Privacy Notice

Updated November 14th, 2024

Summary of contents

Who are we and how to contact us?
On whom do we process personal data? (”Data Subjects”)
How do we collect personal data?
What personal data do we collect and process?
Our legal basis for collecting personal data
Recipients of personal data
Processing outside of the EU/EEA
Storage period
Security measures
Your rights under the GDPR

1. Who are we and how to contact us?

Inpay is a cross-border payment solutions provider making the flow of global payments easier, more cost-effective, and faster. Privacy is of great important to Inpay, and we take great care to maintain the trust of our customers and users of our services when processing personal data.

Please find below our Privacy Notice regarding our processing of personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data.

If you wish to exercise your rights as described below or have any questions regarding our processing of your personal data or this Privacy Notice, you may contact us at:

Inpay A/S
Company registration no. (CVR) 32 31 77 31
Toldbodgade 55B, 6.
DK-1253 Copenhagen,
Email: [email protected]
Phone: +45 88 61 06 00

2. On whom do we process personal data? (“Data Subjects”)

Payers and payees. Payers request a payment order from Inpay and payees are beneficiaries of such payments.
Employees of corporate customers who make use of Inpay’s services.
Employees of Inpay’s suppliers.
Subscribers to our newsletter and users of our website.

3. How do we collect personal data?

We collect personal data in the course of providing our services. This can be collected directly from Data Subjects, or via third parties such as intermediary payment service providers or corporate customers. We may also collect personal data from events, via marketing activities or our website.

4. What personal data do we collect and process?

Payers and payees:

Profile and account login information: Full name, email address and, where applicable, encrypted password and face-ID used for authentication and access control.
Payment information: Full name, email address, physical addresses, bank account number, IBAN, SWIFT code and payment preferences and supplemental documentation required in order for Inpay to fulfil its obligations following pursuant to our anti-money laundering obligations, such as a copy of payers’ government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address.

Employees of corporate customers:

Account login information: email address and, where applicable, hashed password or other information used for authentication and access control.
Contact information: full name, title, company name, email and phone number, role, and any additional (non-sensitive) information submitted by our customer’s employees or their organization.
Platform usage information: technical usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies installed or utilised on the Customer’s User’s device.
Identification Information: supplementary documentation that may be required by Inpay as part of our obligations following from applicable anti-money laundering legislation. This may include documentation to verify the identity of our customer’s directors, officers, or owners (who may be Customer’s Users), such as a copy of a government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address.

Suppliers:

Account login information: Email address and, when applicable, hashed password or other information used for authentication and access control.
Contact information: Full name, title, company name, email and phone number, role, department, and any additional (non-sensitive) information submitted by the suppliers’ employees or their organization.
Platform usage information: Technical usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies installed or utilized on the Payee User’s device.

Users of our website, applications and receivers of marketing material:

Technical and aggregated usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, geolocation and language settings used), connectivity data, activity logs, session recordings, and the cookies and pixels installed or utilized on our Sites or your device.

5. Our legal basis for processing personal data

We process personal data to pursue our legitimate interest in managing our business, including being able to handle contracts, develop and market our services and fulfil our obligations under applicable financial regulation, legislation on anti-money laundering and regulation on accounting.

The information will also be used to market your trade inquiry / posting in the market through social media and similar sources, and the processing may further include the gathering of usage data, user statistics, and price analysis in order for us to improve our website using cookies. You can read our cookie policy here.

On the basis of your consent, we may send you emails with commercial content. You can always withdraw your consent by using the link integrated in the marketing material.

Our legal basis for processing personal data are the following articles in the EU General Data Protection Regulation (“GDPR”):

Article 6 (1)(a), according to which personal data may be processed with express consent.
Article 6 (1)(b), according to which personal data may be processed if this is necessary to fulfil a contract.
Article 6 (1)(c), according to which personal data may be processed if this is necessary to comply with a legal obligation.
Article 6 (1)(f), according to which personal data may be processed if this is necessary to pursue a legitimate interest, unless such interests are overridden the interests of the data subject to not have the data processed.

