Skip to main content
April 2023

Global Privacy Notice

  • This privacy notice (“Privacy Notice”) explains how we process your personal data (“Personal Data”) while you use our services, including when you browse our website or mobile application (“Website /App”), perform a transaction with us, or visit our stores (collectively, “Services”) , whether as a customer, a visitor and/or a user of our Website/App, or however you might otherwise interact with us (collectively, “you”, “your” or “users”). In this Privacy Notice, we also describe whether your Personal Data is shared with other parties and the mechanisms we have in place to protect your data.

    We encourage you to regularly review this Privacy Notice and check the Website/App for any updates. Updates to this Privacy Notice will be published on our Website/App, and by continuing to deal with us, you agree to this Privacy Notice and any future modifications.

    Where local law requires additional details to be included in this Privacy Notice, such information has been included in the Regional Privacy Notices section below.


    We are EPAY, part of the Euronet Group of companies.

    You can find all our contact details here.

  • Why do we collect Personal Data?

    We collect Personal Data for specific contractual and legal purposes.
    With your consent, we also collect data for additional purposes.

  • With whom do we share Personal Data?

    We share Personal Data with other Euronet Group companies, legal authorities, and partners where necessary to meet regulatory requirements or contractual commitments.

  • What are your Personal Data rights?

    Depending on where you live, you may have rights in relation to your Personal Data under applicable law. A description of common Personal Data rights is set out in section 12 below. To make a request, you may contact us by email to

  • What type of Personal Data is collected?

    We collect only the Personal Data necessary to provide you with the Service and to comply with applicable law. Including, but not limited to:

      • Identification data
      • Financial details
      • Transactional data
  • How long does epay keep Personal Data?

    We keep Personal Data only for as long as necessary or as required by applicable law.

    Occasionally, legal requirements may translate into a longer retention period, but will be deleted once the requirements are fulfilled.

  • Where does epay store Personal Data?

    We store Personal Data in secure locations with strict security measures in place.

    If we need to transfer
    Personal Data to other locations, we take all necessary measures to comply with legal obligations and ensure a proper level of security.

1. Who are we?
  • For any processing of Personal Data carried out when You use any of Our services or visit this webpage, the Controller is Transact Elektronische Zahlungssysteme GMBH (“epay”) with registered offices at raunhoferstr. 10, 82152 Martinsried, Germany, VAT No: DE182769455 , register court: Munich District Court, register no.: HRB 114 439, competent supervisory authority: Federal Financial Supervisory Authority, Graurheindorfer Str. 108, 53117 Bonn
    We encourage You to review and check the Privacy Notice regularly for any updates. We will publish the updated version on the Website and by continuing to deal with Us, You accept this Privacy Notice as it applies from time to time.

2. What Personal Data is collected and why?
  • The categories, sources, and reason for collecting Personal Data are listed below. Where the collection of Personal Data is based on your consent, you may withdraw your consent at any time. EPAY does not and will not “sell” or “share” Personal Data, as those terms are defined under applicable laws. We retain Personal Data for as long as reasonably necessary to provide the Services and meet our legal obligations.

    If you have questions or concerns regarding the processing of your Personal Data, you may contact us any time at

Sources of Personal Data
  • EPAY collects Personal Data from the following sources:

  • Directly from you through direct interactions and forms;

  • Internet websites, through passive collection of information about Your interactions, including page clicks, time spent, or other automatically collected meta-data;

  •  Advertising networks, social media services;

  • Internet service providers; Operating systems and platforms;

  • Data analytics providers;

  • Government databases;

  • Service providers.

Types of Personal Data
  • Identifiers or Identification Data

    The Personal Data we collect from you may include name, email, telephone and/or fax numbers, residential and/or business address and other contact data (“Contact details”), title, date of birth, gender, images, videos, or signature.

    Where necessary, Identification data is only used for the described purposes.

