Privacy Policy

Effective as of 14/04/2023


This Privacy Policy applies to all customers of PayWings Holding BV, a company registered in the Netherlands with registration number 85996424 and registered address Beemdstraat 5, 5653 MA, Eindhoven, Netherlands (“PayWings”, “”, “we”, “us”, “our”). Please read it carefully before providing us with any information about you.

  1. Introduction

This policy shows our commitment to transparency and the protection of your privacy rights and sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.

It applies to the processing of personal data by PayWings Holding BV, in connection with:

  • use of any of our products, services, or applications (together the “Services”),
  • visit or use our website, (“Site”) or mobile application (“App”).

Please note that our Services, Site and App are not intended for minors below the age of 18 years, and we do not knowingly collect data relating to minors.

Please contact us using the details provided at the end of the policy, for feedback or any privacy enquiries you may have. To be able to use our services, you must accept the terms and conditions of this Privacy Policy in its entirety.

  1. Purpose

This Privacy Policy aims to give you information on why and how we collect and process your personal data.

It is intended to inform you about your privacy rights and how the data protection principles set out in the EU (European Union) General Data Protection Regulation (“GDPR”) and the post-Brexit privacy law publicly known as the UK GDPR protect you.

It is important that you read this Policy together with any other notice or policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of why and how we are using your data. This Policy supplements other notices and policies and is not intended to override them.

  1. About us

In the context of this Policy, PayWings is a Data Controller. The controller of your personal data is the legal entity that determines the “means” and the “purposes” of any processing activities that it carries out.

  1. Data Protection Officer

We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions or complaints related to this Privacy Policy or our privacy practices, or if you want to exercise your legal rights, please contact our DPO at

  1. Privacy Complaints

You have the right to make a complaint about the way we process your personal data to a supervisory authority. If you reside in an EEA (European Economic Area) Member State, you have the right to make a complaint about the way we process your personal data to the supervisory authority in the EEA Member State of your habitual residence, place of work or place of the alleged infringement, or The Dutch Data Protection Authority.

We would, however, appreciate the chance to deal with your concerns before you approach a data protection regulatory authority, so please feel free to contact us in the first instance.

  1. Our duties and your duties in case of changes

We keep our Privacy Policy under regular review. This version was last updated on the date marked in the beginning of the document. From time to time, there will be new versions of this document. We will also additionally inform you on material changes of this Privacy Policy in a manner which will effectively bring the changes to your attention. It is important that the personal data we hold about you is current and accurate. We would like to remind you that it is your responsibility to keep us informed if your personal data changes during your relationship with us.

  1. Third-party links

Our website and any applicable web browser, as well as our mobile application or application programming interface required to access the Services (“Applications”), may include links to third-party websites, plugins, and applications (“Third-Party Sites”). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these Third-Party Sites and are not responsible for their privacy statements and policies. When you leave our Site or Applications, we encourage you to read the privacy notice or policy of every Third-Party Site you visit or use.

  1. Information we collect from you

You may provide some information to us, for example when you enquire for or make an application for the Services, register to use and/or use any Services, by filling in forms on one of our websites, or by corresponding with us by phone, e-mail, web chat or otherwise. We may collect some of it through automatic means, for example by using cookies when you visit our websites. Read our Cookie Policy to know more. We may also obtain data about you from third parties, like credit reference and fraud prevention agencies.

PayWings also collects non-personal information or may anonymise personal information to make it non-personal. Non-personal information is information that does not enable a specific individual to be identified, either directly or indirectly. PayWings may collect, create, store, use, and disclose such non-personal information for any reasonable business purpose. For example, PayWings may use aggregated transactional information for commercial purposes, such as trend analysis and the use of data analytics to obtain learnings and insight around payment transaction patterns and usage.

To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined to be personal information under any local law, and where such local law is applicable to Services, we will manage such identifiers as personal information.

Please note that PayWings provides services to both individual consumers and businesses and this privacy policy applies to both and should be read and interpreted accordingly.

