Open Account

Legal Documents 
& Fees

Privacy Policy

This Privacy Policy rules the User’s (“Client” or “Merchant” or “You” or “Your”) use of products,

services, technology, and content, offered by OROPAY (or the “Company” or “We”) through its

platform, website and any other feature that collectively constitute the OROPAY services offering. It

also governs without limitation the provision and use of the User’s personal data and information in

relation to the provided services.

As a User, by entering into an agreement with OROPAY, setup your account, access or use any of the

services, you accept and consent to this Privacy Policy, and by doing so you consent to the use and

disclosure of your personal information by OROPAY as provided for herein.

Please contact us if you have questions about our privacy practices that are not addressed in this

Privacy Policy.


“Controller” shall mean OROPAY;

“Personal Data” or “Information” shall mean any information relating to an identified or

identifiable User including legal persons such as Merchant entities and which will be provided in

relation to receiving the OROPAY services. An identifiable person is one who can be identified,

directly or indirectly, in particular by reference to an identification number or to one or more factors

specific to his physical, physiological, mental, economic, cultural or social identity;

“Personal Data Filing System” or “Filing System” shall mean the OROPAY system where the

personal data of the User is stored;

“Policy Update” shall mean any notice given to the User in relation to policy changes prior to them

taking effect;

“Processing of Personal Data” or “Processing” shall mean any operation or set of operations which

is performed upon personal data, whether or not by automatic means, such as collection, recording,

organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by

transmission, dissemination or otherwise making available, alignment or combination, blocking,

erasure or destruction;

“Processor” shall mean a natural or legal person, public authority, agency or any other body which

processes personal data on behalf of OROPAY;

“Third Party” shall mean any natural or legal person, public authority, agency or any other body

other than the User, OROPAY, and the persons who, under the direct authority of OROPAY, are

authorized to process the data;

“Recipient” shall mean a natural or legal person, public authority, agency or any other body to whom

data are disclosed, whether a third party or not; however, authorities which may receive data in the

framework of a particular inquiry shall not be regarded as recipients;

“the User’s Consent” shall mean any freely given specific and informed indication of his wishes by

which the User signifies his agreement to personal data relating to him being processed.


OROPAY has developed this Privacy Policy, in accordance with the requirements set out in the EU

2016/679 General Data Protection Regulation, to explain how we may collect, retain, process, share

and transfer your Personal Data when you visit our Site or use our Services.

OROPAY will not sell, lease, or otherwise distribute any of the User’s information to third parties for

marketing purposes unless the User explicitly consents to such sale, lease or distribution. This does

not preclude OROPAY from providing third parties such information that may be needed to enhance

the User experience or to simply offer certain services to the User, and in such instances OROPAY will

take every commercially reasonable precaution to safeguard the interests of the User from any

misuse of his personal data by the third party. Information to third parties will be provided under

strict restrictions as those are described in the “Information Sharing” section of this policy.

The Privacy Policy may be amended from time to time at OROPAY’s sole discretion and as required

by applicable laws and regulation. The amended version of the Privacy Policy will be posted on the

OROPAY website ( and will be deemed as received by all Users. If the revised

version includes a substantial change, we will provide you with 30 days prior notice (prior to the

changes taking effect) either by posting such notice in an accessible area on the OROPAY website

( and/or by sending an email notice to all Users, as per clause 2.12 of Terms &

Conditions of Service (General Client Agreement) posted online on OROPAY website (and as

amended from time to time).

This Privacy Policy does not cover any third party websites whose access and use is governed by

their own privacy policies. OROPAY may provide links to such websites and the User acknowledges

that the provision of such links for access to such third party websites, do not make OROPAY

responsible for their operations and use of personal information practices. OROPAY strongly

recommends to its Users to carefully review the privacy policies of such third party websites prior to

submitting any personal information.

Persons under the age of 18 are not eligible to use the OROPAY services. We do not knowingly collect

information, including Personal Data, from children or other individuals who are not legally able to

use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from

a child under the age of majority, we will promptly delete it, unless we are legally obligated to retain

such data. Contact us if you believe that we have mistakenly or unintentionally collected information

from a child under the age of majority.


We collect Personal Data about you when you visit our Site or use our Services, including the


Registration and use information: during the registration process OROPAY requires you

to provide verifiable information, such as but not limited to:

  1. Your Full name;
  2. Your Personal mobile phone number;
  3. Your Email address;
  4. Identification documents (picture of passport or national ID card), and any other

information you may be asked to provide to prove you are eligible to use our services.

