Privacy notice

About this document

This Privacy Notice will help you understand how we collect, use and protect your personal information. If you are a US resident, this policy is also supplemented by our US State-Specific Privacy Notice.

Click here for the US State-Specific version

Click here for the Portuguese version

Click here for the Spanish version (excl. Colombia)

Click here for the Colombian version

Who we are

The PPRO Group comprises PPRO Holding GmbH, together with its subsidiaries globally . A full list of PPRO Group entities is available at: https://www.ppro.com/legal/ppro-entities/.

Most of the group’s entities are not client-facing, but PPRO Payment Services SA and PPRO Financial Ltd. are PPRO Group’s financial regulated entities, offering Business-to-Business financial services to, respectively, the EU/EEA, and the rest of the world.

PPRO Financial Ltd (“PPRO UK”) is Registered in England and Wales with company number 07653641 with its registered office at 20 Midtown, Procter Street, London WC1V 6NX, United Kingdom. It is authorised and regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN: 900029) as an Electronic Money Institution. Our registration number with the Information Commissioner’s Office (ICO) is Z2958821

PPRO Payment Services S.A. (“PPRO LU”), a public limited company incorporated in Luxembourg (commercial register no. B235952) with its registered office at 48 Rue de Bragance, Luxembourg, 1255, Luxembourg, is authorised and regulated by the Commission de Surveillance du Secteur Financier under License No Z00000022 as a Payment Institution. Mordechay Bring, Almir Majcic, and Bernard Richard Miles legally represent the company.

References to PPRO shall refer to both PPRO UK and PPRO LU, unless the context requires otherwise or specific reference is made to either entity.

Our Contacts

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any queries about this Privacy Notice, on how we process your personal information, or if would like to submit a complaint or an Access Request, please contact us:

• by email to data@ppro.com, or by post to:
• PPRO Financial Ltd, 20 Midtown, Procter Street, London WC1V 6NX, United Kingdom, or
• PPRO Payment Services S.A., 48 Rue de Bragance, Luxembourg, 1255, Luxembourg.

Our role in processing personal data

PPRO acts as a “data controller” under GDPR, the UK Data Protection Act 2018, and related Privacy and Electronic Communications regulations when processing your personal information due to legal obligations, contractual necessity as an employee, or its own legitimate interest. This means PPRO determines the purposes and means of processing your data, either alone or jointly.

Where PPRO processes personal data strictly on the documented instructions of our clients (Merchants, Local Payment Systems, and Payment Service Providers) in the provision of payment processing services, we act as a “data processor”. In all other circumstances, including relationship management, regulatory compliance and fraud prevention, PPRO acts as a data controller.

PPRO provides payment services to clients, using transaction data solely for this purpose, not for resale.

What Information We Collect About You

Special categories of personal data

PPRO does not intentionally collect special categories of personal data (sensitive personal information) via our websites unless legally required, such as for recruitment. Sensitive data includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for unique identification, health information, sex life or sexual orientation, and sometimes social security numbers or financial information.

If you have made a payment through one of our clients

PPRO receives from its clients only the data that is strictly necessary for us to see the payment to completion. We may obtain some or all of the following:

• your IBAN,
• your name,
• the name of the payee,
• the IBAN of the payee
• the amount of the payment and the currency used.

As a provider of payment services, PPRO only processes transactional routing and settlement data necessary to complete the payment. We do not receive details of the goods or services purchased.. PPRO is also unable to cancel your subscription, or to request a chargeback: for both you should refer to your bank, or directly to the merchant.

If you are a Director or Ultimate Beneficiary Owner of a client or prospect

The personal information we collect about you may include:

• name, date of birth and gender;
• identification document details;
• contact details, including address, telephone number and email address, citizenship, and proof of residence.

If you apply for a job at PPRO

Please refer to the copy of the Candidate Privacy Policy you received or at this other page.

If you are a PPRO Employee

Please refer to the copy of the Employee Privacy Policy you received, or the one on PPRO’s Intranet.

If you are a visitor to our website

By using our website, we will collect the IP (Internet Protocol) of your connection, the date and time of your connection, and cookies may be stored on your devices. You can find further information on cookies below, under the title ‘Cookies and Web Beacons’.

If you contact us directly

if you contact us directly, we may process the following data:

• your full name,
• the name of your employer,
• your email and/or physical address,
• any information you share with us on your CV,

Security

PPRO works to protect the confidentiality and security of information it obtains in the course of its business. Access to such information is restricted to authorised personnel and policies and procedures are in place, designed to safeguard the information from loss, misuse and improper disclosure.

