We are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations. This privacy notice is applicable to visitors to our website, existing and prospective business customers of OpenPayd, their customers (businesses and individuals), who may use OpenPayd platform, our third-party service providers and banking partners. It sets out in detail the purposes for which we process personal data, who we share it with, what rights you have in relation to that data and everything else we think is important for you to know. If you represent an organisation that wants to use our services, you and your organisation shall ensure that your customers are made aware of this privacy notice.


OpenPayd is made up of different legal entities, details of which can be found here. This privacy notice is issued on behalf of the OpenPayd Group so when we mention ”OpenPayd”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the OpenPayd Group responsible for processing your data. We will let you know which entity will be the controller for your data when you sign up for products or services with us. OpenPayd Holdings Limited is responsible for this website and, unless otherwise notified to you is the controller.


Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data which were anonymised via a technique which will irreversibly prevent your re-identification.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Contact Data: includes address, email address and telephone numbers.
  • Identity Data: includes first name, maiden name, surname, username or similar identifier, marital status, title, date of birth, ID number, nationality, place of birth, tax registration number, role/position.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and other third parties and your communication preferences.
  • Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, the OpenPayd platform or other OpenPayd applications. This is done by using Javascript or Cookies. Please see our Cookies Policy for more information about how we use Cookies.
  • Usage Data: includes information about how you use our website, platform, products and services.
  • Security Information: When you register for an OpenPayd account you will be required to create a password and provide answers to security questions.
  • Payment Information: To enable you to make or receive payments we collect your bank account details, such as your sort code, account number, IBAN and/or Swift code (the details we ask for will vary depending on where you are located).
  • KYC Information: if we need to verify your identity we will ask you to provide one or more of the following:
    • a copy of your identity card (such as a driving licence) or passport together with a photo of yourself;
    • proof of address (such as a utility bill or bank statement);
    • business information (such as, to the extent that this information is required locally, a certificate of incorporation, memorandum & articles of association, share certificate, register of directors, authorised signatory list, position, and identification documents for shareholders, directors and authorised signatories); and/or
    • PEP declaration;
  • Transaction screening and monitoring data: includes information for OpenPayd customer’s or their clients; transactions information, such as client name, transaction ID, status, sender details or beneficiary details; potential sanction hits and relevant information, or results from checks for suspicious transactions (e.g. volume of transactions, etc.).
  • EDD information: Sometimes we need to ask you for information to verify the source of your funds or wealth, or to conduct enhanced due diligence in accordance with our legal requirements (EDD Information). This will depend on the situation and we will make it clear to you at the time what information we require from you.
  • Voluntary Information: We will collect any other personal data that you voluntarily provide to us if you communicate with us, for example by corresponding with us (by phone, email, post or social media) or by taking part in competitions, promotions or surveys.

We do not collect any information about criminal convictions and offences from users of this website. We strongly discourage you from providing any such information to us when you submit a request via our contact form or in any other correspondence or communications with us. However, if you are a customer or prospective customer of OpenPayd, to the extent permitted by applicable laws we may be required to collect and process information about criminal convictions and offences from directors, shareholders and controlling persons of your company and users of your account with us for the purposes of preventing money laundering or terrorist financing.

For customers and prospective customers, we refer to all of the data and information stated in this section as “Account Information”. We collect Account Information from directors, shareholders and controlling persons of your business and users of your business OpenPayd account.

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.

Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.


We use different methods to collect data from and about you including through:

Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for, or use our products or services,
  • submit forms on our website,
  • subscribe to a newsletter,
  • request marketing to be sent to you,
  • enter a competition, promotion or survey, or
  • give us feedback or contact us.

Automated technologies or interactions. As you interact with our website or the OpenPayd Platform, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies policy for further details.

Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below.


We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into to provide our services.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Each section below describes specific scenarios that we will use your personal data for.

Providing OpenPayd to you and allowing you to use OpenPayd

We use your personal data to provide our services to you and your business. For example, we use your personal data to set up and administer your accounts. We also use your personal data to enable you to log into your account and use OpenPayd applications and features.

We use your Identity Data, Contact Data and Technical Data to contact you with transactional and service messages (including by push notifications), to provide you with information such as password reminders or to let you know if OpenPayd is experiencing technical issues.

We use your Payment Information to carry out your instructions to add and/or save a card or bank account to your account, upload funds to (or withdraw funds from) your account and allow you to make and receive payments through OpenPayd.

Identity verification and due diligence

We use your personal data to comply with our legal and regulatory obligations. This includes verifying your identity; conducting anti-money laundering checks; transaction monitoring; sanctions and politically exposed persons screening; fraud prevention, detection and reporting; and cooperating with external investigations where required.If you fail one of our identity verification or screening checks as set out above, we may not be able to open an account for you or continue providing services to you.

