What does Krionyx do?

Krionyx is an IT company providing 4Pay IT Solutions for online payments, cybersecurity, and payment system integration.

Where is Krionyx located?

The main office of Krionyx is located in Limassol, Cyprus, and the 4Pay IT Solutions team works with clients worldwide.

What services does Krionyx provide?

4Pay IT Solutions by Krionyx includes payment gateway integration, API development, anti-fraud systems, monitoring, and FinTech infrastructure support.

Can Krionyx solutions be integrated into an existing infrastructure?

Yes, 4Pay IT Solutions products are easily integrated via APIs and webhooks, without the need for a full system rebuild.

How can I contact Krionyx?

You can contact us through the form on our website krionyx.com or by email at info@krionyx.com. Please mention “4Pay IT Solutions” in the subject line for faster response.

4Pay Privacy Policy

Last updated: 15.09.2025

Introduction

1.1. 4Pay IT Solutions LTD (hereinafter (“4Pay”, “we”, “our”, “us”) values your privacy and is committed to protecting it in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This Privacy Policy aims to inform you about how 4Pay processes personal data strictly in its role as a data processor, acting solely on the documented instructions of its business customers (data controllers) who use our services.

1.2. This Privacy Policy outlines our current practices and commitment to data protection and privacy. We strive to collect and process only the data that is strictly necessary for our interactions with (prospective) customers, (future) partners, and users or visitors of our websites and online resources, in order to provide services and/or information for specific and legitimate purposes.

1.3. 4Pay is dedicated to safeguarding the confidentiality and privacy of the information in its possession and is committed to the proper use and protection of personal data, ensuring transparency and respect for individual rights in accordance with applicable data protection legislation (“data protection law”), including EU Regulation 2016/679 (GDPR), where applicable.

1.4. Our Privacy Policy is available in its latest version on the homepage of our website: http://krionyx.com. We encourage you to review it carefully, as it explains how we collect, use, share, and protect the personal data we obtain.

General Provisions

2.1. This Policy should be read together and in conjunction with the relevant Terms of the service provided by 4Pay and applies also to use of our website and online systems pursuant to the relevant Terms. 4Pay in this Privacy Policy refers to 4Pay business, that is responsible for processing personal data exclusively as a processor, acting only under the instructions of the relevant data controller (our business customer).

2.2. This Privacy Policy applies to personal data processed by 4Pay solely in its capacity as a data processor and as described in this Privacy policy. It contains information on:

The personal data we collect;

How we use personal data;

With whom personal data might be shared, and

What rights are afforded.

2.3. This Policy is addressed to natural persons (“data subjects”) in the context of relationships that arise between 4Pay and its Customers, where natural persons:

Are Directors, signatories, representatives, shareholders, beneficial owners, secretaries, officers, employees of legal entities or are Individuals who are current or potential/applicant or former Customers;

Represent a legal entity/Customer, have applied to 4Pay for a service/product offered by 4Pay, are applicable users of a 4Pay service/product, website or online system.

Are end users whose personal data is processed by 4Pay solely on behalf of our business customers (controllers) when such end users use services of those customers (for example, initiating payments from their bank accounts).

2.4. In this Policy, “Personal Data” (also, “personal information”, “information”, “data”) refers to information that identifies you or may identify you (e.g. your name, address, identification number). “Processing” of Personal Data refers to actions such as collecting, handling, storing and protecting personal data.

2.5. Some links on 4Pay websites may contain links or lead/originate to/from non-4Pay websites or areas with their own data protection policies, which may differ from our Privacy Policy. Please ensure that the relevant policies of other entities are acceptable to you prior to using other sites or areas. 4Pay does not accept any responsibility or liability for third party websites. Additionally, if you are not a data subject to whom this Policy is addressed, please refer to the privacy policy of the relevant data controller entity of your personal data to learn more about how the entity processes it. 4Pay may be involved in your data processing as the processor, as in the cases referred to in this Privacy Policy.

