Version 3.2 – April 2025

This Privacy Notice explains how we process your Personal Data when you engage with our services, whether by browsing our website or mobile application, completing transactions or interacting with us in any other way. It also details how we may share your Personal Data with third parties and the safeguards we have implemented to protect your information.

References to “we,” “us,” and “our” in this Privacy Notice refer to “Euronet Merchant Services Payment Institution Single Member S.A.” hereinafter referred to as epay, a segment of the Euronet Worldwide group of companies. The specific legal entity acting as the Data Controller is listed in the Our Companies section.

To reach the Privacy Department or the Data Protection Officer (DPO)

• Email: dpo@euronetworldwide.com
• Postal mail: DPO, Calle Cantabria 2, 2-A Alcobendas Madrid, Spain

We recommend reviewing this Privacy Notice regularly for updates, which will be posted on our Website/App. Where local laws require additional information, these are provided in the Regional Privacy Notices section.

1. Asked Questions (FAQs)

What Personal Data do we collect?

We only collect the Personal Data necessary to provide our services and comply with legal obligations. The specific categories of Personal Data collected may vary depending on the service or interaction.

From where do we obtain your data?

We collect Personal Data mainly from you, when you interact with our company and services. However, we may collect additional data to fulfil our obligations from other sources.

Why do we collect Personal Data?

We collect Personal Data to comply with our obligations with you and to comply with our legal obligations. We process your Personal Data to ensure the delivery and security of our services and/or improve our operations. Whenever we process your Personal Data for additional purposes, we will make sure to inform you and, when necessary, gather your consent.

For how long do we retain Personal Data?

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including the provision of services, compliance with legal obligations, or the exercise or defense of legal claims. Once Personal Data is no longer required, we securely delete or anonymize it in accordance with applicable laws.

With whom do we share Personal Data?

We may share Personal Data with Euronet Group companies, legal authorities, and selected third parties/partners when required to meet regulatory standards or fulfill contractual commitments.

Where is Personal Data stored?

We store Personal Data in secure facilities with stringent security controls. Any international transfer of Personal Data complies with all legal obligations and maintains the highest security standards.

What are your rights regarding Personal Data?

Depending on your location, you may have specific rights concerning your Personal Data under applicable laws. Common rights are described under the section “Your Rights”.

2.Notice to Website visitors

By visiting or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice. 

To the extent this Website allows access to other websites owned and operated by third parties, please note that this Privacy Notice will not apply to such websites, and thus, we will not be held responsible for the protection of personal data processed by these third parties. 

What Type of Personal Data Do We Collect?

The categories, purposes, and legal bases for collecting and processing your Personal Data when you visit and/or use our Website are listed below. Where the collection and processing of Personal Data is based on your consent, you may withdraw your consent at any time. 

Identification and contact data

This may include name, email, phone number, address, title, and other contact details. It may also include data you voluntarily provide during chats, calls, or written correspondence.

Purposes and Legal Basis for Processing

• Service Provision: To manage your online inquiry via the Website form (i.e. registering your inquiry, contacting you, processing and responding to your inquiry)This processing is carried out based on our pre-contractual and/or contractual obligations.
• Legal Claims and Archiving: To pursue any legal claims, as well as for archival purposes related to this purpose, including securing information in the event of the need to prove facts, when necessary to protect our legitimate interests.
• Marketing: To provide advertising and marketing, including measuring the impact of our emails, based on your consent.
• Giveaway Participation: To manage your participation in events or giveaways, based on your consent.
• Regulatory Compliance: To comply with applicable laws, regulatory obligations, and decisions by competent authorities. This processing is required to meet our legal obligations.

Behavioral and Technical Information

Information collected through cookies or other tracking technologies such as IP address, network activity, browsing behavior, browser type, time zone, screen resolution, plug-ins, operating system, device signature, and technical characteristics.  

 For more information, please read our Cookie Policy. 

