Our services in the UK including the the issuance of electronic money (regulation 2(1) of the Electronic Money Regulations 2011) and the provision of payment services (as defined in regulation 2(1) of the Payment Services Regulations 2017) are temporarily unavailable due to voluntary restrictions on our financial activities. For more information, please visit the FCA’s website
This measure is temporary, and we are working to resume normal operations soon. If you have any questions, please contact us at our customer support - [email protected] - who will happily assist you.
PRIVACY POLICY FOR ASTROPAY AS A SERVICE PROVIDER EUROPE
Purpose of this policy
The purpose of the privacy policy is to inform you how AstroPay processes your personal data. With this policy, we wish to make you aware of the information we collect and process and, if possible, for how long we store it. This privacy policy regulates the processing of personal data by us in connection with trading, interaction, or other exchange of personal data with us.
Any reference made to “we”, “ours”, “us”, “AstroPay” or “AstroPay Companies” included in this privacy policy means the group of companies which each directly or indirectly controls, is controlled by, or are under common ownership.
Description of processing
AstroPay process your information for one or more specific purposes and in accordance with the data protection regulations. We process your data if you are a customer with us, when we provide payment services to you, if you have created a digital e-Wallet, if you are contacting us, or if you sign up for our promotional and informative communications, etc. The information will generally come directly from you, and we will only process your information for as long as it is necessary for the purpose for which it was collected.
Below you can read more about the types of processing we do.
Providing payment services to you as a user When you use our payment services as a user, we process data about you to provide you with our services. This may include setting up your digital e-Wallet, paying and collecting on online sites, depositing and withdrawing money, transferring money, collecting money with payment links, purchasing, sending and using gift cards or vouchers, creating debit cards, registering and using our mobile AstroPay app, increasing your spending limits, and contacting us about our services in general.
To provide you with our services, we may need to process data about your full name, address, phone no., email address, IP address and date of birth. When we need to verify your identity before providing our services, we may also need to process data about your gender, nationality, passport issuing country, principal citizenship country, passport number, and your previous residency address if the residency address has changed in the last 3 years. If you want to make a limit increase as a part of a loyalty level program, you as a user have to send ID documents and a bank statement or proof of income or use one of our third-party validators to confirm that you have the spending capacity to increase the limits.
We process data about you to enter into an agreement with you as a user of our services (GDPR Article 6(1)(b)). When we need to verify your identity, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
The data primarily comes directly from you as a user of our services. In some cases, the data may also come from a merchant of our services.
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the customer relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
Providing payment services to you as a merchant When signing up as a merchant with us, we may process data about you as contact person and about the business you represent. This includes data about your first and last name, email address, phone no., Skype username, company name, website, industry, total payment volume (TPV) and any message you may leave together with your submission.
When you use our payment services as a merchant, we process data about you to provide you with our services. This may include setting up your digital e-Wallet or Crypto wallet, paying and collecting on online sites, depositing and withdrawing money, transferring money, collecting money with payment links, purchasing, sending and using gift cards or vouchers, creating debit cards, registering and using our mobile AstroPay app, increasing the spending limits for your user(s), and contacting us about our services in general.
To provide you with our services as a merchant, we may need to process data about your company name, company contact name, company email address, company operating address, company registered address, company telephone no. (direct), company website, list of registered company directors, list of company shareholders > 25%, industry type/classification, company registration certificate, company address and proof, company bank details and statements, length of time trading, business description, bank name, bank address, bank sort code, bank account number, IBAN/BIC, annual turnover, average transaction value and peak months.
We process data about you to enter into an agreement with you as a merchant of our services (GDPR Article 6(1)(b)). When we need to verify your identity and or business credentials, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the customer relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
Processing data on you as a reseller When you sign up to get contacted by an advisor to become an official AstroPay distributor (reseller), we may need to process data about your name, email address, phone no., country and any message you may leave together with your submission.
We process data about you to enter into an agreement with you as a reseller of our services (GDPR Article 6(1)(b)). When we need to verify your identity and or business credentials, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the reseller relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
Processing data on you as an affiliate When you fill out the contact form to get contacted by AstroPay as an affiliate candidate, we may process data about your name, email address, phone no., country, Skype username, company name, website and industry.We process data about you to enter into an agreement with you as an affiliate of our services (GDPR Article 6(1)(b)). When we need to verify your identity and or business credentials, we may process the data based on our legal obligations as a payment provider (GDPR Article 6(1)(c)) with the anti-money laundering regulations. You can read more about this processing below. We may also process data about you for security related reasons based on our legitimate interest in keeping our users and services secure, and in general to keep in contact with you (GDPR Article 6(1)(f)).