2.6. 4Pay maintains an internal Record of Processing Activities (ROPA) documenting all categories of personal data processed, purposes, retention periods, and recipients, as required under GDPR Article 30.

Required Personal Data

3.1. The establishment and legality of contractual relations and provision of services between 4Pay and its Customers is dependent on provision of the information requested by 4Pay, which includes personal data of data subjects. It is an obligation to provide personal data to us:

– Under our legal obligations. Provision of personal data may be required under legal obligations applicable to our Customers (controllers). Where such obligations apply (e.g. AML, fraud prevention), 4Pay processes personal data only on behalf of and under the documented instructions of the controller. 4Pay itself does not determine the legal basis for such processing;

– For contractual purposes. Establishment of business relations for provision of services, execution of transactions and for the performance of contractual obligations between both parties (4Pay and its Customers) requires provision of certain personal data;

– Our legitimate interests. Based on legitimate interests identified by the relevant controller (e.g. ensuring security, fraud prevention), 4Pay may process data under the controller’s instructions.

3.2. Personal data is requested prior to the establishment and during the contractual relationship. Failure to provide requested data to us may result in us not being able to enter into a contract (establish business relations), or execute an order without requested data, or that we may no longer be able to continue with an existing relationship and provision of services and would have to terminate the relationship.

3.3. 4Pay, as a provider of payment services and payment methods to merchants/providers of services and goods often acts as a processor of personal data in respect to these businesses, who are the responsible parties as controllers for your personal data and its processing. For example:

3.3.1. When 4Pay provides technical processing services for card or online payments, acting strictly as a data processor, it processes only the following categories of personal data received from the controller and necessary for the technical execution and reporting of transactions:

– transaction identifiers (internal order ID, date and time, amount, currency, and status);

– merchant identifier (controller’s company name or code);

– technical connection data (IP address of the Customer’s system, API request/response logs);

– limited contact data of the Customer’s authorized representatives (business email and phone number) used for communication and support.

No cardholder data (such as full card numbers, CVV codes, or customer payment credentials) and no end-user identification documents are stored or otherwise retained by 4Pay.

3.3.2. Client controllers may use the 4Pay software to technically transmit data between their end users and their banks or payment providers for the purpose of initiating payments. 4Pay itself is not a payment initiator and does not transfer any funds; it only provides a secure technical interface.

3.4. These actions are performed only at the request of the controller, that is, the company that directly conducts financial transactions and accounting while receiving services from 4Pay. Accordingly, we recommend that you review the relevant policies of the controller on its website or request them directly if you are a user of a service provided by the controller based on 4Pay software. In such cases, 4Pay acts solely as a data processor and does not determine the purposes of personal data processing. At the same time, 4Pay may define certain technical methods for processing the order.

Collection and Use of Personal Data

4.1. Sources of Data

4Pay collects limited personal data from the following sources:

– Submitted data: information provided by the Customer (merchant/controller) during onboarding or in the course of the business relationship (e.g., business contact details of the Customer’s authorised representatives).

– Service-generated data: technical and transactional information generated automatically when the Services are used (e.g., transaction identifiers, merchant identifiers, API request/response logs, IP addresses of the Customer’s systems).

– Public or third-party data: only if required to verify the Customer’s corporate details (e.g., company registry data).

4.2. Scope of Data Processed

Acting strictly as a data processor, 4Pay processes only the following categories of personal data received from the Customer and necessary for the technical execution and reporting of transactions:

– transaction identifiers (internal order ID, date and time, amount, currency, status);

– merchant identifier (controller’s company name or code);

– technical connection data (IP address of the Customer’s system, API request/response logs);

– limited contact data of the Customer’s authorised representatives (business email and phone number) used for communication and support.

