The current Privacy Notice outlines how Maxpay collects, uses, stores, shares, and safeguards personal data, along with the privacy rights available to data subjects.
Please read this Privacy Notice carefully before registering, accessing, or using Maxpay products or services.
You should read and understand this Privacy Notice because it constitutes the core of our obligations to you when you use the Maxpay Website and access Maxpay products or services on behalf of your organization or when you provide your personal data to us.
You acknowledge that you have carefully read and understood this Privacy Notice by registering, accessing, or using Maxpay products or services.
Terms used in this Privacy Notice shall have the following meaning:
“Maxpay” means Maxpay Limited, a legal entity registered in Malta with registration number C 66555 whose registered office is at Avenue 77 Business Centre, Triq In-Negozju, Zone 3, Central Business District, Birkirkara, CBD 3010, Malta. “Maxpay” also covers affiliates and subsidiaries of Maxpay Limited. For the purposes of this Privacy Notice, “we”, “our” and “us” shall refer to Maxpay.
Our contacts
“Maxpay Platform” means internet-based software, API and other technologies allowing to obtain Maxpay products or services.
“Maxpay Services” means software and a service to process online credit and debit card payments, obtain and send payments through alternative payment methods as a gateway service provider and to fight fraud with the help of our anti-fraud solution.
“Maxpay Website” refers to the Maxpay website www.maxpay.com, including all its content and subdomains (e.g. Blog).
“You”, “your” and “yours” shall refer to any user of the Maxpay Website, Maxpay Platform or Maxpay Services. For the purpose of clarity, if you are acting on behalf of your organization (merchant) that uses Maxpay Services, this Privacy Notice shall apply to you as the officer or other representative of such organization.
“End-user” means an individual who purchases goods or services from your organization.
“Data” means data and/or information submitted by you through the Maxpay Website, Maxpay Platform or APIs to us, including the End-users’ personal data.
“Personal data” is used to depict information that can be linked to a specific person and thus be used to identify that very person. Information that has been made anonymous is not considered to be personal data.
Maxpay as data controller
You should be aware that when we collect personal data of officers or other representatives of your organization, we act as a data controller, and we are subject to the controller’s rights and obligations under applicable data protection laws, rules, and regulations.
Maxpay also acts as a data controller when we process personal data of Maxpay Website visitors in the form of cookies and other similar technologies. We process personal data of Maxpay Website visitors for the website experience improvement, management of our advertising campaign and monitoring conversion results.
Maxpay as data processor
By providing your organization with Maxpay Services, we act as a data processor, and your organization acts as data controller in the meaning given by the General Data Protection Regulation (GDPR). In this case, we process data of your organization only to provide it and its End-users with Maxpay Services and only on the relevant documented instructions. Your organization, as data controller, shall comply with all applicable data protection laws, rules, and regulations. Privacy notice of your organization shall duly disclose its data practices, including using third-party service providers for gateway services and/or detection and prevention of fraud.
When your organization acts as a data controller, it shall have a valid legal basis, including prior consent from your End-users to collect, use and process their personal data by Maxpay, including consent to transfer personal data to third countries by Maxpay. This may include obtaining prior consent from End-users. If your organization discloses personal data without its End-user’s proper consent or other legal basis, it is responsible for that unauthorized disclosure.
As a data controller, to the extent that your organization processes End-user’s personal data, it may be required under privacy laws to honor requests for data access, portability, correction, deletion, and objections to processing. In case a data subject directly contacts us with a request to exercise their individual rights under GDPR or with another claim on data protection, we will direct such data subject to your organization as data controller. Nevertheless, we will assist it by providing all necessary information or by other means envisaged by applicable law.
Starting to use Maxpay Services, your organization provides us with Data about the End-users. Your organization can decide what types or formats of Data to send to Maxpay for analysis. Your organization may send the End-user’s Data, such as email address …
Furthermore, in case you access or use the Maxpay Platform, the following types of data might be gathered: your company name, phone number, e-mail, and name of contact person. It is used to maintain permanent communication with you and to send you legal and information notices.
