Privacy Policy

wave shape

Privacy Policy

Last updated: November 06, 2025

AYDAPAY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
KRS: 0001036277 • NIP: 5214021930 • REGON: 525460979
Address: Aleja Armii Ludowej 6 / 164, 00-571 Warsaw, Poland
Email: help@aydapay.com • Phone: +48 737 660 344

1. Introduction

This Privacy Policy explains how AYDAPAY SP. Z O.O. (“AYDAPAY”, “we”, “our”, “us”) collects, processes, stores, and protects personal data when Users access our website, mobile app, or money transfer services.

This Policy is fully aligned with:

  • GDPR (Regulation EU 2016/679)
  • Polish Data Protection Act
  • PSD2 transparency requirements
  • Polish AML/CFT Act
  • ePrivacy Directive and Telecommunications Law

By using AYDAPAY’s services, you confirm that you understand and agree to this Policy.

2. Data Controller Information

Data Controller:
AYDAPAY SPÓŁKA Z O.O.
Aleja Armii Ludowej 6 / 164, 00-571 Warsaw, Poland
Email: help@aydapay.com
Phone: +48 737 660 344

A Data Protection Officer (DPO) may be appointed as required.

3. Types of Personal Data We Collect

AYDAPAY processes the following categories of personal data:

a) Identification Data

  • Full name
  • Date of birth
  • Nationality
  • ID/passport details
  • Residential address

b) Contact Data

  • Phone number
  • Email address

c) Transaction Data

  • Payment card (tokenized)
  • Transfer amount, currency, fees
  • Sender and Recipient information
  • Transaction history and metadata

d) AML/KYC Verification Data

  • Document scans/photos
  • Biometric data (selfie liveness check)
  • Proof of address
  • Risk scoring and sanctions screening results

e) Technical and Device Data

  • IP address
  • Device model, OS, browser
  • Login timestamps
  • App performance logs
  • Cookies

f) Communication Data

  • Emails and messages to support
  • Complaints and dispute records

4. Legal Basis for Processing

We process personal data based on:

✅ Art. 6(1)(b) – Contract performance

  • Executing transfers
  • Providing app functionality
  • Customer support

✅ Art. 6(1)(c) – Legal obligation

  • AML/CFT requirements
  • Transaction monitoring
  • Reporting to GIIF
  • PSD2 transparency rules

✅ Art. 6(1)(f) – Legitimate interests

  • Fraud prevention
  • Security and risk monitoring
  • Service improvements

✅ Art. 6(1)(a) – Consent

  • Marketing communications
  • Analytics cookies
  • Optional in-app permissions

5. Purposes of Processing

We use personal data for:

  • Performing money transfers
  • Verifying customer identity
  • Compliance with AML/CFT regulations
  • Fraud and sanctions screening
  • Improving and securing our services
  • Providing support and resolving complaints
  • Sending optional marketing updates (with consent)

6. Data Retention Periods

AYDAPAY retains data only as long as required by law:

  • KYC/AML Data: 5 years after account closure (Polish AML Act)
  • Transaction Data: 5 years (regulatory obligation)
  • Technical logs: up to 24 months
  • Marketing Data: until consent is withdrawn
  • Account Data: deleted when the User closes their account, except data required for compliance

7. User Rights Under GDPR

Users have the right to:

  1. Access their personal data
  2. Correct inaccurate data
  3. Request deletion (when legally possible)
  4. Restrict processing
  5. Transfer data (portability)
  6. Object to processing operations
  7. Withdraw consent at any time
  8. File a complaint with:
    UODO – Polish Data Protection Authority

Note: AML laws may restrict deletion rights.

8. Data Sharing and Processors

AYDAPAY shares personal data only with:

✅ Payment partners

  • Visa, Mastercard
  • Card processors
  • Bank settlement partners

✅ Identity verification providers

  • AML/KYC screening platforms
  • Sanctions list screening services

✅ IT infrastructure

  • Secure hosting providers
  • Analytics and performance tools

✅ Public authorities

  • GIIF (Polish Financial Intelligence Unit)
  • Law enforcement (when required)
  • Regulatory bodies

AYDAPAY does not sell or trade personal data.

9. International Data Transfers

Data may be transferred outside the EEA only when:

  • The destination has an EU “adequacy decision”, or
  • Standard Contractual Clauses (SCCs) are used, or
  • Transfer is necessary to execute an international transaction

We apply strong contractual and technical safeguards.

10. Automated Decision-Making

We use automated tools for:

  • AML risk scoring
  • Fraud detection
  • Sanctions screening

These checks may affect transfer approval, but Users can request manual review.

11. Security Measures

AYDAPAY applies industry-level protections:

  • TLS encryption
  • Tokenization of card data
  • Biometric authentication
  • Fraud detection and monitoring
  • Secure cloud hosting
  • Access control and logging
  • Regular security audits

12. Cookies

AYDAPAY uses:

  • Necessary cookies – always active
  • Analytics cookies – optional
  • Marketing cookies – optional

Full details are available in the Cookie Policy.

13. Children’s Data

AYDAPAY does not provide services to individuals under 18 years old.

14. Updates to This Policy

Updates occur when required by:

  • law
  • regulatory obligations
  • technical changes

We will publish all updates on our website and app.

15. Contact Information

For privacy-related inquiries:
Email: help@aydapay.com
Phone: +48 737 660 344
Address: Aleja Armii Ludowej 6 / 164, Warsaw, Poland

 

Table of Contents
Policy version: 2.3
Need Help?

If you have any questions about our Privacy Policy, please don't hesitate to contact us.

Contact Support