Legal

Privacy Policy

Last Updated 01 May 2026
Effective Date 12 May 2025
Controller PAYG8 Ltd
Regulation UK GDPR · DPA 2018
01 — Introduction

Introduction

This Privacy Policy explains how PAYG8 Ltd ("PAYG8", "we", "us" or "our") collects, uses, shares, and protects personal data when you visit www.payg8.com (the "Website"), submit an enquiry, or engage us for consultancy, introduction, or programme management services.

PAYG8 Ltd is the "controller" of personal data we collect about you for the purposes of the UK General Data Protection Regulation (the "UK GDPR") and the Data Protection Act 2018, except where this Policy states otherwise.

Controller PAYG8 Ltd
Company Number 16514809
Registered Office 51 Moorgate, London, EC2R 6BH, United Kingdom
Email cs@payg8.com
02 — Data Collected

Personal Data We Collect

Depending on your interaction with us, we may collect the following categories of personal data:

Information you provide to us

  • Identity and contact details — name, business name, job title, email address, telephone number, postal address.
  • Enquiry details — the service you are interested in, the contents of any message, and any supporting information you choose to provide.
  • Onboarding and KYC information — date of birth, nationality, country of residence, identification documents (such as passport or driving licence), proof of address, photographs, electronic signatures, ownership and control structure, and other information needed to verify your identity or your business.
  • Source-of-funds and source-of-wealth information — information and documentation evidencing the origin of funds or wealth, including bank statements, contracts, payslips, tax records, and similar documents.
  • Financial and transactional information — bank account details, expected transaction volumes, counterparty information, and transaction history relevant to the services arranged.
  • Correspondence — records of any communications between you and us, including emails, call notes, and meeting records.

Information we collect automatically

  • Technical data — IP address, device type, operating system, browser type and version, time-zone setting, and other technology identifiers.
  • Usage data — pages visited on the Website, time and duration of visits, referring URLs, and other interaction data.
  • Cookies and similar technologies — see Section 9 (Cookies) below.

Information we receive from third parties

  • Identity-verification, sanctions-screening, PEP-screening, and adverse-media providers.
  • Credit reference agencies (where applicable and lawful).
  • Banks, electronic money institutions, payment institutions, and other partners with whom we have introduced you.
  • Public sources — including company registries, regulatory registers, sanctions lists, and publicly available media.
03 — How We Use Data

How We Use Your Personal Data

We process your personal data for the purposes set out below, relying on the legal bases identified in each case.

To respond to your enquiry and provide consultancy services

Legal basis: performance of a contract or steps taken at your request prior to entering into a contract; legitimate interests (responding to enquiries and operating our business).

To carry out KYC, KYB, sanctions, PEP, and adverse-media screening

Legal basis: compliance with legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and other applicable anti-financial-crime laws; legitimate interests in protecting our business and our partners against financial-crime risk.

To make introductions to, and operate programme management arrangements with, our partners

Legal basis: performance of a contract; legitimate interests in operating our partner network.

To detect, investigate, and prevent fraud, financial crime, and misuse of our services

Legal basis: compliance with legal obligations; legitimate interests in maintaining the integrity of our services.

To comply with legal, regulatory, and reporting obligations

Legal basis: compliance with legal obligations, including reporting to the National Crime Agency, HMRC, the FCA, the ICO, and other competent authorities.

To send you service-related communications and marketing

Legal basis: legitimate interests; consent (for electronic marketing, where required). You can unsubscribe at any time using the link in our marketing emails or by contacting us at cs@payg8.com.

To improve and secure the Website

Legal basis: legitimate interests in operating, securing, and improving the Website.

04 — Special Category Data

Special Category and Criminal-Offence Data

We do not generally seek special category personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, or health). Where such data appears in identification documents (for example, place of birth or a photograph), we process it only to the extent necessary to verify your identity and to comply with our legal obligations.

Where we process information relating to criminal convictions, offences, or alleged offences (for example, as part of adverse-media or sanctions screening), we do so under the substantial public interest condition for the prevention or detection of unlawful acts under the Data Protection Act 2018.