  • Your Country of residence and residential address;
  • Your Date of birth;
  • Proof of residency (recent Utility bill – i.e. electricity, water, gas, landline telephone or

home internet – or bank statement, up to 6 months)

  • Details of your bank account, including the account number, sort code and IBAN;
  • Details of your debit cards and credit cards, including the card number, expiry date and

CVC (the last three digits of the number on the back of the card);

  • In case of a corporate entity, we may also collect, among others, your registered name,

registered office address, memorandum and articles of association, corporate

documents, recent audited financial statements, identification and proof of address of

beneficial owners, directors, authorized persons and any power of attorney.

OROPAY may require you to provide us with additional Personal Data as you use our Services.

Additional Client Information: For certain high value transactions, or for high overall

transaction volumes performed through the User’s OROPAY account, or as is otherwise

required for OROPAY to be compliant with its anti-money laundering obligations under

European law, OROPAY will require additional identification information and for legal

entities commercial information.

OROPAY may use a variety of information sources that do not violate any personal

information privacy rules, in its merchant assessment process. It may also request

additional information from Clients if it is unable to verify the identity their identity with

the personal data in hand, or if the Client requests to redeem the e-money to an account

other than the funding source accounts it provided when entering into the Agreement with


Client provided information may be verified with third party providers such as but not

limited to payment processors as a measure to enhance the Users’ protection. Such

verification may involve the receipt and processing of information that will verify the

Client’s identity. Where a legal entity (merchant or user) is involved with limited

operational history, and/or in cases of high value transactions or overall high-volume

transactions, OROPAY will conduct enhanced due diligence that will involve background

checks (including credit and judicial) of the legal entity to ascertain its business operations

status. Such background checks may also include the legal entity’s ultimate beneficial

owner(s) as well as its directors (as the law of the jurisdiction may permit). OROPAY may

also elect to collect information that is publicly available over the internet or through social

media platforms, in an attempt to create a more holistic profile of the merchant’s business

that may include but not be limited to market positioning, reputation, target market and

customer base. The profile will be used to confirm the transaction volume and size.

Information on transactions: OROPAY will also ask the Client to provide information

relevant to the transaction when sending or asking to receive money from another party.

Such information will include a description of the transaction and the amount. When

sending money to another OROPAY client, the Client will be asked to provide additional

personal information of the receiving client in order to verify the recipient and the sending

client may be asked to provide additional personal data to the recipient for the recipient to

be able to identify the sender and accept the transaction.

Information from your device: In order to offer its services, OROPAY may collect and store

sign on data from the device the Client uses to enroll or to access their account that may

uniquely identify the device (such as device ID), as well the device’s geographical location

(and by extension its User). Such information may be collected irrespective of the type of

device used or the connectivity method (wired or wireless, Wi- Fi or mobile). OROPAY will

collect Client IP information and other information that will assist it in detecting potentially

unauthorized transactions in an effort to protect Client interests.

Information about your visit: OROPAY will also collect information that relates to the

Client’s OROPAY website access and includes but is not limited to visiting and leaving the

website, the OROPAY website page browsing history, the Client’s IP address of where the

website was accessed, the time that was accessed and any other websites visited through

links on OROPAY’s website. OROPAY will also use small data files such as cookies, and place

them on the Client’s device in an effort to enhance and personalize the Client experience, as

well as to strengthen the security measures taken to protect the Client’s account by

mitigating the risk of fraud. OROPAY has developed its own Cookie Policy that can be

accessed via the OROPAY website ( by all visitors (both registered users

and guests). All OROPAY website visitors have the right to accept or decline the Cookie

Policy. OROPAY cannot guarantee that the browsing of its website and/or the access to the

OROPAY services will be seamless and problem free if the Cookie Policy is declined.

Records of our discussions: All communication between the Client and OROPAY will be

recorded and retained for reference purposes when and if required by the Company or the

regulatory authority that supervises the operations. In cases where personal information

may be collected with the use of optional collection methods such as survey questionnaires

and special offers for the creation of a demographic profile and/or assessment of Client

specific interests, OROPAY will inform you how the information may be used before the

Client decides to participate.

All information procured during the account opening process, including the information

used for verification of the information, the device specific and location information

collected during the accessing of the website and the Client’s account, the information

relating to the payment and commercial transactions as well as any Client reports or

statements generated, the Client account preferences and any correspondence between the

Client and OROPAY will constitute the Account Information that relate to the Client for the

purposes of this Privacy Policy.


Information collected from Clients are primarily used for the provision of the OROPAY services in a

manner that OROPAY deems fit to enhance the Client experience by making it safer, more targeted,

efficient and effective.

The Client acknowledges and agrees that personal information provided for the OROPAY service (in

the beginning and during the course of the relationship), can be used by OROPAY to predominantly:

  1. Verify the Client’s identity (including for user confirmation, for password reset, to raise the

limit of the account);

  • Provide the OROPAY services and customer service support;
  • Improve the Client experience and provide for targeted promotional campaigns where such

programs apply;

  • Collect fees and deal with dispute resolution;
  • Monitor risk and deter/prevent/detect fraudulent and other prohibited activities that violate

the terms of the OROPAY agreement.

