Privacy Policy

Who we are

Zapay ("we", "us", "our") provides FX payment support and international payment enquiry services. We act as a data controller for our own site visitors, prospects and client contacts. Where a regulated payment or e-money provider is involved in a transfer, that provider may also process your personal data under its own privacy notice.

Registered office: 123 High Street, Manchester, M1 2AB, United Kingdom. Email: contact us | Tel: 0203 951 4395

Personal data we collect

Depending on your relationship with us, we may process:

• Website enquiries: name, email, phone, message content and quote request details.
• Payment enquiry data: sending and receiving currencies, expected transfer amount, destination country, payment purpose and beneficiary information you choose to provide.
• Client contact data: names, roles, business contact details, approvals, support notes and communication history.
• Verification or payment support data requested by a relevant provider or required for due diligence.
• Technical data: cookies/analytics (see Cookies section).

We do not intentionally collect special category data unless it is necessary for a specific request and appropriate safeguards are in place.

How we use your data

• To respond to enquiries and provide proposals.
• To prepare FX quotes, respond to payment enquiries and provide support.
• To check payment details, communicate updates and maintain records of client instructions.
• To meet legal, regulatory, security, fraud prevention and accounting obligations.
• To improve our services and website (aggregated analytics).

Legal bases (UK GDPR)

• Contract: to provide FX payment support and related services to our clients.
• Legal obligation: where we must keep records, support due diligence or comply with applicable law.
• Legitimate interests: service quality, security, fraud prevention, client relationship management.
• Consent: where required for certain communications or optional cookies.

Sharing & processors

We may share data with trusted providers to deliver our services, under contracts that include confidentiality, security and UK GDPR terms. Typical categories include:

• Payment, banking, e-money, FX or compliance providers where needed to handle a payment enquiry or transfer.
• Email and communication tools (contact responses, notifications).
• Cloud hosting, backup and IT security providers.
• Professional advisers, auditors, regulators or authorities where required by law.

We do not sell personal data.

International transfers

If personal data is transferred outside the UK (or EEA), we use appropriate safeguards, such as the UK International Data Transfer Agreement/Addendum or other lawful transfer mechanisms, and apply additional technical and organisational measures where appropriate.

Data retention

We keep data only as long as necessary for the purpose collected and to meet legal/accounting requirements. Typical periods:

• Enquiries: up to 24 months from last contact.
• Client records and payment support notes: generally 6 years after contract end or last transaction, unless a different period is required by law.
• Security and access logs: typically 12-24 months, unless needed for investigation or compliance.

Security

We implement layered security: access controls, encryption in transit, hardened hosting, regular updates, backups, and least-privilege principles. Staff are trained on data protection and confidentiality. While no system is perfectly secure, we continually improve safeguards and monitor for threats.

Your rights

Subject to conditions and exemptions, you have the right to:

• Access your data and request a copy.
• Rectify inaccurate or incomplete data.
• Erase data (where no longer needed/where consent withdrawn).
• Restrict or object to certain processing.
• Data portability (where applicable).
• Withdraw consent (where processing is based on consent).

If another payment or e-money provider controls part of your data, you may also need to contact that provider to exercise your rights.

Cookies

Our site uses strictly necessary cookies for core functionality (e.g., security, session). We may use optional analytics cookies to understand site usage. Where required, we seek consent via our cookie banner. You can change preferences at any time and control cookies via your browser settings. See our Cookie Policy for details.