Privacy Policy and Cookies

Principles of personal data protection in the company PAYmeUP s.r.o., reg. No.: 04752601, registered address: Revoluční 762/13, Staré Město, 110 00, Prague, Czech Republic (hereinafter referred to as the “Company”, “PAYmeUP”, “we”, “our”, “ours”, “us”), client personal data protection policy of the Company and Cookies Policy.

  1. Generals
  2. Legal information about Company
  3. Personal data. Data that Company collects about its clients
  4. Methods of personal data collecting by the Company
  5. Personal data using by the Company responsible employees
  6. Disclosure and transfer of client personal data to other institutions
  7. Marketing
  8. International data transmission
  9. Data storage
  10. Client rights in relation to personal data
  11. Security and archiving of personal data
  12. Minors
  13. Right to complaint
  14. Cookie guidelines and other access methods
  15. Complaint form for issues related to personal data
  16. Personal data policy and Cookies policy

Abbreviations used:

AML – anti-money laundering

TF – terrorist financing

KYC – know your client


  1. Generals

The Company always monitors the latest legislation and complies with the laws relating to and regulating the activities of small payment institutions, anti-money laundering and terrorist financing laws, as well as European laws and Directives on the protection of personal data. In accordance with the General Data Protection Regulation (GDPR), the Company has taken the measures described below.

Since the launch of the payment system, the Company adheres to a set of principles for the protection of personal data. These principles apply to all individuals and organizations whose personal information we hold. We focus primarily on the following basic principles:

Transparency of procedures and principles for processing, collecting, and storing personal data. Our customers are entitled to information about what personal data PAYmeUP collects, for what purpose it is collected, how personal data is stored, and what our personal data protection policy is.

The Company guarantees the security and control of client personal data and provides clients with the opportunity to make a decision on how to process their personal data.

The main principle of the Company is the protection and reliable storage of personal and financial data. The Company ensures the maintenance of appropriate security standards and the protection of client personal data.

As a small payment institution authorized by the Czech National Bank, the Company collects personal data for the provision of payment services and services related to the current license. Personal data is used primarily to prevent fraud and suspicious transactions, as well as to comply with local and international laws in order to prevent money laundering and terrorist financing.

  1. Legal information about Company

PAYmeUP is a payment system operated by the Company with a registered office in the Czech Republic (an EU member state). The company operates on the basis of a small payment institution authorization issued by the Czech National Bank.

Company legal information:

Company Name: PAYmeUP s.r.o.

Registration number: 04752601

Legal address: Revoluční 762/13, Staré Město, 110 00, Prague, Czech Republic


The purpose of these personal data protection principles is to provide our clients with information about how we collect and process all personal data when our clients use the Company’s website (hereinafter referred to as the “Website”) or register in PAYmeUP system. All areas of client interaction are used, including the Website, business relationship and payment services.

In accordance with Directive 95/46/EU (General Provisions on the protection of personal data), the Company is the data administrator and is therefore responsible for the safe use of personal data in accordance with applicable law and in accordance with the agreement between the Company and its clients.

Please read these personal data protection guidelines and other information related to the services offered by the Company. If you have any questions, please contact us at the email address above.

  1. Personal data. Data that Company collects about its clients

Personal data is any personal information that identifies a person. Personal data does not include data that cannot be used to identify a person (they are anonymous). The Company collects, uses, processes, stores or transfers personal data such as:

  • Identification data. This data includes the full name (s), date of birth, State-assigned identification number, date of birth, and number of identity documents. The Company uses this data primarily to identify its clients in order to provide them with payment services and thus prevent money laundering (ML) or terrorist financing (TF).
  • Contact details. This is data used to contact clients, such as phone number, address, email and payment details. This data is also used for two-step verification of the client in order to avoid the risk associated with ML or TF.
  • Financial data. This information includes a bank account number, credit card information, and other related financial information. This data is also used to verify and identify the client in order to avoid the risk associated with ML or TF.
  • Payment Transaction Details. When working with Clients who own a business (meaning a business that uses one or more payment services) or with a customer, this includes payment information when using the Company’s products or services.
  • Technical data and access data. This includes data such as Internet usage information, IP address, login information, unique user ID, installed software version, screen resolution, color settings, plugins, language settings, Javascript permissions, content and pages that the client opens on our website or platform, the dates and time when the client visits the website or platform, how it operates on the website, and the time spent on the Website or our platform.
  • Marketing and communication data. This data includes both a record of the client’s decision to receive or refuse to receive marketing materials from both the Company and third parties.