OROPAY may communicate with its clients regularly through direct email communication and

through general announcements/postings on its website. It also reaches Clients via telephone for

even more direct communication for a variety of reasons including but not limited to:

  1. Client problem resolution;
  2. Respond to Client customer support requests;
  3. Confirm the identity of the account user or to inform the Client of potentially illicit use;
  4. Investigate suspicious transactions;
  5. Conduct surveys and quality of service checks.

OROPAY will contact the Client via email to confirm account opening, to send transaction

confirmation notices as well as service notices, including product and service changes, changes in the

terms and conditions of the Agreement as well as regulatory disclosures and information required

by applicable law. These email notifications are compulsory and the Client has no option to stop

receiving them.

OROPAY will also send other email notifications which are of a promotional or general information

nature, such as news and third party promotions, and are therefore not compulsory giving Clients

the option to stop receiving them. The option to receive or stop such email communication can be

managed through the Client’s online account interface, or alternatively by contacting one of

OROPAY’s representatives and asking them to opt-out of such email service. SMS may also be used as

an alternative to email and in such instances it should be deemed as if the communication was by

email and treated in the same manner.

Information may also be provided to the OROPAY auditors who may request such information in the

course of reconciliation exercises and for the purpose of contacting clients to confirm the accuracy of

OROPAY’s records.


We may share your Personal Data or other information about you with others in a variety of ways for

the following reasons:

  • In order to offer our services, the Company deals with third party service providers and

organizations (either to outsource important functions or to enhance the quality of the

service.) These third parties may include (without limitation) IT support teams, banks,

exchange facilities having control or jurisdiction over us and electronic search providers

carrying out anti-money laundering and sanction checks for us. In the course of these

arrangements, the Company may disclose Client data to such third party service providers

so that they can provide the services they were engaged to provide.

  • Information collected from the Client as a registered user of OROPAY’s services and in

relation to send and receive transactions, will be made available to other OROPAY Clients in

the course of either sending or receiving payments. For Merchants, OROPAY will also show

URL information as well as other merchant contact information provided. This information

as well as potentially additional information may be shared with third parties when the

OROPAY service is accessed through the third parties’ interface. For purchase transactions,

OROPAY may provide the seller with the Client’s delivery address for order fulfillment and

delivery purposes, and the buyer with the return address of the seller in case the goods have

to be returned.

  • We may share your Personal Data with our employees that perform services and functions

at our direction and on our behalf such as services to verify your identity, assist in

processing transactions, send you advertisements for our products and services or provide

customer support.

  • We may disclose necessary information to your agent or legal representative (such as the

holder of a power of attorney that you grant, or a guardian appointed for you).

  • We may share information about you with other parties for OROPAY’s business purposes or

as permitted or required by law, including:

  1. if we need to do so to comply with a law, legal process or regulations;
  2. to law enforcement authorities or other government officials, or other third parties
  3. pursuant to a subpoena, a court order or other legal process or requirement
  4. applicable to OROPAY;
  5. if we believe, in our sole discretion, that the disclosure of Personal Data is
  6. necessary or appropriate to prevent physical harm or financial loss or in
  7. connection with an investigation of suspected or actual illegal activity;
  8. to protect the vital interests of a person;
  9. with credit agencies and data processors for credit reference checks and anti-fraud
  10. and compliance purposes;
  11. to investigate violations of or enforce a user agreement or other legal terms
  12. applicable to any Service;
  13. to protect our property, Services and legal rights;
  14. to facilitate a purchase or sale of all or part of OROPAY’s business;
  15. in connection with shipping and related services for purchases made using a
  16. Service;
  17. to help assess and manage risk and prevent fraud against us, our Users and fraud
  18. involving our Sites or use of our Services, including fraud that occurs at or involves
  19. our business partners, strategic ventures, or other individuals, and merchants;
  20. to banking partners as required by card association rules for inclusion on their list
  21. of terminated merchants;
  22. to credit reporting and collection agencies;
  23. to companies that we plan to merge with or be acquired by; and
  24. to support our audit, compliance, and corporate governance functions.
  25. We will also share your Personal Data and other information with your consent or direction,

including if you authorise an account connection with a third-party account or platform.

In addition, OROPAY may provide aggregated statistical data to third-parties, including

other businesses and members of the public, about how, when, and why Users visit our Site

and use our Services. This data will not personally identify you or provide information about

your use of the Sites or Services. OROPAY will not share the personal information with third

parties for marketing purposes unless the Client provides explicit consent to do so. Any

disclosures of such information will only be provided in line with the provisions of this

Privacy Policy.


