Legal

Privacy policy

We embed privacy controls throughout our merchant onboarding, payments, and support operations. This page summarises how we collect, secure, and govern personal data.

Compliance team reviewing privacy controls

GDPR controller

We operate as a UK/EU data controller with Data Protection Officer oversight and quarterly privacy reviews.

Purpose limitation

Personal data is only used to onboard merchants, operate payment programs, and deliver opted-in product updates.

Encryption at rest

Customer data is encrypted in UK/EU cloud regions with access restricted via audited role-based controls.

1. Who we are

Easy Merchant Solutions Limited ("Easy Merchant Solutions", "we", "us") provides merchant acquiring and payment technology. We act as a controller for the personal data described below and appoint vetted processors for specialist services (for example fraud monitoring).

2. Data we collect

  • Contact details: Names, roles, email addresses, and numbers you share via forms, email, or phone.
  • Merchant records: Company information, bank details, beneficial ownership, and device inventory captured during onboarding.
  • Usage analytics: Essential telemetry from our portals and APIs to maintain security, collected using first-party cookies.

3. How we use data

We process personal data to deliver services, respond to enquiries, fulfil contractual and regulatory obligations, and send product updates when you opt in. We never sell personal data or allow third parties to market to you.

4. Sharing and transfers

Information is shared with acquirers, payment networks, fraud-prevention bureaus, and support vendors under strict data processing agreements. Data is hosted in UK/EU regions. When transfers outside the EEA are required, we use Standard Contractual Clauses and monitor destination laws.

5. Retention

Contact enquiries are retained for 24 months. Merchant account information is stored for the contract duration plus seven years to meet financial regulations. Logs linked to fraud or chargebacks may be retained longer where legally necessary.

6. Security controls

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Least-privilege access with SSO, MFA, and quarterly entitlement reviews.
  • Independent penetration tests and ISO 27001-aligned policies.

7. Your rights

You can request access, correction, deletion, or restriction of your data, object to processing, and request portability. We respond within one calendar month.

Contact our DPO via support@easymerchantsolution.com or write to Easy Merchant Solutions Limited, Remote-first operations, UK & EU.