Purposes and Legal Basis for Processing

• Website Security and Integrity: To ensure the efficient operation, management, safety and security of our Website. Please note that, amongst other safeguards, we have tools to protect our Website for the purposes of fraud prevention and security controls. This processing is based on our legitimate interest.
• Website Maintenance and Improvement: To undertake activities to verify or maintain the quality of the Website, and to improve, upgrade, or enhance the Website, including to administer the Website for internal operations, such as troubleshooting, data analysis, testing, research, statistical and survey purposes. This processing is based on our legitimate interest.
• Usability Tracking and Testing: To track detailed user activity across the Website or other platforms (e.g. which buttons are clicked, how far pages are scrolled, etc.). These tools allow us to understand how visitors interact with our content and features, enabling us to test improvements and optimize usability. This tracking is cookie-based and implemented under our legitimate interest in improving our services and user experience. Where required by applicable law, we obtain your consent before activating such tracking technologies.
• Personalization: To measure and evaluate your behavior using automated processing to provide you with a more personalized Service. This processing activity is based on your consent.

Location Data

• Service provision: We may collect information about your location when you visit our Website. This does not include your exact location. This information is processed based on our legal obligations.
• Nearby Locations: We may collect information about your location when you visit our Website to show you our nearest locations. This information is based on your consent.

Non-identifiable Data

Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“Non-identifiable Data”). This Non-identifiable Data may be used to improve our internal processes or delivery of services, without further notice to you. We may use aggregate data for a variety of purposes, including analyzing, evaluating and improving our Website and its content. 

3.Notice to Merchants

This Privacy Notice applies to individuals and representatives involved in a business relationship with us, when you apply or become our merchant (“Merchants”).

What Type of Personal Data Do We Collect?

Identifiers or identification data

The Personal Data we collect from you may include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, gender, images, signature, passport/visa details, voice recording, official credentials, and its image capture. We may also collect data obtained from third parties, such as those collected in the context of a credit worthiness check.

Purposes and Legal Basis for Processing:

• Services Provision: To provide the requested services. This processing is required to fulfil our contractual obligations.
• Company Representation: To represent the company in matters of legal requirement (contracts, negotiations). This processing is required to fulfil our contractual obligations.
• Operational Support: To provide support to operations. This processing is based on our legitimate interest.
• Giveaway Participation: To enable your participation in events organized by us or in a specific giveaway. This processing is based on your consent.
• Regulatory Compliance: To meet our legal obligations related to documentation and communication retention. We keep correspondence including emails, faxes, and any kind of electronic communication, together with any records of the customer’s account. We also keep customer service letters and other communications between us and any Euronet Group company as well as our partners and suppliers. This processing is based on our legal obligations.
• Account Management: To manage your account(s), including registration, access to services and tools, administration, maintenance, support and servicing. This processing is required to fulfil our contractual obligations.
• Marketing: To provide advertising and marketing. This processing is based on your consent.
• Criminal records: This processing is based on our legitimate interest or, where required by local regulations, to comply with legal obligations.
• Credit checks: This processing is based on our legitimate interest or, where required by local regulations, to comply with legal obligations.
• Market research & consumer feedback: To analyse any information that you voluntarily share with us about your experience of using our products and services. This processing is based on consent.

• Record of Conversations: We will monitor and record (via automated means or transcripts) our telephone calls, emails, and chat conversations with you, on any platform, to confirm the instructions provided to us. This is based on our legitimate interest.

Financial Details and Professional or Employment-related Information

We collect your personal financial data when you register to use our Services. We collect financial data such as bank account information, financial statements, transfer reason, occupation (professional or employment-related information), or other documentation to demonstrate the source of funds you wish to transfer (similar to salary slips), in order to provide you with our Services.

Purposes and Legal Basis for Processing:

• Supply/Performance of Services: This processing is required to fulfil our contractual obligations.
• Anti-Money Laundering: This processing is based on our legal obligations.
• Anti-Terrorist Financing and Criminal Activity: This processing is based on our legal obligations.
• Account Management: This processing is required to fulfil our contractual obligations.

• Credit checks: This processing is based on our legitimate interest or, where required by local regulations, to comply with legal obligations.
• Regulatory Compliance: To meet our legal obligations.

Audio surveillance

We may collect images and audio/voice recordings.

Purposes and Legal Basis for Processing:

• Security: To maintain the safety of our Services, we may use CCTV to ensure customer safety in our stores or offices. This processing activity is based on our legitimate interest or, where required by local regulations, to comply with legal obligations.

Non-Identifiable Data

Whenever possible, we use data that does not directly identify you (such as anonymous demographic and usage data), rather than Personal Data (“Non-Identifiable Data”).