Purpose for Provessing and Legal Basis
Legal Basis Purpose for Processing
Contractual obligation

To perform/supply the Services.

Contractual obligation
Legitimate interest
To provide customer service and record customers’ instructions, we will monitor and record (via automated means or transcripts) our telephone calls, emails, and chat conversations with you. We will use transcripts of these calls to confirm the instructions provided to us.
Contractual obligation
To manage your account(s) (i.e.: registration, administration, maintenance and servicing accounts).

To provide advertising and marketing.


To measure and evaluate your behavior using automated processing to provide you with a more personalized Service.


Your participation in events or giveaways: You may wish to take part in events organized by us or in a specific giveaway.

Legal Obligation

To meet our legal obligations related to record keeping we keep correspondence including e-mails, faxes, and any kind of electronic communication, together with any records of the customer’s account. We also keep customer service letters and other communications between us and any Euronet Group company as well as our partners and suppliers.

Legal Obligation

In very limited circumstances, to perform a credit check in order to verify the identity of the individual as part of KYC activities to provide the Services.

  • Financial Details and Professional or Employment-related Information

    We collect your personal financial data when you register to use our Services. We collect financial data such as bank account information, financial statements, occupation (professional or employment-related information), in order to provide you with our Services.

Purpose for Provessing and Legal Basis
Legal BasisPurpose for Processing
Contractual obligation

Supply/Performance of Services

Legal obligation

Anti-Money laundering

Legal obligation

Anti-Terrorist Financing and Criminal activity

Contractual obligation

To manage the customer’s account(s)

Legitimate interest

In very limited circumstances, to perform a credit check in order to provide the Services

Legal obligation

To verify the customer’s identity

Contractual obligation

Payment methods (including credit/debit card details, bank account number)

  • Epay is a PCS DSS certified company which enables the safe and adequate processing of credit and debit card payment information, including card number, expiration date and CVV.
    The data is not shared nor processed for any other purpose than ensuring the payment services offered via our Point of Sales devices.

  • Behavioral and Technical Information

    IP address, internet or other similar network, browsing, or search activity, behavioral information (to understand the way you behave while using our products and services), browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system, and platform.
    Our Cookie Policy is available here

Purpose for Provessing and Legal Basis
Legal BasisPurpose for Processing
Legitimate Interest

To perform analytics to measure the use of our website and Services, including number of visits, average time spent on the Website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-hovers), etc., and to improve the content we offer to you.

Consent Legitimate Interest

To undertake activities to verify or maintain the quality of the Service, and to improve, upgrade, or enhance the Service, including to administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

Legitimate Interest

To help ensure the safety and security of our Website.


To provide advertising and marketing, including measuring the impact of our emails.

Contractual obligation

o provide the Services.

  • Audio and Video surveillance
    Image, video, and audio/voice recording.

Legitimate Interest

To maintain the safety of our Services, we may use CCTV to ensure customer safety in our or offices.

  • Sensitive Personal Data

    When strictly necessary, we may collect sensitive or special categories of Personal Data (“Sensitive Personal Data”) to provide the Services and meet our legal obligations. We may collect the following categories of Sensitive Personal Data: unique identifying biometric information or identifiers (i.e., face scan geometry and derived information); government identifiers (i.e., driver’s license, state identification card, or passport number); health information. Where required by applicable law, we will obtain your consent or present you with an opportunity to opt out before processing your Sensitive Personal Data. We do not “sell” or “share” Sensitive Personal Data, as those terms are defined under applicable law. We only use and disclose Sensitive Personal Data for purposes permitted by applicable law. We retain Sensitive Personal Data for as long as reasonably necessary to provide the Services and meet our legal obligations.

Purpose for Provessing and Legal Basis
Legal Basis Purpose for Processing
Legal obligation

To fulfill legal obligations, including for KYC purposes.

Legal obligation

For security and fraud prevention purposes to verify your identification while you use our Services.

