Privacy Policy

Paylinq Ltd (“Paylinq”, “we”, “us”, or “our”) is a UK-registered fintech company (Company No. 15488709) with its registered office at 85 First Floor, Great Portland Street, London, W1W 7LT, United Kingdom. We operate as a business-to-business (B2B) payment gateway and processor serving regulated industries in Europe and the UK (for example, online gaming and casinos). We are committed to protecting your privacy and handling your personal data in a transparent and fair manner, in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and other applicable privacy laws.This Privacy Policy explains what personal information we collect, how we use and share it, and your rights in relation to your data. In this Policy, “personal data” (or “personal information”) means any information relating to an identified or identifiable natural person. By using Paylinq’s website (paylinq.co) or services (“Services”), you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please discontinue use of our Services.

1. Information We Collect

We collect personal data about you both directly and indirectly, depending on your interaction with us (for example, whether you are a business client, a website visitor, or an end-user making a payment through a Paylinq-supported merchant). This information may include:

Identity and Contact Data: Information such as your name, email address, telephone number, postal address, and job title. For example, if you are a representative of a client or you contact us through our website or email, you may provide us with your name, contact details, and the content of your communications. We may also collect your company’s details and your role at the company when you sign up for our Services.
Financial and Transaction Data: Information needed to process payments or transactions through our gateway. This may include payment method details (such as credit or debit card numbers or bank account information), transaction amounts, dates and times of transactions, and related payment information. If you are an end-user making a payment to one of our business clients, we collect data about the transaction and may receive your contact or payment details from that client or from you directly as part of the payment process.
Compliance and Verification Data: As a regulated payment processor, we may need to collect “Know Your Customer” (KYC) or “Know Your Business” (KYB) information for compliance purposes. This can include copies of identification documents (e.g. passport, ID card, or driver’s license), proof of address (such as a utility bill), date of birth, government identification numbers, and other information required to verify identity and conduct due diligence. For business clients, we might collect information about company directors, owners, or representatives (which could include personal data of those individuals) to satisfy legal and regulatory obligations.
Website Usage Data: When you visit our website or use our online Services, we automatically collect certain technical information about your device and browsing actions. This includes your IP address, browser type and version, device identifiers, pages or screens viewed, dates/times of access, and other usage logs. We also gather data on how you interact with our website, such as what links you click or content you view, which helps us understand engagement with our Services.
Cookies and Tracking Data: As described in the Cookies and Tracking Technologies section below, we use cookies and similar tools to collect data about your browsing activities on our site. This can include information about your preferences and browsing history on our website.
Communication Data: If you communicate with us (for example, by emailing our support or filling out a contact form), we will collect the content of your communications and any other information you choose to provide. This may include inquiries, feedback, or other details you share when you interact with us via email, phone, social media, or other channels.
Information from Third Parties: In some cases, we obtain personal data from third-party sources. For instance, we may receive information from credit reference agencies, identity verification providers, fraud-prevention services, or our business partners. If you are an end-user transacting through a merchant that uses Paylinq, that merchant might provide us with certain personal data about you needed to process the payment. We only collect and use such third-party information in accordance with applicable laws and this Policy.
We collect personal data either directly from you (e.g., when you fill out a form or communicate with us), automatically through your use of our Services, or from third parties as described. Providing personal data is often necessary for us to provide the Services – if you choose not to provide certain data, we may not be able to offer you the full functionality of our Services.

2. How We Use Your Information

We use the personal data we collect for the following purposes, and only as permitted by law:

