1. About This Notice
This Privacy Notice (the "Notice") describes how PAYSAZH FINANCE sp. z o.o. (the "Company", "we", "our") processes the personal data of its business customers and prospective customers (the "Customer", "you").
The Company is a legal entity governed by the laws of the Republic of Poland.
B2B only — we do not serve consumers
The Company provides payment services exclusively to business customers (legal entities and sole traders acting within their professional capacity). We do not serve consumers (natural persons acting outside their business or professional activity). Accordingly, this Notice applies only to business relationships.
All employees, agents, and authorized third parties with access to personal data are bound by confidentiality obligations that remain in full force even after any contractual relationship ends.
2. Legal Basis for Processing
We process personal data only on lawful grounds, in accordance with the GDPR, the Polish Payment Services Act, and other applicable regulations. The legal bases we rely upon are:
| Legal basis (GDPR) |
What we process and why |
Performance of a contract
Art. 6(1)(b) |
Onboarding, account opening and maintenance, execution of Payment Orders, customer support, fee billing. |
Compliance with a legal obligation
Art. 6(1)(c) |
AML/CFT and KYC verification, sanctions and PEP screening, transaction monitoring, regulatory reporting to KNF, accounting and tax record-keeping. |
Legitimate interests
Art. 6(1)(f) |
Fraud prevention, IT and platform security, network/intrusion monitoring, debt recovery, internal administration, business communications, defending legal claims. |
Consent
Art. 6(1)(a) |
Optional marketing communications, non-essential cookies, transfers to third countries where consent is the relevant safeguard. Consent can be withdrawn at any time. |
Voluntary, but required to use the Services
Providing your personal data is voluntary, but refusal to provide required information will make it impossible to open an account or use our services, as we are legally obliged to perform AML/KYC verification on all business customers.
3. Personal Data We Collect
Information you provide directly
- Corporate identity: company name, legal form, KRS, NIP, REGON, registered address.
- Representative / beneficial owner details: full name, date of birth, nationality, country of residence, position in the company.
- Identification documents: passport or ID card number, copies of identification documents.
- Contact and financial data: business email, business phone number, bank account details, transaction records.
Information collected automatically
- Technical data: IP address, country-level geolocation, browser type, operating system, device information.
- Transaction data: payment methods, amounts, dates, recipient details, fraud detection logs.
- Usage data: pages visited, session duration, error logs, response times.
- Communications: email, chat, or recorded phone correspondence with our support team.
Information obtained from external sources
- Public registries (KRS, CEIDG, tax databases).
- AML/KYC service providers (sanctions lists, PEP databases, adverse media screening).
- Financial partners (correspondent banks, payment processors, verification services).
4. Data Sharing with Third Parties
We do not sell or rent personal data
We do not sell or rent personal data to any third party for marketing or advertising purposes.
We may share personal data only when legally permitted and necessary for contractual or regulatory reasons, including:
- With partner banks, correspondent banks, payment processors, and IT service providers to deliver and maintain our services.
- With regulatory authorities (including KNF) and law enforcement agencies when required by law.
- With AML/KYC screening providers for identity verification and fraud detection.
- In the context of corporate restructuring (e.g., merger, acquisition, asset transfer, or dissolution).
All third-party recipients are contractually bound to maintain an adequate level of data protection.
5. International Data Transfers
Customer data may be transferred to countries outside the European Economic Area (EEA) when necessary for contract performance, legal compliance, or with your consent.
In all such cases, we implement appropriate safeguards under the GDPR, including:
- European Commission adequacy decisions (for countries with sufficient protection standards), or
- EU Standard Contractual Clauses (SCCs).
You may obtain a copy of these safeguards by contacting us at paysazhfinance@gmail.com.
6. Data Protection and Security
We implement robust technical and organizational security measures, including:
🔐
Encryption
Data encrypted in transit (TLS) and at rest.
🛡️
Access controls
Strict role-based access and multi-factor authentication.
🔍
Security testing
Regular security assessments and penetration testing.
👥
Staff training
Mandatory employee training on data protection and confidentiality.
Your responsibility
Customers are responsible for maintaining the security and confidentiality of their own login credentials.
7. Data Retention Periods
We retain personal data for as long as the business relationship with the Customer continues. After the relationship ends, we retain data only for the periods required by Polish law:
| Category of data |
Retention period |
| AML/KYC documentation and customer due-diligence records |
5 years after the end of the business relationship
Polish AML Act, Art. 49 |
| Transaction records and payment instructions |
5 years after the transaction was executed |
| Accounting and tax documentation |
5 years from the end of the relevant fiscal year
Polish Accounting Act |
| Complaints, dispute and litigation files |
5 years from final resolution, or until the limitation period expires |
| Recorded phone calls and support correspondence |
Up to 12 months, unless required for an active investigation |
| Server / access / security logs |
Up to 12 months |
| Marketing data processed on consent |
Until consent is withdrawn |
Once the applicable retention period expires, personal data is securely deleted or fully anonymized.
8. Customer Rights Under GDPR
As a business customer, you have the following rights regarding your personal data:
Access Art. 15
Obtain confirmation of whether we process your data and a copy of it.
Rectification Art. 16
Correct inaccurate or incomplete personal data.
Erasure Art. 17
Request deletion where no legal obligation requires retention.
Restriction Art. 18
Limit processing in specific circumstances.
Portability Art. 20
Receive your data in a structured, machine-readable format.
Objection Art. 21
Object to processing based on legitimate interests or for direct marketing.
Withdraw consent Art. 7
Withdraw consent at any time, without affecting prior lawful processing.
Automated decisions Art. 22
Not be subject to decisions based solely on automated processing where it produces legal effects.
To exercise any of these rights, please contact us in writing at paysazhfinance@gmail.com. We will respond within one month (or up to three months for complex requests). Proof of identity or authority to act on behalf of the business entity may be required.
Certain requests may not be fulfilled if:
- Complying would expose another person's personal information.
- We are legally required to retain the data (e.g., under AML obligations).
- We have a valid legal basis to continue processing despite the request.
You also have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (Urząd Ochrony Danych Osobowych — UODO).
9. Cookies
When you visit our website, we may place cookies on your device (with your consent where legally required). These help us improve service quality, store preferences, and optimize platform performance.
Detailed information is provided in our separate Cookie Notice, which forms an integral part of this Privacy Notice.
10. Links to External Websites
Our website may contain links to third-party sites. While we strive to link only to reliable sources, we do not control and are not responsible for their content, security standards, or privacy practices.
Once you navigate to an external website, you become subject to that site's own policies. We strongly recommend reviewing them before sharing any personal data.
11. Changes to This Notice
We may update this Notice from time to time. The latest version will always be published on our website.
In the event of material changes, we will notify Customers via our website or by email.
12. Contact Information
If you have any questions about this Privacy Notice, how we process personal data, or wish to exercise your rights, please contact us at:
