)/2007 for anti-money laundering purposes, or longer if mandated by other applicable laws or legal disputes.

We may process your personal data for a longer period based on other lawful reasons including handling complaints, resolving legal disputes, complying with regulatory or taxation requirements, or preventing fraud and money laundering, as permitted by GDPR Article 17(3) and Cyprus law.

Children’s Personal Data

Our services are intended for a general audience and are not directed towards children under 18 years of age. If we discover that any personal information has been provided by a child under 18, we will promptly delete that information.

Data Protection

Any information you share with us is kept securely, and we implement suitable organizational, technical, and administrative safeguards to protect your personal data. Upon receipt of your information, we employ strict procedures and security measures to prevent unauthorized access. However, please understand that neither internet transmission nor data storage can be entirely foolproof, and no system can guarantee complete security.

If you suspect that your interaction with us is no longer secure, please contact us without delay.

Use of cookies

Like many other websites, our website uses cookies. “Cookies” are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit.

It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.

We use:

  • Session cookies: enable Collect & Pay CY to process and memorize your transactions and requests during a given session on your account. These cookies are necessary in order to use the Services.
  • Persistent cookies: enable us to remember your information in order to provide easier and more convenient access to the Services, tailored information, and web content.
  • Security cookies: recognize your browser or device for security purposes and prevent fraudulent activity on your account.
  • Cross-device cookies: recognize you when you sign in to use our website or mobile application, allowing us to track your activity across multiple devices and browsers and maintain items in your basket.
  • Advertising cookies: track your activity in Collect & Pay CY to discover which adverts you click, either to show you related content or to limit how often we display those ads.
  • Attribution cookies: estimate which advertising or marketing source you followed to come to Collect & Pay CY and determine which source should receive credit for actions like a visit or a purchase.
  • Analytics cookies: research how customers interact with our services (for example, statistical reports) so we can improve the quality of the Collect & Pay CY website, platform, and services.

Collect & Pay CY retains the right to cooperate with any third party (including search engines, analytics providers, social media networks, and advertising companies) which may use its own tracking technologies to provide certain services or features, including targeted online marketing techniques such as attribution tracking, remarketing, and cross-device tracking. Such third parties may provide us with statistical information about you (for example, your interests or device details), which helps us improve the adverts shown each time you visit Collect & Pay CY.

PLEASE NOTE THAT IF YOU REJECT OR BLOCK ALL COOKIES IN YOUR BROWSER SETTINGS, YOU WILL NOT BE ABLE TO TAKE FULL ADVANTAGE OF Collect & Pay CY SERVICES AS SOME COOKIES ARE NECESSARY FOR THE SITE TO FUNCTION PROPERLY.

Updates to this Privacy Policy

We may revise this Privacy Policy periodically by posting an updated version on our website. We recommend reviewing this page occasionally to stay informed about any changes. If significant modifications are made, we might also notify you via email.

Consent

By using our website and our platform, you agree to our Privacy Policy and accept its terms.

Contact Details

For additional information, questions, or requests concerning how your personal data is processed or to exercise your rights related to your data, please reach out to us in writing through one of the following methods:

  • Data Protection Officer: [email protected]
  • Postal Address: Thessalonikis 13 str., 3025, Limassol, Cyprus

For security purposes, we may require proof of identity. If a third party is acting on your behalf to exercise any of your rights, we may also ask for proof that they are authorized to do so.

Last Updated: 26/6/2025