We delete the information on an ongoing basis, however at the latest 5 years after your last use of our services or interaction with us. Data related to payment transactions may be stored for the current financial year plus 5 years after the end of the affiliate relationship in accordance with local bookkeeping regulations and our obligations as a payment service provider.
Anti-money laundering procedures
As a financial payment provider, we may be required by national legislation to have so-called Customer Due Diligence (CDD) or Know-Your-Costumer (KYD) verification procedures in place to prevent money laundering or terrorism financing activities via our services.
As such, when we onboard you as a physical user, merchant, reseller or affiliate for the use of our services, we may need to collect data about you to verify your identity. This data may include your full name, place and date of birth, permanent residential address, identity reference number or tax reference number, nationality, phone no., email address, unexpired national or other government-issued identity card, passport, driver’s licence, data about politically exposed persons (PEP) and family relations or business relations to PEP and descriptions of unusual or suspicious situations or transactions.
If you are a business or legal person or is representing a business or other legal person, we may need to collect data about your business or legal person to verify its identity or ultimate beneficial owners. This data may include the business’ full name, company registration number, date of incorporation or registration, registered address or principal place of business.
In cases where AstroPay finds an activity or transaction unusual or suspicious, and may be involved with money laundering, AstroPay is required to send information about the transaction to the national anti-money laundering authorities and other competent authorities.
The data used to verify your identity or your business’ identity is processed by us based on our legal obligation to comply with the anti-money laundering and counter-terrorism regulations to which we, as a controller, are subject (GDPR Article 6(1)(c)). We may also process data about you for security related reasons based on our legitimate interest in keeping our customers and services secure (GDPR Article 6(1)(f)).
The data obtained for the identification procedures, including copies of documents, is kept by us for up to 10 years in accordance with the anti-money laundering regulations. We keep the background data, including the original documents (or legalised copy), of the transactions or situations classified as unusual or suspicious, for at least 5 years or up to such a period as may be required by the relevant national regulations and national financial supervisory authorities’ guidelines, which may be up to 10 years.
Transaction monitoring and fraud prevention
To prevent fraudulent use of our services or other criminal activities, we may collect statistical data to monitor transactions from time to time in accordance with our obligations as a financial payment provider set out by the relevant national financial supervisory authorities.
As part of our transactional monitoring and fraud prevention activities, we may collect and process the following types of data: Any unusually high transaction amounts, previous spending patterns, approved and accepted merchants, level of declines, splitting of transactions to gain an authorisation, the country of spending, IP address of purchase, average consumption per user, rejected transactions, times, dates and spread of transactions, login/registration information (IP address of login, user-agent, email address, passwords), name, gender, date of birth, address, country, phone no., use of VPN or Proxy, ID, and proof of address.
The data collected to monitor transactions and to prevent fraudulent use of our services is processed by us based on our legal obligation to comply with the to which we, as a controller, are subject (GDPR Article 6(1)(c)). We may also process data about you for security related reasons based on our legitimate interest in keeping our customers and services secure (GDPR Article 6(1)(f)).
We store relevant contact and identification information as part of our collaboration and our fraud prevention obligations as a financial payment provider. We delete the information continuously, however information required to comply with our obligations as a financial payment provider may be stored for up to 5 years.
Optimisation of our services
As part of our ongoing efforts to further develop and optimise our payment services, we wish to collect and use a variety of data points for analytical purposes to learn how our users and customers interact with our services. These data points may be collected when you sign up for or use our services and via cookies.
The data we may collect in this regard include your full name, gender, ID, birth date, company, address, country, phone no., email address, IP address, account information, payment information, transaction history, obfuscated card no., purchase patterns, type of user, service used, dates, type of transaction, amount of the transaction and application logs.
The above data points are typically anonymised or aggregated before they are used in our data analysis. In case we need to process your personal data directly for the above purposes, we will collect your explicit consent prior to our processing (GDPR Article 6(1)(a)) when we deliver our services to you. You can withdraw this consent at any time. We may also process data on your preferences and interactivity with our services based on our legitimate interest to optimise our services and providing a better service to you if this does not conflict with your interests and fundamental rights and freedoms (GDPR Article 6(1)(f)).
We retain any non-anonymised or non-aggregated data about you for a maximum of 3 years before they are deleted or anonymised.
Notifications and promos
If you have signed up for our promotional or operational notifications or other communications, we need to process your data when we send out notifications and other communication initiatives. We only process data about your name, country, phone no. and email address.
We process your data based on your consent (GDPR Article 6(1)(a)). You have the right at any time to withdraw your consent by writing to [email protected] or by unsubscribing via the link that appears in each notification or other communication initiative.
