Privacy Policy

Privacy Policy (for EEA and UK users)

Privacy Policy (for non-EEA users)



Last Updated: February 2021


Privacy Policy (for EEA and UK users)


Our Commitment to your privacy


Your privacy is important to us. To better protect your privacy, iPayLinks UK LLP (“iPayLinks”, “we”, “us”, “our”) developed this Privacy Policy as an extension of our commitment to combine quality services with integrity in dealing with our users.


If you visit, interact with us, or use our website: www.ipaylinks.com (“Website”) or our applications or APIs (collectively, the “Apps”) through any channel, register to use our services and products, we may collect and process certain personal information about you. The processing of your personal information, including personal data, complies with applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).


The purpose of this privacy policy (“Privacy Policy”) is to provide a clear explanation of when, why and how we collect and use your personal information. We have written this to be as user friendly as possible, and have labelled sections to make it easy for you to find the information that may be most relevant to you and to allow you to click on a topic to find out more. This Privacy Policy should be read together with our Cookies Policy.


Please read this Privacy Policy carefully. This Privacy Policy is intended to articulate the types of personal data we may collect, what your data may be used for, what the legal bases for those collections and uses are, and how we protect it. This Privacy Policy is not intended to override the terms of any contract that you may have with us (for example, the terms and conditions you agreed when you apply to use our payment and account management services) or any rights you might have under data protection laws applicable to you.


We may make changes to this Privacy Policy from time to time to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will notify you about significant changes through our Website. We encourage you to regularly check and review this Policy so that you will always know what information we collect, how we use it, and who we share it with.


Controller of personal information


iPayLinks UK LLP will be the data controller and as such is responsible for looking after your personal information. Our Data Protection Officer may be contacted by emailing data-protection@ipaylinks.com.


The personal information you submit to us in one country may be transferred, used, processed, stored and accessed worldwide by iPayLinks and our representatives in one or more countries. For details, please see section headed “Who do we share your personal information with?” below.


What types of personal information do we collect?


Depending on the types and nature of the products and services you use (or continue to use), we may collect different types of personal information from you. This includes:

(a)personal particulars (e.g. name, email address, telephone number, country of residence, residential address, date of birth and/or identity card/passport details);

(b)voice recordings of our conversations with you;

(c)employment details (e.g. occupation, directorships and other positions held, employment history, salary, and/or benefits);

(d)tax information;

(e)banking information (e.g. account numbers and banking transactions);

(f)background checks information (e.g. credit history);

(g)information you provide to us when you contact our support team to help us answer your queries. We also gather information about any suggestions or complaints you make in order to help address your queries and improve the products and services we offer you;

(h)information obtained from mobile device with your consent (e.g. device location and information);

(i)your email and marketing preferences including interests and market list assignments, marketing objections, preferred language, Website and Apps data; and

(j)your device data and log information through the use of technologies, cookies and web beacons and advertising IDs (more information about use of cookies can be found in our Cookies Policy) including IP addresses, device ID and type, and details about your use of our Website and Apps, browsing history, search queries, browser type, session frequency, geolocation information, wireless and mobile network connection information.


How do we collect personal information?


Your personal information is collected by us directly (for example, when you use our Website and Apps, register for our products or services, enter into our promotional events or competitions, download our applications, or when you interact with us by contacting us for enquiries or providing feedback). You are under no obligation to provide the personal information when we seek to directly collect it from you. However, if you do not provide us with certain information marked as mandatory or with an asterisk on the relevant forms, we may not be able to process your submission, provide you with our services or respond to your enquiries.


For what purposes are personal information collected and used?


We may use your personal information for our core business purposes, such as:

(a)create customer profiles, maintain customer records and to communicate with you (including providing you with updates on changes to products and services), fulfil your requests and respond to your queries or feedback, addressing or investigating any complaints, claims or dispute;

(b)send you important notices or personalised messages in relation to your use of our products and services;

(c)administer the operation of our Website and Apps, to allow you to use the services and functions of our Website, to conduct website maintenance, to troubleshoot problems, and to continually improve your Website experience;

(d)provide you with services and products in accordance with the terms and conditions that govern our relationship with you;

(e)to identify and send you marketing materials, news and information which we think will be of interest to you such as our latest promotional offers and upcoming products and services;

(f)conducting screening, due diligence checks and verify your identity for the purposes of providing our products or services as may be required under applicable laws, regulations or directives;

(g)detect, investigate and prevent fraud and other illegal activities;

(h)use your personal information for purposes associated with our legal or regulatory rights and obligations, including financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes and for the purposes of seeking professional advice, including legal advice; and

(i)keep internal records, decision making and facilitate internal purposes such as data analysis, and research to improve our products and services, service security and quality, and to maintain opt-in and opt-out lists.