Depending on whether and how you use our Services, Website or App, we will collect, use, store and transfer different kinds of personal data about you which we have grouped in categories as follows:

8.1. Data categories

Category of personal data Examples of specific pieces of personal data
Identity Data first name,
maiden name,
last name,
username or similar identifier,
date of birth and gender,
biometric information, including a visual image of your face,
national identity cards,
passports, driving licences or other forms of identification documents,

a visual image of your face which we will use, in conjunction with our sub-contractors.

Social Identity Data your group/company data,
information on referrals related to you,
political background,
close connections,
behavioural data,
risk assessment,
compliance assessment
Contact Data residence details,
billing address,
delivery address,
home address,
business address,
email address and telephone numbers,
proof of address documentation.
Financial Data bank account,
payment card details,
virtual currency accounts,
stored value accounts,
amounts associated with accounts,
external account details,
source of funds and related documentation.
Transactional Data bank account,
payment card details,
virtual currency accounts,
stored value accounts,
amounts associated with accounts,
external account details,
source of funds and related documentation.
Technical Data internet connectivity data,
internet protocol (IP) address,
operator and carrier data,
login data,
browser type and version,
device type, category and model,
time zone setting and location data,
language data,
application version and SDK version,
browser plug-in types and versions,
operating system and platform,
diagnostics data such as crash logs and any other data we collect for the purposes of measuring technical diagnostics, and
other information stored on or available regarding the devices you allow us access to when you visit the Site, or use the Services or the App
Profile Data your username and password,
your identification number as our user,
information on whether you have another App account and the email associated with your accounts,
requests by you for products or services,
your interests, preferences and feedback,
other information generated by you when you communicate with us, for example when you address a request to our customer support.
Usage Data information about how you use the Site, the Services, mobile applications, and other offerings made available by us, including: device download time, install time, interaction type and time, event time, name, and source.
Marketing and Communications Data your preferences in receiving marketing from us or third parties,
your communication preferences,
your survey responses.

8.2. Special categories of personal data  

Certain types of sensitive personal data are subject to additional protection under the legislation applicable to you. They are called “special categories” of personal data. The special categories are:

  • Personal data revealing racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data and biometric data processed for the purpose of uniquely identifying a natural person.
  • Data concerning health.
  • Data concerning a natural person’s sex life or sexual orientation.

We would usually not collect sensitive personal data or in the instances we ae explicitly obliged to do so, we would collect your consent and inform you about the purpose first.

8.3. Refusal to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you refuse to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you – for example, to provide you Services. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

  1. How we collect your data

We use different methods to collect information from and about you, including:

9.1. Direct interaction.

This happens when you visit our website or Application, apply for our services, open an account, etc.

9.2. Indirect automated interaction.

As you interact with us via our Site or App, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We will also collect Transactional Data and Usage Data. We may also receive Technical Data and Marketing and Communications Data about you if you visit other websites employing our cookies.

9.3. Third parties or publicly available sources.

We also obtain information about you, including Social Identity Data, from third parties or publicly available sources. These sources may include:

  • fraud and crime prevention agencies,
  • a customer referring you,
  • publicly available information on the Internet.
  1. How we use your data

10.1. General usage

We use information we collect about you to provide you with the products we offer, to notify you about changes to our products and to improve our products. Your information may also be used to contact you about your account, your use of the Services, to alert you to potential problems, as well as to respond to your questions to us. We also use this information to provide you with information about other products we or selected third parties offer which are similar to the ones you have used or exhibited interest in, or we think may be of interest to you. If you use one of our financial products, we will also use your information to assess your financial situation and to try to identify and prosecute frauds and other abuses of the financial system.

10.2. Lawful basis

We will only use your personal data when the applicable legislation allows us to. In other words, we must ensure that we have a lawful basis for such use. Most commonly, we will use your personal data in the following circumstances:

  • performance of a contract – we use this basis for provision of our Services;
  • legitimate interests – our interests (or those of a third party), where we make sure we use this basis as far as your interests and individual rights do not override those interests;
  • compliance with a legal obligation – processing your personal data where we need to comply with a legal obligation, we are subject to;
  • consent – freely given, specific, informed, and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you.