We also hold certain promotional events, or “promos” or “draws”, that you can participate in to win prices. To participate, we may ask you to sign up to our services via the AstroPay app via a promotional code, by depositing money with your AstroPay account, or a third option depending on the circumstances of the promotional event. We may need to process data on your account information to verify your credentials, such as your full name, address, phone no., email address, IP address, date of birth, gender, passport, principal citizenship country and passport number.
We process your data based on your consent (GDPR Article 6(1)(a)). You have the right at any time to withdraw your consent by writing to [email protected] or by unsubscribing via the link that appears in each notification or other communication initiative.
We keep documentation of your consent for 2 years after you have unsubscribed from our notification or communication initiative, as any criminal liability expires after this period. Data related to participation in promos are kept for 3 years.
Suppliers and business partners
When we enter into agreements with suppliers and business partners, we may process data on you as their contact person. This includes data regarding your name, position, phone no., email address and, if necessary, payment information.
The data is processed to enter into an agreement with the specific supplier or business partner (GDPR Article 6(1)(b)). If your data as a contact person is not directly involved with the contractual relationship with our supplier or business partner, we may still process your data based on our legitimate interest to communicate effectively with our suppliers and business partners (GDPR Article 6(1)(f)).
We store relevant contact information as part of our collaboration. Written correspondence is deleted continuously and at the latest up to 5 years to document the relationship with the supplier or business partner. Data required to comply with the local bookkeeping regulations is stored for current financial year plus 5 years.
Support and complaint management
We collect data about you when providing support services and handling any complaints you may have. The data includes your name, ID, address, email address, phone no., company, position, information related to your complaint, notes on verbal complaints, photos of your payment cards and any additional information that you may send us.
The data is processed based on our legitimate interest in providing you with our support and handling any complaints you may have in order to improve our customer satisfaction, and to make sure that we resolve any issues you may have (GDPR Article 6(1)(f)).
We store the data regarding the support of complaint inquiry for as long as we are handling the inquiry, and up to 5 years after the resolution of the complaint or support inquiry.
Notification by statutory processing
In cases where we process your personal data based on a legal requirement or an agreement or a claim that must be met to enter into an agreement, you are required to provide us with the data so that we can provide you with our services, fulfil the agreement and invoice you for our services, etc. If you do not want to provide us with the data that we need to comply with our obligations, the consequence may be that we provide or continue providing you with our services, or fulfil an agreement with you.
Recipients of personal data
We process your personal data with confidentiality and we generally do not disclose your information with third parties. However, we may disclose your personal data if you have given your consent hereto, when we need to fulfil an agreement with you, if we have a legitimate interest in the disclosure or when we are required to do so by law.
Your personal data can be shared with the following categories of parties:
System, software, and hosting providers
Payment and card service providers
Support providers
Fraud detection and prevention providers
Social media marketing partners
Financial supervisory authorities
We may entrust your personal data to our system suppliers who process personal data on our behalf and according to our specific instructions.
Some of the entities that we share your data with to provide you with our services may be located outside the EU/EEA in which a transfer to a third country occurs. These countries include the USA. In this case, we have made sure that a legal transfer basis as been prepared, including via EU Commission Standard Contractual Clauses (SCC’s).
You may contact us at [email protected] if you wish to get a copy of the legal transfer basis we use or where you can read more about it.
Your rights
When we collect information about you, you have several fundamental rights in the personal data regulations that you can use. Your rights include the right to request access to and rectification or erasure of your personal data, restriction and objection to our processing, and the right to receive your data in a structured, commonly used and machine-readable format (data portability).
If you have consented to our processing of your information, you have the right to revoke this consent at any time. If you want to have your associated profile deleted, you can request this by contacting us at [email protected].
The above-mentioned rights may be associated with conditions and restrictions. Whether you as a data subject can request for example getting your personal data deleted will in any case depend on a concrete assessment.
If you are dissatisfied with our processing of your personal data, you may file a complaint with your national data protection authority.
Our contact information
The company responsible for processing your personal data is: EU/EEA: Larstal Denmark ApS Company Registration No: 42457590Address: c/o Regus Søborg, Automatikvej 1, 3., 2860 Søborg, Denmark Email: l[email protected]
Outside EU/EEA: AP Global Corporation LLP Company Registration No: OC346322Address: 4 King’s Bench Walk, Temple, London, EC4Y 7DL, United Kingdom Email: [email protected]
If you have any questions regarding our processing of your personal data, please feel free to contact us at [email protected].
Revision
We reserve the right to revise and modify these privacy policy guidelines on the processing of personal data. In case of significant changes, we will contact you via email or via a visible notification on our website.
This privacy policy was last revised in April 2024.