4.3. Exclusions

4Pay does not collect or retain:

– full payment card data (PAN, CVV, expiry dates),

– customer payment credentials,

– end-user identity documents, financial statements, income data or other sensitive personal information.

All processing is performed solely under the documented instructions of the Customer (data controller) and only to the extent necessary to provide the Services.

Purposes for which we use your personal data

4.4. Your data is processed with the data-minimization principle in mind. We aim to limit the processing of your data and the type of data processed to strictly the data needed for a lawful reason. 4Pay processes only the personal data provided by the Customer (data controller) as necessary for the technical processing of orders and related transactions. 4Pay does not verify the accuracy, completeness, or lawfulness of such data, and the Customer remains solely responsible for ensuring that the personal data it provides to 4Pay is accurate and collected in compliance with applicable Data Protection Law.

Data may be processed by 4Pay under the documented instructions of the controller for purposes such as:

Verify identity (e.g. authentication, fraud-prevention purposes);

Provide the services requested;

Provide delivery channels (e.g. online systems);

Execute requests and act upon instructions;

Perform contractual obligations;

Support crime-prevention measures and/or cooperate with authorities;

Use technology for decision-making processes;

Perform data analytics;

Maintain communication and provide up-to-date information;

Provide ongoing support, handle inquiries, complaints and similar issues;

Provide information in relation to the requested/provided products and services;

Provide information on products/services (including advertising/marketing where permitted by the controller);

Enforce internal procedures and protective measures against fraud, risk and financial crime;

Prepare reports;

Support internal operational and administrative needs (e.g. product development, audit, risk management);

Obtain reports of an online problem (e.g. with our website/online services);

Maintain internal records and general administrative functions;

Produce statistics and analytics for internal purposes and improvement of services and website;

Ensure compliance with legal obligations and the regulatory framework;

Enforce or defend the rights of 4Pay;

Ensure security and business continuity;

Support service-quality management and product improvement.

Legal bases – Lawful reasons for processing

4.5. As a data processor, 4Pay does not determine the lawful basis for processing personal data. The lawful basis is determined solely by the relevant controller (our business customer). Any references to legal bases in this Policy are included only as illustrative examples of typical processing contexts instructed by controllers (e.g., performance of contract, legal obligation, legitimate interests, or consent). 4Pay does not rely on or choose a legal basis independently.

4.5.1. Performance of a contract (illustrative example): when the controller processes personal data to perform its contract with an end-user, 4Pay may be instructed to process data to technically enable such services.

4.5.2. Legal obligation or public interest (illustrative example): when the controller is legally required to collect or share certain data (e.g. AML, fraud prevention), 4Pay may be instructed to process such data on its behalf.

4.5.3. Legitimate interests (illustrative example): when the controller determines that processing is necessary for its legitimate interests, 4Pay may process data accordingly under the controller’s documented instructions.

4.5.4. Consent (illustrative example): where the controller relies on consent from the end-user, 4Pay may process personal data under the controller’s instructions.

4.6. We have set out below for in a table format, an indicative description for your convenience, of the ways we may use your personal data as set out above, and which of the legal bases we may rely on to do so; we have also identified what our legitimate interests are and may be where appropriate.

