SkenderPay

Privacy Policy

Effective on 27 November 2025

This Privacy Notice (“Notice”) describes how Skenderpay (“Skenderpay”, “we”, “us”, “our”, “ourselves”) collects and processes your Personal Data (“you”, “your”) through our websites and applications or other services (collectively, together with the Website and the Apps, our “Service”). By using the Services provided by us, you are consenting to the collection, storage, processing, and transfer of your Personal Data as described in this Privacy Notice. This Privacy Notice applies together with any terms of business and other contractual documents, including but not limited to any agreements we may have with you and the Terms of Use available here. For any questions or concerns, contact us at dpo@skenderpay.com or through our online form.

This notice covers:

  1. Our Relationship with You
  2. Collection and Use of Your Personal Data
    1. If you are visitor on our website
    2. Safeguarding Your Special Category Data
    3. Marketing and Promotional Communications
    4. Personal Data collected automatically from you
    5. Aggregated and Anonymized Data
  3. Use of Cookies
  4. How We Share Your Data
  5. International Transfers of Personal Data
  6. Data Security
  7. Data Retention
  8. What Privacy Rights Do You Have?
    1. Accessing Your Information
    2. Submit Request via Email or Online form
  9. Children
  10. Contact Information
  11. Conditions of Use, Notices and Revisions
  1. Our Relationship with You

    2. Your right to privacy and the protection of your personal data are essential to us. Skenderpay is committed to best privacy practices, and we will only collect data when it’s strictly necessary to provide our services. Skenderpay delivers cutting-edge payment technology solutions worldwide and offers effective crypto onramps to ensure a good user experience, crucial for business scalability and profit maximization.

    By using Skenderpay’s Services, including visiting our website, downloading and using one of our mobile applications, using our ramp and fiat-related services, interacting on social media, participating in our surveys or user interviews, you acknowledge the use, disclosure, and procedures outlined in this Privacy Notice. Your business relationship with us as a customer begins the moment you register an account.

    At Skenderpay, we are committed to protecting your privacy and ensuring transparency in how we handle your personal data.

    The following sections outline how Skenderpay, as the Data Controller, processes your personal data. This Privacy Notice does not apply to the Personal Data we process as a 'Data Processor' on behalf of our customers. In those situations, the customer to whom we provide services and with whom we have entered into a data processing agreement is the 'Data Controller' responsible for your Personal Data, and we merely process your information on their behalf in accordance with our customer’s instructions. If you want to learn more about our customers' privacy practices, read their privacy policies and direct any questions to them.

  2. Collection and Use of Your Personal Data

    3. “Personal Data” is information that may identify an individual or relate to an identifiable individual. This includes information you provide voluntarily to us, information which is collected or created automatically in the natural course of provision of our services, or otherwise when you contact us. In line with best privacy practices, such as data minimisation, we endeavour to collect only the Personal Data necessary to provide our services to our users.

    As a user of our ramp and fiat-related services, we’ll ask you to provide us with some additional information about yourself. This information is either required by law to verify your identity and comply with Know Your Customer (“KYC’) obligations, or necessary to provide the requested ramp and fiat-related services. Failure to provide the required data means Skenderpay will not be able to offer our Services to you.

    1. If you are a visitor on our website

      2. When you use our website, read our information centre, request customer support, participate in our community forum, or take part in our campaigns, you may provide your Personal Data. Below, we present a table outlining the Personal Data our website collects and the purposes for which it is processed.

    2. Safeguarding Your Special Category Data

      3. Some types of special category personal data require extra protection because they are particularly sensitive. These special categories include data about your race, ethnic origin, political beliefs, religious or philosophical convictions, trade union membership, health, biometric or genetic data, sexual life or orientation, and criminal convictions or offences (even if suspected).

      We might need to handle sensitive data in the course of providing our Services, but we do so only in line with data privacy laws and regulations or with your explicit permission. It is worth noting that this information could pose a greater risk to your fundamental rights and freedoms, as it could lead to unlawful discrimination. Suppose we do hold this type of data because you’ve included it in the documents you have given us. In that case, we rely on the substantial public interest condition as outlined in the data protection regulations.