Purposes:

• Internal Improvement: This Non-Identifiable Data may be used to improve our internal processes or the delivery of services, without further notice to you.
• Service Evaluation: We may use aggregate data to analyze, evaluate, and improve our Services.

4.Notice to Cardholders for Card Transactions (e-Commerce and Physical Point of Sale/POS)

Who is responsible for the processing of the cardholder data?

Depending on the context of the service, we may act either as a Processor or as a Controller of your Personal Data. This section clarifies the nature of our role in each case, in line with applicable data protection regulations.

Our role as Processors

In certain cases, we operate on behalf of licensed financial institutions. In such instances, these entities act as the data Controllers, and we act as their data Processor. For more information, please refer to your bank.

Our role as Controllers

In certain countries, we are a payment service provider authorized and regulated to offer acquiring services to our merchants (our customers) across borders. These services involve accepting payments on behalf of our merchants — whether in an e-commerce environment, at a physical store, or through an automated self-service machine — and transferring the corresponding funds to the merchant’s payment account.

We process your Personal Data with the utmost care and in compliance with applicable laws, regulations, and standards.

What Type of Personal Data Do We Collect?

The categories, sources, and purposes for collecting Personal Data are outlined below. If you do not provide accurate Personal Data, we may be unable to deliver our services effectively. Where Personal Data collection is based on your consent, you can withdraw that consent at any time.

Cardholder and Transaction data

When you use our Point-of-sale devices or our epay e-Commerce platform to pay with your card, either branded as epay, or branded with a third-party image but operated under our financial license. We will process the following information:

• Personal Details: in case of an online payment (your name, address and, in rare cases, your ID information were required by law).  As part of the online payment process on epay eCommerce platform, we may collect the cardholder’s name and email address in accordance with the Card Schemes’ guidelines and applicable data protection regulations, including GDPR. This information is requested to enhance transaction security and support authentication processes.

While these fields are optional, the cardholder has the choice to provide or decline this information or not. In situations where the cardholder’s name and email are already available, these fields may be pre-filled to streamline the transaction process, ensuring a smoother and more efficient experience. In case the cardholder does not wish to provide them, he/she has the option to delete them.

• Card Data: information stored on your card, including short bank code, card expiration date (month and year), and card sequence number. This data is encrypted and processed in compliance with applicable regulations.
• Additional Payment Data: transaction amount, transaction status, date and time, payment terminal ID (merchant location, company name, and branch where you are making the payment), your signature where applicable.  
• Information about an outstanding claim:g., your name, address, bank fees, reminder fees, reason for the direct debit return, customer number with your contracting party (but never the content of your purchases). 

Purpose and Legal Basis for Processing:

• Service Provision: To provide acquiring services to our merchants. This processing is based on our legitimate interest.
• Archiving and Retention: To retain documents and records as required by law. This is processed based on our legal obligations.
• Fraud Prevention: To prevent misuse of cards and limit the risk of payment defaults. This processing is based on our legitimate interest.
• Secure Data Transmission: To ensure secure communication of your data in accordance with applicable regulations. This is processed based on our legal obligations.
• Risk Management: To prevent future payment defaults. This processing is based on our legitimate interest.
• Regulatory Compliance: To comply with our legal obligations under the applicable legislative and regulatory framework, as well as with the decisions of the competent courts or supervisory authorities. This is processed based on our legal obligations.
• Legal Claims and Disputes: To protect our legal rights in connection with legal claims where processing of your information is required. This processing is based on our legitimate interest.

5.Where do we obtain your Personal Data?

We collect Personal Data mainly from you when you interact with our company and services. However, we may collect additional data from the following sources:

• Passive collection on our websites, including information about your page clicks, time spent, and other automatically gathered metadata.
• Advertising networks and social media platforms.
• Service providers, including but not limited to data analytics providers, internet service providers, operating systems and platforms, and other third parties that support the delivery, operation, security or analysis of our services.
• Other Parties such as government databases, business partners and third-party sources

Personal Data Collected from Other Parties

We may collect your Personal Data from other sources, depending on the service and local legal requirements. These third-party sources include:

Authorities and Public Records

We may obtain Personal Data from public record sources (such as federal, state, or local government organizations) in order to comply with legal obligations and ensure the accuracy of the information we hold.

