Privacy Policy & Cookies

Privacy Policy

Choose a topic

PrimeiroPay Group (“the Group”) is committed to the protection of your privacy and to process your data openly and in a transparent way. The personal data that we process depends on the product or service requested and agreed in each case. The information we provide in this notice refers to current and potential clients of the Group as well as to other individuals who use our website.

This privacy notice provides an overview of how personal data are processed by the Group [referred to as ‘we’, ‘us’, or ‘our’] with head offices at Luxembourg.

This statement is directed to ‘natural persons’ as well as to authorised representatives or agents/signatories or beneficial owners of legal entities.     

In this privacy statement, your data may be referred to as “personal data” or “personal information”. In addition, the handling, collecting, using, saving, protecting and storing your personal data is referred to as “processing” of such personal data.

For the purposes of this statement, personal data shall mean data which identify or may identify you and which may include, for example, your name, address, identification number. 


When do we process your personal data?

We process your personal data so that we can offer you the best possible service and solutions, to enter into agreements with you and, also, to fulfil our statutory obligations. We process your personal data in accordance with the EU General Data protection Regulation [GDPR] and the local data protection law.

The above implies that we process your personal data when:

  • You have signed or are considering signing an agreement on a financial product or a service we are offering and to perform a transaction. In addition, we process personal data to be able to complete our client acceptance procedure.
  • To provide you with our payment services.
  • To identify and authenticate you. It is important to mention that there are a number of legal obligations emanating from the relevant laws to which we must comply to, such as the Money Laundering Law, Tax laws, electronic communications Law. The said laws impose on us necessary personal data processing activities for credit checks, identity verification, tax law reporting obligations [FATCA/CRS] and anti-money laundering controls.
  • To protect the legitimate interests of Central Banks, as well as any law and authority with jurisdiction over the Group and its services.

Furthermore, we process personal data to safeguard our legitimate interests such as:

  • To ensure the Group’s security, preventing any unlawful use and losses, safeguarding information security and safe payments,  
  • To analyse feedback for product demand, advertising and market research, provided that you have given us your explicit consent by a statement or by a clear affirmative action.
  • To further develop and promote payment products and services.  

You have given your consent for processing your personal data. Note that you have the right to withdraw consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.


What personal data do we process and their sources?

We process various types of personal data, which we collect from you via applications that you complete to order products and services. You may send us documents, call us [during which we advise you if you are recorded], use our website and our mobile app services, as well as take part in our online surveys. 

We may also collect and process personal data which we lawfully obtain not only from you but from other entities or other third parties. We may also process personal data from publicly available sources, which we lawfully obtain and are permitted to process.

We may process personal data of existing or prospective clients, or a non-client counterparty in a transaction of a client [e.g. account or payment authorization, e.g. by SWIFT, e-transfer etc.] or an authorised representative/agent of a legal entity. Such personal data may be:

  • Name, contact details [telephone, email], address, identification data [identification card, passport or official certificate], date of birth, nationality, marital status, employed/self-employed, information on income.

When we agree and provide products and services to you, then additional personal data may be collected and processed which may include:

  • Current income and expenses, employment history, securities and property ownership, personal debts, information about family and household, other banking relationship details, tax residence and tax ID, employment position [e.g. as per corporate certificates of directors/shareholders].

In addition, we may process information about the products and services delivered to you, your use of the products and services, as well as your preferences.

We understand the importance of protecting children’s privacy. We may collect personal data in relation to children only if we have first obtained their parents’ or legal guardian’s consent. For the purposes of this privacy statement, “children” are individuals who are under the age of fourteen as per applicable law.  

We only process special category personal data, such as sensitive data, if it is absolutely necessary in order to give advice or to offer a financial product or service to you. In such cases we shall seek to obtain your explicit consent unless we are legally authorized to process such data.


Do you have to provide us with your personal data?

In order to allow us to proceed with a business relationship with you, you must provide your personal data to us. Our ability to offer to you our best possible advice and product largely depends on how well we know you. We are also obligated by the provisions of the anti-money laundering laws, which require that we at least verify your identity before we enter into a contract or a business relationship with you. It is important therefore that the information you provide is correct, up to date and accurate. Furthermore, you will undertake to keep us informed of any changes in your personal data. 

Please note that if you do not provide us with the required data we will not be in a position to commence or continue our business relationship with you either as an individual or as the authorized representative/agent or beneficial owner of a legal entity.


