Privacy Policy

Table of Contents

  1. Controller
  2. Data categories
  3. Purposes & legal bases
  4. Data sharing
  5. International transfers
  6. Retention
  7. Your rights
  8. EU representative & DPO
  9. Children
  10. Contact

1. Controller

Eftaapay Limited is the data controller for personal data collected through the Bizaldo websites, apps and commercial relationships with merchants and prospects. For payment processing data handled on behalf of merchants (e.g., end-customer transaction data flowing through Bizaldo-enabled integrations), Eftaapay Limited acts as a data processor and the merchant is the data controller.

2. Data categories

  • Account & identity data: name, business role, email, phone, password hashes, authentication logs.
  • Business & KYC data (merchants): legal name, registration numbers, beneficial ownership, risk profile, compliance documents.
  • Transaction & device data: order IDs, basket info, amounts, currency, timestamps, device identifiers, IP address, user agent, app telemetry, crash logs.
  • Support & communications: ticket content, call/chat recordings (where permitted), feedback.
  • Marketing & cookies: marketing preferences, referral data, cookie identifiers; analytics/advertising identifiers where consented.

3. Purposes & legal bases

We process personal data for:

  • Service provision & account administration (Art. 6(1)(b) GDPR – contract; UK GDPR equivalent).
  • Onboarding, KYC/AML, fraud prevention & risk management (Art. 6(1)(c) – legal obligation; Art. 6(1)(f) – legitimate interests).
  • Improving and securing our services (Art. 6(1)(f)).
  • Marketing communications (Art. 6(1)(a) – consent for electronic direct marketing in the EEA; Art. 6(1)(f) – B2B soft opt‑in where permitted; you can opt out at any time).
  • Legal claims, compliance & record keeping (Art. 6(1)(c) and 6(1)(f)).

Where we rely on consent, you may withdraw it at any time via Cookie Settings or by contacting us.

4. Data sharing

We share personal data with:

  • Payment and acquiring partners (regulated PSPs/acquirers) to enable merchant acquiring and settlement.
  • KYC/AML providers & identity verification partners.
  • Cloud hosting & infrastructure providers.
  • Analytics, product, and support tools.
  • Professional advisers (legal, audit, compliance) and where required by law or competent authorities.

A live list of key processors/sub‑processors will be maintained at: bizaldo.com/legal/subprocessors (link to be published).

5. International transfers

We may transfer data outside the EEA/UK. Where we do, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, plus technical/organizational measures.

6. Retention

We retain personal data for as long as necessary for the purposes above, and to meet legal/contractual obligations (for example, AML/financial records are typically kept for 5–10 years depending on jurisdiction).

7. Your rights

Under EU/UK data protection laws, you may have rights to access, rectify, erase, restrict, object to certain processing, port data, and where applicable withdraw consent. You also have the right to lodge a complaint with your local authority (e.g., ICO in the UK, or your EU supervisory authority).

8. EU representative & DPO

EU Representative (Art. 27 GDPR): To be confirmed (if required). Details will appear here.

Data Protection Officer (DPO): Not legally required at present; if appointed, details will be provided here.

9. Children

Bizaldo is a B2B service and is not directed to children under the age of 16.

10. Contact

Questions or requests: privacy@eftaapay.com or postal address above.

© 2025 Bizaldo. All rights reserved.