When will we use personal information for direct marketing purposes?


We may use your personal information to send you direct marketing communications about our products and services or our related services including our upcoming services, products and offers. This may be in the form of email, post, SMS, telephone or targeted online advertisements or in-app notifications. We limit direct marketing to a reasonable and proportionate level, and to send you communications which we think will be interesting and relevant to you, based on the information we have about you.


From the effective date of this Privacy Policy onwards, where you register for our products, services or offers and have elected to receive direct marketing information by email or SMS, then for the purposes of the GDPR and where required under relevant data privacy laws, we will ask you for your consent for our processing of your personal information for direct marketing purposes.


The above statement does not apply if you have previously provided us with your personal information and opted-in to direct marketing in accordance with relevant laws. In these cases our continued processing of your personal information is based on our legitimate interests as further detailed in Appendix 1.


You have a right to stop receiving direct marketing at any time. You can do this by following the opt-out links in electronic communications (such as emails), or by contacting us (please see the “How to contact us” section below).


What is our legal basis for using your personal information?


We will only process your personal information where we have a legal basis to do so. We are required to establish a legal basis in order to use your personal information for the purposes set out above.

We will make sure that we only use your personal information for the purposes set out above and in Appendix 1 where we are satisfied that:


a.our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you (e.g. to fulfil obligations under the contract signed between you and us);

b.you have provided your consent;

c.it is necessary to comply with a legal obligation; or

d.our use of your personal information is necessary to support the “legitimate interests” that we have as a business (for example, to improve our products and services, to provide help or support in connection with our Website and Apps, to ensure that they operate efficiently and securely, and to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your data privacy rights.


Who do we share your personal information with?


Your personal information may be shared with companies within our group to assist us in providing our products and services to you. We may also disclose your personal information to the following third parties for the purposes described below:


Service providers and partners we engage in order to provide our products and services to you, such as payment processing companies, acquirers, bank partners, payment system operators to process your transactions.

In response to a valid legal request from government, regulatory authorities, law enforcement agencies and courts.

In response to a valid legal request from government, regulatory authorities, law enforcement agencies and courts.

Service providers and partners we engage to carry out due diligence identity verification, transactions monitoring, fraud-screening and for the purposes of detecting, preventing or otherwise addressing fraud, security or technical issues, protecting against harm to the rights, property or safety of our users or the public, or as necessary to serve our legitimate business interests.

In order to improve our business services, we may share your personal information, as well as non-personally identifiable information, with our advertising and analytics providers and with related service providers.

We may share your personal data with any subsidiaries, joint ventures, or other companies under common control. If another company acquires our company, business, or our assets, that company will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Privacy Policy.


Our Website may, from time to time, contain links to and from the websites of our partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. You should check the privacy policies of third party websites before you submit any personal data to them.


What countries will your personal information be sent to?


Your personal information may be sent to and stored by us, our affiliates and third parties in countries outside the United Kingdom and the European Economic Area (EEA). We must comply with specific rules when we transfer Personal Data (as defined in the GDPR) from inside the EEA to outside the EEA. When we do this, we will use appropriate safeguards, where necessary, to protect any Personal Data being transferred. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests and is undertaken in accordance with the applicable rules governing such transfers.


You have the right to ask us for more information about the safeguards we have put in place (please see the “How to contact us” section below if you would like further information).


How can we keep your personal information secure?


We make every effort to protect us and you (including your data and personal information that we hold) from unauthorised access, alteration, disclosure or destruction. We have implemented technical and organisational security measures to safeguard your personal information and data.


In particular:

(a)we regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems;

(b)we use encrypted password protection where appropriate; and

(c)we restrict access to personal information to only those employees and contractors who need access to the relevant personal information in order for them to process it for us and who are subject to strict contractual confidentiality obligations.


We work hard to protect your personal information, but cannot guarantee the security of the data you disclose online due to the inherent security risks of providing information over the Internet.


How long will we keep your personal information?


We will retain your personal information for as long as is reasonably necessary for the purposes listed in section “For what purposes are personal information collected and used?” as detailed in Appendix 1. When we no longer need to use your personal data, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it. In some circumstances we may retain your personal information for longer periods of time. Such circumstances may include but are not limited to where we are required to do so to meet legal, regulatory, tax or accounting requirements.