Who receives your personal data?  

Your personal data may be provided to various offices and departments within the Group, but also to other associates and third-party vendors, service providers and suppliers so that we may perform our contractual and statutory obligations.

Third parties who process Group’s personal data enter into contractual agreements with us, which include relevant clauses on secrecy, confidentiality and data protection according to applicable data protection laws.  

In addition, we may disclose personal data about you if we are legally required to do so, if we are authorized under our contractual and statutory obligations, or if you have given your consent. 

Such third parties are:

  • Supervisory and other regulatory and public authorities,
  • Shops, banking institutions, other payment service providers when you use our payment services. We save and use your personal data so that we can carry out payment requests or prepare account statements.
  • Financial institutions such as Acquiring banks, so that you can use payment services abroad. Also, if you have asked us to make a payment transfer, we will disclose necessary personal data to third parties to complete the payment transaction,
  • For our anti-money laundering process, such as credit reference agencies, or to the tax authorities, if we are legally obliged to do so.
  • External legal consultants.
  • Financial and business advisors, auditors and accountants.
  • Companies who assist us with the effective provision of our services to you by offering technological expertise, internet platforms, solutions and support and facilitating payments.
  • Purchasing, procurement and website agencies. 

The transfer of your personal data to processors located outside of the EU

Personal data of clients may be transferred to countries outside of the European Union to, e.g., execute your payment or investment orders; for our IT development, maintenance and support; or when you have given us your consent to do so. We ensure that your rights are protected, and your data privacy is upheld in data transfers by following standard agreements approved by the European Commission. 


How do we treat your personal data for marketing activities? 

We may process your personal data from information you provide to us or data we collect when you use our services, such as information on your transactions to offer to you products or services that we believe are of interest to you. 

We may only use your personal data to promote our products and services, as in our so-called Newsletter, if we have your explicit consent or, in certain cases, if it is in our legitimate interest to do so. 

You have the right to ask us, at any time, to stop sending you marketing messages by withdrawing your consent. 


Profiling and automatic decisions using your personal data

Profiling implies that your personal data are processed automatically. We inform you that we only proceed with automated processing in order that we may offer targeted products and services, prevent money laundering and develop our pricing policy efficiently.

Automatic decisions are only used to, for example, prevent misuse. 


Our personal data retention policy  

We store your personal data for as long as it is necessary, considering the purpose of processing for which your data was originally collected, and for as long as we have a business relationship with you [as an individual or in terms of our dealings with the legal entity you represent] so as to perform our contractual and statutory obligations.  

When your business connection with us has terminated, then we will keep your personal data as per our data retention policy as follows:

  1. Client personal data [natural persons or authorized representative/agent or beneficial owner of a legal entity] for 10 years in accordance with European applicable law, or
  2. From the end of the period in which litigation or investigations might arise in respect of the services, after which the relevant retention period [as per paragraph (a) above] will commence.

Your data protection rights

You have the following rights about your personal data that we hold: 

  • Right to receive access to and a copy of the personal data concerning you in a format that is structured and commonly used and to check that we are lawfully processing it.
  • Right for correction [rectification]. If your personal data is incorrect, incomplete or irrelevant, you have the right to request that the data is corrected or removed.
  • Right for erasure of your personal information. You have the right to ask us to erase your personal data [known as the ‘right to be forgotten’] when there is no good reason for us continuing to process it. You also have the right to ask us to erase your data when you have exercised your right to object to processing, as below.
  • Object to processing of your personal data where we are relying on a legitimate interest and you want to object to processing on this ground. You also have the right to object for direct marketing purposes. This also includes profiling inasmuch as it is related to direct marketing.
  • Request the restriction of processing. Your right enables you to request us to suspend the processing of your personal data if: (i) it is not accurate; (ii) it has been used unlawfully but you do not wish for us to delete it; (iii) it is not relevant any more, but it may be used in possible legal claims; or (iv) you have already requested the restriction of processing and you are waiting us to confirm if we have any legitimate grounds to continue processing.
  • Data portability of your personal data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations of your choice.
  • Rights in relation to automated decision making and profiling. You also have the right not to be subject to a decision when it is based on automated processing.
  • Withdraw the consent at any time. The withdrawal or revocation of your consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you. 

Please note that we shall continue processing your personal data in order that we may fulfil a contract or if this is necessary on the basis of the legislation.