  • The Personal Data collected from you may vary depending on the country our Services are being offered. Not all the categories of data described above may apply to you. If you have any questions about the processing of your Personal Data, you may contact us at

    Non-Identifiable Data

    Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“non-identifiable data”). This non-identifiable data may be used to improve our internal processes or delivery of services, without further notice to you.
    We may use aggregate data for a variety of purposes, including to analyze, evaluate and improve our Services.

3. Personal Data Collected from Other Parties
  • We may obtain your Personal Data from other sources, such as public record sources (federal, state or local government organizations) in order to comply with local regulation and to ensure our KYC mechanism is accurate and that we can provide you the safest service.

    Personal Data collected from third parties is only processed for specific purposes, such as:

    • Identification purposes: We may check the Personal Data you have provided us with our third parties to make sure your identity matches the information you have provided us. The legal basis for this processing is our legal obligation and legitimate interest.
  • If we process any additional data obtained from a third party, we will inform you as soon as possible, and obtain your consent where required by applicable law.

4. Accuracy of Personal Data
  • We are committed to keeping your Personal Data accurate and up to date. We take reasonable steps to ensure the accuracy of your Personal Data by ensuring that the latest Personal Data we have received is accurately recorded and when considered necessary, we run periodic checks and request that you update your Personal Data. From time to time, we may send you an email asking you to confirm and/or update your Personal Data. This communication is based on our legitimate interest and legal obligation to maintain accurate and up to date information.
    If you notice that your Personal Data is not accurate, you may request a correction or update your information by sending an email to

5. Legitimate Interest
  • When we use your Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect your rights. Upon request, customers may request information on any processing based on legitimate interest.

6. How long does EPAY keep Personal Data?
  • Personal Data is kept for as long as it is necessary to provide the Services requested and to comply with applicable legal, accounting, or reporting obligations. The retention period is determined based on the applicable requirements and obligations, which may include:

  • Legal and Regulatory Requierements: Your Personal Data is kept as long as necessary to comply with all our legal obligations including without limitation, commercial, tax and anti-money laundering laws and regulations. While we store your Personal Data only for the purposes of complying with legal obligations, your Personal Data will be restricted such that it cannot be used for any other purposes. While restricted, only when necessary will your Personal Data be accessed. Whenever we receive a request for deletion, we will also maintain your Personal Data further to our legal obligations.

  • Customer Service and Contractual relationship (administration of customer relationship, complaint handling, etc.): We will keep your Personal Data as long as you remain our customer. Once we consider our contractual relationship to be over, we will proceed to restrict your data to make it available only to comply with legal obligations as expressed above.

  • Marketing: We will process your Personal Data for marketing purposes as long as you haven’t asked us to opt-out, according to section 11 of this Privacy Notice or until we become aware that you are no longer interested or that your data is not accurate.

7. Does EPAY disclose Personal Data?

  • EPAY’s disclosure of Personal Data for business purposes or to meet legal obligations are outlined below:

  • Euronet Group

Legal Basis, Types of personal data and Purpose
Legal Basis Types of Personal Data Purpose
Legal obligation. Contractual obligation.
Data Video surveillance
Data Financial Details
Behavioral and technical Data

We disclose your Personal Data with Euronet and Euronet Group affiliates for compliance with group obligations.

As a result of a sale, acquisition, merger, or reorganization involving Euronet, a company within the Euronet Group, or any of their respective assets, we may transfer customer Personal Data to a third party. In doing so, we will take reasonable steps to ensure that their information is adequately protected.

Your Personal Data is also disclosed in order to be able to provide you with customer service, regardless of when you require our help. To provide access to our 24/7 customer service, we must share your Personal Data with the Group affiliates.

  • Third-Party Service Providers*

Legal Basis, Types of personal data and Purpose
Legal Basis Types of Personal Data Purpose
Legal Obligation Consent
Identification Data
Biometric Data
Financial details

To data analytics and ID verification providers to perform compliance verification (e-KYC) and fraud prevention services.