Corresponding with you

We use your personal data to enable us to respond to your queries, complaints, or comments and to make sure that these are appropriately dealt with. We also use this information to enable you to participate in any competitions or promotions that you enter and to collate responses to surveys that you have responded to.

Analysing and improving OpenPayd

We use your personal data to help us improve and develop our business, platform, website, products, and services. This helps us to make sure that we are providing you with the best possible service.

Marketing and promotional offers from us

We may use and analyse your personal data in the form of aggregated statistics to form a view on what we think you and your business may want or need, or what may be of interest to your business. This is how we decide which products, services and offers may be relevant for you as a decision maker (we call this marketing).

We will inform you of our direct marketing processing and offering you the possibility to object to this processing.In this context, our use of your personal data will be justified by our legitimate interests to organise the promotion of our products and services via marketing and advertising campaigns.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Managing risks and enforcing our rights

We use your personal data to manage and enforce our rights, terms of use or any other contracts with you (and/or your business), including to manage any circumstances where payments are disputed; to investigate and resolve complaints; or to recover debts owed to us.

We also use your personal data to manage and mitigate our credit risks, financial exposure and terms of business. If you apply for one of our financial products, we may assess your financial position (and / or the financial position of your business), to the extent this is provided for in the applicable terms of use. This credit check will also affect any linked parties such as directors, shareholders and principals. If you are a director or shareholder, we may seek confirmation from credit reference agencies that the residential address that you provide is the same as that held by the relevant companies’ registry (where applicable). If you do not repay any monies in full and on time, credit reference agencies will record the outstanding debt and may share this information with other organisations that perform checks similar to ours (where applicable). Records generally remain on file at such agencies for 6 years after they are closed, whether settled by you or defaulted, although the retention period may differ across different agencies and territories. If you would like further information on our use of credit reference agencies, please contact us.

Prevention and detection of illicit activity

We use your personal data to prevent and/or detect financial crime, terrorism and other illicit (e.g. criminal, unlawful or illegitimate) activities to comply with our legal and regulatory obligations, manage our risk exposure and protect our business, customers and the integrity of the financial system.

Compliance with applicable laws and regulations

Where required we will use your personal data to comply with applicable laws and regulations, requests from law enforcement bodies and regulatory authorities and tax reporting obligations. For customers of OpenPayd Financial Services Malta Ltd, this includes FATCA reporting.

Where required we will also use your personal data to establish, exercise or defend legal claims, or to protect your vital interests or those of other persons, for example to help those authorities or other organisations in the fight against crime and terrorism.


Data protection law says that we have to tell you the “legal basis” that we rely on to process your personal data for the purposes that we have notified to you. The table below tells you what that legal basis is in relation to each of the purposes set out above.

Data SubjectsPurpose/ActivityType of dataLawful basis for processing
Website UsersWebsite UX/UI improvement

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

  1. Website usage data – see our Cookies policy for more information
Decision Makers Prospective CustomersMarketing campaigns and events

Social media connection and communication

  1. Identity Data
  2. Contact Data
  3. Usage Data
  4. Marketing and Communications Data
  5. Technical Data
  6. Voluntary Data
Necessary for our legitimate interests (to develop our products/services and grow our business)
Representatives, UBOs of Customers and Prospective CustomersTo register your business as a customer

To notify you about changes to our terms or privacy notice

To you to leave a review or take a survey

To make suggestions and recommendations to you about our services and/or new capabilities that may be of interest to your business

  1. Identity Data
  2. Contact Data
  3. KYC Information
  4. EDD Information
  5. Security Information
Necessary to comply with a legal obligation Necessary for our legitimate business interest (necessary for promotion and prospection)
Representatives and Authorised Users of CustomersTo provide our services

To keep our records updated and to study how customers use our products/services

To administer and protect our business, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

  1. Account information
  2. Identity Data
  3. Contact Data
  4. Payment Information
  5. Technical Data
  6. Usage Data
  7. Security Information
Necessary to comply with a legal obligation Necessary for our business legitimate interest (to keep our records updated and to study how customers use our products/services) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
Representatives and UBos of CustomersIdentity Verification and Due Diligence
  1. Account information
Necessary to enable us to comply with legal obligations, including compliance with anti-money laundering legislation and obligations to prevent and detect fraud Necessary to do so in our legitimate business interest. We have an interest in complying with regulatory guidelines and investigations and ensuring that we protect our business against risks of criminal activity
Representatives and Authorized Users of CustomersCorresponding with your business
  1. The data will vary depending on your relationship with us and the nature of the correspondence but may include ID, contact, and an account Information
Necessary to do so for our legitimate business interest. We have an interest in making sure that comments and queries are handled appropriately so that they can be resolved. We also have an interest in running and allowing participation in competitions, promotions and surveys in order to promote and improve our business
Customer’s clients (Sender, Beneficiary)To provide our services