The detailed scope of personal data required to use certain services provided by the Company can be found in the terms and conditions of service available on the Website.

The Company does not collect, store or process any special categories of personal data about its clients (race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, trade union membership, health information, genetic and biometric data).

The Website contains links to third-party websites, plugins, and applications (including cookies and widgets from third-party advertisers). While agreeing to the principles of personal data protection, the client must also understand that by clicking on these links or allowing these connections, the client may provide third parties with the opportunity to collect or share their personal data. The Company does not have any control over third-party websites and does not influence their principles of personal data protection.

  1. Methods of personal data collecting by the Company

Since the Company is a small payment institution and has obligations related to the prevention of ML and TF, PAYmeUP collects data, including personal data, to provide its services and products to clients. The Company collects only personal data necessary for the operation of the payment system and the provision of payment services:

  • By law, PAYmeUP is required to verify and authorize payments in order to reduce the possibility of theft and protect against identity theft or fraud, money laundering and terrorist financing. For this purpose, certain personal and non-personal client data may be collected by the Company directly or provided to us by sellers or clients, and we will use this personal data to log in to the systems available for such verification and remain there for further use and cross-reference the information necessary for verifying payments.
  • Verification of the client’s identity and comparison of the client information in order to verify accuracy.
  • Storage of client data, if the client uses its right to refuse purchases made or in the event of a dispute or a reverse transfer of funds, in order to provide information about the transaction and the client personal information to financial institutions for the purpose of resolving disputes.

In accordance with the legislation, terms and conditions (agreements), the Company does not have the right to register, authorize and approve the Client’s registration in the PAYmeUP system until the client provides the necessary data.

The Company collects information on its Website in various ways, especially when the client provides his/her personal data directly to the Company. This includes:

  • entering client data on the Website in such a way that Company employees can contact the client regarding services and products;
  • request for the Company goods or services directly on the Website, by email, or through the Company suppliers (for example, from sellers);
  • participation in a contest, promotion, or survey;
  • request marketing materials for further use;
  • sending support requests to the Company support service.

When a client visits the Website, PAYmeUP collects data using various technologies. It is said about site usage data and technical data. The Company has its own Principles for the use of Cookies, which are part of the Company’s General Principles for the Protection of Personal Data.

In addition, the Company receives personal data through third parties or, if they are publicly available. Such sources are:

  • merchants and exchange point providers who provide us with personal data for the purpose of providing payment services selected by the client on sites used by merchants or exchange points;
  • profile data from social platforms and networks, if the client gives the Company permission to do so, and only if necessary;
  • technical data for fraud prevention and risk prevention;
  • identification data and contact information from publicly available sources in accordance with applicable law.
  1. Personal data using by the Company responsible employees

The main and priority purpose for which PAYmeUP uses personal data is to provide payment services, including ensuring the proper quality of services that the Client has ordered from the Company (depending on the type of client). In addition, the Company uses the personal data of clients in the following cases:

  • If it is necessary for the legitimate interests of the Company or the legitimate interests of third parties and if these interests outweigh the interests of the client;
  • If the Company uses personal data to fulfill its obligations under the law – for example, to prevent ML and TF, as well as other legal requirements arising from the Payment Services Act and other laws applicable to small-volume payment service providers;
  • Personal data is used with the active and informed consent of the client. The client has the right to withdraw his/her consent, if this does not contradict the obligations provided for by law;
  • In order to ensure that the Company can communicate effectively with its clients, in particular, the ability to send emails to inform clients about payment goods or services, updated current security warnings and warnings related to fraud tracking, or warnings about service interruptions or other important messages about the Company’s services and products.