Purposes for Processing:

• Identification purposes: We may check the Personal Data you have provided us with our third parties to make sure your identity matches the information you have provided us. The legal basis for this processing is our legal obligation.
• Fraud prevention: We may compare data collected from you with data provided by third parties for fraud prevention, including impersonation, misuse of services, or other suspicious activity.

Business Partners and Other Third Parties

We may also obtain your Personal Data (such as name, email, phone number, employer) from our business partners and other third parties. Any Personal Data obtained from these sources is processed only for specific legitimate purposes and in accordance with applicable data protection laws. These parties are responsible for collecting your consent when sharing your Personal Data with us, if applicable. However, if you believe we should not have your Personal Data, you can request your deletion at dpo@euronetworldwide.com. 

Purposes for Processing:

• Service delivery and support: We may process your data to ensure we can provide you with seamless experience, especially when our services are offered through our business partners and clients as part of integrated or partner-branded solutions.
• Promotion of our services: To provide you with information about our products or services, where permitted by law and based on your consent, if required.
• Business Development: To maintain and develop business relationships and ensuring relevant and accurate communication with potential and existing business partners. This processing is based on consent.

If we process any additional data obtained from a third party, we will inform you as soon as possible and obtain your consent where required by applicable law.

6.How Long We Keep Personal Data

We retain Personal Data only as long as necessary to provide requested services and to meet legal, accounting, and reporting obligations. The retention period is determined by specific requirements and may include:

• Customer Service and Contractual Relationship: We retain your Personal Data while you remain our customer. When our contractual relationship concludes, we restrict your data to ensure it is only accessible to comply with legal requirements.

• Marketing: We will process your Personal Data for marketing purposes unless you have opted out, as described in this Privacy Notice, or until we become aware that you are no longer interested, or that your data is no longer accurate.
• Legal and Regulatory Requirements: We keep your Personal Data as long as needed to comply with all applicable legal obligations, including commercial, tax, and anti-money laundering regulations. During this period, your Personal Data is restricted to prevent use for any other purpose and will be accessed only when necessary to fulfill these obligations.

Please note that if you request data deletion we may still be required to retain some of it to comply with our legal obligations. The information retained will only be accessible by limited personnel to comply with any legal requirement and will be dully deleted after the obligation is due.

7.Do We Disclose Personal Data?

Euronet Group Affiliates

We may disclose Personal Data to Euronet and its affiliated companies for everyday business purposes and fulfil compliance obligations within the Group.

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details, Behavioral and Technical Data.

Purpose: Sharing data with affiliates for customer service, compliance, and daily business functions. This may include 24/7 customer support requiring data access across Euronet Group affiliates.

In the event of a sale, acquisition, merger, or reorganization involving Euronet or any company within the Euronet Group, we may transfer Personal Data to third parties, ensuring appropriate protection measures.

This processing is carried out to comply with legal obligations and/or to perform contractual obligations, as applicable.

Third-Party Service Providers

We may share certain Personal Data with third-party service providers to support compliance verification, service delivery, and marketing efforts.

Types of Personal Data: Identification and Biometric Data, Financial Details, Contact Details, Transactional, Behavioral, and Technical Data.

Purpose

• Compliance and Fraud Prevention: Personal Data may be shared with verification and analytics providers to fulfill regulatory obligations and mitigate risk (e.g., to verify customer data or detect suspicious activity).  This processing is carried out to comply with our legal obligations or, where applicable, based on your consent.
• Service Delivery: Our Partners and third parties, such as agents and correspondents, may access Personal Data to assist in delivering services. This processing is based on our contractual obligation.
• Marketing: Advertising networks and social media platforms may receive data to deliver personalized ads and adapt to user preferences. This processing is based on your consent.

Note: The definition and scope of “third-party service providers” may vary based on country regulations.

Authorities

We may be required to disclose your Personal Data, including Sensitive Personal Data, to legal or regulatory authorities for compliance, to enforce agreements, or to fulfill legal requests.

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details.

Purpose: To comply with applicable laws, respond to binding requests from public authorities, support investigations, or fulfill obligations related to the processing of financial transactions. This processing is based on our legal obligations.

Partners

Personal Data may be shared with strategic partners when necessary to deliver our services or to ensure they comply with their legal obligations.