Legal obligation. Contractual obligation.
Contact Details
Transactional data

To our agents and correspondents to provide the Services.

Legal Obligation Consent
Contractual Obligation

To advertisers or advertising networks and social media companies to place personalize placed advertisements in digital services and to adapt to consumer preferences..

  • *The legal meaning and list of “third-party service providers” may vary depending on the country you are based. For additional information regarding which providers have access and why they have access to your Personal Data you may reach us at

  • Legal and Regulatory Authorities*

Legal Basis, Types of personal data and Purpose
Types of Personal Data Legal Basis Purpose
Legal obligation Contractual obligation
Identification Data
Video surveillance
Transactional Data
Financial Details

We may need to disclose your Personal Data (including Sensitive Personal Data, as described above) if requested by a legal authority. We may share your Personal Data with legal authorities to enforce or apply our Terms and Conditions or any other agreement or understanding we may have with you.

  • Strategic Partners 

Legal Basis, Types of personal data and Purpose
Legal Basis Types of Personal Data Purpose
Legal obligation Contractual obligation
Identification Data
Video surveillance
Transactional Data
Financial Details

We may need to disclose your Personal Data (including Sensitive Personal Data, as described above) if requested by a legal authority. We may share your Personal Data with legal authorities to enforce or apply our Terms and Conditions or any other agreement or understanding we may have with you.

  • Professional Partners

Legal Basis, Types of personal data and Purpose
Legal Basis Types of Personal Data Purpose
Legitimate interest
Identification Data
Video surveillance
Transactional Data
Financial Details

We will share your Personal Data with advisers, lawyers, consultants, auditors or accountants in order to comply with our legal obligations and to provide our Services and our contractual obligations and best practices.

  • Credit worthiness

Identification Data

Ensuring commercial loyalty, reliability and security of transactions and the exercise of the rights of economic freedom and freedom of information by enabling Us to assess or re-evaluate the solvency of its counterparties and in particular the transaction credit risk undertaken in the course of business undertaken.
Refinitiv Limited and Refinitiv US LLC is used for the purposes assessing and/or re-evaluating the underlying transaction/credit risk in the context of the potential transaction or current contract between You and Us, whether that is for a fixed or indefinite period, for as long as such relationship exists, at Our discretion, we will access and conduct searches at Refinitiv’s. For any additional information regarding the processing of Your Personal Data by Refinitiv, you can visit Refinitiv’s website at: Privacy statement | Refinitiv

8. Minors
  • We do not provide Services directly to children under 18 or proactively collect their personal information. If you are under 18, please do not use the Website or offerings or share Personal Data with us. If you learn that anyone younger than 18 has unlawfully provided us Personal Data, please contact us at

9. Data Segurity
  • We are committed to protecting your Personal Data and have put in place commercially reasonable and appropriate safeguards to prevent any loss, abuse, and alteration of the information you have entrusted us. At EPAY, we will always strive to ensure your Personal Data is well protected, in accordance with international best practices. We maintain this commitment to data security by implementing appropriate physical, electronic and operational measures to safeguard and secure your personal information.

    To safeguard our systems from illegal access we use secure, cutting-edge physical and organizational security measures which are continuously enhanced to ensure the highest level of security in accordance with international best practices and cost efficiency. All Personal Data is kept in a secure location protected by firewalls and other sophisticated security mechanisms with limited administrative access.

    Personnel who have access to your Personal Data as well as the processing activities surrounding your Personal Data are contractually bound to keep your data private and adhere to the Privacy Policy we have implemented in our organization.
    We aim to achieve the highest standard of data protection by adopting industry-standard measures to protect your privacy.

10. Profiling and automated decision-making
  • When expressly agreed, we provide you with tailored information regarding our products and Services. We undertake data analysis in order to target communications and advertisements to you including invitations to exclusive client events that we think you may be interested in as well as recommending products and services that we think might be suitable for you.