To improve its goods or services, PAYmeUP may use automated tools, including profiling, automatic analysis of the client personal data for the following purposes:

  • implementation of KYC procedure required by the Law no. 253/2008 on Certain Measures against the Legalization of Proceeds from Crime and the Financing of Terrorism, which includes thorough procedures for assessing the client’s risks in order to verify and authorize the client;
  • verification and authorization of payments in order to reduce the likelihood of theft and protect against identity theft or fraud in accordance with current legislation.

The company collects and uses the personal data for the provision of payment services:

  • conclusion and execution of an agreement between the Company and its clients, provision of payment services, opening of a client account in PAYmeUP system;
  • implementation of KYC and risk assessment procedures for verifying and authorizing the client and his/her access to PAYmeUP services. Types of data required: identification data, contact data, and financial data. This is necessary in order for the Company to evaluate the client’s request for access to the Company’s services and products on the basis of the agreement and the necessary statutory obligations that the Company has;
  • PAYmeUP system security and business process security, enforcement of laws and regulations for financial institutions. Types of personal data may include identification data and transaction data;
  • administration of the Company’s relationship with the client. This includes a notice of changes to the Agreement, Commercial Terms or these Privacy Policies, or a request to the client to provide information on how the Company can improve or develop new services or products;
  • providing assistance to the client and solving problems, contacting the client or sending a notification to the client that directly relates to the Company services, such as system failures and updates;
  • informing the client about the status and history of transactions, which is required from the Company as a provider of small-volume payment services under the Law on Payment Services;
  • issuing and storing invoices and accounting documents;
  • use of the client personal data in transaction reports or monitoring as part of the Company fulfilment of its obligations under the agreement;
  • use of the client personal data for internal purposes, such as audits, reporting, data analysis or data extraction, conducting research aimed at improving existing products or developing new ones, services and communications;
  • use of data analytics to improve our sites, products, or services, marketing and experience. This may be technical data and access data that will be used by PAYmeUP to analyze and develop or improve products and/or services, or to provide promotions or benefits that may improve client interaction and use of the Company services and/or may contribute to its further development.
  1. Disclosure and transfer of client personal data to other institutions

While working with clients’ personal data, the Company shares this data with:

  • The Company responsible employees
  • Third parties under the outsourcing functions agreement, such as companies providing marketing support, IT support and development, regulatory compliance, ML and TF prevention services, and
  • Merchants only in necessary volume to ensure the provision of payment services;
  • Contract service providers that assist the Company in its operations, i.e. providers of IT infrastructure, payment risk analysis software, and marketing services;
  • Financial institutions and banking partners of the Company and third parties with whom the Company jointly creates and jointly offers products and services. Depending on the type of payment service, the Company exchanges data with financial institutions that verify and process individual payment transactions, identity checks, or financial settlements. This means that the client personal data may be collected for this purpose by institutions providing payment services or issuing means of payment, such as Visa, MasterCard, credit institutions, etc.

In any case of enforcement of a right, a court decision, an investigation by the Czech National Bank, a Financial arbitrator or in the case of any other similar court procedure, the Company will take appropriate organizational and technical measures to ensure that any third party involved in the processing of the client personal data applies the standards and principles of protection in accordance with the current legislation and in accordance with these Principles of Personal Data Protection.

  1. Marketing

Since the Company provides a wide range of payment solutions and services, it sends out marketing notifications and messages to clients. The Company sends marketing notifications and messages only if the сlient has subscribed to receive this information about PAYmeUP services and products. The сlient will also receive marketing messages from the Company if they participate in a promotion or survey where PAYmeUP asks its clients to provide their personal data to access or participate in the survey.