Purpose (what we use your information for)	Lawful reason (as determined by the controller)	Typical controller interests (illustrative examples)
Acceptance processes to establish relationship: To review Customer’s application	Performance of contract (to establish a contractual relationship) Legal Obligation Legitimate Interests	Compliance with applicable regulations governing the provision of Company’s services Record Keeping Legal obligations during the review of an application
AML/TF, fraud prevention activities: To identify, examine, prosecute and prevent crime or fraud To verify Customer and identify his (continued) eligibility for the requested services and ability for management of the account To manage risk internally for the Company and externally for the Customers To comply with applicable laws and regulations To provide information to authorities upon request To respond and solve complaints	Legal Duty Public Interest Performance of contract Legitimate Interest	To establish and implement an internal fraud and crime identification and reporting mechanism Compliance with applicable regulations governing the provision of Company’s services Cooperation with authorities at a national and international level To fulfill our legal and contractual obligations
Conducting of business relationship: To deliver the requested products and services To execute and manage customer’s payment orders and to perform our obligations arising from Customer’s transaction To apply on the Customer’s account any fees and charges To collect any due funds To communicate with the Customer and provide information	Performance of contract Legal Obligation Legitimate Interest	Fulfilment of our legal and contractual duties Compliance with applicable regulations governing the provision of Company’s services Typical controller interests (illustrative examples) in providing the requested services at a satisfactory and anticipated level Record Keeping maintenance
To provide information in relation to the (requested) products and services available To communicate with Customers and provide support to meet Customer’s needs To manage relations of the Company with counterparties, partners, and service providers	Performance of contract Legal Obligation Legitimate interests	To ensure products and services are suitable for Customers To develop and improve products and services and to define applicable charges To identify the target market To fulfill our legal and contractual obligations
To improve services and products To manage our cooperation with other service providers To analyze Customers, and efficiency of operation of products and services To launch and test new products To develop new products and expand its business For Marketing activities	Performance of contract Legal Obligation Legitimate Interest	To develop and improve products and services and to define applicable charges To fulfill legal and contractual obligations
To manage the Company’s operations, financial and business ability, communication channels and organizational planning	Legal Obligation Legitimate interests	Compliance with applicable regulations governing the provision of Company’s services To fulfill its legal and contractual obligations
For proper execution and performance of the agreement between the Customer and the Company: To exercise rights set out in agreements To inform the Customer in relation to any changes to the Terms and Conditions of the services provided	Legal Obligation Performance of contract Legitimate interests	Compliance with applicable regulations governing the provision of Company’s services To fulfill its legal and contractual obligations

Retention period

5.1. Our retention period is primarily determined by our obligations under applicable legislation to retain data for a specific period of time. Destruction will not be possible prior to the lapse of this period. Where this Policy refers to deletion or return of data (including in the Terms of Service), such actions are always subject to the minimum retention periods described in this section. We are obliged to keep Customer data (including personal data) during the existence of the business relationship and for a minimum period of 5 years after business relationship termination, or after Customer application rejection/withdrawal, in accordance with AML legislation and other requirements applicable to our business. 5.2. The retention period may be extended in case of other lawful reasons justifying longer retention (such as for complaints handling, legal proceedings, investigations, regulatory, tax, money laundering and crime and fraud prevention purposes), as well as for the establishment, exercise or defence of legal claims.

Who receives your personal data

6.1. 4Pay functions receive your personal data in the context of 4Pay’s operations. This is required in order to provide carry out requests and provide services, and to perform our contractual and legal obligations.

6.2. We will not share personal data with third parties unless this is necessary for our legitimate business needs, to carry out requests, provide services and/or as required or permitted by law. Third parties under these circumstances include:

6.2.1. Service providers

We will disclose personal data to third party partners and service providers (processors) so they can process it on our behalf where required. In all such cases, these third parties act strictly as sub-processors, and 4Pay remains responsible for ensuring that sub-processors are bound by appropriate contractual obligations in accordance with Article 28(4) GDPR. These service providers are required to provide sufficient assurances in accordance with data protection law. (e.g. being bound contractually to confidentiality and data protection obligations). We will only share personal data necessary for them to provide their services.

Cloud infrastructure providers

In particular, we use trusted third-party cloud service providers, including Google Cloud, to host and process personal data. These providers act strictly as sub-processors on our behalf and are contractually bound to comply with data protection and confidentiality obligations in line with GDPR. Google Cloud, as our infrastructure provider, maintains industry-leading security standards and certifications, ensuring the confidentiality, integrity, and availability of personal data.

6.2.2. Auditors, advisors and consultants

We may disclose personal data for purposes and in the context of audits (e.g. external audits, security audits), to legal and other advisors, in order to investigate security issues, risks, complaints etc.

