SaPay
Legal

Privacy Policy

Last updated: 01 June 2026

This Privacy Policy explains how SAPAY LTD ("SaPay", "we", "us", or "our") collects, uses, and protects the personal information you provide when you contact us or use our website. We are committed to handling your information transparently and in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and applicable data protection law.

1. Who we are

SaPay is an independent advisory firm that helps international and cross-border businesses access suitable banking and payment solutions.

For the purposes of data protection law, the data controller is:

SAPAY LTD
Company number: 13391254
Registered office: 128 City Road, London, EC1V 2NX, United Kingdom
Contact for privacy matters: legal@sapay.eu

2. What information we collect

We only collect information that is relevant to assessing and supporting your enquiry. Depending on how you interact with us, this may include:

  • Contact details — your name, email address, and any other contact information you provide.
  • Business information — details about your company, its structure, ownership, jurisdiction, business activity, and what you are looking to achieve.
  • Enquiry content — the information you choose to share in your message or during our communications with you.
  • Technical information — basic information your browser sends automatically, such as general location and device type, where applicable.

We do not ask you to submit sensitive financial credentials, passwords, or banking access details through our website, and you should never do so.

3. How we use your information

We use the information you provide to:

  • Review your enquiry and assess the feasibility of your case;
  • Identify and discuss suitable banking and payment options;
  • Communicate with you and respond to your questions;
  • Prepare and, with your explicit consent, share your case with prospective banking or payment institutions;
  • Comply with our legal and regulatory obligations.

We do not sell your personal information, and we do not use it for automated decision-making.

4. Legal basis for processing

Under the UK GDPR and EU GDPR, we rely on the following legal bases to process your information:

  • Consent — where you have agreed to us processing your information, for example by submitting an enquiry through our website. You may withdraw your consent at any time.
  • Legitimate interests — to respond to your enquiry, assess your case, and operate our business, provided this does not override your rights.
  • Legal obligation — where we are required to process information to comply with applicable law.

We share your information with a prospective banking or payment institution only with your explicit consent.

5. Who we share your information with

We keep the sharing of your information to the minimum necessary. We may share it with:

  • Banking and payment institutions — only with your explicit consent, and only as part of progressing your case.
  • Service providers — trusted parties who help us operate (for example, email and IT providers), bound by confidentiality and acting on our instructions.
  • Authorities — where we are legally required to disclose information.

We do not share your information with advertisers or sell it to third parties.

6. International transfers

As an international advisory firm, we may transfer your information to institutions or service providers located outside the UK or the European Economic Area. Where we do, we take appropriate steps to ensure your information is protected to a standard consistent with UK and EU data protection law, including the use of appropriate safeguards where required.

7. How long we keep your information

We retain your information only for as long as necessary to fulfil the purposes described in this policy — for example, to handle your enquiry and any resulting engagement — and to meet our legal obligations. When your information is no longer required, we securely delete or anonymise it.

8. Your rights

Under the UK GDPR and EU GDPR, you have the right to:

  • Access the personal information we hold about you;
  • Rectify inaccurate or incomplete information;
  • Erase your information in certain circumstances;
  • Restrict or object to how we process your information;
  • Data portability — receive your information in a usable format;
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at legal@sapay.eu. We will respond within the timeframes required by law.

9. How we protect your information

We treat every enquiry as strictly confidential. We apply appropriate technical and organisational measures to protect your information against unauthorised access, loss, or misuse, and we limit access to those who need it to handle your case.

10. Cookies

Our website currently does not use analytics or marketing cookies. If this changes, we will update this policy and, where required, ask for your consent.

11. Complaints

If you have a concern about how we handle your information, please contact us first at legal@sapay.eu so we can address it.

You also have the right to lodge a complaint with a supervisory authority:

  • In the UK, the Information Commissioner's Office (ICO) — ico.org.uk.
  • In the EU, your local data protection authority.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent version. We encourage you to review this page periodically.

13. Contact us

For any questions about this Privacy Policy or how we handle your information, contact:

SAPAY LTD
128 City Road, London, EC1V 2NX, United Kingdom
legal@sapay.eu