To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


What are your other rights?


Subject to applicable laws and regulations, you may have a number of rights in relation to your personal information. For example, under GDPR, you may request access to your data, rectification of any mistakes in our records, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability and various information in relation to any automated decision making and profiling or the basis for international transfers. You also have the right to lodge a complaint with your national supervisory authority.


(a)Access: you can ask us to provide details of what personal information (if any) we process about you, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, how you can make a complaint, where we got your data from, you can also ask us to provide a copy of it;

(b)Rectification: you can ask us to rectify inaccurate personal information;

(c)Erasure: you can ask us to erase your personal information in certain circumstances (for example if it is no longer needed for the purposes for which it was collected or you have withdrawn your consent if the data processing was based on consent) absent an overriding legitimate interest;

(d)Restriction: you can ask us to restrict (i.e. keep but not use) your personal information in certain circumstances (for example where its accuracy is contested or where it ceases to be useful for the purposes we are using it for);

(e)Portability: in certain circumstances you can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it ported directly to another data controller;

(f)Objection: you can object to any processing of your personal information which has our legitimate interests as its lawful basis if you believe your fundamental rights and freedoms outweigh our legitimate interests;

(g)Automated Decision Making: you can ask for certain automated decisions to be reconsidered by us using human intervention;

(h)Withdrawal of Consent: if you have consented to our processing of your personal information, you have the right to withdraw your consent at any time. This includes cases where you wish to opt out from marketing messages your receive from us;and

(i)Lodging a Complaint: you have a right to lodge a complaint with your national data protection supervisory authority at any time if you believe that we have not complied with applicable data protection laws. Please click here for a list of national data protection authorities in the EEA countries. We would, however appreciate the chance to deal with your concerns before your approach the data protection authorities so please contact us in the first instance.


Please contact us as set out in the section headed “How to contact us?” if you do wish to exercise these rights.


How to contact us?


If you have any questions or concerns about our use of your personal information, please contact us by email at data-protection@ipaylinks.com, or by post at: Floor 18 100 Bishopsgate, London, United Kingdom, EC2M 1GT6.



APPENDIX 1 – LAWFUL BASES FOR PROCESSING

No. Purpose for processing Lawful basis
1. Create customer profiles, maintain customer records and to communicate with you (including providing you with updates on changes to products and services), fulfil your requests and respond to your queries or feedback, addressing or investigating any complaints, claims or dispute.

This processing is necessary for the purpose of the legitimate interests pursued by iPayLinks.

iPayLinks considers that it has a legitimate interest in ensuring your requests and feedback are attended to and to maintain an accurate record of your data.

2. Send you important notices or personalised messages in relation to your use of our products and services.

This processing is necessary for the purpose of the legitimate interests pursued by iPayLinks.

iPayLinks considers that it has a legitimate interest in ensuring that all customers receive the best possible experience, helping us to preserve our business operations, and ensuring that you are provided with information relevant to you.

3. Administer the operation of our Website and Apps, to allow you to use the services and functions of our Website, to conduct website maintenance, to troubleshoot problems, and to continually improve your Website experience.

This processing is necessary for the purpose of the legitimate interests pursued by iPayLinks.

iPayLinks considers that it has a legitimate interest in ensuring that all customers receive the best possible experience and improving our products and services offering in order to preserve our business operations.

4. Provide you with services and products in accordance with the terms and conditions that govern our relationship with you. This processing is necessary to perform the contract between you and iPayLinks.
5. To identify and send you marketing materials, news and information which we think will be of interest to you such as our latest promotional offers and upcoming products and services.

This processing is necessary to perform the contract between you and iPayLinks.

iPayLinks may also in certain situations have a legitimate interest to ensure that we are providing our customers with the opportunity to engage with us and participate in our promotional offers and be made aware of our upcoming products and services.

6. Conducting screening, due diligence checks and verify your identity for the purposes of providing our products or services as may be required under applicable laws, regulations or directives. iPayLinks considers that it has a legal obligation to ensure its business operates in accordance with applicable laws, regulations and directives.
7. To detect, investigate and prevent fraud and other illegal activities and protect our rights and property.

This processing is necessary for the purpose of the legitimate interests pursued by iPayLinks.

iPayLinks considers that it has a legitimate interest to prevent or otherwise address fraud, security or technical issues, protect against harm to the rights, property or safety of our users or the public.