    3. Marketing and Promotional Communications

      4. We may use your email address to send you marketing and promotional newsletters, updates, and offers. This processing is based on your consent, which you can withdraw at any time. Please note that withdrawing your consent does not affect the lawfulness of any processing based on consent before its withdrawal.

      Additionally, you may still receive essential transactional service communications, such as account-related messages and necessary administrative messages, even if you opt out of marketing communications.

    4. Personal Data collected automatically from you:

      5. In certain circumstances, we may collect personal data automatically from you when you use our Services, in accordance with applicable laws. This may include device, log, and usage data, which helps us enhance your experience, provide customer support, improve the performance of our sites and services, and safeguard your account by detecting unauthorized access and preventing fraud.

    5. Personal Data collected automatically from you:

      6. In certain circumstances, we may collect personal data automatically from you when you use our Services, in accordance with applicable laws. This may include device, log, and usage data, which helps us enhance your experience, provide customer support, improve the performance of our sites and services, and safeguard your account by detecting unauthorized access and preventing fraud.

      1. Location Data

        2. We may collect location data, including your device's location. This data can be precise or imprecise, depending on your preferences and your device's settings. The types of location data we collect vary based on the device you use to access our services. For example, we may collect and use geolocation data to determine your current location (such as your IP address).

      2. Device Data

        3. Depending on the device you use, this may include your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider, mobile carrier, operating system, system configuration details, and language preferences.

      3. Log and Usage Data

        4. When you access or use our services, our servers automatically collect service-related, diagnostic, usage, and performance data, which is recorded in log files. This log data may include your IP address, device information, browser type, settings, and details about your activity within the services (such as timestamps, pages and files viewed, searches performed, and features used). It may also include device event data, such as system activity, error reports (e.g., "crash dumps"), and hardware settings.

      Our legal basis for processing this data is our legitimate interest in improving and securing our services and maintaining a safe environment for our users, including fraud monitoring and prevention.

    6. Aggregated and Anonymized Data

      7. We also use aggregated or anonymized data to improve our Services. This involves analysing general usage trends, gathering feedback, and conducting research without identifying individual users. For example, we may create overall usage reports for specific regions that do not contain Personal Data.

      We will not use your Personal Data for purposes that are incompatible with the purposes for which you have been informed, unless it is required or authorized by law, or it is in your own vital interest to do so.

  3. Use of Cookies

    4. We use cookies and similar tools to enhance your user experience, provide our services, enhance our marketing efforts, and understand how customers use our services so we can make improvements. Depending on applicable laws in the region you are in, the cookie banner on your browser will tell you how to accept or refuse cookies. Please read our cookie notice.

  4. How We Share Your Data

    5. Information about our customers is an integral part of our business, and we do not sell our customers’ Personal Data to others. We may transfer personal data to our service providers or third parties in connection with Skenderpay’s operation of its business, as certain features on Skenderpay rely on various third-party products and services (collectively “Third Party Services”), such as fraud monitoring and KYC identity verification service providers, payment processing, cloud storage, IT and cybersecurity service providers, analytics and improvement of website-related services and features, and performance of maintenance services.

    Information about our customers is an integral part of our business, and we do not sell our customers’ Personal Data to others. We may transfer personal data to our service providers or third parties in connection with Skenderpay’s operation of its business, as certain features on Skenderpay rely on various third-party products and services (collectively “Third Party Services”), such as fraud monitoring and KYC identity verification service providers, payment processing, cloud storage, IT and cybersecurity service providers, analytics and improvement of website-related services and features, and performance of maintenance services.

    Third-party service providers must only process the Personal Data in accordance with our contractual agreements and only as permitted by applicable data protection laws.

    We may also share Personal Data with the following persons or in the following circumstances:

    1. Affiliates

      2. Personal data that we process and collect may be transferred between companies, Services, and employees affiliated with us (collectively, our “Affiliates”) as a regular part of conducting business and offering our Services.