In any case, PAYmeUP maintains a register of data for marketing communications that is used by the Company, and each сlient has the right to opt out of receiving such marketing notifications at any time by clicking on the unsubscribe link specified in PAYmeUP marketing messages. The Company may also use marketing and communication data to improve and customize the content of advertising messages and promotions that may be of interest to the client.


  1. International data transmission

The Company does not transfer the personal data of its clients to third parties, except for the parties that are part of the legally stipulated obligations of the Company and third parties in the framework of contractual relations for the transfer of personal data for the purpose of providing payment services. The transfer is necessary to fulfill and comply with the terms of the services provided by PAYmeUP, or to meet other operational needs of the Company or to achieve certain goals set out in these Principles of Personal Data Protection.

Whenever PAYmeUP transfers personal data to third parties, the Client can be sure that the third party has the same level of personal data protection as the Company.

  1. Data storage

The Company may store the сlient personal data for as long as it is necessary for us to achieve the purpose for which it was collected. The data storage by PAYmeUP is subject to the assessment of compliance with legal (contractual or legislative) and accounting requirements, as well as the requirements for declaring compliance. The Company also takes into account the time limits established in the laws on the protection of personal data of the various countries in which PAYmeUP provides its services.

  1. Client rights in relation to personal data

Each client can exercise his/her rights specified in the current legislation of the Czech Republic. The Company guarantees the following rights related to the protection of personal data:

  • The right to access the client personal data. Every person who is in a contractual relationship with PAYmeUP has the right to request information about their personal data processed by the Company.
  • The right to correct or change the client personal data. Any inaccurate personal data must be corrected by the changes sent by the client.
  • The right to delete the client personal data. At the request of the client, the Company will delete the client personal data, except for those data that will be stored within the framework of legal obligations.
  • The right to restrict the processing of the client personal data. At the request of the client, the Company may, under certain circumstances, mark certain personal data as prohibited for processing.
  • The right to transfer data. At the request of the client, the Company may transfer the personal data provided to PAYmeUP to another data administrator.
  • The right to automated individual decision-making, including profiling.
  • The right to raise an objection to direct marketing.
  1. Security and archiving of personal data

The Company takes the legal, technical and organizational measures that it considers necessary to ensure the security of the client personal data, with due regard to the valid obligations and exceptions in accordance with the current legislation. The company complies with the standards in the sphere of payment systems. To protect all personal data, the technology of permanent encryption (Always Encrypted) is used. The AEAD_AES_256_CBC_HMAC_SHA_256 algorithm is used to encrypt personal data of clients. The master encryption key is stored in a secure key store. Encryption keys are encrypted using an RSA key using optimal asymmetric encryption with an add-on (RSA-OAEP). Key administration uses a company employee role allocation process that ensures that database administrators do not have access to key stores, and security administrators do not have access to a database containing sensitive data. Access to the information infrastructure is protected in accordance with the PCI DSS standard.

The Company is reviewing its policies regarding the collection, storage, and processing of customer personal data, including physical security measures, to prevent falsification, loss, misuse, fraudulent use, or fraudulent or unauthorized access to client personal data.

The Company has established procedures to eliminate any suspicion of a violation of personal data and will notify its clients and any competent authorities of the violation, if required by law.

  1. Minors

The Company does not voluntarily or actively collect, use or disclose personal data of minors without the prior consent of the parents or guardians of the minor, due to the different ages of the respective jurisdictions.

PAYmeUP services are not aimed at attracting minors and are not intended for this purpose.

If an employee of PAYmeUP is notified or discovers that for any reason the Company collects personal information about a minor from a particular jurisdiction without first obtaining verifiable parental consent, PAYmeUP will take steps to delete this information as soon as possible.

  1. Right to complaint

Each client has the right to file a complaint about the processing and storage of his/her personal data.

Each client has the right to withdraw his/her consent to the processing of personal data provided by the client to the Company and to prevent further processing, if there is no other legitimate reason for PAYmeUP to continue processing the client personal data.