Note: Because we process data partly on basis of article 6 (1)(f), you may in certain cases object to our otherwise lawful processing of your personal data if you find that your interests in not having your data processed outweighs our legitimate interests in processing your data, pursuant to article 21 of the GDPR. See further below on your rights under the GDPR.

6. Recipients of personal data

We engage with intermediary payment service providers when conducting payments. We also engage with service providers or contractors who support the operation of our business.

Such service providers or contractors include hosting and server co-location services, communications and content delivery networks, internet service providers, operating systems and platforms, data analytics services, web analytics, marketing and advertising services, data and cyber security services, fraud detection and prevention services as well as banks, financial institutions, credit bureaus, collection agencies, customer engagement services, billing and payment processing services.

Furthermore, we use companies that provide background checking services that support Inpay’s anti-money laundering obligations, and for our business we also make use of legal, tax, financial and compliance advisors. These service providers may have access to your personal data, depending on each of their specific roles and purposes in facilitating, supporting, and enhancing our services, and may only use it for such purposes.

Where legally mandated, we may allow government and law enforcement officials access to personal data in response to a subpoena, search warrant, or similar order. All such disclosure requests will be reviewed by Inpay to determine to what extent, if any, Inpay is required to comply with such a request.

7. Processing outside of the EU/EEA

We may use service providers and have partners outside of the EU/EEA. This means that your data may be transferred and processed outside of the EU/EEA. We do however take great care to ensure that this is only done if the appropriate safeguards are in place.

If data is transferred to a country outside EU/EEA, and if the country in question has not been approved by the European Commission as providing adequate protection (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_da), our transfers will be based on standard contractual clauses also approved by the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

8. Storage period

We retain personal data for as long as it is reasonably necessary to achieve our stated purpose. Such a purpose may include providing our services, complying with contractual obligations, or as required for proper log-keeping and bookkeeping. The purpose may also include the need to have evidence concerning our relationship should any legal issues arise following the termination of our legal relationship.

Personal data may also be retained in accordance with applicable laws and regulations, such as anti-money laundering regulations, which require Inpay to retain certain personal data for up to five years.

Any data processing based on your consent will be deleted if you withdraw your consent.

If you have any questions about our data retention policy, please contact us by email at [email protected]

9. Security measures

We have implemented technical and organisational security measures that help to protect the personal data we process. We carry out internal training and provide instructions to our employees on data security. We have also implemented contract-based instructions to our data processors governing necessary security measures.

10. Your rights under the GDPR

Under the GDPR, you have a number of rights in relation to our processing of personal data about you.

You are entitled to:

Request access to the personal data we process on you: you have the right to ask us for information about or access to your personal data. There are some exemptions which mean you may not receive all the data we use.
Request rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
Object to the use of your personal data: this right entitles you to request that we no longer use your personal data. However, it only applies in certain circumstances, and we may not need to stop the use if we can give legitimate reasons to continue using your personal data.
Request the erasure of your personal data: this right entitles you to request the erasure of your personal data in certain circumstances.
Request the restriction of the use of your personal data: this right entitles you to request that we only use your personal data in limited circumstances, including with your consent.
Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used, and machine-readable format) of personal data that you have provided to us or request us to transmit such personal data to another data controller.
Withdraw your consent: You can withdraw your consent at any time by opting out in the email or by contacting us. However, this will not affect our right to use personal data obtained prior to the withdrawal of your consent, or our right to continue parts of the use based on other legal bases than your consent.

Please note that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy laws, or other laws and regulations.

If you want to exercise your rights, you may contact us at:

Inpay A/S
Company registration no. (CVR) 32 31 77 31
Toldbodgade 55B, 6.
DK-1253 Copenhagen,
Email: [email protected]
Phone: +45 88 61 06 00

Finally, you have the right to make a complaint about our processing of your personal data to the Danish Data Protection Agency (Datatilsynet): https://www.datatilsynet.dk/english/file-a-complaint