Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your personal information.

Privacy Notice

Last updated on August 18, 2025

ValoraPay takes care of your personal data and does everything possible to protect it. This Privacy Notice is written to help you understand what your personal data is collected, stored and used, and what happens to it when you use our website at valorapay.com ("Website").

Pay your attention!

UK leaves the EU by 31 December 2020. Till that time, the whole data processing process will be handled as it goes. After leaving the EU, the UK will become a third country pending a decision on the adequacy of jurisdiction. We will continue to be GDPR compliant and comply with the data processing and transmission requirements, taking into account the GDPR requirements for third countries that are not recognised as an adequate jurisdiction.

By using our software, services, and website, you acknowledge that you have read and understood this Privacy Policy.

In this Privacy Notice we answer the following questions:

  1. Who are we?
  2. What is the Privacy Notice covered by?
  3. What data do we collect and why?
  4. How long do we keep your data?
  5. How do we protect your Data?
  6. Do we share data with third parties?
  7. Do we do data transfer outside the European Economic Zone?
  8. Do we use cookies?
  9. What rights do I have regarding my data?
  10. How do we update Privacy Notice?
  11. California privacy rights.
  12. Do-not-track requests.
  13. California residents data protection rights.

1. Who are we?

We are ValoraPay Limited (the Company), company number 11654625, with a registered address at 37th floor, One Canada Square, Canary Wharf, London, E14 5AA, United Kingdom.

In relation to your personal data, we are the controller and processor at the same time. We are the controller of your personal data of our clients and users, which means that we determine what, for what purpose and how your personal data will be processed.

If you have any questions, you can contact us by sending an email to info@valorapay.com. You can also send us a letter at ValoraPay Limited, 37th floor, One Canada Square, Canary Wharf, London, E14 5AA, United Kingdom.

2. What is the Privacy Notice covered by?

This Privacy Notice applies to our website and our services. Our websites are valorapay.com and ValoraPay.io.

3. What data do we collect and why?

For the purposes of this Privacy Policy, "Personal Data" or "Personal Information" means any information relating to an identified or identifiable natural person, as defined under Article 4(1) of the General Data Protection Regulation (GDPR). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The data we process is divided into two categories: technical information and data that is provided to us by a user, consumer and client.

Technical information.

When you visit our website, some data is collected automatically. We need technical data to operate, maintain, and improve our website. This includes data such as an IP address, UTM parameters, geolocation, device type, browser type, cookies, and data about your interaction with the website - session ID.

The session ID includes your interaction with the website, the name of the website from which you went to our website, the functions you use, the pages viewed on our website, the way you use our website, and the actions you take if such actions are present.

Data provided by the client.

To perform a contract, we need the following data: full name, date of birth, email, passport details (tax number, address), gender, phone number, position, company name, payment information (bank details, bank card details), and merchant ID credentials.

Data provided by the consumer.

In cases where ValoraPay processes personal data of end users of our clients (consumers), ValoraPay acts strictly as a Data Processor under the GDPR. The client (our business partner) acts as the Data Controller and determines the purposes and means of processing. Processing is carried out on behalf of and under the lawful instructions of the Data Controller (Art. 28 GDPR). For detailed information about the processing of such personal data, data subjects should contact the relevant controller directly. As a processor, we may process the following data: name, surname, geolocation, address, device hash, email, phone number, tax number, payment information incl. but not limited to bank ID, bank details, payment card details, electronic wallet ID.

Data provided by the user.

For full interaction with our website, we may collect your name, phone number, email, and company name.

Type of dataDescription of dataLegal basisReasons of processing
Data provided by a clientFull name, gender, date of birth, email, phone number, passport details, position, company name, payment information, merchant ID credentialsPerformance of a contractRegistering an account; Providing a service; Customer support
Data provided by a clientPosition, company nameLegitimate interestAnalytics; Statistics
Data provided by a clientFull name, date of birth, email, phone numberConsentMarketing
Data provided by a consumerName, surname, geolocation, address, device hash, email, phone number, tax number, payment information, bank IDPerformance of the contractRegistering an account; Providing a service; Customer support
Data provided by a consumerDevice hash, payment informationLegitimate interestSecurity; Analytics; Statistics

4. How long do we keep your data?

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law. The retention period depends on the type of data and the purpose for which it was collected.