Providing and Operating Our Services: To operate our website, platforms, and payment gateway, and to deliver the Services you request. This includes using personal data to set up accounts, facilitate and process transactions, authenticate users, and generally administer and provide our payment processing services. We also use data to provide customer service and technical support, ensuring that you can effectively use our Services and that any issues or inquiries are addressed.
Responding to Inquiries and Providing Support: To communicate with you and respond to your questions, requests, or complaints. For example, if you contact us for assistance, we will use your provided information to address your inquiry and help resolve any issues. This may include sending service-related announcements or notifications necessary for the operation of the Services.
Personalization: To personalize and tailor the content, user experience, and offers on our website or Services to your interests and needs. For instance, we may use cookies and usage data to remember your preferences, display relevant information, or suggest features that align with your usage patterns.
Marketing (with Consent): To send you marketing and promotional communications about our products, services, new features, or events, only if you have given us your consent or if otherwise permitted by law. You have the choice to opt-in to such communications, and you can opt out at any time (see Your Rights below). We will not spam you; typically, these communications may include newsletters or updates that we think are of interest to our business customers.
Improving and Developing Services: To analyze the performance and use of our Services in order to improve our offerings and develop new features. We examine aggregated usage data and feedback to understand how users interact with our platform, which helps us enhance functionality, user experience, and overall service quality. These analytical efforts may involve debugging, testing, and research and do not typically involve profiling of individuals, but rather general analysis to make our Services better and more efficient.
Security and Fraud Prevention: To protect our business, Services, and users from fraud, malicious activity, and other risks. We monitor and use personal data (such as transaction patterns or login activity) to detect and prevent fraudulent transactions, unauthorized access, hacking attempts, money laundering and other illegal or abusive activities. We also use personal data to enforce our terms of service and to protect our rights, privacy, safety or property, and those of our clients, users, or the public. This may include using personal data in the investigation and mitigation of security incidents or violations.
Legal Compliance: To fulfill our legal and regulatory obligations that apply to our operations. As a regulated payment processor, we must adhere to laws such as anti-money laundering (AML) regulations, anti-fraud laws, tax and accounting requirements, and court or regulatory orders. This means we may process personal data to perform identity verification (KYC/KYB checks), keep proper transaction records, report to authorities as required, and respond to lawful requests from government or law enforcement (see Sharing Your Information below). We will also use personal data as necessary to establish, exercise, or defend legal claims, and to comply with any other legal obligations imposed on us.
We will only use your personal data for the purposes above or for closely related purposes. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis, unless otherwise required or permitted by law.

Legal Basis for Processing

Under data protection laws (including GDPR), we must have a valid legal basis to process your personal data. Depending on the specific context of processing, we rely on one or more of the following legal bases:

Performance of a Contract: Many of our data processing activities are necessary to provide our Services and perform our contract with you (or the organization you represent). For example, when we process transactions or set up an account at your request, we do so on the basis that it is necessary for fulfilling our contractual obligations to you. If you decline to provide data that is necessary for the contract (such as payment details or identity information for compliance checks), we may not be able to deliver the Service.
Legitimate Interests: We process certain data as needed for our legitimate business interests, provided those interests are not overridden by your data protection rights. This includes uses like improving and securing our Services, preventing fraud, contacting our business clients about service updates, or analyzing use of our platform. We always consider the impact on your privacy and implement safeguards to ensure no undue harm to your rights. For instance, it is our legitimate interest to keep our platform secure and to prevent fraudulent activity, which benefits all users.
Legal Obligation: Some processing is necessary for us to comply with our legal obligations. For example, we may process and retain transaction records and KYC documentation to meet regulations and laws applicable to financial services. When we disclose personal data to authorities or regulators as required by law, this is done on the legal obligation basis.
Consent: Where we do not rely on another legal basis, we will seek your consent for processing personal data. The primary example is using your email to send marketing communications: we will only do so if you have given explicit consent (such as by subscribing to a newsletter or opting in). You have the right to withdraw consent at any time (for example, you can unsubscribe from marketing emails via the link provided in the email or by contacting us). In some cases, if required by specific national laws, we may treat your acceptance of this Privacy Policy or use of our Services as indicative of consent for certain processing – but we will always abide by the strictest requirement and obtain explicit consent where mandated.
We will normally identify the applicable legal basis at the point of data collection or soon thereafter. If you have any questions about the legal basis for any specific processing of your personal data, feel free to contact us (see Contact Us below).