In addition, the data protection legislation and any limitations and restrictions set by our business activities and practices may impose restrictions on your rights.

If you wish to exercise any of your rights, or even have any other questions regarding the processing of your personal data, you can send us a contact request in online services by completing the online form at or email us at

You can also contact our Data Protection Officer at email


Right to lodge a complaint 

If you believe that your queries have not been adequately addressed by us, you also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint.  


Changes to this privacy statement 

Please note that we may modify or amend this privacy statement from time to time. 

By amending the revision date at the top of this page, it is the method used to advise you of the modification. Therefore, we encourage you to review this statement periodically to be informed about how we protect your personal data.

We additionally recommend that you review our Cookie Policy, which elaborates on the use of cookies on our website and which cookies are considered necessary for the proper operation of the site. 

Our Website uses cookies to improve your experience and ensure that the website is functioning effectively.

This notice refers to the methods used to process your data when using the Group’s website.

If you send us an email, enquire or request to receive brochures or newsletters, or if you provide your personal data, such as your name and address, email address and phone number, we shall process such data to respond to your inquiry. 


Cookies are small passive text files. Cookies are downloaded to your computer or other device you use by a server for this website. Your browser then sends these cookies back to this website so as to allow us to recognize your computer and get information about which pages you have visited and features that are used by your computer. Cookies do not contain data about who you are or where you live. 

Note that Cookies do not spread viruses or other malware and do not store data.


Some of the cookies used are necessary so as to enable you move around the website and use its features such as accessing various areas, e.g., areas that are accessible for existing clients or registered users. In addition, we use cookies for the preparation of statistical information, only to improve our websites and adapt the experience to your needs. 

Cookies cannot be used to identify you as a person, but we can use the information about which websites have been visited from your computer, along with other information we have about you. 

When you log in to online platform, we save information about where and when you visited our websites. We use this information to make our advice and marketing to you as relevant as possible. We only store the information if you have also consented to the use of cookies. Note, however, that session, functionality and operation cookies are put in any case, otherwise you cannot use our self-service solutions.

Cookies collect information in an anonymous form [aggregated]. Note that anonymity is achieved and is feasible given that your IP address is masked. 

Your consent for use of cookies, withdrawal of consent and rejection of cookies

Once you visit our website a cookie pop-up appears. If you agree to use cookies you may click “OK” or “Yes, I accept.” If you do not click “OK” or click “No, thanks”, no consent is given, and no cookies are added, except for the necessary cookies.

However, we will save a cookie to remember your choice, and you will not be using other cookies if you have failed to click “OK” or say “No, thanks”.

If you wish to withdraw your consent or completely avoid cookies, you must disable cookies in your browser. However, note that we may not be able to provide all our services if you disable all cookies.

We use various kinds of cookies

1. Simple cookie types – these are mandatory

  • Session cookies sent to the web browser: Such cookies operate for as long as you are using our browser. When you close your browser, these cookies are automatically deleted.
  • Persistent Cookies: These cookies have a lifespan according to their type and remain in the browser until they expire. However, you may also decide to delete them. These validate domain cookies and detect session expiration.
  • Store cookies: These cookies store a unique ID for anonymous users.

2. Own or 3rd party cookies

  • 1st party cookies: These are our own cookies.
  • 3rd party cookies: These are cookies set by 3rd parties, such as our website providers and always following an agreement with us.

3. Purpose

  • Statistical (internal): The Group uses tools that perform statistical analysis and user activity on site. 
  • Marketing (3rd party cookies): We use these cookies to follow across multiple pages and websites. These cookies can be used to build visitor profiles that show which searches have been made or which pages have been visited for targeted advertising purposes. We only share anonymous data with 3rd parties. 
  • Chat and Help (3rd party cookies): These cookies enable chat conversations with visitors but also to provide help if required with the pages visited.
  • Functionality cookies: These cookies store the currency that the user uses.
  • Facebook, Twitter, LinkedIn (3rd party cookies). On some of our websites you can link to social media. You should be aware that, if you do, social media providers such as Facebook, Twitter and LinkedIn receive technical data about your browser, IP address, and which pages you visit.

4. Classification

The mandatory cookies mentioned above are not covered by your cookie consent and they are required for the features on the website.

Deleting cookies

All browsers allow you to delete cookies individually or all at once.

The method of cookie deletion depends on which browser you are using, but you can always find help in deleting cookies in the browser.