GDPR Notice

    Information Regarding Data Processing (GDPR)

    Effective Date: February 2, 2026

    1. Data Controller

    PayLinks acts as a Data Controller for the personal data of its users. This means we determine the purposes and means of processing your personal data.

    PayLinks

    Email: [email protected]
    Address: Romania

    2. Our Roles

    PayLinks as Data Controller

    When you create an account and use our services, we act as the Data Controller for:

    • Your account information (name, email, etc.)
    • Your financial information (bank details for payouts)
    • Your usage of our platform

    PayLinks as Data Processor

    When you collect payments from your customers, you are the Data Controller and PayLinks acts as a Data Processor on your behalf. We process your customers' data only to facilitate the payment.

    3. Legal Basis for Processing

    Under GDPR Article 6, we process your data based on:

    • Contract (Art. 6(1)(b)): Processing necessary to provide our services to you
    • Legal Obligation (Art. 6(1)(c)): Processing required to comply with laws (tax records, anti-money laundering, etc.)
    • Legitimate Interests (Art. 6(1)(f)): Processing for fraud prevention, security, and service improvement
    • Consent (Art. 6(1)(a)): For marketing communications where applicable

    4. Your Rights Under GDPR

    As a data subject, you have the following rights:

    Right of Access (Art. 15)

    You can request a copy of your personal data we hold.

    Right to Rectification (Art. 16)

    You can request correction of inaccurate personal data.

    Right to Erasure (Art. 17)

    You can request deletion of your personal data in certain circumstances.

    Right to Restriction (Art. 18)

    You can request restriction of processing in certain circumstances.

    Right to Data Portability (Art. 20)

    You can request your data in a portable, machine-readable format.

    Right to Object (Art. 21)

    You can object to processing based on legitimate interests.

    5. International Transfers

    Your data may be transferred to countries outside the European Economic Area (EEA). When this happens, we ensure appropriate safeguards are in place, such as:

    • Standard Contractual Clauses (SCCs) approved by the European Commission
    • Transfers to countries with adequate data protection (adequacy decisions)

    6. Security Measures

    We implement technical and organizational measures to protect your data:

    • Encryption of data in transit (TLS/SSL) and at rest
    • Access controls and authentication
    • Regular security assessments
    • Employee training on data protection
    • Incident response procedures

    7. How to Exercise Your Rights

    To exercise any of your GDPR rights, contact us at:

    Email: [email protected]

    We will respond to your request within 30 days. In complex cases, we may extend this by two months with prior notice.

    If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country.

    Related Documents

    Terms and ConditionsPrivacy PolicyCookie Policy
    🇷🇴 Vezi în română
    GDPR Notice - PayLinks