Last updated: 02.04.2026
Data protection is of high importance for OKTOPAY LIMITED. We are committed to ensuring transparency in how we process and protect your personal data.
1. Data Controller
OKTOPAY LIMITED, registered E-Money Distributor of Sureswipe E.M.I. PLC, acts as the data controller for the processing of your personal data under applicable law.
OKTOPAY LIMITED
Address: 16, John Kennedy Ave, 2nd Floor, NIVIAN COURT, 1087, Nicosia, Cyprus
Company registration number: HE400907
Contact: dpo@oktopay.eu
2. Legal Framework
Your personal data is processed in accordance with:
Regulation (EU) 2016/679 (GDPR)
Applicable local data protection and financial services laws
3. Data Storage and International Transfers
Your personal data is generally stored within the European Economic Area (EEA).
Where transfers outside the EEA are necessary, we ensure appropriate safeguards are in place, such as:
EU Standard Contractual Clauses (SCCs), or
Other lawful transfer mechanisms under GDPR
4. Your Rights
You have the following rights under applicable data protection laws:
Access – obtain confirmation and a copy of your data
Rectification – correct inaccurate or incomplete data
Erasure – request deletion where applicable
Restriction – limit processing under certain conditions
Portability – receive your data in a structured format
Objection – object to processing based on legitimate interest
Withdraw consent – where processing is based on consent
Complaint – lodge a complaint with a supervisory authority
To exercise your rights, contact: dpo@oktopay.eu
5. Updates to this Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our websites.
6. Account Creation, Card Issuance and Services
Why we process your data
To:
Create and manage your OKTO account
Issue and deliver your OKTO card
Provide payment services
Verify identity (including age verification)
Categories of data
We may process:
Identification data (e.g., name, ID, date of birth)
Contact data (e.g., email, address, phone)
Account credentials
Financial and transactional data
Card-related data
Device permissions data (location, contacts — where enabled)
Legal basis
Contract performance
Legal obligations
Legitimate interests (e.g., service improvement, fraud prevention)
Data sharing
We may share your data with:
Service providers (e.g., cloud, KYC, payments, delivery)
Merchants (where relevant to transactions)
Professional advisors
All third parties process data under appropriate safeguards.
Retention
Account data: duration of relationship + 5 years
Tax data: up to 10 years
Longer where required by law or legal claims
7. AML Compliance
We process personal data to comply with anti-money laundering and counter-terrorism financing obligations.
This may include:
Identity verification
Transaction monitoring
Screening against sanctions/PEP lists
Data may be shared with:
Verification providers
Competent authorities
Legal basis: legal obligation
8. Direct Marketing
We may send marketing communications where you have provided consent.
You can withdraw consent at any time
Opt-out available in all communications
Retention: until consent is withdrawn
9. Customer Service
We process your data to:
Handle requests, complaints, and support
Legal basis:
Contract or legitimate interest
Retention: 5 years after resolution
10. Fraud Prevention
We process data to:
Detect and prevent fraud and misuse
Legal basis: legitimate interest
Data may be shared with:
Authorities
Insurers
Legal advisors
11. Cookies
We use cookies to improve user experience and analyze usage.
Types of cookies include:
Performance cookies (analytics)
Functionality cookies (preferences)
You can manage cookie preferences through your browser settings.