Types of Personal Data: Identification Data, Transactional Data, Financial Details.

Purpose and Legal Basis for Processing

• Purpose: Service provision in collaboration with strategic partners. This is carried out as part of our contractual obligations.
• Regulatory Compliance: To help our partners comply with legal or regulatory requirements applicable to them. This processing is based on legal obligations.
• Operational Efficiency and Risk Management: To support secure and seamless service delivery across different partners or service providers, or to prevent abuse or misuse of our services. This processing is based on our legitimate interests.

Professional Partners

We may disclose Personal Data to professional advisors, including lawyers, consultants, auditors, or accountants, to fulfill our legal and business obligations.

Types of Personal Data, Identification Data, Video Surveillance, Transactional Data, Financial Details. (Legal obligation and Legitimate interest)

 Credit Worthiness Assessments

This section applies only if you have applied or contracted with us for the provision of merchant acquiring services.

We may access your Personal Data through third-party systems for the purpose of evaluating your creditworthiness and transaction risk. This includes two specialized providers:

Bank Information Systems S.A. (trade name: Tiresias S.A.), with an address at 2, Alamanas Street, 151 25 Marousi, Athens, Greece (‘’Tiresias’’):

For the purpose of assessing and/or re-evaluating the underlying transaction/credit risk in the context of the potential transaction or current contract between you and us, whether that is for a fixed or indefinite period, for as long as such relationship exists, at our discretion, we will access and conduct searches of Tiresias’ TSEK system (‘’Risk Control Record’’ or ‘’TSEK System’’) which contains your Personal Data and other information listed below. Further, in accordance with decision 186/2014 of the Hellenic Data Protection Authority (‘HDPA’), we act as the Processor on behalf of Tiresias, who is the Controller, for the purpose of informing you of the collection and processing of your Personal Data and the exercise of your associated rights.

Purposes and Legal Basis for Processing:

• Ensuring commercial loyalty, reliability and security of transactions and the exercise of the rights of economic freedom and freedom of information by enabling us to assess or re-evaluate the solvency of its counterparties, and particularly the transaction credit risk undertaken in the course of business undertaken. This processing is based on our legitimate interest.

Types of Data Accessed:

• Uncovered checks;
• Unpaid, upon maturity, bills of exchange and promissory notes;
• Applications for bankruptcy – Decisions rejecting applications for bankruptcy because of the lack of sufficient assets of the debtor;
• Conciliation/resolution requests and decisions (Article 99 et seq. of the Bankruptcy Code);
• Declared bankruptcies;
• Payment Orders and Orders for the surrender of leaseholds,
• Auctions of real estate and movable property;
• Mortgages, conversion of prenotations of mortgage to mortgages and mortgage prenotations;
• Seizures of real estate and checks based on N.D. 17.7/13.8.1923;
• Petitions and decisions for judicial settlement of debts of Law 3869/2010;
• Company data from the Official Government Gazette and the General Commercial Register.

Data Retention:

The data extracted from Tiresias shall be destroyed after the end of the transaction in connection with which it was extracted. We also keep a record of all written notifications we provide for and on behalf of Tiresias. Such record of notifications will be passed on to Tiresias. However, in order to comply with our legal obligations, such record of notifications of data subjects kept by us on behalf of Tiresias, will be kept for 5 years from the end of the transaction/contract under which it was acquired.

Your Rights:

You have the right of access, correction, deletion, restriction of processing, opposition, complaint to the HDPA and non-transmission, in accordance with the applicable legislation on the protection of personal data, and you may exercise these rights in writing (and by electronic means) at www.tiresias.gr

Tiresias has the right, as applicable in each case, to refuse your request if the processing or the maintenance of a record of the data is necessary according to the law or if there is an overriding legitimate interest of Tiresias or its authorized recipient, or for the purpose of establishing, exercising or upholding its legal rights or fulfilling its obligations. However, in any case, if you so wish, Tiresias may stop transmitting your data to all the companies-recipients of the TSEK System, and shall transmit thereafter a relevant indication (transmission ban), which will not apply to Official Government Gazette and General Commercial Register data (such data will continue to be transmitted), and will be assessed by each recipient at its discretion. In case you exercise the right not to transmit to us, or you object to access by Us to the TSEK System, We are directly obliged to stop access to Your data and inform Tiresias accordingly. In case You exercise the right to limit processing, Tiresias temporarily ceases to transmit the data and in its place it transmits the indication “Has exerted a restriction of processing for the data”, an indication that is assessed freely by the recipients. You may freely revoke Your request for non-transmission or restricted processing at any time by a relevant submission only to Tiresias. The exercise of these rights shall be effective for the future and shall not concern data processing already carried out.