4. Sharing Your Information

We do not sell or rent your personal data. However, in the course of operating our business and providing our Services, we may share your personal information with third parties in the following circumstances:

Within the Paylinq Group: If Paylinq Ltd in the future has affiliates, parent, or subsidiary companies, we may share personal data within our corporate group. This would be done only as needed for internal administrative purposes and to provide the Services (for example, if different affiliates perform different parts of the Service). All group entities will follow privacy practices that are at least as protective as those described in this Policy.
Service Providers and Partners: We share personal data with trusted third-party service providers who perform services on our behalf, or who assist us in delivering our Services. These include, for example, cloud hosting providers, payment and banking partners, fraud prevention and identity verification services, analytics providers, customer support tools, and other IT or professional services. We only share the data that is necessary for these providers to perform their functions, and they are contractually obligated to protect it and use it only for the purposes we specify.
Business Clients (for End-User Transactions): If you are an individual making a payment or transaction through a merchant or business that uses Paylinq, we may share certain transaction data back with that client to fulfill the service. For instance, when you initiate a payment on a client’s site, the payment details and confirmation need to be shared with that client to complete the transaction and notify them of the result. The client’s use of that information is typically governed by their own privacy policy, as they may be the data controller in that context.
With Your Consent or Direction: We will share your information with third parties if you specifically request or consent to such sharing. For example, if you consent to receive communications from a partner company or you instruct us to integrate with a third-party service, we will share data as needed to fulfill your request. Similarly, if we ever want to share your data for a new purpose (e.g., sharing with a partner for their own marketing), we would ask for your consent.
Legal and Regulatory Disclosure: We may disclose personal data when required to do so by law or lawful request. This includes complying with subpoenas, court orders, or other legal process, and responding to requests from law enforcement agencies, regulators, or government authorities as necessary to meet national security or law enforcement requirements. Where possible and appropriate, we will inform you of such disclosure.
Protection of Rights and Safety: We may share personal data if we believe in good faith that it is necessary to protect our rights, property, or safety, or that of our customers, users, or others. This can include exchanging information with other companies and organizations for fraud prevention, risk reduction, or investigation of potential illegal activities. For example, if we detect fraud, we might share data with appropriate authorities or with other financial institutions to mitigate that risk.
Business Transfers: If Paylinq undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, personal data may be transferred to the successor or acquiring entity as part of the transaction. We will ensure any such transfer is subject to confidentiality agreements and that your data remains protected. Similarly, in the unlikely event of insolvency, bankruptcy, or receivership, information may be considered an asset and transferred or sold to third parties as permitted by law, in accordance with this Policy.

In all cases, we only share the information that is necessary for the third party to carry out the relevant purpose. When we share data with service providers or partners, they are bound by appropriate contractual terms to process personal data only for our specified purposes and to apply adequate security measures. If you have questions about third parties we use, feel free to contact us for more specifics.

5. International Transfers

Paylinq is based in the United Kingdom, but we may process and store personal data in various countries. In particular, our Services are available to clients in Europe and the UK, and our management and certain operational personnel may be located outside the UK. For example, our company director is resident in Israel, and some of your data may be accessed or processed from Israel as part of our business operations.This means your personal data might be transferred to, or accessed from, jurisdictions outside your home country or outside the European Economic Area (EEA)/United Kingdom. Such countries may have data protection laws that differ from those in your jurisdiction, and in some cases may not be deemed to provide the same level of protection for personal data.Whenever we transfer personal data internationally, we take steps to ensure an appropriate level of protection for your information in accordance with applicable law. If your data is transferred from the UK or EEA to a country that is not recognized by the UK Government or European Commission as providing an adequate level of data protection, we will implement relevant safeguards. Typically, these safeguards include using European Commission-approved Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement/Addendum, combined with additional technical and organizational measures as needed. In some cases, transfers may be justified by an adequacy decision (for example, the UK and EU have recognized Israel as providing adequate data protection, which covers transfers to Israel), or by other permitted derogations under GDPR.You can request more information about our international data transfer safeguards (including copies of relevant agreements) by contacting us. We continuously monitor our data flows and legal requirements to ensure compliance with cross-border data protection rules.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy. This means we keep your data for as long as you have an account or an ongoing relationship with us, and for a certain period thereafter as needed. For example, we may retain personal data for the duration of our contract with you and then archive it for a defined period .In certain cases, we may retain data for longer periods if required by law or justified by our legitimate business needs. This includes situations such as: compliance with legal, tax, or accounting requirements (e.g. many financial laws require retaining transaction and KYC records for a number of years); handling disputes or enforcing agreements; and maintaining sufficient business records and audit trails. We retain data to the extent we believe it is reasonably necessary for legal compliance and to protect our legal interests (for instance, to have evidence and documentation in case of any legal claims or complaints). Once personal data is no longer needed for the stated purposes or any legitimate overriding reason, we will securely delete or anonymize it.The exact retention periods for different categories of data can vary based on legal requirements and the context of processing. For example:

