Privacy Policy

This Notice was last revised on 24 May 2018.

1 Introduction

Entropay is committed to respecting our customers' privacy and protecting their personal information from misuse or un-authorised disclosure and complying with privacy laws. Entropay values its reputation and aims to maintain high ethical standards in the conduct of our business affairs.

This privacy policy explains how we use any personal information we collect about you when you use this website.

2 Business Summary

Entropay is a Card Payments Services company, specialising in virtual, disposable prepaid Visa cards, instant and global money transfers. Entropay also offers businesses white label solutions and facilitates corporate purchasing.

Organisation Size 50-70
Locations London and Malta

3 Organisation Contact Details

Data Controller Details
Email Address: [email protected]

Postal Address 2 Stephen Street

Data Protection Officer Details
Name: Denise Vella
email Address: [email protected]

4 Description of Processing

The following is a very broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation directly to ask about your personal circumstances

We process personal information to enable us

  • to provide payment and associated services
  • to maintain our accounts and records
  • to promote our services
  • to correspond with you and offer support
  • to comply with legal obligations
  • to prevent malicious activity

5 Data We Collect - Online Services

This Privacy Policy relates to our use of any personal information we collect from you via the following online services

From our website:

From our website's contact forms:

Sign Up forms:

From our Careers page:

Job Application Forms:

From our email addresses:
[email protected]
[email protected]
[email protected]

Depending on which of our services you use we may collect the following information:

  • First Name, Last Name
  • Email Address
  • Your Company/Organization details
  • Information you may enter or attach on our contact form regarding your inquiry.

From people who are interested in a career at Entropay we will also collect your name, address, CV, and any information it contains and your desired remuneration as well as information you may enter on “How did you hear about this job?” form

From our job application page, we may also collect any links you send us to any Website, Blog, portfolio, and LinkedIn link.

From any emails you send to our contact or support email addresses we will collect all the information you write or attach in the email.

For visitors who go on to register for one of our services we may collect:

  • Account information: Credentials, Account currency
  • User details: First name, Last name, Email address, Date of birth, Full residential address, Mobile number
  • Language preference
  • Pay-out email addresses
  • Credit card and bank account details
  • Full KYC documentation (including identity and residential documents)
  • Merchant(s) where user is spending using Entropay virtual card
  • Support information sent by the user to our support team
  • Session information: Login attempts, Login IP address(es), Login browser user agent(s)

For business Users we may collect:

  • Business details: Business name, Business address, Business Category, Business website
  • Credit card and bank account details
  • Pay-out email addresses
  • Full KYB documentation (including identity and residential documents)
  • Merchant(s) referring user to Entropay (if applicable)
  • Merchant(s) where the business is spending using an Entropay virtual card

6 When, Why and How we gain Consent (Legal Basis)

We will not collect any information about you without your explicit consent.

We will ask your consent every time we need to collect personal information about you unless you are signing up to one of our services when we will then have a contractual obligation to collect this data.

We will explain in clear and simple terms why we want to collect your information and what we will do with it before seeking your consent, so you are fully informed, and you will be given a clear and unambiguous option to opt in to any communications or services we might want to offer you.

7 Why we Collect Personal Data

We collect information about you to process the financial services provided by Entropay, such as fund transfers to and from your credit card.

We collect information about you to manage your account and to protect your account against malicious activity.

We may collect and analyse information for the purpose of providing personalised products.

We also use it to recommend things we think you will like or to notify you about things you’ve told us you like.

We also use your information for business, regulatory and legal purposes such as dealing with any requests you make or content you submit.

Getting in touch if we need to tell you about something, like a change to our policies or issues with a service.
We also collect information for employment purposes.

8 Who Processes the Data We Collect (Who are the recipients of your data)

We will store and process your data following industry best practice and security.

Some of that processing takes place at Entropay in London and Malta

Some of the processing may take place in areas outside of the UK and Malta but within the EEA and covered by GDPR.

Where processing takes place by one of our trusted data processors, we ensure that our contracts with those 3rd parties contain the appropriate GDPR model clauses and that all our 3rd parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it.

Some of the processing may take place outside of the EEA. Where processing takes place by one of our trusted data processors, we ensure that our contracts with those 3rd parties contain the appropriate GDPR model clauses and that all our 3rd parties are also compliant with the GDPR, this affords your data the same protection away from our organisation, as it does within it.

The data we collect through our online services may be processed by one or more of the following:

  • Trusted service providers such as technology, support, marketing, and sales service providers
  • Auditors
  • Financial Institutions
  • Money Laundering prevention companies
  • HR partners
  • Other companies within the group

9 Where we might send your personal data (Geographically)

We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.

We will only consider transferring your data outside of the EU if the following conditions are met.

A transfer, or set of transfers, may be made where the transfer is:

Made with your explicit informed consent;
Necessary for the performance of a contract between the you and this organisation or for pre-contractual steps we need to take at your request;
Necessary for the performance of a contract made in your interest between this organisation and another person;
Necessary for important reasons of public interest;
Necessary for the establishment, exercise or defence of legal claims;
Necessary to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent;


Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register).

10 How long do we keep your data

We keep your information in line with our data retention policy. For example:

  • we keep transaction information for a period of seven years from the end of our relationship with you;
  • we keep your personal account information for a period of five years from closure of account;
  • when you apply for a job with us, we keep your resume and correspondence for a period of one year.

This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate business purposes, such as to respond to queries or complaints, fighting fraud and financial crime and responding to requests from regulators. Information that exceeds the retention periods is deleted or removed using industry best practices.

11 Our Rights as an Individual in Respect of the Data We hold

We respect the rights and freedoms of individuals and as such we would like to make you aware of the following. You have the:

  • Right to access – you can ask us whether we’re processing your personal data, including where and for what purpose. You can also request an electronic copy of your personal data free of charge
  • Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data
  • Right to rectification – you can already ask us to correct inaccurate personal data we hold about you
  • Right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal data
  • Right to data portability – you can ask us to provide you with a copy of your personal data in a commonly used electronic format so that you can transfer it to other businesses
  • Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data that produce significant legal effects
  • Right to lodge a complaint – you can lodge a complaint with us or your local data protection authority
    To exercise your rights above please contact our Data Protection Officer, Data Controller or Company representative via any of the channels provided.

You also have the right to lodge a complaint with our supervisory authority. Entropay’s main establishment is Malta, thus its supervisory authority is the IDPC in Malta. Their contact details are as follows:

Quick Links for exercising your rights

DPO email Address: [email protected]

Controller email address: [email protected]

12 Data Sources - where did you get my data

Any and all data in respect of - Data We Collect, is collected directly from you, the individual.

We do not collect any of your personal data from any other sources. This included any publicly accessible list and or data sources, whether in the public domain or if we have a legitimate interest to be able to access those sources legally.