For any additional information regarding the processing made by Tiresias, You can visit the Tiresias website at  www.tiresias.gr

ICAP CRIF S.A., with an address at 2, El. Venizelou Ave., Kallithea, 17676, Athens, Greece (‘’ICAP’’):

For the purpose of assessing and/or re-evaluating the underlying transaction/credit risk in the context of the potential transaction or current contract between You and Us, whether that is for a fixed or indefinite period, for as long as this relationship exists, at Our discretion, we will access and conduct searches of ICAP’s system which contains Your Personal Data and other information.

Purposes and Legal Basis for Processing:

• Ensuring commercial loyalty, reliability and security of transactions and the exercise of the rights of economic freedom and freedom of information by enabling us to assess or re-evaluate the solvency of its counterparties, and particularly the transaction credit risk undertaken in the course of business undertaken. This processing is based on our legitimate interest.

8.Legitimate Interest

When we use your Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect your rights. You may request information on any processing based on legitimate interest.

9.International Transfers

We are a global company with global operations, partners and suppliers. Where it is necessary for the efficient and effective performance of a business transaction or the fulfilment of one of the uses of Personal Data outlined above, we may need to transfer your Personal Data, from the country of collection to other countries, which may have data protection laws that are different from the laws where you live. When such transfer is required, we implement appropriate safeguards to ensure it receives the same level of protection and the transfer is done according to our legal obligations.

10.Personal Data of Minors

We do not provide services directly to minors, as defined by applicable local legislation, or proactively collect their personal information. If you are considered a minor under your local laws, ensure to have the necessary authorizations from your legal guardian to use the Sites or Offerings or share personal data with us.

If you learn that a minor has unlawfully provided us personal data, please contact us at dpo@euronetworldwide.com. 

11.Security

We are dedicated to safeguarding your Personal Data and have implemented robust, commercially reasonable security measures to prevent its loss, misuse, or unauthorized alteration. We continuously work to protect your data in line with international best practices by applying rigorous physical, electronic, and managerial safeguards.

To prevent unauthorized access, we employ advanced physical and organizational security measures that are regularly updated to ensure the highest level of protection while maintaining cost efficiency. All Personal Data is stored in secure locations, protected by firewalls and other sophisticated security systems with restricted administrative access.

Our personnel, as well as all activities related to your Personal Data, are governed by strict confidentiality agreements that enforce compliance with our organization’s Privacy Policy.

Our goal is to uphold the highest standards of data protection by industry-leading practices that safeguard your privacy.

12.Accuracy of Personal Data 

We are committed to keeping your Personal Data accurate and up to date. We take reasonable steps to ensure the accuracy of your Personal Data by ensuring that the latest Personal Data we have received is accurately recorded and when considered necessary, we run periodic checks and request that you update your Personal Data.

You may request a correction or update to your Personal Data if it is inaccurate, as outlined in the Your Rights section below.

13.Your Rights

To exercise any of your rights, please email us at dpo@euronetworldwide.com. To safeguard your privacy and maintain security, we may ask you to verify your identity and provide additional information.

Depending on your location, your rights concerning Personal Data under applicable laws may include:

1. Right to Know: You have the right to know what Personal Data is collected, sold, or shared, and with whom.
2. Right to Access: You may request access to a copy of your Personal Data.
3. Right to Correct: You can request corrections to inaccuracies in your Personal Data.
4. Right to Delete: You may request deletion of your Personal Data under certain conditions.
5. Opt-Out Rights:
   • You may opt-out of the processing of Personal Data for targeted advertising.
   • You may opt-out of the processing of Sensitive Personal Data.
   • You may opt-out of the processing of Personal Data for profiling that leads to legal or significant effects on you.
6. Right to Limit Use of Sensitive Data: You may request to limit the use and disclosure of Sensitive Personal Data to specific, permitted purposes.
7. Right to Restrict Processing: You can request restrictions on data processing under certain conditions.
8. Right to Object: You may object to the processing of your Personal Data, for example, for direct marketing purposes.
9. Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or similarly significant effects.
10. Right of No Retaliation: You have the right not to face discrimination for exercising your Personal Data rights.