As such, personal data may be transferred and disclosed to:

Money laundering and fraud prevention aggregation/agencies, compliance/verification services and risk prevention services. This is required in order to verify your identity, ensure protection against fraud, confirm eligibility for our services/products.

Banks (other credit and financial service institutions), and similar institutions including account servicing payment service providers (ASPSP). These enable us to provide our services and include correspondent banks, intermediary banks.

Payment Systems (SWIFT, SEPA, Visa, MasterCard, JCB, Unionpay), payment service providers, card processing companies. These enable us to provide our services.

Card manufacturing/personalization and delivery companies. In order for us to create a personalized payment card and deliver it to the requested address

Data management, storage, archiving, cloud storage service providers

Companies assisting us with provision of our services (e.g. technological services, solutions, support such as support/maintenance/development of IT applications, technology, website management, telephony/SMS services)

Customer support service providers and marketing service providers

Administrative service providers

Auditing and accounting services and consultants

External legal advisors

6.2.3. Regulatory authorities, law enforcement, courts

We may disclose personal data to comply with applicable legislation, regulatory obligations, to respond to requests of regulatory authorities, government and law enforcement agencies, courts and court orders of the country of 4Pay’s local business/supranationally, such as:

Supervisory Authorities

FIU and the Police

Tax Authorities

Information Exchange Mechanisms

Other regulators, authorities and public bodies wherever obligations exist

6.2.4. Other recipients may be any person/legal entity/organization for which you ask your data to be transferred to (e.g. reference etc.) or give your consent to transfer personal data.

6.2.5. We may also disclose your data in circumstances such as the following:

If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request,

In order to apply or enforce the Terms and Conditions or any other agreement in place in the context of our relationship and to investigate potential breaches,

In order to protect 4Pay’s rights, safety or property, or that of our customers or third parties/the public. This includes exchanging information with other companies and organizations for the purposes of money laundering, fraud prevention and equivalent risks,

If 4Pay or substantially all of its assets are acquired by a third party, in which case personal data held by it about its Customers will be one of the transferred assets.

International Data Transfers

6.3. We are a company with a global reach. Your personal data may be processed locally in the EEA/local country of our operation, or in another country where we or our partners operate worldwide, as permitted by law. Your personal data may be transferred from the European Union/European Economic Area (EU/EEA) or from another country that restricts transfers of personal information to third countries or to international organizations if the transfer is necessary and has a legal basis as described in this document. Such transfers take place for example:

Under applicable law (e.g. tax legislation)

On the basis of your instructions or consent

In the context of data processing undertaken by third parties on our behalf (e.g. the data may also be processed by staff operating outside of the EU/EEA or the relevant country, who work for 4Pay or for one of our third party service providers. Such staff may be performing technical duties and support, duties related to processing of your orders, provision of support services etc.).

The processors (or controllers) in third countries in these cases shall either:

be located in countries recognized by the European Commission as providing an adequate level of data protection, or

have in place appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs), or other lawful transfer mechanisms.

Personal data may be stored in data centres located within the European Union and, where necessary, outside the EU/EEA. In cases of international transfers, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs), or other lawful transfer mechanisms recognized under EU law.

6.4. Such transfers are carried out in compliance with Chapter V GDPR, with safeguards such as SCCs, BCRs or equivalent mechanisms.

Automated decision-making and profiling

7.1. Automated decision-making means the process of making decisions through automated means of processing personal data, without human intervention. 4Pay may use automated systems to assist in operational processes or suggest actions (such as fraud detection), but such processing does not produce legal or similarly significant effects on data subjects. Where automated decision-making with legal effects occurs, data subjects will have the right to human intervention, to express their point of view, and to contest the decision. 7.2. We may process some specific data automatically, by using systems to make automated suggestions or decisions, including profiling, based on information we have or collect from other authorized sources. This helps us ensure we are able to react quickly and efficiently, with an aim also to protect our Customers. If in specific cases automated decision-making (including profiling) is applied, you have the right to obtain human intervention, express your point of view, and contest such decision.

