Privacy Notice
Version 1.1 — 15 August 2025
About this Notice
This Privacy Notice explains what personal data Paylander processes, why we process it, how long we keep it, who we share it with, and how you can exercise your rights.
Scope & Roles
● “Representative.” You act on behalf of a Merchant that wishes to use Paylander’s services. For most activities in this context, Paylander acts as a data controller.
● “End Customer.” You purchase goods or services from a Merchant that uses Paylander. For transaction processing, Paylander typically acts as the Merchant’s data processor. In certain cases (e.g., fraud prevention and compliance checks), Paylander may act as an independent controller.
“Services” means our payment gateway and related tools, APIs, dashboards, support, and communications.
Personal Data We Process
Representatives (Controller)
Categories we may collect (via website, Merchant Application, API/portal, or support):
● Identity & Contact: name, business email, phone, role/title, company, country.
● KYC/Onboarding: date of birth, nationality, beneficial ownership details, ID documents and images (where legally required).
● Business & Contract: merchant application details, service selections, correspondence, signatures.
● Technical/Usage: login credentials, access logs, device/browser info, IP address, activity within the dashboard.
Main purposes:
● Create and manage merchant accounts and access to Services.
● Perform onboarding, due diligence, and risk/compliance reviews.
● Prepare and administer contracts and provide support.
● Detect, investigate, and prevent fraud or illicit activity.
● Communicate operational updates about the Services.
● Analyze and improve our Services and user experience.
● Conduct surveys and research to enhance quality.
● Marketing and commercial outreach (where permitted).
● Fulfil legal and regulatory obligations (e.g., AML/CTF).
End Customers (Processor for the Merchant; sometimes Controller for AML/Fraud)
Data we may receive from the Merchant or collect through our interfaces:
● Contact & Identifiers: name, email, phone, billing/shipping address, country/city.
● Transaction: order details, amounts, currency, payment method, status, timestamps.
● Risk & Compliance Signals: IP address, device/browser data, geolocation derived from IP, fraud indicators, chargeback information.
Main purposes:
● Process payments and support settlement and reconciliation.
● Detects and prevents fraud, abuse, and money laundering.
● Manage disputes, complaints, and support inquiries.
● Assist Merchants with reporting and customer service.
● Meet legal, regulatory, and card/network obligations.
● If you are an end customer, the Merchant’s privacy notice governs how your data is used by the Merchant. Please review it for full details.
Legal Bases
We process personal data when at least one legal basis applies:
● Contract / Pre-contract: onboarding and servicing Merchant relationships.
● Legitimate Interests: service security, fraud prevention, service improvement, internal analytics, and certain B2B communications (balanced against your rights).
● Consent: certain marketing communications and, where required, placement of non-essential cookies. You can withdraw consent at any time.
● Legal Obligation: AML/CTF checks, accounting, tax, regulatory reporting, responding to lawful requests.
Sharing & Disclosure
● We may share personal data where necessary and lawful with:
● Regulators and public authorities (when we have a legal duty).
● Payment ecosystem partners: acquiring banks, card schemes, payment method providers, gateway and processing partners.
● Service providers (processors): cloud hosting, KYC/AML screening, fraud detection, communications, analytics, support tools.
● Professional advisers: legal, compliance, financial, and audit firms.
● Marketing & advertising partners (only where permitted and subject to your choices).
● We also share aggregated or anonymized insights that do not identify you.
International Data Transfers
Where data is transferred outside the country scope, we use appropriate safeguards (e.g., adequacy decisions or Standard Contractual Clauses, plus technical and organizational measures). You may contact us to request more information about these safeguards.
Retention
We keep data only as long as needed for the purposes described or as required by law and sector rules. Typical examples:
● KYC/AML records: retained for the statutory period after the relationship ends.
● Transaction records: retained for the period required by financial, tax, and network rules.
● Marketing data: retained until you opt out or withdraw consent, after which we keep a minimal record of your opt-out.
Security
We maintain administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, alteration, loss, or misuse. No method of transmission or storage is 100% secure, but we continuously assess and improve our controls.
Your Rights
Subject to applicable law, you may have the right to:
● Access your data; rectify inaccuracies; erase data; restrict processing;
● Portability of data you provided to us;
● Object to processing based on legitimate interests, including direct marketing;
● Withdraw consent at any time (does not affect past lawful processing);
● Not be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects; request human review where applicable.
To exercise rights, email @Paylander.com. You can also lodge a complaint with your local data protection authority.
Cookies & Similar Technologies
We use cookies and similar tech on our sites and dashboards. For details on types, purposes, and how to control them, see our Cookie Notice page. Where required, we obtain your consent before setting non-essential cookies.
Contact
Data Protection Officer: dpo@paylander.team
Support: support@paylander.team
Updates to this Notice
We may update this Notice to reflect changes in law or our practices. Updates will be posted here and apply from the effective date shown above.