Transaction records and associated personal data may be kept for a minimum period (often 5 years or more from the end of a customer relationship) as required by anti-money laundering laws.
Communications you send us might be retained for a shorter period, unless they form part of our business records.
Cookie data and analytics may be retained for technical analysis for a certain number of months, as governed by our internal policies or Cookie Policy.

We periodically review the data we hold and erase or anonymize data that is no longer needed. If deletion is not immediately feasible (for example, because the data is stored in backups), we will ensure that the data is securely stored and isolated from further active use until deletion is possible.

7. Your Rights (under GDPR and applicable privacy laws)

Depending on your jurisdiction and the applicable privacy laws (notably the UK GDPR, EU GDPR, and similar regulations), you have a number of important rights regarding the personal data we hold about you. We respect these rights and have processes in place to enable you to exercise them.

These rights include:

Right to Access: You have the right to ask whether we are processing personal data about you, and to request access to the personal data we hold about you. We will provide you with a copy of your information in a commonly used format, and also explain details such as why we have your data, how we use it, and with whom we share it, as required by law.
Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data that we hold about you. If you become aware that any of your details are incorrect, please contact us so we can make the necessary updates.
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (often called the “right to be forgotten”). For instance, if the data is no longer needed for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing, or if we processed data unlawfully, you can ask us to erase it. We will honor valid erasure requests to the extent required by law, bearing in mind that we may need to retain some information when required (e.g., to comply with a legal obligation or if retention is mandated by law).
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions. This could apply if you contest the accuracy of the data (while we verify it) or if you have objected to our processing (pending our review of our interests versus yours). When processing is restricted, we will still store your data but not use it further until the restriction is lifted.
Right to Object: You have the right to object to our processing of your personal data in some cases. Notably, you can object at any time to processing of your personal data for direct marketing purposes, and we will then cease processing your data for that purpose. You may also object if we are processing your data based on legitimate interests or for a task in the public interest, and you believe it impacts your fundamental rights and freedoms. We will honor objections unless we have a compelling legitimate ground to continue or a legal obligation that requires us to continue.
Right to Data Portability: Where processing is based on your consent or on a contract and carried out by automated means, you have the right to request a copy of the personal data you provided to us in a structured, commonly used, machine-readable format, and you can ask us to transfer this data to another data controller (where technically feasible). This right facilitates the ability to move your data to other services.
Right to Withdraw Consent: If we rely on your consent for any processing of your personal data, you have the right to withdraw that consent at any time. For example, if you have subscribed to our marketing emails and no longer wish to receive them, you can withdraw your consent and we will stop such processing. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
Rights Related to Automated Decision-Making: In the unlikely event that we make decisions about you solely by automated means that significantly affect you (and without any human involvement), you have the right not to be subject to such decisions unless certain conditions are met. Paylinq’s typical processing does not involve purely automated decisions that produce legal effects for individuals; however, if we ever engage in such profiling or automated decision-making, we will inform you and ensure your rights (such as the right to obtain human intervention or to contest the decision) are protected.
Right to Complaint: You always have the right to lodge a complaint with a supervisory data protection authority about our collection or use of your personal data. If you are in the UK, this would be the Information Commissioner’s Office (ICO). If you are in the EU, you can contact your local Data Protection Authority. We encourage you to first contact us so we can address your concerns directly, but you are entitled to contact the authority at any time.

Please note that these rights are not absolute and may be subject to certain legal conditions and exemptions. For example, we might not erase data that we are required to keep by law, or we might refuse an access request if it adversely affects the rights and freedoms of others. We will evaluate each request and communicate with you if any exception applies.

