GDPR Compliance

General Data Protection Regulation

Our Commitment to GDPR

VeilPay is committed to protecting the privacy and data rights of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. We comply with the General Data Protection Regulation (GDPR) and provide robust data protection measures.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You can request a copy of all personal data we hold about you.

2. Right to Rectification

You can request correction of inaccurate or incomplete data.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements.

4. Right to Data Portability

You can receive your data in a structured, machine-readable format.

5. Right to Object

You can object to certain types of data processing, including direct marketing.

6. Right to Restrict Processing

You can request limitation of how we process your data.

7. Right to Withdraw Consent

You can withdraw consent at any time for processing based on consent.

8. Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide payment processing services
  • Legal Obligation: To comply with financial regulations and AML/KYC requirements
  • Legitimate Interest: For fraud prevention and security
  • Consent: For optional communications and features

Data Transfers

Your data may be transferred to the United States where VeilPay operates. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Equivalent data protection measures
  • Regular security assessments

Data Retention

We retain personal data for as long as necessary to:

  • Provide our services
  • Comply with legal obligations (typically 7 years for financial data)
  • Resolve disputes and enforce agreements

After this period, data is securely deleted or anonymized.

Data Protection Officer

VeilPay has appointed a Data Protection Officer (DPO) to oversee GDPR compliance:

Email: dpo@veilpay.com
Address: Data Protection Officer, VeilPay Inc., 123 Privacy Lane, San Francisco, CA 94102

Data Breach Notification

In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Automated Decision Making

We use automated fraud detection systems to protect against fraudulent transactions. If a transaction is declined due to automated processing, you have the right to:

  • Request human review of the decision
  • Express your point of view
  • Contest the decision

Children's Privacy

VeilPay does not knowingly collect data from individuals under 18 years of age. If we become aware of such collection, we will delete the data promptly.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

  • Email us at privacy@veilpay.com
  • Use the data export tool in your account settings
  • Contact our Data Protection Officer

We will respond to your request within 30 days. If we need more time, we will inform you of the reason for the delay.

Supervisory Authority

If you are located in the EEA and have concerns about how we handle your data, you have the right to lodge a complaint with your local data protection authority:

List of EU Data Protection Authorities

Updates to This Page

We may update this GDPR information from time to time. Material changes will be communicated via email.