Privacy Policy
Introduction
This Privacy Policy, together with our Terms and Conditions, explains how we collect, process, use, store, and disclose your personal data when you use Relopay.
This Privacy Policy applies when you register for an account, log in, make payments using your wallet, contact customer support, complete forms on the website, or submit information through our ticketing system.
Data Controller
Relopay is responsible for how your personal data is collected and used (this is known as the βData Controllerβ).
If you have any questions about how we handle your data, or if you would like to make a request regarding your personal information, you can contact our support team.
What Is Personal Data?
βPersonal dataβ means any information relating to an identified or identifiable natural person. This includes information that can identify you directly or indirectly, such as your name, identification number, location data, or online identifier.
Personal Data We Collect
We may collect personal data directly from you, automatically from your device, and from third parties.
1. Information You Provide When You Sign Up
When you create an account, we may collect:
your first name and last name;
your email address;
your password in hashed form.
2. Information Collected During Account Verification
When you verify your account, we may collect:
your mobile phone number;
a photo or scan of your identity document and related information, including document type, issuing country, document number, expiry date, MRZ data, barcode data, and security features;
facial image data, including selfies, photos or scans of your face as shown on your identity document, videos, and sound recordings;
biometric data, such as facial features used for identity verification.
3. Information Collected When You Initiate or Receive a Bank Transfer
When you request or receive bank transfer services, we may collect:
proof of address;
documents confirming citizenship or residence permit status;
documents required to verify the source of funds;
bank account details, including account number, sort code, IBAN, and payment reference or comment;
payment-related details, such as amount, currency, and time of transfer.
4. Information Collected to Prevent Fraud and Misuse
To assess transactions and prevent fraud, abuse, money laundering, or other unlawful activity, we may request:
documents or information proving the source of funds, such as bank statements, screenshots, or written or verbal explanations;
information explaining the purpose and economic rationale of a transaction;
answers to questionnaires designed to confirm that you are acting voluntarily and understand the nature of the transaction.
5. Information Collected When You Contact Us
When you communicate with us, we may collect:
your contact email address;
the content of your messages and any attached files;
your unique support ticket identifier;
technical data related to the communication, such as date, time zone, and device or system environment.
6. Transaction Information
When you use Relopay services, we may collect:
details of your wallets and your unique identifier within the Relopay system;
records of payments and transactions, including date, time, amount, currency, counterparties, merchant information, payment methods, transaction messages, technical usage data, and geolocation information;
bank card details connected to your account, such as cardholder name, expiry date, and the first six and last four digits of the card number.
7. Device and Technical Information
We may automatically collect information from the device you use to access our website or services, including:
IP address;
login information;
browser type and settings;
time zone;
operating system;
device type;
unique device identifier;
screen size;
mobile network information;
mobile operating system and browser type;
the date, time, and duration of your visit.
8. Information Received from Third Parties
We may also receive information about you from third parties, including:
payment systems and payment service providers, including Visa, Mastercard, and UnionPay;
card schemes and card program managers;
public authorities and law enforcement agencies;
public sources, such as company registries and enhanced due diligence providers.
Legal Basis for Processing Personal Data
We only process your personal data where we have a lawful basis to do so. Depending on the circumstances, we may rely on:
performance of a contract;
compliance with a legal obligation;
our legitimate interests;
your consent.
1. Performance of a Contract
We process your personal data as necessary to provide you with RELOPAY services under the Terms and Conditions you accept when registering for an account.
This includes processing your data to:
create and manage your account;
provide secure access to your account, including one-time passwords and other authentication codes;
process payments, transfers, wallet top-ups, and withdrawals;
provide IBAN and related banking services through third-party providers;
send important service notifications, including login confirmations, transaction alerts, and suspicious activity notices;
provide technical and customer support.
2. Legal Obligation
We process your personal data where necessary to comply with legal and regulatory obligations, including anti-money laundering (AML), counter-terrorist financing (CTF), know-your-customer (KYC), and fraud prevention requirements.
This may include:
verifying your identity;
sharing necessary data with service providers involved in IBAN issuance or bank transfers;
responding to lawful requests from courts, regulators, or law enforcement authorities.
3. Legitimate Interests
We may process your personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms.
This may include:
analysing anonymized or aggregated usage data to improve our products and services;
notifying you about service updates, policy changes, or new features;
assessing user and transaction risk profiles;
detecting, preventing, and investigating fraud, abuse, and other unlawful activity;
maintaining support records to improve customer service, resolve disputes, and train our staff.