When you visit the Maxpay Website or use Maxpay Services on behalf of your organization, we gather information provided by your computer, mobile phone, or other devices. This info includes your IP address, user name, referrer details, and device details (“Technical information”). We process this information in order to protect users’ data and accounts inside the Maxpay Platform, as well as to improve services and user experience.
Note that we also gather information about your activities on the Maxpay Platform or Maxpay merchant portal and process your user ID, login, email, phone number, locale, and timezone for access to merchant portal functionality (“Access information”).
In case you access your Maxpay account or use any of Maxpay Services on behalf of your organization as its officer or other representative, the following types of data might be gathered:
We do not collect any extra data, but only that which is necessary for the purpose of providing Maxpay Services to your organization or fulfilling our legal obligations.
Please note that the provision of your personal data is voluntary. In most cases, if you do not provide the requested information, Maxpay will not be able to provide the requested service to your organization, e.g. our support cannot reach your organization in case of a security incident without collecting your contact details.
Cookies. When you visit the Maxpay Website or Maxpay Platform, a small cookie file might be placed on your computer or mobile device. For the purpose of clarity, only necessary cookies used to ensure proper operation of the Maxpay Website are always active. To install performance and/or marketing cookies on your device, we will ask for your explicit consent. We analyze data from cookies and use it to improve the quality of our services, track your activities with Maxpay, and keep your account safe. Learn more about cookies and other similar technologies that we use from our Cookie Policy, which is integrated in and shall be read in conjunction with this Privacy Notice.
The Data is collected for Maxpay to provide high-quality services to your organization, to ensure maintenance of contractual and legal requirements, performance of a contract, notify your organization, and protect security and privacy.
In particular, the personal data we process may be used for the following purposes:
Your personal data is not used for any additional purposes not mentioned in this Privacy Notice, Cookie Policy integrated herein or the contract between Maxpay and your organization.
Our legal basis for collecting and using personal data depends on the type of personal information collected and the specific context in which we collect it.
We process your personal data when it is necessary to fulfill a B2B services agreement with Maxpay. This includes:
Maxpay does not use personal data processed under a contract for the purposes of marketing and advertising without establishing your prior consent.
We process your personal data on the basis of our legitimate interests, provided that such processing shall not outweigh your rights and freedoms. We rely on this legal basis when we carry out procedures that are part of our Services or which are transparent, expectable and are a stable business practice. For example, to:
We will also process your data on the basis of our legitimate interest, where the processing of personal data is strictly necessary and proportionate for the purposes of ensuring network and information security.
If we process your information based on our legitimate interests as explained above, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Please note that the right to object does not apply if data processing is necessary for the performance of a contract or to comply with a legal obligation.
We are entitled to process your data on the basis of legal obligation where it is necessary for compliance with a legal or regulatory obligation that we are subject to, including without limitation regulations on prevention of the money laundering and funding of terrorism and other fraud and crime prevention laws and regulations (including Regulation 13 of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01), Article 40 of Directive (EU) 2015/849). On this basis, we may process your contact information (email, phone number, address), details of your ID, and financial information such as bank account number or e-wallet ID. We are processing your data in order to conduct risk management on various stages of using Maxpay Services and to conduct fraud prevention in the course of merchant onboarding and its business activity.
Please note that where you are acting on behalf of your organization in order for it to use Maxpay Services, you will need to provide us with the above information. Otherwise, we may not be able to provide the requested service to your organization.
We can request from you a consent for data processing when we are required to do so by law or when we do not have another legal basis for processing of your data.
For example, we rely on your consent when installing and using cookies as detailed in our Cookie Policy. Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time.
We warrant and represent that Maxpay has implemented the technical and organizational security measures and technological development to ensure an appropriate level of security of personal data. Your data is protected by the means of physical, technical, and administrative resources to lower the risks of loss, misuse, unauthorized entry, disclosure, or alteration by a third party. To keep your data safe, we apply data encryption protection and an authorization control system, just to name a few.
Maxpay is PCI DSS 1 V 4.0 certified. It means that when we act as a data processor in relation to personal data of the End-users of your organization in the course of providing Maxpay Services, we maintain all required technology, methods, and business processes to protect cardholder data, and also use such technology and methods as regards the security of your personal data.