If you have any complaints or claims about your personal data or need to download it, please contact us at the email address below. To file a complaint, withdraw consent, or make other changes to your personal data, fill out the application form below and send it to

  1. Cookie guidelines and other access methods

The Company uses on its Website, mobile app and PAYmeUP System cookie files, web beacons and other access methods (hereinafter referred to as cookies). The term cookie refers to all IT data, text files stored in user terminals for the purpose of using the website. Through such files, the Company recognizes the user terminal and displays a web page adapted to the user’s preferences. Cookies usually contain the name of the site from which they originate (redirection), the time of storage on the terminal, and a unique number.

Cookies are used to adapt the Website content to the user’s preferences and optimize the use of the site. They are then used to generate anonymous aggregate statistics that helps the Company understand what benefits the user receives from the website, which allows it to improve the structure and content of the site without the need for personal identification of the user.

The Company uses two types of Cookie files: session cookie and persistent cookie. Session files are temporary files that remain on the user’s terminal until the user exits the site or closes the application (web browser). Persistent files remain on the user’s terminal for the time specified in the cookie settings, or until the user manually deletes them. Personal data collected through cookies may only be collected to perform certain functions for users. Such data is encrypted so that it cannot be accessed by unauthorized persons.

In general, it is true that the application that is used to view websites allows you to save cookies on the terminal in the default settings. These settings can be changed so that the automatic management of cookies is blocked in the browser settings, or so that the user receives information every time a cookie is sent to his terminal. You can find detailed information about the features and methods of processing cookies in the application settings (web browser). Restrictions on the use of cookies may affect some of the features available on the website.

The cookies used by the partners of the website provider, including, but not limited to, the users of the website, are subject to their own personal data protection principles.


  1. Complaint forms for issues related to personal data

Name and surname:

Date of birth:



Please specify the type of personal data to which this complaint relates:

  • Identification data
  • Contact details
  • Financial details
  • Payment details
  • Technical data and access data
  • Marketing and communication data

Please provide what applies to your complaint associated with personal data:

We will process your complaint within 42 hours. If you have any questions, please contact us at: Revoluční 762/13, Staré Město, 110 00, Prague, Czech Republic.

  1. Personal data policy and Cookie policy

By posting your data on the website, you agree to the principles of personal data and information protection (hereinafter referred to only as the “Principles”).

Data security website administration (hereinafter referred to as the Website) may not transfer or disclose the information provided by the user (hereinafter referred to as user) to third parties when he/she registers and uses the functions of the site, except in cases described in the legislation of the country in which the user operates.

Get personal information

For communication on the Website (message sending or issues for PAYmeUP payment system employees – hereinafter referred to as PS) a user must specify some personal data (name, surname, telephone number, email etc.). To verify the data provided, the site reserves the right to request proof of identity online or offline.

Use of personal data

This Website uses the user personal information to maintain and improve the quality of the services provided. PS employees may be provided with pieces of personal information if the provision of this information is necessary to answer questions or messages from the user. The website makes every effort to ensure the security of the user personal data. Access to personal data may be granted in cases provided for by law, or if the administration considers that similar measures are necessary to ensure compliance with the legal process, court decision or judicial process of the user necessary to work with the website. In other cases, the information that the user transmits to the website will not be transferred to third parties under any circumstances.


 After the user enters his/her personal data (sends a message to PS), he/she will receive an email confirming their successful registration. The user has the right to change or delete their personal data at any time by sending a corresponding message from the website page and specifying the phrase “CHANGE DATA” or “DELETE DATA” in it. After changing the data or immediately before deleting it, the user will be informed by e-mail about the change/deletion of his/her personal data.


The Website may contain links to other sites. This website is not responsible for the principles of service, quality, and security of such sites. This privacy statement applies only to information published directly on the Website.


The Website protects the user account from unauthorized access.

Edit notification

The Website reserves the right to make changes to the principles without prior notice. Innovations take effect from the moment they are published. The user can independently track changes in the principles.

Switch The Language