How We Collect Information About You

Most of the personal information we hold about you is collected directly from you. We do this for example, when you:

• visit our website;
• register to receive information from us or sign up to our newsletter;
• register to access our portal (e.g. Partner Portal or Almanac);
• download e-books and other information from our website;
• contact us directly, either via the contact form on our website, by email or on social media;
• register with us for recruitment and vacancy updates;
• apply for an employment vacancy on our site;
• respond to communications or surveys;
• accept the use of Cookies.

We will also collect information about you if you get in touch through one of our external partners (for instance, if you apply for a job vacancy using a third party provider, such as a recruitment agency or Lever, our Applicant Tracking System.

In order to understand more about you and to verify your identity, we may supplement and combine the personal information that we collect from you with other categories of data obtained from other sources.

We may change or add to these from time to time and the changes will be updated on this Privacy Notice.

How we process data, our legal bases and retention times

Processing	Our role	Legal Basis	Retention Time
Managing candidate applications	Controller	Legitimate interest	Three years
Managing employees (employment contracts, performance and payroll data)	Controller	Legal obligation	Ten years
Managing prospect and client accounts through the entire sales process	Controller	Necessary for the performance of a contract; Legitimate interest (ensuring network and payment system security, conducting business operations efficiently)	Ten years
Carrying out anti-fraud and anti-money laundering checks and verifying payer identity	Controller	Legal obligation (preventing fraud and financial crime)	Ten years after a fraud record is created. Fraud prevention agencies can hold data for different periods.
Using your details to process payments	Processor	Necessary for the performance of a contract	Ten years
Sending information about our products and services (General/Contractual)	Controller	Necessary for the performance of a contract; legitimate interests	Ten years
Monitoring usage and effectiveness of our website	Controller	Legitimate interest	Ten years
Undertaking market research and statistical analysis (including analysing website use and developing new products)	Controller	Legitimate interest	Data is retained as long as necessary to anonymise it, but not longer than 1 year
Fulfilling obligations owed to a relevant regulator, tax authority, or revenue service	Controller	Legal obligation	Ten years
Using personal data for marketing (sending newsletters and/or marketing about similar products and services)	Controller	Consent; Legitimate interest	Until your consent is withdrawn.
Processing personal data contained in complaints records and correspondence	Controller	Legal obligation	Six years
Using Cookies (e.g., to recognize customers, customise services, mitigate risk, prevent fraud)	Controller	Consent	Transient Cookies (per-session) are deleted on exit. Persistent Cookies stay until expiry or deletion.
Using Web Beacons (e.g., tracking engagement, measuring success of advertising campaigns)	Controller	Consent	Web Beacons often work in conjunction with Cookies (see Cookie retention).
“Discover” portal purposes (managing and identifying user sessions)	Controller	Necessary for the performance of a contract	Login will expire after 24 hours or, when there is continuous usage, after 30 days.

Information we collect on social media platforms

We use social media to inform, assist, and engage with you, monitoring posts to improve our offerings. PPRO may link to external social media platforms, but we don’t control or endorse their content, nor are we responsible for information posted by third parties on those sites. Links to third-party websites are not endorsements.

You can review third-party site privacy statements to understand their use of your personal information with the links below:

• X (formerly Twitter)
• Facebook
• LinkedIn
• Instagram
• Youtube
• Spotify
• iTunes
• Vimeo
• XING

You can object to receiving marketing from us at any time – please follow the unsubscribe link in our marketing emails or text message; or let us know through our contacts.

We also use the personal data you provide to us, information about you provided for third parties (please see “How we collect information about you” for further details), and of individuals who have similar characteristics to you, to enable us to evaluate and predict your behaviour to assist us to provide and improve our products and services

Who We Share Your Data With

Where relevant given the nature of our relationship or of the products and services provided to you, we may also share your information with the following categories of third parties:

We share your information with:

• Payment service providers (for contract performance).
• Our third-party service providers, data processors and their affiliates, sub-contractors or delegates who assist with the running of our Website and provision of our services, e.g., IT services providers, accountants, marketing partners, email hosting services. Our third-party service providers and data processors are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.
• Third-party data suppliers (for legitimate interests). We use a third party provider, customer.io, to deliver our newsletters, gathering statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e- newsletter. For more information, please see Customer.io Privacy Policy.
• Third-party service providers supporting our business, like IT, marketing, and financial services (for contract performance or legitimate interests).
• Fraud prevention agencies and associations (for legal obligations or legitimate interests).
• Regulators and law enforcement agencies (e.g., courts, police, Financial Conduct Authority, HMRC) as legally required.