    2. Business transfers

      3. As we continue to grow, we may sell or acquire other businesses or services. In such transactions, user information is generally treated as a transferred business asset but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the user consents otherwise). Also, in the unlikely event that Skenderpay or substantially all of its assets are acquired, users' information will be transferred as part of the acquisition.

    3. Legal Authorities

      4. We may be required by law or by Court to disclose certain information, including Personal Data, or any engagement we may have, to relevant regulatory, law enforcement, and/or other competent authorities. We will disclose Personal Data to legal authorities to the extent required by law. We may also need to disclose Personal Data to enforce or apply our legal rights or to prevent fraud.

    4. Protection of Us and Others

      5. We will share Personal Data outside of Skenderpay if we have a reasonable belief that access, use, preservation, or disclosure of the information is reasonably necessary to comply with any applicable law, regulation, legal process, or enforceable governmental request; to cooperate with law enforcement; to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of Skenderpay, our employees, our users, or others. This includes exchanging information with other companies and organizations to protect against fraud and reduce credit risk, and with regulatory agencies and law enforcement to comply with lawful requests.

      Our services may enable you to connect to various third-party services, decentralized applications, and other external platforms (collectively, "Third Party Platforms"). These third-party platforms act as independent data controllers, and the processing of your personal data will be subject to their privacy notices and policies. If you choose to interact with these third-party platforms, your Personal Data, including your wallet address or payment card information, may be disclosed to those third-party platforms. This Privacy Notice does not cover the privacy practices of these Third-Party Platforms, including any websites linked through our services. A link to a third-party site does not imply endorsement by us or our affiliates. Your use of these Third-Party Platforms and their handling of your Personal Data will be governed by their respective terms and privacy policies, and not by this Privacy Notice.

  5. International Transfers of Personal Data

    6. We maintain servers in the EU, and your information may be processed on servers located outside your country of residence. Additionally, we may transfer your personal data to our Affiliates, third-party partners, and service providers located outside the European Economic Area (EEA).

    In instances where we process your personal data on servers outside your country or transfer it to third countries or international organizations outside the European Economic Area (EEA), we implement appropriate technical, organizational, and contractual safeguards to ensure that your personal data remains protected. This includes, but is not limited to, the use of Standard Contractual Clauses. These measures ensure that any such transfers comply with applicable data protection laws and maintain an adequate level of protection for your personal data as outlined in this Notice.

  6. Data Security

    7. We recognize that information security is a crucial component of data privacy. We are committed to protecting your information in accordance with applicable laws and our data privacy policies. Although no data transmission, including over the Internet or through any website, can be guaranteed to be entirely secure, we employ a range of commercially reasonable physical, technical, and procedural measures to protect personal data from unauthorized access, use, disclosure, alteration, or destruction.

    The information you provide to us is stored on secure servers managed by our trusted service providers or us. Our internal security policies and standards govern access to and use of this information, or those agreed with our service providers, all of which are aligned with industry best practices.

    To further protect your information, you must keep your account password secure. We recommend using a unique password for your account that is not used for any other online accounts, and that you sign off when you have finished using our services.

  7. Data Retention

    8. We retain your personal data to support your continued use of our services and to ensure compliance with legal and regulatory obligations. We maintain internal retention policies and schedules based on how information is used. The retention period depends on the purpose of processing, such as fulfilling tax and accounting requirements, complying with anti-money laundering laws, resolving disputes, or meeting other legal obligations.

    For example, to comply with regulatory requirements, we must retain your KYC identity verification details for 5 years after our business relationship ends. If required by our regulator, this period may be extended to 10 years, even if your verification was incomplete or unsuccessful. Suppose you sign up but do not complete the verification process and choose to close your account. In that case, we will still retain your data in accordance with our retention policy and legal obligations. Similarly, other types of personal data may be retained for different periods based on applicable legal or operational requirements.

