Privacy Policy

1. Introduction

At NorPay UAB ("NorPay," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

This policy applies to all users of our website, mobile applications, and related services. By using our Services, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Name, email address, phone number, and date of birth
• Residential address and nationality
• Government-issued identification documents
• Financial information (bank account details, transaction history)
• Employment and income information
• Biometric data (for identity verification purposes)

2.2 Automatically Collected Information

When you use our Services, we automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Location data (with your permission)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve our financial services
• Identity Verification: To verify your identity and comply with KYC/AML regulations
• Transaction Processing: To process payments and transfers
• Security: To detect, prevent, and address fraud and security issues
• Communication: To send you service updates, security alerts, and support messages
• Compliance: To comply with legal obligations and regulatory requirements
• Analytics: To analyze usage patterns and improve user experience
• Marketing: To send promotional materials (with your consent)

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Contractual Necessity: To fulfill our contract with you
• Legal Obligation: To comply with financial regulations and laws
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and optional features

5. Information Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party vendors who perform services on our behalf
• Financial Institutions: Banks and payment processors to facilitate transactions
• Regulatory Authorities: Government agencies and regulators as required by law
• Legal Compliance: When required to comply with legal processes or protect our rights
• Business Transfers: In connection with mergers, acquisitions, or asset sales

We do not sell your personal information to third parties for marketing purposes.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• 256-bit SSL/TLS encryption for data transmission
• AES-256 encryption for data at rest
• Multi-factor authentication (MFA)
• Regular security audits and penetration testing
• Access controls and employee training
• Secure data centers with physical security measures

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Services to you
• Comply with legal and regulatory obligations (typically 5-7 years for financial records)
• Resolve disputes and enforce our agreements
• Prevent fraud and maintain security

8. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal obligations)
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, please contact us at info@norpay.co

9. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: