Privacy Policy
This policy explains how Orbipay handles personal data across our marketing website and our localized checkout. We aim to be plain about what we collect, why we collect it, and the choices you have. It is written with the GDPR in mind and applies wherever we act as a controller or as a processor on behalf of a merchant.
Who we are
Orbipay is operated by [Legal entity — pending], registered at [Address — pending]. For any privacy question, you can reach us at hello@orbipay.com. Where we determine the purposes and means of processing, we act as the data controller; where we process shopper data on a merchant's instructions, we act as a processor for that merchant.
What data we process
The data we handle falls into two broad groups, and our role differs between them.
Shopper checkout data (as processor)
When a shopper completes a purchase through our localized checkout, we process the data needed to present and submit that payment on the merchant's behalf — items such as order amount, presentment currency, chosen local payment method, language preference, country, and the technical signals required for fraud screening and Strong Customer Authentication. Full card numbers are handled within PCI DSS scope by the relevant payment provider, not stored by us in the clear.
Merchant account data (as controller)
When you contact us or use a merchant account, we process business contact details such as your name, company, work email, the markets you want to grow, and the messages you send us. We use this to reply, provide the service, and improve it.
Why we process it
- To present and complete payments through the localized checkout on behalf of merchants.
- To detect and prevent fraud and to satisfy authentication requirements such as SCA and 3-D Secure.
- To respond to enquiries, set up accounts, and provide support.
- To maintain, secure, and improve our website and checkout.
- To meet legal, tax, and regulatory obligations.
Legal bases (GDPR)
Depending on the processing, we rely on one or more of the following legal bases under the GDPR:
- Performance of a contract — to deliver the checkout and account services you or a merchant request.
- Legitimate interests — to secure our systems, prevent fraud, and improve the product, balanced against your rights.
- Legal obligation — where we must retain or disclose data to comply with applicable law.
- Consent — for non-essential cookies and any optional communications, which you can withdraw at any time.
Local payment methods and providers
To complete a payment, relevant data is shared with the payment service providers and local payment schemes that process the transaction — for example the networks behind iDEAL, Bancontact, SEPA, Pix, Alipay, WeChat Pay, BLIK, and card payments. These parties act as independent controllers or processors for the transaction under their own terms, and only receive what is needed to process the specific payment.
International transfers
Because we serve shoppers and merchants in many markets, some data may be processed outside your own country. Where data leaves the European Economic Area, we rely on recognized transfer mechanisms such as Standard Contractual Clauses and apply appropriate safeguards so your data stays protected.
Retention
We keep personal data only as long as needed for the purposes above. Transaction-related data is retained as required to provide the service, support reconciliation, and meet legal and financial-record obligations; account and contact data is kept while your relationship with us is active and for a reasonable period afterwards. When data is no longer needed, we delete or anonymize it.
Your rights
Subject to applicable law, you have the right to access your data, correct it, delete it, restrict or object to its processing, and request portability. You can also withdraw consent where processing relies on it, and lodge a complaint with your local supervisory authority. To exercise any of these, contact us at hello@orbipay.com. If we process your data as a processor for a merchant, we will direct your request to that merchant where appropriate.
Security
We use technical and organizational measures appropriate to the sensitivity of the data, including encryption in transit, access controls, and adherence to PCI DSS for payment data within scope. No system is perfect, but we work to keep your data safe and to respond quickly if something goes wrong.
Cookies
Our website uses a small number of cookies and local storage entries, and the checkout uses cookies necessary for fraud prevention and authentication. You can read the detail and manage your choices in our Cookie Policy.
Contact
For any question about this policy or your personal data, write to us at hello@orbipay.com. The contracting entity is [Legal entity — pending], [Address — pending]. We may update this policy from time to time and will revise the date above when we do.