05 — Sharing Data

Sharing Your Personal Data

We may share your personal data with:

  • Banking, e-money, payment, and FX partners — including, where relevant to your engagement, Equals Connect Limited and Ebury Partners UK Limited — for the purpose of opening accounts, providing services, and meeting their own regulatory obligations. These partners are independent controllers in respect of the personal data they receive and process for their own services.
  • Service providers — including identity-verification, sanctions-screening, fraud-prevention, IT, hosting, customer relationship management, and professional advisers (such as lawyers, auditors, and accountants), all of whom act under appropriate confidentiality and data-protection obligations.
  • Regulators, authorities, and law-enforcement bodies — where we are required or entitled to do so by law (for example, the FCA, HMRC, the National Crime Agency, the ICO, courts, and tribunals).
  • Group companies, successors, and acquirers — in connection with a corporate restructuring, merger, or sale of all or part of our business.

We do not sell your personal data.

06 — International Transfers

International Transfers

Where we transfer personal data outside the United Kingdom, we do so only where appropriate safeguards are in place. These may include transfers to countries that the UK Government considers to provide an adequate level of protection, transfers under the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism. You can request further information about the safeguards used by contacting us at cs@payg8.com.

07 — Retention

How Long We Keep Your Personal Data

We keep personal data only for as long as is necessary for the purposes for which it was collected. In particular:

  • KYC, KYB, source-of-funds, transaction-monitoring, and related anti-financial-crime records are retained for at least five years after the end of our business relationship or the date of an occasional transaction, in accordance with the Money Laundering Regulations 2017.
  • General correspondence and enquiry data are retained for up to 24 months from the last meaningful interaction.
  • Marketing data is retained until you unsubscribe or for 5 years of inactivity, whichever is sooner.
  • Records may be kept for longer where required by law, by a competent authority, or to establish, exercise, or defend legal claims.
08 — Your Rights

Your Rights

Subject to the conditions and exceptions in applicable data-protection law, you have the right to:

  • be informed about how we use your personal data;
  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request erasure of your personal data in certain circumstances;
  • restrict the processing of your personal data in certain circumstances;
  • object to processing carried out on the basis of legitimate interests, and to direct marketing at any time;
  • data portability, where processing is based on consent or contract and is carried out by automated means;
  • withdraw your consent at any time, where processing is based on consent (without affecting the lawfulness of processing carried out before withdrawal).

To exercise any of these rights, please contact us at cs@payg8.com. We may need to verify your identity before responding. We will respond within one month, although we may extend this period by a further two months for complex requests.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk or 0303 123 1113. We would, however, appreciate the chance to deal with your concerns first.

09 — Cookies

Cookies and Similar Technologies

The Website uses cookies and similar technologies. A cookie is a small text file stored on your device. We use:

  • Strictly necessary cookies — required for the Website to function (no consent needed).
  • Analytics cookies — to understand how visitors use the Website (set only with your consent, where required).
  • Functional cookies — to remember your preferences (set only with your consent, where required).

You can manage your cookie preferences via the cookie banner shown on your first visit and via your browser settings.

10 — Security

Security

We use appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include access controls, encryption in transit, staff training, and supplier due diligence. No transmission over the internet or method of electronic storage is, however, completely secure, and we cannot guarantee absolute security.

11 — Automated Decisions

Automated Decision-Making

We do not use solely automated decision-making (decision-making without meaningful human involvement) that produces legal or similarly significant effects. Some screening tools (for example, sanctions or PEP screening) operate automatically, but any adverse decision based on a screening result is reviewed by a member of our team before being acted upon.

12 — Children

Children

The Website and our services are not directed at children under 18, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us at cs@payg8.com so we can take appropriate action.

13 — Changes

Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top shows when this Policy was last revised. Where changes are material, we will take additional steps to notify you (for example, by posting a notice on the Website or by email).

14 — Contact

Contact

If you have questions about this Policy or how we handle your personal data, please contact us at cs@payg8.com, or write to us at PAYG8 Ltd, 51 Moorgate, London, EC2R 6BH, United Kingdom.