Website and Automatic collection - Cookies and IP addresses

8.1. 4Pay’s website contains forms which may be used by website visitors. When website visitors send us information online via forms on the website, in the context of provision of services, the information will be used for purposes and in ways set out in the Privacy Policy. 8.2. In some instances, 4Pay and other entities (such as service providers) may use cookies and other technologies to collect certain types of data automatically when you visit 4Pay websites and online platforms. The collection of this data enables 4Pay to improve security, usability of 4Pay’s websites and online resources and to measure effectiveness of marketing activities. We may collect information about your computer or mobile device (including for example type of operating system and browser) for system administration. Prior to storing non-essential cookies, 4Pay will request your explicit consent acting solely on behalf of the relevant Customer (data controller). 4Pay implements the cookie consent mechanism as a technical service provider and does not independently determine the legal basis or purposes of processing. For detailed information on cookies and the purposes for which we use them, please refer to our Cookie Policy available on our website. 8.3. An IP address is a number assigned to your computer when you access the internet, which allows computers and servers to recognize and communicate with one another. IP addresses of website visitors may be recorded for IT security and diagnostic purposes. This information may also be used in aggregate form to conduct website trend and performance analysis. In the context of provision of services, IP addresses may also be used for the purposes and in ways set out in this Privacy Policy, including fraud prevention.

Information on Data Security

9.1. 4Pay has established security internal policies and procedures for secure processing of personal data in order to protect data from unauthorised access, loss, misuse, alteration or destruction. We ensure to the best of our abilities that access to personal data is limited to persons on a need to know basis, and that persons who have access are required to maintain its confidentiality. We utilise a series of technology and security solutions in order to protect data (such as storage of information you provide us on secure servers, perimeter security mechanisms, such as encryption etc.). Nonetheless, security cannot be absolutely guaranteed against all threats despite our best efforts. 9.2. Transmission of information via the internet is not completely secure. We cannot guarantee the security of data transmitted to us via email, to our website or online resources; such transmissions are at your own risk. 9.3. Where you have access to our resources via user authentication means (e.g. user credentials), you are responsible for keeping your user credentials secure and confidential and not to disclose them to any persons

Your Rights

Data Subject Rights

10.1. Depending on the applicable law, you may have rights as afforded under applicable data protection law – these rights are afforded to natural persons whose personal data we process strictly as a processor on behalf of our business customers (controllers). Data subjects should exercise their rights directly with the relevant controller. 4Pay will support the controller in fulfilling such requests in accordance with Article 28 GDPR. We ensure that you may exercise your rights under applicable privacy and data protection laws, which means that 4Pay endeavours to provide reasonable assistance in respect to requests from individuals regarding processing of personal data, rights to access, deletion, amendment etc. Please note that your rights are not absolute and may be limited due to a legal basis relied upon by the relevant controller to process your data. As the majority of processing we perform is carried out on instructions of controllers in order for them to meet their own legal obligations, some rights of data subjects may be limited by the controller’s legal and regulatory requirements. 4Pay does not limit such rights independently, but will support the controller in fulfilling its obligations. Depending on the applicable laws, you may have certain rights under data protection law. For example, under the GDPR, you have the following rights: 10.1.1. Obtain a copy of your personal Data (“Right of access”) You may request access to your personal data from the relevant data controller (our business customer). 4Pay, acting solely as a data processor, will provide reasonable assistance to the controller in fulfilling such requests. 10.1.2. Request correction of incorrect personal data You may request correction of inaccurate or incomplete personal data from the relevant data controller. 4Pay will support the controller by implementing corrections on its documented instructions. 10.1.3. Object to the processing of personal data You may exercise your right to object directly with the relevant data controller. 4Pay will respect and implement any objection decisions communicated to us by the controller. 10.1.4. Right to erasure (“to be forgotten”) Requests for erasure must be directed to the data controller. 4Pay will delete or anonymize personal data when instructed by the controller in accordance with applicable law. 10.1.5. Restriction of processing of personal data You may request restriction of processing through the relevant controller. 4Pay will implement such restrictions strictly on the controller’s instructions. 10.1.6. Withdrawal of consent Where processing is based on consent obtained by the controller, you may withdraw your consent directly with that controller. 4Pay will process personal data only as instructed and will cease processing upon the controller’s notice of withdrawal. 10.1.7. Data portability You may exercise the right to data portability with the relevant controller. 4Pay will provide assistance to the controller to enable the transfer in a secure and GDPR-compliant manner.