We monitor our systems 24/7, and our staff is always ready to respond to your notifications and queries within a short time.
When Maxpay acts as a data processor on behalf of your organization, our specific obligations, including sub-processing, breach notification, and assistance with data subject requests, are strictly governed by the Data Processing Agreement (DPA) executed between Maxpay and your organization.
To ensure the security of your data and the data of the End-users of your organization, you shall also maintain the confidentiality of your password from the Maxpay account. You are recommended to sign out of the Maxpay account when you have finished working with it. In any case, responsibility for any loss of passwords and misuse of the Maxpay account by third parties lies with you and your organization.
Maxpay warrants that it will not share or disclose your personal data or the data of the End-users of your organization to any third party, except as specified in this Privacy Notice, our Cookie Policy, the contract between Maxpay and your organization, or where there is a legal requirement for data transfer.
You should be aware that if you provide your consent to third-party cookies, this data will be transferred to the respective service providers, as detailed in our Cookie Policy integrated herein.
Maxpay, during its business activity, is entitled to transfer personal data to third parties who may use such information only for the limited purpose of providing services to clients and who are obligated to keep the information confidential. These persons include our professional advisers and contractors (such as lawyers, accountants, auditors, IT consultants, management consultants, and bank acquirers), who are under a professional and contractual obligation to maintain confidentiality. It is our responsibility to ensure that the data we share is compliant with the conditions of processing and is shared securely. For the purpose of clarity, Maxpay's cooperation with its advisers and contractors is based on the service agreements that contain a data protection section and confidentiality obligations.
Maxpay may disclose your personal data or data of End-users in response to requests from courts or other government bodies to comply with legal obligations or to protect our rights. However, Maxpay will consult with you or your organization before making any disclosures of such personal data, unless prohibited by the specific request or if your organization has previously authorized such disclosures in the contract. Maxpay will reject any requests that are not legally binding.
If your organization transfers to us any personal data of its End-users, officers, representatives or any other natural persons, it shall be obliged to obtain prior consent or have other legal grounds for the collection, retention, use and processing of data and for transferring it to Maxpay. Your organization shall ensure the security of the data it transfers to Maxpay.
As a data controller, to the extent that your organization processes End-users’ personal data, it is required under privacy laws to honor End-users’ requests for data access, portability, correction, deletion, and objections to processing. In case a data subject directly contacts us with a request to exercise their individual rights under GDPR or with another claim on data protection, we will direct such data subject to your organization as data controller. Nevertheless, we will assist it by providing all necessary information or by other means envisaged by applicable law.
Your organization assumes full liability for failures to meet the GDPR in cases when it is envisaged by this Privacy Notice or the GDPR.
We store your data for as long as it is reasonably necessary for the limited purpose of providing Maxpay Services and complying with the applicable laws and regulations, in particular:
Please also note that we will protect the confidentiality of the personal data during the entire retention period and will not actively process the personal data if such processing is not necessary anymore.
When we act as a data controller, you have the following rights for personal data that we have about you:
The right to access any personal data that Maxpay processes about you. You can also obtain a copy of the personal data we retain about you.
You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Maxpay Services). Nevertheless, we may be obliged to store your data longer for the purpose of compliance with the Card Schemes Rules, for taxation, accounting, and other purposes envisaged by applicable law. Considering that fraudsters may use such an opportunity, we have to properly authenticate you before we fulfil your request to delete or erase data.
You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate. If you identify any discrepancies in your personal data, please contact us so that we can correct them promptly. Maxpay strives to ensure that the personal data we collect is accurate, complete, and up-to-date.
You have the right to data portability, meaning you can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transmitted directly to another controller.
Maxpay Platform users may simply log in to their account and change profile settings at once. If the type of data you want to update or edit is not visible or editable in your profile settings, you can contact us and request that we update or edit the relevant data.
We implement mechanisms, such as automated data integrity checks, to minimize any inaccuracies in the personal data we process.
If your personal data was transferred to third-party data processors, they will be notified of any editing or deletion of your personal data.