    In some cases, we use automated decision-making and profiling if it is authorized by legislation and necessary for the performance of a contract. For example, the automated authorization for remittance services. The legal basis to proceed with the profiling and the automated decision-making is legitimate interest.

    We also make automated decisions in processes such as transaction monitoring in order to counter fraud in compliance with the legal requirements related to prevention of money laundering terrorist financing and financial services. Depending on your residence, you may have a right to request not to be subject to a fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects you. This right may not apply if the decision-making is necessary in order to enter into or to fulfil an agreement with you if the decision-making is permitted under applicable data protection laws or we have received your explicit consent.

11. Marketing and Advertising
  • Third-party advertisers provide advertisements that display on our website, or elsewhere in our services. Third-party advertisers don’t have access to any of the information our customers have given us directly. Typically, advertisers rely on cookies or some other web-based mechanism to assess which advertisements may be interesting to you. We do not place “Targeting Cookies” or enable “Targeting” and “Location” on your system without your consent.

    If you have provided your consent by accepting Targeting Cookies on the Website, we may use third parties to do so (remarketing and Similar Audience features). You can opt-out of advertising by modifying your cookies settings here.

    Third parties are not bound by our Privacy Notice. To understand the privacy policy of their notices, you should visit the third party website. You can find all the third parties that may use Cookies for targeting in our Cookie Policy.

    We may contact you from time to time (by email, SMS text, letter, or phone as necessary and according to your specific instructions) and when you have provided us with your consent to provide targeted marketing about our Services and/or our products.

Why would you receive electronic communications? 
  • You will receive marketing communications if you have authorized us to process your Personal Data for that purposes.

    You will always be informed and we will make sure that during the usage of our Services or even during the registration process, you have all the necessary information in order for you to be aware that your Personal Data may be used for that specific purpose and you will, during the registration process or during the usage of our Services be given the opportunity to expressly say that you are not interested in receiving such marketing communications.

    In these instances, we will remove you from our list and you will not receive any updates that may be of your interest regarding our Services and products. You will be able to opt-back in at any time.

How can you opt-out?
  • You will be able to withdraw your consent at any time by using one of the following mechanisms:

  • Go to your profile and update your marketing preferences.

  • I- Use the opt-out link you will receive in any of our communications.

  • By sending an email at

  • If you have any additional questions regarding the usage of your Personal Data for marketing purposes and/or wish to start receiving marketing communications, you can also send an email to

12. Description of Personal Data Rights

  • You may seek to access, update, modify or erase their Personal Data. Depending on Your country, you might have different rights. However, regardless your country, you can exercise the following rights, at any time: 

  • 1.  Right to Access: the right to request access to a copy of your Personal Data.t dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.

  • 2. Right to Correct Inaccuracies: the right to request correction of inaccuracies in your Personal Data.

  • 3. Right to Deletion: the right to request deletion of your Personal Data where certain conditions apply.

  • 4. Right to Restrict Processing: the right to restrict processing where certain conditions apply.

  • 5. Right to Data Portability: the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on the individual.

  • 6. Rights related to Automated Individual Decision-Making: the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on the individual.

  • We will respond to your request as soon as possible and within the timeframe stated in the applicable law.

    To exercise any of your rights, you must send an email to To help protect your privacy and maintain security we will take necessary steps to verify your identity and may ask you to provide other details before granting you access to your Personal Data or initiating a modification of any Personal Data. When required, if we don’t have a copy of your ID or any legal valid document that proves your identity, we will not be able to answer your request.

13. Privacy Complaints

  • If you have a complaint regarding our processing of your Personal Data, you may contact us at
    Depending on the applicable privacy law, you may have the right to make a complaint to a Data Protection Authority or other regulatory body if you believe we have failed to comply with our obligations under this Privacy Notice or the applicable law:

© Transact Elektronische Zahlungssysteme GmbH, A Euronet Company