8. Use your personal information for purposes associated with our legal or regulatory rights and obligations, including financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes and for the purposes of seeking professional advice, including legal advice; and iPayLinks considers that it has a legal obligation to ensure its business operates in accordance with applicable laws, regulations and directives.
9. To keep internal records, decision making and facilitate internal purposes such as auditing, data analysis, and research to improve our products and services.

This processing is necessary for the purpose of the legitimate interests pursued by iPayLinks.

iPayLinks considers that it has a legitimate interest in continually improving our services in order to preserve and grow our business operations, and ensuring that you are provided with information relevant to you.

10. To maintain opt-out and opt-in lists (including responding to customer requests to opt-out of direct marketing). This processing is necessary for the purpose of a legal obligation to which iPayLinks is subject in order to not provide direct marketing materials to individuals which have opted-out of, or opted-in to, receiving such communications.
11. To develop, display and track content for the purposes of customising or personalising advertising, offers and content made available to you based on your usage of websites, mobile applications or services, and analysing the performance of those advertisements, offers and content, as well as your interaction with them. iPayLinks considers that it has a legitimate interest in ensuring that you receive information about our products and services which may be of interest to you, this also helps us to preserve and grow our business operations.







Last Updated: February 2021


Privacy Policy (for non-EEA users)


Your privacy is important to us. To better protect your privacy, iPayLinks Limited (“iPayLinks”, “we”, “us”, “our”) developed this Privacy Policy to demonstrate our firm commitment to protecting your privacy.


This privacy policy has been developed in accordance with the Personal Data (Privacy) Ordinance (Chapter 486) of the Laws of the Hong Kong Special Administrative Region (“Ordinance”), and applies to all visitors of our Website and Apps and users of our products and services, except for visitors and users subject to laws of the European region. If you are subject to laws in the European region, please read our privacy policy for EEA users.


It may be necessary for us to gather information on you for a specific purpose. We will always inform you when we are collecting such information. It is our intention to respect your request for privacy, and we try our best to provide you with communication channels to facilitate this. Once all gathered information has been used for the intended purpose, it is destroyed or de-identified.


The following discloses our information gathering methods and dissemination practices for our Website and Apps. iPayLinks is not responsible for the privacy practices of other linked sites.


When do we collect personal information?


When you visit our website: www.ipaylinks.com (“Website”) or mobile applications or APIs (collectively, the “Apps”), our server software records the domain name of your computer or device. We may also track the pages you visit. We do these things so that we can measure traffic, gauge the popularity of various parts of the Website and Apps, gain some general knowledge about our audience and compile aggregated statistics. We may also use cookies to collect information on how you use our Website and Apps. If you refuse cookies, certain features of our Website and Apps may not be available to you. For further information, please refer to our Cookies Policy.


If you wish to register for our products and services, we will from time to time collect your personal information specifically for the purpose of assessing your applications to use (or continual usage of) services or products offered by us. If you provide incomplete or incorrect personal information, we may not be able to provide or continue to provide our products and services to you.


What types of personal information do we collect?


Depending on the types and nature of the products and services you use (or continue to use), you may be requested to provide iPayLinks with personal information. This includes:

(a)personal particulars (e.g. name, email address, telephone number, country of residence, residential address, date of birth and/or identity card/passport details);

(b)voice recordings of our conversations with you;

(c)employment details (e.g. occupation, directorships and other positions held, employment history, salary, and/or benefits);

(d)tax information;

(e)banking information (e.g. account numbers and banking transactions);

(f)background checks information (e.g. credit history);

(g)information you provide to us when you contact our support team to help us answer your queries. We also gather information about any suggestions or complaints you make in order to help address your queries and improve the products and services we offer you;

(h)information obtained from mobile device with your consent (e.g. device location and information);

(i)your email and marketing preferences including interests and market list assignments, marketing objections, preferred language, Website and Apps data; and

(j)your device data and log information through the use of technologies cookies and web beacons and advertising IDs (more information about use of cookies can be found in our Cookies Policy) including IP addresses, device ID and type, and details about your use of our Website and Apps, browsing history, search queries, browser type, session frequency, geolocation information, wireless and mobile network connection information.


How do we collect personal information?


Your personal information is collected by us either directly (for example, when you use our Website and Apps, register for our products or services, enter into our promotional events or competitions, download our applications, or when you interact with us by contacting us for enquiries or providing feedback). You are under no obligation to provide the personal information when we seek to directly collect it from you. However, if you do not provide us with certain information marked as mandatory or with an asterisk on the relevant forms, we may not be able to process your submission, provide you with our services or respond to your enquiries.


