GHPay Privacy Policy 

Effective Date: February 14, 2025
Last Updated: February 14, 2025

1. Data Controller & Contact Information

Controller:
GHPay International Ltd.
20-22 Wenlock Road, London N1 7GU, UK
EU Representative:
GHPay EU Representative Office
Amsterdam Science Park 602, 1098 XH Amsterdam
Data Protection Officer (DPO):
dpo@ghpay.com

2. Legal Basis for Processing

We process personal data under the following GDPR Article 6 conditions:
✅ Contractual Necessity
For payment processing and service delivery
✅ Legal Obligation
Anti-money laundering (AML) and tax compliance
✅ Legitimate Interests
Fraud prevention and service optimization
✅ Consent
Marketing communications and cookies

3. Data Categories & Purposes

4. International Data Transfers

We implement safeguards per GDPR Chapter V:
🔒 Standard Contractual Clauses (SCCs)
Used with non-adequate jurisdiction partners
🔒 Binding Corporate Rules (BCRs)
For intra-group data transfers
🔒 Adequacy Decisions
Applicable for EU-US Data Privacy Framework participants

5. Your Data Subject Rights

Access/Portability
Request your data in machine-readable format (JSON/CSV)
Rectification
Update inaccurate records via account dashboard
Erasure
Submit deletion requests through our Data Rights Portal
Restriction/Objection
Temporarily freeze processing during disputes

6. Security Measures

Technical Safeguards

• AES-256 encryption for data at rest & in transit
• ISO 27001-certified data centers
• Annual penetration testing by Cure53

Organizational Controls

• Mandatory GDPR training for all staff
• Third-party vendor audits every 6 months

7. Automated Decision-Making

We utilize AI/ML systems for:
🤖 Risk Scoring
Transaction fraud probability analysis
🤖 Payment Routing
Optimal gateway selection
You may request human intervention via support ticket

8. Changes & Dispute Resolution

Policy Updates
Notify users 30 days prior to material changes
Complaint Channels

1. Primary: EU DPO via dpo@ghpay.com
2. Alternative: EDPB supervisory authority