Where We Process Your Information

PPRO relies on the EU servers cloud infrastructure provided by Amazon and Google.

If any personal information needs to be transferred to a country outside the European Economic Area (EEA), or processed by staff operating outside the EEA who work for us or one of our suppliers, such information will only be transferred on one of the following bases:

• the receiving country is considered by the European Commission as providing an adequate level of protection for personal information, or
• recipient agreed to European Commission-approved Standard Contractual Clauses, ensuring personal information is safeguarded, or
• the transfer is otherwise permitted under applicable data protection legislation.

For information on personal data protection when transferred outside the EEA, including copies of standard contractual clauses, contact us. PPRO shares your data only with third parties who contractually guarantee adequate privacy protection.

Cookies And Web Beacons

Our website uses Cookies, Web Beacons and other web technologies such as CAPTCHA’s, as applicable, to improve their performance and to enhance your browsing experience. These technologies will help us track and monitor your engagement and usage of our websites, to understand more about you, so we can offer you a more personalised browsing experience.

Cookies

We may place small data files on your access device. These data files may be cookies or other local storage provided by your browser or associated applications (collectively, “Cookies”). We use Cookies to recognise you as a customer, customise our services, content and advertising, measure promotional effectiveness, help ensure that your account security is not compromised, mitigate risk and prevent fraud, and to promote trust and safety across our website and services.

What Cookies do we use?

The Cookies used by our website can be:

1. Transient Cookies: Exist only for your site visit, deleted on exit. They track your movement between pages and help maintain security.
2. Persistent Cookies: Remain on your device until expiry or deletion. Many have automatic deletion dates. They store login information (e.g., for Discover platform) so you don’t need to re-enter it.

Cookies can be first-party (created by the viewed website) or third-party (created by independent companies providing services to website owners). Third-party cookies collect data on your visit’s origin, PPRO ad exposure, ad features seen, direct/indirect website arrival, device used, and downloads performed, via the third parties listed below.

• Usercentrics Consent Management Platform
• Mouseflow
• Vimeo
• reCAPTCHA
• Google Tag Manager
• Google Analytics 4
• Google Analytics Audiences
• Google Ads
• Google Ads Remarketing
• Google Ads Conversion Tracking
• Microsoft Advertising Remarketing
• LinkedIn Insight Tag
• Customer.io

How do I disable Cookies?

You can decline our Cookies via your browser settings, unless they are essential for fraud prevention or website security. Declining them may affect your use of our website. For cookie management, consult your browser’s “Help,” “Tools,” or “Edit” sections; alternatively, you can visit this website for guidance.

You can also accept selected cookies, or deny all cookies, using this link.

Web Beacons

We use Web Beacons (invisible tracking pixels or clear GIFs) on our websites and in emails to gather information about your interactions, such as browser used or email opens. These are also used to track advertising campaign success and for remarketing to past visitors. You can opt-out of remarketing via this link. Web Beacons often work with Cookies, but collect no personally identifiable or sensitive data. By using our website, you agree to our use of Cookies and Web Beacons. To avoid them, adjust your browser settings or stop using the website.

Your Rights

According to data protection legislation you have the right to:

• obtain access to, and copies of, the personal information that we hold about you;
• require that we stop processing your personal information if the processing is causing you damage or distress;
• ask us not to send you marketing communications;
• ask us to erase your personal information;
• ask us to restrict our data processing activities;
• receive from us a copy of the personal information we hold about you which you have provided to us, in a structured, commonly used and machine-readable format; and
• require us to correct the personal information we hold about you if it is incorrect.

Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply. To protect personal data, we may need to verify your identity before responding to your request.

If you are not satisfied with how we are processing your personal information, you can make a complaint to the Luxembourg CNPD, the UK Information Commissioner or to your country’s Data Protection Authority. You can find out more about your rights under data protection legislation from:

• the UK’S Information Commissioner’s Office website;
• Luxembourg’s Commission Nationale pour la Protection des Données
• your country’s Data Protection Authority.

Complaints

If you are concerned about an alleged breach of privacy law or any other regulation by PPRO, please let us know through our contacts.

If you are not satisfied with the way in which PPRO has resolved your complaint, you have the right to complain to the UK’s ICO, Luxembourg’s CNPD or the data protection authority in your country. You can find out more about your rights under data protection legislation from the UK ICO’s website or CNPD’s website.

Changes To This Privacy Notice

We may update this Privacy Notice from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes. If the changes are substantial, we may notify you of changes to this Notice by email.

If you have any questions or concerns about this Privacy Notice, please contact us through our contacts.

LAST UPDATED: 30 January 2026