For what purposes are personal information collected and used?


We may use your personal information for our core business purposes, such as:

(a)create customer profiles, maintain customer records and to communicate with you (including providing you with updates on changes to products and services), fulfil your requests and respond to your queries or feedback, addressing or investigating any complaints, claims or disputes;

(b)send you important notices or personalised messages in relation to your use of our products and services;

(c)administer the operation of our Website and Apps, to allow you to use the services and functions of our Website, to conduct website maintenance, to troubleshoot problems, and to continually improve your Website experience and provide you with services and products in accordance with the terms and conditions that govern our relationship with you;

(d)to identify and send you marketing materials, news and information which we think will be of interest to you such as our latest promotional offers and upcoming products and services;

(e)conducting screening, due diligence checks and verify your identity for the purposes of providing our products or services as may be required under applicable laws, regulations or directives;

(f)detect, investigate and prevent fraud and other illegal activities ;

(g)use your personal information for purposes associated with our legal or regulatory rights and obligations, including financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes and for the purposes of seeking professional advice, including legal advice; and

(h)keep internal records, decision making and facilitate internal purposes such as data analysis, and research to improve our products and services, service security and quality, and to maintain opt-in and opt-out lists.


When will we use personal information for direct marketing purposes?


Where you have given your explicit consent and have not subsequently opted out, we may use your personal data, including your contact information and demographic information to send marketing and promotional purposes to you. For example, we may use your personal data to offer you products or services, including special offers, promotions or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, facsimile and other mobile messaging services. You may at any time request that we stop contacting you for marketing purposes via selected or all modes.


To find out more on how you can change the way we use your personal data for marketing purposes, please contact us (please see the “How to contact us” section below).


Who do we share your personal information with?


Your personal information may be shared with our affiliated companies in providing our products and services to you. We may also disclose your personal information to the following third parties for the purposes described here:


Service providers and partners we engage in order to provide our products and services to you, such as payment processing companies, acquirers, bank partners, payment system operators to process your transactions.

In response to a valid legal request from government, regulatory authorities, law enforcement agencies and courts.

Professional advisors such as law firms to enforce or apply any contract with you or including subpoenas, court orders, legal process, and our auditors in connection with our audit requirements.

Service providers and partners to carry out due diligence identity verification, transactions monitoring, fraud-screening and for the purposes of detecting, preventing or otherwise addressing fraud, security or technical issues, protecting against harm to the rights, property or safety of our users or the public, or as necessary to serve our legitimate business interests.

In order to improve our business services, we may share your personal information, as well as non-personally identifiable information, with our advertising and analytics providers and with related service providers.

We may share your personal data with any subsidiaries, joint ventures, or other companies under common control. If another company acquires our company, business, or our assets, that company will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Privacy Policy.

For more information about the third parties with whom we share your personal data, you may, where appropriate, wish to refer to the agreement(s) and/or terms and conditions that govern our relationship with you. You may also contact us for more information (please see the “How to contact us” section below).


How can we keep your personal information secure?


The data you provide to us will be stored at our office or servers of our agents in Hong Kong and the People’s Republic of China accessible only to our authorised employees and contractors and those to whom we give access.


We will take reasonable steps to protect your personal information, but cannot guarantee the security of the data you disclose online due to the inherent security risks of providing information over the Internet. We give no warranty against third parties hacking into the data or any unauthorised access to the data by anyone.


How long will we keep your personal information?


Your personal data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other legal or business purposes.


To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


How do you access your personal information held by us?


Subject to and in accordance with applicable data protection laws, you may access certain personal data held by us about you and correct any inaccuracies. iPayLinks may charge a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request. Information on any processing fees will be made available to you.


Please contact us (please see the “How to contact us” section below) for details on how you may request access or correction to, or exercise your rights with respect to the processing of your personal data.


Your Consent


Your use of iPayLinks means that you accept this Privacy Policy. You agree that the personal information given by you and collected by us from time to time may be used and disclosed for the foregoing purposes, and to such persons as may be appropriate in accordance with this Privacy Policy.


We expressly reserve the right to make changes to this Privacy Policy from time to time at our discretion without prior or separate notification. Any changes will be posted to our Website. Your continued use indicates your agreement to those changes.


How to contact us?


If you have any questions or concerns about our use of your personal information, please contact us by email at data-protection@ipaylinks.com, or by post at ROOM NO.27 OF UNIT B 10/F RITZ PLAZA NO.122 AUSTIN ROAD TSIM SHA TSUI KL, Hong Kong.