8. Exercising Your Rights

You can exercise your rights at any time by contacting us (see Contact Us below). We will need to verify your identity adequately before fulfilling certain requests, to ensure we don’t disclose your data to someone who isn’t you. In some cases, we may request additional information to confirm your identity or to clarify your request (for instance, to specify the data to which your request relates). We will respond to your request as soon as possible and in any event within the timeframe required by law (generally within one month, with the possibility of extension in certain complex cases). Our team will do its best to address your requests or concerns; if you are unsatisfied with our response, you have the right to appeal our decision or lodge a complaint with the relevant data protection authority.

9. Cookies and Tracking Technologies

Like many websites, we use cookies and similar tracking technologies to collect information when you interact with our site or services. Cookies are small text files that are placed on your computer or device when you visit certain web pages. They help track your activities and remember your preferences, enhancing your experience by personalizing content and enabling certain features. For example, cookies allow us to keep you logged in to your account, recall your language preferences, and understand how you navigate through our site so we can improve its design.

Essential Cookies: These are necessary for our website to function properly (e.g., to facilitate payment processing or secure login).
Analytical/Performance Cookies: These help us gather statistics about visits and traffic to our site, so we can improve performance (for example, Google Analytics cookies that collect anonymous aggregate data on user behavior).
Functional Cookies: These remember your choices and preferences to provide a more personalized experience (such as your chosen language or region).
Targeting/Advertising Cookies: We do not currently serve third-party ads on our site, but if we do in the future, these cookies would be used to deliver relevant advertisements to you and measure their effectiveness.

We may also use web beacons or pixels (tiny graphic images embedded in emails or on the site) that work in conjunction with cookies to track things like whether an email was opened or whether a link was clicked. This helps us gauge the effectiveness of our communications and marketing campaigns.

10. Your Choices:

Your Choices: You have the option to manage or disable cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. You can also delete cookies that have already been set. Please note that if you choose to block or delete cookies, some features of our website or Services may not function as intended. For example, disabling cookies might prevent you from logging in or using interactive features. We provide an opt-out for non-essential cookies where required by law (such as via a cookie consent banner when you first visit our site). For further information on how to manage cookies, check your browser’s help documentation. Keep in mind that rejecting cookies does not mean you will no longer see any content from us, but it may limit your experience and the personalization of content.For more details about the cookies we use, you can refer to our Cookie Policy (if available) or contact us with any questions. By continuing to use our site with cookies enabled, you are agreeing to our use of cookies as described here.

11. Data Security

We take the security of your personal data very seriously. Paylinq has implemented suitable technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or damage. These measures include, for example, encryption of sensitive information (both in transit and at rest), access controls to limit who within our organization can access personal data, regular security audits, and maintaining up-to-date security software. We also ensure that any third-party service providers we use for data processing implement appropriate security standards.While we strive to protect your information, please note that no method of transmission over the internet or electronic storage is completely secure. We therefore cannot guarantee absolute security of your data. However, we follow industry best practices to minimize risks. In the unfortunate event of a data breach affecting your personal data, we will notify you and the appropriate authorities as required by law.We also encourage you to play a role in keeping your data secure. This includes using strong passwords for your accounts, keeping your login credentials confidential, and being mindful of phishing or social engineering attacks. If you have any reason to believe that your interaction with us or your data might no longer be secure (for instance, if you suspect that your account has been compromised), please contact us immediately.

9. Contact Us

If you have any questions or concerns about this Privacy Policy, contact us at:

Email: hello@paylinq.co
Address: 85 Great Portland Street, First Floor, London W1W 7LT

Paylinq Ltd is the data controller responsible for the processing of your personal data as described in this Policy. Our company is registered in England and Wales, and is subject to the UK Information Commissioner’s Office (ICO) as the lead supervisory authority for data protection. You can also contact the ICO (or your local supervisory authority) if you wish to lodge a complaint, but we kindly ask that you contact us first so we can address your concerns directly.Last updated: 27/07/2025. We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify our clients by email or through our website, and indicate the date of the latest revision at the top of the policy. We encourage you to review this Policy periodically for any updates.