10.3. Marketing

We may use your Identity Data, Contact Data, Technical Data, Transactional Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us if you have requested information from us and consented to receive marketing communications, or if you have purchased from us and you have not opted out of receiving such communications. We will use your Marketing and Communications Data for our respective activities.

10.4. Third-party marketing

We will get your opt-in consent before we share your personal data with any third party for marketing purposes.

10.5. Opting out

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.

Further, you can let us know directly that you prefer not to receive any marketing messages by emailing

Where you opt out of receiving marketing messages, this will not apply to service messages which are directly related to the use of our Services (e.g., maintenance, change in the terms and conditions and so forth).

10.6. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or Site may become inaccessible or not function properly. For more information about the cookies we use, please review the Cookie Preferences.

10.7. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

10.8. Sale or transfer of business

We may also need to process your data in connection with or during the negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving all or a part of our shares, business, or assets. This will be based on our legitimate interests in carrying out such transaction, or to meet our legal obligations.

  1. Disclosure of personal data

We will not disclose your personal information to anyone except as described in this policy.

We may share your personal information with any company in the PAYWINGS Group of companies.

Your personal information (as necessary, but generally limited to full name and email address) may be shared with the recipient/sender of a payment in the context of the specific relevant transaction. This may involve transferring your personal data outside the European Economic Area (EEA) or the UK. We may share your personal information with third parties to provide you with the products we offer, including service providers, credit reference agencies and financial institutions. We may also share your personal information with third parties, including our or other applicable regulators and third parties you may have had dealings with, to prevent crime and reduce risk, if required to do so by law, where we deem it appropriate to do so, to respond to legal process, for the purpose of investigating a breach of third-party terms of business, or to protect the rights or property of PayWings, our customers or others.

  1. Data storage

The information that we collect from you may be transferred to, stored at, and processed by recipients located in destinations outside the European Economic Area (“EEA”). These countries may have data protection standards that are different to those of the territory in which you reside. We will take reasonable steps to ensure that the recipients will use and protect your information in a secure manner.

If we have given you (or if you have chosen) a password, access code or any other secure means or access or authentication which enables you to access certain parts of our site, you are responsible for keeping this password confidential and complying with our instructions. You must not share credentials with anyone else, and you authorise PayWings to act upon instructions and information from any person that enters your credentials.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  1. Data retention

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

Here are some factors we usually consider when determining how long we need to retain your personal data:

  • in the event of a complaint;
  • if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims (e.g., email addresses and content, chats, letters will be kept up to 10 years following the end of our relationship, depending on the limitation period applicable in your country).
  • to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal data:
  • under the EU Anti-Money Laundering legislation (Anti-Money Laundering Directives) we are obliged to retain your personal data for a period of 5 years after the end of the relationship between us as a company and you as a customer; this period may be further extended in certain cases if so provided by and in accordance with the applicable legislation; the same is valid also under the anti-money laundering legislation of the UK;
  • if information is needed for audit purposes and so forth;
  • in accordance with relevant industry standards or guidelines;
  • in accordance with our legitimate business need to prevent abuse of the promotions that we launch. We will retain a customer’s personal data for the time of the promotion and for a certain period after its end to prevent the appearance of abusive behaviour.

Please note that under certain condition(s), you can ask us to delete your data: see your legal rights below for further information. We will honour your deletion request ONLY if the condition(s) is met.

  1. Your legal rights

You have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal data. If you need more detailed information or wish to exercise any of the rights set out below, please contact us.

  1. Charges

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is manifestly unfounded or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

  1. Period for replying to a legitimate request

The statutory period under GDPR for us to reply to a legitimate request is one month. That period may be extended by two further months where necessary, considering the complexity and number of the requests. Please note that we may request that you provide some details necessary to verify your identity when you request to exercise a legal right regarding your personal data.

  1. Contact us

All comments, queries and requests relating to our use of your information are welcomed. If you wish to exercise any of your rights, you contact us by using