To make a request or ask about your rights, please contact us using the contact information above.
You shall also have the right to lodge a complaint with the local data protection authority in Malta. Contact details of the Information and Data Protection Commissioner can be found under the following link: https://idpc.org.mt/
For the purpose of providing your organization with Maxpay Services, we may engage third-party service providers outside the EU. For example, we may share your personal data or data of End-users with Maxpay contractors in Ukraine that provide services to us, including billing, payment processing, customer support, marketing, security and performance monitoring, maintaining or servicing accounts, processing or fulfilling orders and transactions, verifying customer information, and data processing. We may also share personal data of End-users with the Maxpay service providers based in the USA. In addition, we may transfer your data to the USA if you give us your consent to third-party cookies, as detailed in our Cookie Policy.
Data protection laws in third countries may differ from EU laws, and there is currently no adequacy decision from the European Commission for Ukraine. For transfers to the USA, we rely on the EU-US Data Privacy Framework or other approved safeguards. Before transferring your data outside the EU, we will ensure compliance with relevant data protection laws and internal policies to protect your personal data. In the absence of an adequacy decision or applicable framework, we use European Commission-approved Standard Contractual Clauses, which are binding commitments by the data importer to safeguard the privacy and security of personal data. The last edition of the Standard Contractual Clauses is available under the following link:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN
You shall have the right to request from us a list of service providers to whom we transfer your data outside the EU.
When your organization acts as a data controller, it shall inform the End-users about the risks of cross-border transfers and obtain their consent or have other legal grounds for that.
You should be aware that we do not make automated decisions regarding you based on your personal data. All decisions regarding you using your personal data are made manually. In addition, please note that Maxpay does not make automated profiling based on your data. At the same time, such profiling can be made by our third-party service providers specified in the Cookie Policy, to which we transfer your data if you provide your consent to third-party cookies.
We can amend this Privacy Notice at any time by the means of publishing a revised edition on the Maxpay Website. If you are a user of the Maxpay Platform or Maxpay Services, you will be notified of any substantial changes. The revised version will be in effect immediately and will be noted by an updated date at the end of this Privacy Notice. Your organization is entitled to terminate the agreement with Maxpay if it does not agree to any changes. By continuing to use Maxpay Services, you accept the changes.
We ensure that we have all the necessary technologies and methods to prevent, detect, and investigate a personal data breach. In case of any data breach (including any unauthorized or accidental access), we will make our best efforts to send a notification of becoming aware of the breach as soon as possible. If your Personal Data was transferred to third-party data processors, they will be notified of a data breach as well.
Please feel free to contact our Data Protection Officer at dpo@maxpay.com to exercise any right you have as a data subject, raise a complaint, or ask any other questions regarding data processing.
Privacy Notice last modified on 26 March 2026
Maxpay uses cookies and other similar technologies to improve your interaction with Maxpay site, to analyse how you are using it, and to customise our advertisements.
Learn more about cookies in our Cookie Policy.
Clicking on ‘Accept All’ you give consent to install and store all essential and non-essential cookies on your device.
To change your cookie preferences, go to ‘Cookie Settings’
We use cookies and other similar technologies to measure how Maxpay site is used, to collect statistical information, and to personalise and show ads tailored to your interests.
Essential cookies ensure proper operation of Maxpay site. These cookies are always active. To disable essential cookies, go to your browser settings, but this may affect the functionality of Maxpay site or some of its features.
Statistics and advertising cookies allow to analyse the browsing experience of Maxpay users and traffic to Maxpay site, assist us in our advertising campaigns. We may use third-party solutions for these purposes, such as Hotjar, Google Analytics, and Google Ads. Maxpay site, services, and products may be also advertised on third-party websites including social media. To enable advertising features in such a case we use cookies and other similar technologies of third parties on our site.
Learn more about Maxpay and third-party cookies in our Cookie Policy.
Checking the boxes below, you give consent to install and store relevant cookies on your device. No cookies will be placed on your device (except essential) unless you tick the boxes.
To customize or disable cookies follow the instructions of our Cookie Policy.