To manage risks and enforce our rights and obligations

  1. Identity data
  2. Payment information
  3. Transaction screening & monitoring data
Necessary to do so for our legitimate business interest. We have an interest in complying with regulatory guidelines and investigations and ensuring that we protect our business against risks of criminal activity; for prevention and detection of illicit activity
Third-party service providers’ and banking partners’ personnel, directors, shareholders and controlling personsTo enter a contract

To perform a third-party service provider due diligence

To manage our business relationship (including payment of invoices, security management, auditing)

To notify you about changes to our terms or privacy policy

  1. Identity data
  2. Contact data
  3. Marketing and Communications information
  4. KYC Information
  5. EDD Information
Necessary to comply with local legal obligation, (e.g. outsourcing requirements, reporting obligations) Necessary for our legitimate business interests (e.g. to enter a contract with your business, to protect our IT infrastructure, or to comply with a foreign legal obligation)

In relation to our marketing initiatives, we have an interest in promoting and marketing our business so that our business continues to grow. You always have a right to opt out of receiving direct marketing communications. If you wish to do so, please follow the instructions in each marketing communication to unsubscribe.

In relation to the processing of account information for the purposes of identity verification and due diligence, unless these are required under a legal obligation, you may have a right to object to your personal data being used in these ways, but please note that this right will not apply in a number of circumstances, including where the processing is necessary to establish, exercise or defend legal claims or unless we can demonstrate compelling legitimate grounds for the processing which overrides the interests, rights and freedoms of the data subjects.

In relation to the information, we collect when corresponding with you, you may have a right to object to your personal data being used for these purposes, but please note that we may not be able to handle your correspondence appropriately if you exercise this right.

For monitoring trends, analysing and improving OpenPayd, we use aggregated information only. We have an interest in ensuring that we continue to improve OpenPayd and provide our customers with the best and most effective service possible.


Some types of personal data are designated as special categories of personal data or sensitive data in applicable data protection laws. This means that they are more sensitive types of personal data and we therefore need to take additional steps to protect this data. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

Where OpenPayd is processing information on financial transactions which includes special categories of personal data or personal data relating to criminal convictions and offences, OpenPayd ensures that:

  1. one of the exceptions in Article 9 (2) GDPR applies, i.e. processing is necessary for reasons of substantial public interest, and/or
  2. the conditions of Article 10 GDPR are met.

We need the majority of the information we collect from you to perform our contract with your business and/or to comply with our legal obligations. This means that if you refuse to provide us with any of the information that we ask for, it is likely that we will be unable to provide OpenPayd’s platform, products and services to you.


OpenPayd is a group of companies. We share personal data with our group companies in the UK, the EEA, Turkey to provide customer support services, software development and IT services. Please see section 10 below for more information about transfers of personal data to Turkey.

We share personal data with third parties in the following circumstances:

  • With providers within our banking and payment network to enable you to upload funds, make and receive payments and withdraw funds; these providers include banks, acquirers, alternative payment providers and account information service providers.
  • With banks, credit institutions and other financial institutions outside our banking and payment network (where allowed under any terms of use or other contract) who may process payments and who are not operating under our control nor for whose actions or omissions we have liability. These include the account provider where the sender or recipient (and their businesses, respectively) of a payment maintain their account(s), alternative payment schemes and any other financial institutions.
  • Where we provide services through third parties such as banks and other organisations, we may be required to disclose your information (including any KYC Information and EDD Information) with such organisations in order to assist their regulatory obligations or risk assessments.
  • With third party service providers who provide a range of services to us to enable us to run our business; this includes our IT and hosting providers, cloud storage providers, email platforms, contact relationship management system, customer service support, suppliers who provide screening and transaction monitoring services, credit reference agencies (to carry out credit checks and/or identity checks where applicable), URL monitoring providers, marketing firms, and our notification/communication providers.
  • Fraud prevention agencies where we are required to share personal data to comply with our legal or regulatory obligations or to prevent and/or detect financial crime or other illicit activity.competent law enforcement bodies, regulatory, government agencies, courts or other third parties such as but not limited to, the police, the financial supervisory authorities, the tax and social security agencies, as well as courts, where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights.
  • Other third parties, such as the police or HMRC, in response to ad hoc data sharing requests. In these circumstances we will only share personal data if we are satisfied that we are legally allowed to do so and the sharing of data is justified.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • With our auditors, advisors, legal representatives, and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the personal data for any other purpose.
  • With your permission, your information may also be used for other purposes for which you give your specific permission.

Our website and cloud storage provider both host personal data within the UK and the EEA, so your information is generally stored within this area.