We will respond to your requests promptly and within the timeframe required by law. For specific rights in your jurisdiction, refer to the Regional Privacy Notice section below.

Please note that some rights may not be enforceable due to business or legal requirements necessary to provide our services, such as anti-money laundering, contractual, or compliance obligations. However, we will always respond to any rights requests as outlined above, and you may have additional rights based on your location.

14.Privacy Complaints

If you have a complaint about how we process your Personal Data, please contact us at dpo@euronetworldwide.com.

Under applicable privacy laws, you may also have the right to lodge a complaint with a Data Protection Authority or other regulatory body if you believe we have not fulfilled our obligations under this Privacy Notice or the relevant legal requirements.

15.Profiling and Automated Decision-making

When expressly agreed, we provide you with tailored information regarding our products and Services. We undertake data analysis in order to target appropriate communications and advertisements to you including invitations to exclusive client events that we think you may be interested in as well as recommending products and services that we think might be suitable for you.

In some cases, we use automated decision-making and profiling if it is authorized by legislation and necessary for the performance of a contract. For example, the automated authorization for remittance services. The legal basis to proceed with the profiling and the automated decision-making is legitimate interest.

We also make automated decisions in processes such as transaction monitoring in order to counter fraud in compliance with the legal requirements related to prevention of money laundering terrorist financing and financial services. Depending on your residence, you may have a right to request not to be subject to fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects you. This right may not apply if the decision-making is necessary in order to enter into or to fulfil an agreement with you if the decision-making is permitted under applicable data protection laws or we have received your explicit consent.

16.Marketing Communications Based on Consent

You will receive marketing communications from us only if you have explicitly given us consent to process your Personal Data for that purpose. This means you:

• Opted in during registration; or
• Updated your marketing preferences in your profile.

With your consent, we provide tailored information about our products and services. We use data analysis to offer targeted communications, advertisements, and invitations to exclusive events, along with product and service recommendations that may interest you. You may withdraw your consent at any time.

How to Opt Out or Withdraw Consent

You can withdraw your consent at any time. If you do so, we will remove you from our marketing list, and you will no longer receive promotional communications. You may opt back in later if you choose.

You may withdraw consent through:

• Your profile marketing preferences;
• The unsubscribe link in our emails;
• An email to dpo@euronetworldwide.com.

If you have questions about how we use your Personal Data for marketing or wish to receive marketing content, please contact us at dpo@euronetworldwide.com.

17.Captcha and Bot Protection Tools

To protect our website and forms from spam, abuse, and automated misuse, we use CAPTCHA technologies. These tools analyze user behavior to distinguish human users from bots.

• Google reCAPTCHA: This service helps us verify that form submissions are made by real people. It may collect and process information such as mouse movements, IP address, browser data, time spent on the page, and other technical indicators. This data is processed directly by Google in accordance with its own Privacy Policy and Terms of Service. The use of reCAPTCHA is based on our legitimate interest in maintaining the security and integrity of our services.

18.Regional Privacy Notices

Notice to European (EEA) Residents

In accordance with the General Data Protection Regulation (GDPR) and in addition to the rights stated above, all residents of the Economic European Area (EEA) may exercise the following rights:

• Right to Access
• Right to Correct Inaccuracies
• Right to Deletion
• Right to Restrict Processing
• Right to Data Portability
• Right to Object
• Rights related to Automated Individual Decision-Making

To exercise any of the rights listed above, you shall comply with the obligations set above in this Privacy Notice.

From the day we receive your request, we will respond to you within a maximum time of 30 days, unless an extension is requested.

The Data Protection Authorities in the EEA are listed in this link, Europe (EEA): Members | European Data Protection Board (europa.eu)

19.Our Companies

The controller is epay represented by the companies below, depending on country and service:  

20.Contact Euronet Privacy

For queries, suggestions, or complaints, please contact our Privacy department directly.

• Email: dpo@euronetworldwide.com
• Postal mail: DPO, Calle Cantabria 2, 2-A Alcobendas Madrid, Spain