4. Consent
Where required by law, we rely on your consent.
This may include:
sending you marketing communications about our products and services;
measuring the performance of marketing communications;
processing biometric data for liveness checks during identity verification.
To complete a liveness check, you may be asked to enable your camera and move your head so that facial recognition technology can confirm that you are a real person and that your face matches the submitted identity document. Because this process may involve the processing of special categories of personal data, it is carried out only with your consent.
You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Automated Decision-Making
We use automated systems to assess user and transaction risk in order to prevent fraudulent, illegal, or unauthorized activity. However, any decision that may significantly affect you will be subject to human review before action is taken.
How We Protect Your Data
We take appropriate technical, administrative, and organizational measures to protect your personal data against unauthorized access, loss, misuse, alteration, or disclosure.
These measures include:
encryption of data in transit using SSL technology;
authentication and access control procedures;
restricted employee access based on job responsibilities;
physical security measures for premises where data is processed and stored;
confidentiality obligations for employees;
ongoing employee training on data protection and security;
compliance with applicable card security standards, including PCI DSS for payment card data.
Although we use reasonable safeguards, no method of transmission or storage is completely secure. We therefore cannot guarantee absolute security.
You are also responsible for helping protect your account. We recommend that you:
use a strong and unique password;
do not reuse passwords across multiple services;
do not share your password with anyone.
Please note that our employees will never ask you for your password. If anyone claiming to represent Relopay asks for your password or other login credentials, do not provide them and contact immediately our support team.
Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, and reporting obligations.
Data processed for AML compliance, fraud prevention, and related legal obligations may be retained for five (5) years after your account is closed, unless a longer retention period is required by law.
Once the applicable retention period expires and the purpose of processing has been fulfilled, your personal data will be deleted or anonymized in accordance with applicable law.
Disclosure of Personal Data to Third Parties
We may share your personal data with third parties where necessary to provide our services, comply with legal obligations, protect our legitimate interests, or carry out processing on our behalf.
Such third parties may include:
payment service providers and payment systems;
banking and IBAN service providers;
identity verification and compliance service providers;
fraud prevention and risk assessment providers;
regulators, courts, law enforcement agencies, and other public authorities where required by law;
professional advisers, auditors, and contractors acting under confidentiality obligations.
Where third parties process personal data on our behalf, they do so under appropriate contractual and legal safeguards.
Cross-Border Transfers of Data
Some of our employees, service providers, or partners may be located outside Canada or the European Economic Area (EEA). As a result, your personal data may be transferred to countries outside your jurisdiction.
Where such transfers occur, we take appropriate steps to ensure that your personal data remains protected and that adequate safeguards are in place in accordance with applicable data protection laws.
Links to Other Websites
Our website may contain links to third-party websites or services. We do not control those third parties and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites you visit.
Your Rights
Subject to applicable law, you may have the following rights in relation to your personal data:
Right to be informed β to know how and why we process your personal data;
Right of access β to request confirmation of whether we process your personal data and obtain a copy of it;
Right to rectification β to request correction of inaccurate or incomplete personal data;
Right to erasure β to request deletion of your personal data where legally permitted;
Right to restrict processing β to request that we limit the way we process your data in certain circumstances;
Right to object β to object to certain types of processing;
Right to data portability β to request transfer of your data in a structured, commonly used, and machine-readable format where technically feasible;
Right to withdraw consent β where processing is based on consent;
Right to lodge a complaint β with a competent supervisory authority.
To exercise your rights, please contact support team.
Before responding to certain requests, we may need to verify your identity. For example, we may ask you to submit the request from the email address associated with your Relopay account or to complete additional verification.
Please note that some rights may be limited where processing is required by law or where requests are manifestly unfounded, excessive, or repetitive. In such cases, we may refuse the request or charge a reasonable administrative fee where permitted by law.
Filing a Complaint
If you believe your rights have been violated, you may file a complaint with the Office of the Privacy Commissioner of Canada or with the supervisory authority in your country of residence, place of work, or the place of the alleged infringement.
If you are located in the European Union, you may contact the relevant supervisory authority listed by the European Data Protection Board.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make significant changes, we may notify you by email or through the website.
The latest version of this Privacy Policy will always be available on our website.
Contact
If you have any questions, comments, or requests regarding this Privacy Policy or the processing of your personal data, please contact our support team.
Last updated