Exercising your rights

10.2. Please contact your relevant data controller directly to exercise your rights. If you mistakenly contact 4Pay, we may need to forward your request to the controller, while providing assistance as required under GDPR. 10.3. You may be subject to identification procedures and measures in order to ensure that no personal data is disclosed to unauthorized persons. We may also request additional information/clarifications to process your request as rapidly and efficiently as possible. 10.4. Requests should preferably be made in English. However, we will make reasonable efforts to accept and respond to requests submitted in other official languages of the European Union, provided they contain a clear description of the subject matter. 10.5. We will not normally charge a fee to access your personal data (or exercise other rights). We may charge a fee where your request is clearly unfounded, excessive or repetitive. Alternatively, we may reject such a request as manifestly or excessively burdensome, unfounded and not submitted in good faith. 10.6. Depending on the complexity of your request and volume of data associated with it, we will aim to satisfy all legitimate requests within one month of receipt or to inform you of refusal, or of an extension period of up to three months to satisfy your request. We will notify you appropriately if your request requires more than one month to fulfil.

Right to file a complaint

10.7. If you have any complaints about the use of your data, exercise of your rights, please notify your relevant data controller. If you mistakenly contact 4Pay, we may need to forward your complaint to the controller, while providing reasonable assistance as required under GDPR. 10.8. Complaints should preferably be made in English and contain sufficient details and a clear description of the complaint. However, we will make reasonable efforts to process complaints submitted in other official languages of the European Union, provided they contain a clear description of the subject matter. 10.9. If you believe that we have not been able to resolve your complaint, you may also submit a complaint to the competent data protection supervisory authority in a relevant country of business (please refer to the country-specific privacy terms). For 4Pay, if you are exercising your rights under GDPR, you may submit a complaint to the Commissioner for Personal Data Protection. Please refer to the Commissioner’s website https://www.dataprotection.gov.cy/.

Your Responsibilities

12.1. You are responsible for ensuring that the information provided to 4Pay by you/about you or on your behalf is accurate and up to date, and you must inform us if anything changes as soon as possible. 12.2. If you provide information about another person, you must direct them to this Privacy Policy and ensure they are informed about and consent to 4Pay using their information as described in it, where required by law.

Our Privacy Policy and Changes

13.1. We may revise or update our Privacy Policy from time to time. In such a case, we will make the most recent version available on our website and indicate the date of the last update. Where changes are material or required by law, we will request your consent before applying changes that materially affect the way we process your personal data. 13.2. Specific rules that may apply in accordance with the data protection law of a country of 4Pay’s local business, depending on a country of location, may be found in the country-specific privacy terms. These may be revised in the same way as Privacy Policy revisions described above. The country-specific privacy terms will prevail if there are any differences. 13.3. You are advised to visit our website frequently to consult our Privacy Policy in its most recent version.

Contact us

4Pay IT Solutions LTD, Office at King George A’ 14, Flat/Office 12-13, Germasogeia 4047, Limassol, Cyprus. Email: [email protected] Contact telephone: +35725222437

Ask anything about policies