When personal data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and applicable legal requirements.

5. How do we protect your Data?

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Compliance with industry standards such as PCI DSS

6. Do we share data with third parties?

We may share your personal data with third parties only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations or respond to lawful requests
  • With service providers who assist us in operating our business (under strict confidentiality agreements)
  • In connection with a business transfer or merger
  • To protect our rights, property, or safety, or that of our users

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. Do we do data transfer outside the European Economic Zone?

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

8. Do we use cookies?

Yes, we use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us:

  • Remember your preferences and settings
  • Analyze website traffic and usage patterns
  • Provide personalized content and advertisements
  • Improve website functionality and performance

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website. For more information, please see our Cookie Policy.

9. What rights do I have regarding my data?

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access that data.
  • Right to rectification: You have the right to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure: You have the right to request the deletion of your personal data under certain circumstances.
  • Right to restrict processing: You have the right to request the restriction of processing of your personal data in certain situations.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: You have the right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time.

To exercise your rights, please contact us at info@valorapay.com. We will respond to your request within one month, or inform you if we need additional time.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority or the Information Commissioner's Office (ICO) in the UK.

10. How do we update Privacy Notice?

This privacy policy and the relationships falling under its effect are regulated by the GDPR.

The Company reserves the right to modify, update, or amend this Privacy Policy at any time, in its sole discretion, to reflect changes in legal requirements, business practices, or technological advancements.

Any changes to this Privacy Policy will be communicated to Data Subjects through appropriate means, such as by posting a notice on the website, sending an email notification, or other reasonable methods.

You as a Data Subject are encouraged to review this Privacy Policy regularly for any updates or changes. Any questions or concerns regarding changes to this Privacy Policy should be directed to the Company using the contact information provided in this Privacy Policy.

11. California privacy rights

We make these disclosures to those visiting our websites who reside in California which supersede and replace any conflicting disclosures found elsewhere on our websites as well as reflect your privacy rights granted by the California Consumer Privacy Act (CCPA).

Opt-out of disclosure for direct marketing purposes.

The California laws allow its residents to learn the identities of entities that received their personal data for marketing purposes and the categories of information disclosed. You may request such information by contacting us by email at info@valorapay.com.

Please be aware that this opt-out does not prohibit our disclosure of personal data for any purpose other than direct marketing. The data we process and share may include your name, address, email address, and telephone number.

12. Do-not-track requests.

California residents visiting our websites may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet. Such requests are typically made through web browser settings that control signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal data about an individual consumer's online activities over time and across third-party websites or online services. We currently do not have the ability to honour these requests. We may modify this Notice as our abilities change.

13. California residents' data protection rights.

The CCPA has extended California residents' data protection rights. However, we have already guaranteed all these rights and described them precisely in this Notice as well as a means of rights exercising. Please refer below to investigate.

Right to be informed.

Please find a list of personal data we collect about you and your activity, sources and business purposes of personal data collection, and third parties we may share your personal data within Section 3 - 6 of the Notice.

Right of access, Data portability, and Right to delete.

Your Right of access, Data portability, and Right to delete are prescribed by Section 9 of the Notice.

You can exercise these rights any time by contacting us via email at info@valorapay.com.

Notice, the CCPA envisages some specific requirements related to the exercising of these data protection rights. Considering them we may:

  • respond to your request within forty-five (45) days of receiving the request;
  • provide you with personal data we collected about you no more than twice in a 12-months period;
  • NOT provide you with personal data if we cannot verify your identity;
  • NOT transmit your personal data to another entity.

Also, please be aware that we are allowed to maintain personal data after deletion request is received as permitted by the CCPA (for instance, for the purposes of detection of security incidents, repair errors, comply with legal obligations, transaction completion).

We want to draw your special attention that ValoraPay does not sell, rent, or trade your personal data to anyone.

Non-discrimination right.

We definitely will not discriminate (including, by denying Services, charging different prices for Services, providing different quality of Services) against you for exercising any of your CCPA data protection rights.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or our data practices, please contact us:

Email: info@valorapay.com

Address: ValoraPay Limited, 37th floor, One Canada Square, Canary Wharf, London, E14 5AA, United Kingdom