    When we have no ongoing legitimate business or legal requirement to retain your Personal Data, we will either delete or anonymise such information, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

  8. What Privacy Rights Do You Have?

    9. Subject to applicable law, as outlined below, you have several rights in relation to your privacy and the protection of your Personal Data. These rights may be limited in some situations - for example, where we can demonstrate we have a legal requirement to process your Personal Data.

    1. Right to access

      2. You have the right to obtain a copy of the Personal Data that we hold about you, as well as certain information related to its processing.

    2. Right to correct

      3. You can request the rectification of your Personal Data that is inaccurate, and also add to it. You can also change your Personal Data in your account at any time.

    3. Request to erase your personal data

      4. You may request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes for which it was collected. Please note that personal data may still need to be retained for compliance with applicable legal obligations.

    4. Right to object

      5. You can object, for reasons relating to your situation, to the processing of your personal data. For instance, you have the right to object when we rely on legitimate interests or when we process your data for direct marketing purposes.

    5. Right to restrict processing

      6. You have the right, in certain cases, to temporarily restrict the processing of your personal data by us, provided there are valid grounds for doing so. We may continue to process your personal data if necessary for the defence of legal claims or for any other exceptions permitted by applicable law.

    6. Right to withdraw your consent

      7. You have the right to withdraw your consent and request us to stop collecting, using, and/or disclosing your personal data for any or all of the purposes listed above at any time. Exercising this right does not affect the lawfulness of the processing based on consent given before the withdrawal of that consent. Please note that we will respond to such a withdrawal request within ten (10) business days.

    7. Right to portability

      8. You can also request that we provide your information in a structured way so you can send it to another service provider.

  9. Accessing Your Information

    10. You are in control. You can access and change some of your personal details in your user account. You can also retrieve your historical transaction records within your user account.

  10. Submit Request via Email or Online form

    11. To exercise your rights, you can contact us via email at dpo@skenderpay.com or submit a request using our online form.

    We will respond as quickly as possible. If we are unable to respond within 30 days, we will inform you in writing of the timeline for our response. If we cannot fulfil your request, we will explain the reasons (unless prohibited by applicable laws).

    If you have any questions or concerns about how we collect and process your Personal Data, or if you wish to withdraw your consent for any processing, please contact us. Where we act as a processor, you should contact the data controller, your service provider, to exercise any of your rights. Directly to exercise your rights.

  11. Children

    12. We do not knowingly solicit data from or market to children (or minors, as defined in your jurisdiction) under 18 years of age. By using the Services, you represent that you are at least 18 years old. If we learn that Personal Data from users under 18 years of age has been collected, we will deactivate the account and promptly take reasonable measures to delete such data from our records. If you become aware that we have collected any Personal Data from children under age 18, please get in touch with us using the contact information below.

  12. Contact Information

    13. Our support team is available to address any questions related to your Personal Data. You can contact us at dpo@skenderpay.com or through our online form, and we will ensure your inquiry reaches the appropriate team to address any concerns regarding the collection and processing of your Personal Data.

    For any requests from government or law enforcement agencies regarding personal data or investigation matters, please submit your inquiries to support@skenderpay.com. We will ensure that all requests are handled in accordance with applicable laws and regulations.

  13. Conditions of Use, Notices and Revisions

    14. If you choose to use our Services, your use and any dispute over privacy is subject to this Privacy Notice and our Terms of Use. If you have any concerns about privacy at Skenderpay, please get in touch with us with a thorough description, and we will try to resolve them. You also have the right to contact your local Data Protection Authority.

    We reserve the right to update and revise this Notice at any time. We occasionally review this Privacy Notice to ensure it complies with applicable laws and reflects changes in our business. If we do revise this Privacy Notice, we will update the “Last Updated” date at the beginning of this Notice so that you can tell if it has changed since your last visit, and we will do our best to notify you.

    Please review this Privacy Notice regularly to stay informed about its terms. Your continued use of our Services after an amendment to our Privacy Notice constitutes your acceptance of the revised or amended terms.

Last updated 21 Dec 2025