As mentioned above, we do share personal data with our OpenPayd group company in Turkey (OpenPayd Teknoloji Sirket Limited) for the purposes of software development and the provision of IT services. We have put in place an intragroup data processing and data transfer agreement, incorporating the EU standard contractual clauses and UK Addendum, with this company including to protect your personal data. The EU standard contractual clauses are the European Standard Contractual Clauses of EU Commission Implementing Decision (EU) 2021/914 of 4 June 2021, and the UK addendum is the UK International Data Transfers Addendum issued by the UK ICO and laid before UK Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, allowing the transfer of personal data to countries whose data protection laws are not as strict as those in the UK and the EEA. They require our Turkish group company to treat personal data in the same way as it is treated by us in the UK and EEA. For more information, please contact us using the contact details below.

Some of our other service providers will transfer personal data outside of the UK and the EEA. Generally, this is done on the basis of the EU Standard Contractual Clauses and/or the UK Addendum (either between us and our service providers, or between our service providers and their own suppliers) or other recognised privacy frameworks.


If we are required to transfer your personal data Internationally in order for us to provide our services, we are committed to ensuring that all necessary safeguards are in place and that all assessments have been conducted prior to the transfer of your data. In particular, OpenPayd uses the EU Standard Contractual Clauses and/or the UK Addendum, and country- specific clauses, as applicable.


We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the retention requirements set forth in the applicable laws, the duration of the relevant contract, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

We maintain and implement a data retention policy and delete personal data in accordance with this. For more information about the retention period applicable for your jurisdiction, you can contact us at any using the contact details below.

We generally store personal data until the purposes for processing these data have been achieved, unless statutory retention obligations apply (e.g. local anti-money laundering, commercial, or tax laws).

In some circumstances you can ask us to delete your data. See below for further information.In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.


You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We may need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.

If you want to exercise any of these rights, or if you require more information, please contact us using the contact details below.

  • A right to access your information. You have a right to ask us to send you a copy of all the personal data that we hold about you (subject to some exceptions).
  • A right to an electronic copy of your information. You can also ask us to send you the mandatory Account Information that we hold about you in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.
  • A right to object to us processing your information. You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing (as set out in section 6 above). Your objection must be based on grounds that relate to your particular situation, unless it relates to direct marketing. If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
  • A right to ask us not to market to you. You can ask us not to send you direct marketing. You can do this by following the “unsubscribe” instructions in any marketing emails.
  • A right to have inaccurate data corrected. You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
  • A right to have your data erased. You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this privacy notice.
  • A right to have processing of your data restricted. You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights. Restricting your personal data means that we only store your personal data and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
  • A right to opt out/ withdraw consent as applicable
  • A right to define directives regarding the processing of your personal data after your death

If you have any questions or concerns about this privacy notice and/or our processing of your personal data, you can contact us by using the contact form on our website or by using the following details:

OpenPayd Group’s Data Protection Officer: Mrs. Diana Karaivanova

Email: [email protected]

UK address: OpenPayd Holdings Limited, The Bower, 207-211 Old Street, London, England, EC1V 9NR

EU address: OpenPayd Financial Services Malta Limited, 122 – 123 Pangea, Level 5 , Triq San Gorg, St. Julians STJ 3204, Malta


We work hard to ensure that we protect our customers’ personal data in accordance with our legal obligations. If you are unhappy with how you think we have processed your personal data, please contact us using the details above and we will do our best to resolve your complaint.

If you do not think we have been able to resolve your complaint, you can complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK. You can find out how to do this by visiting Alternatively, you can contact your local data protection authority. However, we are always willing to help, so you can contact us directly first.


We may make changes to this privacy notice from time to time. Any changes we make will be posted on this page. We may also notify you by email if significant changes are made.


No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests as soon as we can, and in any event within one month of receiving your request and any necessary proof of identity or further information. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.


Lawful Basis means the specified purpose for which we are processing your personal data. There are 6 available lawful bases for processing:

  1. Consent: you/ your business has given clear consent for us to process you/ your business’s personal data for a specific purpose.
  2. Contract: the processing is necessary for a contract we have with you/your business, or because you/your business have asked us to take specific steps before entering into a contract.
  3. Legal obligation: the processing is necessary for OpenPayd to comply with the law (not including contractual obligations).
  4. Vital interests: the processing is necessary to protect someone’s life.
  5. Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  6. Legitimate interest: means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

At least one of these lawful bases must apply when we are processing your/your businesses’ personal data.

Performance of Contract means processing of personal data where it is necessary for the performance of a contract to which the data subject is a party or to take steps at data subject’s request before entering into such a contract.

Comply with a legal obligation means processing of personal data where it is necessary for compliance with a legal obligation that OpenPayd is subject to.

OpenPayd group companies means other companies in the OpenPayd Group acting as processors or independent controllers. A group overview of OpenPayd group companies is available here.

Last updated: 18 December 2023