Our operations are supported by a network of computers, cloud-based servers, and other

infrastructure and information technology, including, but not limited to, third-party service


The Client acknowledges and agrees that acceptance of this Privacy Policy grants OROPAY the Client’s

consent to transfer personal data to another OROPAY Client who may be located outside the EEA (in

a jurisdiction that may afford less privacy), every time the Client makes a payment or attempts to

make a payment to such non EEA OROPAY Client, as a requirement to process, execute, and provide

payment specific information.


Data Keeping period is registered for a specific Department in “GDPR Record of Activities OROPAY

V12020” and may be different for different categories of data. In line with current legislation the data

retention period is respectively 5 and 7 years as follows:

  1. As per the Central Bank of Cyprus directive on Clients’ records for personal data, transfers,

monitoring, activity records etc. the retention period shall be 5 years;

  • For tax reports, social insurance records, tax payment reports the retention period shall be 7


  • For HR policies for different categories the retention period shall be up to 6 months and 7



Security of Client information is of outmost importance to OROPAY, which has adopted commercially

reasonable standards to ensure that the personal information is protected. OROPAY uses a range of

safeguards to insulate information from unauthorized access. Technology barriers include data

encryption tools, and a combination of Next – Generation Firewall (NGFW), General Intrusion

Prevention System (GIPS) and Active Management Technology (AMT) as a fence against potential


Of course, OROPAY needs its Clients’ contribution to achieve the high level of security and protection

it aspires to reach. Without the Client’s password protection, intrusion measures are only that much

effective, and OROPAY asks its Clients to protect their password and not divulge or expose such

information to anyone. OROPAY representatives will never ask you for your password and neither

will any email communication received from OROPAY will ever ask you to enter or provide such

password information. Any email received requesting such information should be treated as

suspicious and unauthorized. OROPAY would like to be informed of such unauthorized emails and

asks its Clients to forward such emails to customer support at and then

disregard and delete them.

Where a Client provides a third person with the password to access the account, the Client

acknowledges that the account is at risk and takes full responsibility for any actions the third party

takes when accessing the account. If a Client believes that such access was never granted

intentionally, and that the third party obtained unauthorized access to the account, OROPAY asks the

Client to change the password immediately and contact OROPAY Support. If the Client is unable to

change password by accessing your account, he/she can immediately contact OROPAY support,

inform them of the inability, and have one of the customer support staff reset the password.


Rights relating to the Personal Data We Collect

Personal Data: You may decline to provide Personal Data when it is requested by OROPAY, but

certain Services or all of the Services may be unavailable to you.

Location and other device-level information: The device you use to access the Site or Services may

collect information about you, including Geolocation Information and User usage data that OROPAY

may then collect and use. For information about your ability to restrict the collection and use of such

information, please use the settings available in the device.

Rights to Access:

You have the right to request copies of the personal information we hold about you.

Information must be provided without delay and at the latest within one month of receipt of your

request. OROPAY will be able to extend the period by a further two months where requests are

complex or numerous. If this is the case, we will inform you within one month of the receipt of the

request and explain why the extension is necessary.

OROPAY will provide a copy of the information free of charge. However, we can charge a “reasonable

fee” when a request is repetitive.

The fee if applied will be based on the administrative cost of providing the information.

If at any time, OROPAY refuse to respond to a request, we will explain the reasons to you, informing

you of your right to complain to the supervisory authority and to a judicial remedy without undue

delay and at the latest within one month.

Right for rectification

Users are entitled to have personal data rectified if it is inaccurate or incomplete.

Before we update your file, we may need to check the accuracy of the new information you have


If we have disclosed the personal data in question to others, we will contact each recipient and inform

them of the rectification – unless this proves impossible or involves disproportionate effort.

Upon the receipt of your request for rectification of your personal data, OROPAY shall respond within

one month. This can be extended by two months where the request for rectification is complex.

Where OROPAY is not taking action in response to a request for rectification, we will explain the

reasons to you, informing you of your right to complain to the supervisory authority and to a judicial

remedy as required to do so by the General Data Protection Regulation (GDPR).

Right to erasure

You can ask us to delete your personal information if:

  • there’s no good reason for us to continue using your personal information;
  • you gave to OROPAY consent (permission) to use the information and you have now

withdrawn that consent;.

  • you have objected to OROPAY to continue using the information;
  • OROPAY has unlawfully processed the information (i.e. otherwise in breach of the GDPR).
  • The personal data has to be erased in order to comply with a legal obligation.

There are some specific circumstances where the right to erasure does not apply and OROPAY

can refuse to deal with a request.

OROPAY can refuse to comply with a request for erasure where the personal data is processed for

the following reasons:

  1. to comply with a legal obligation for the performance of a public interest task or

exercise of official authority;

  • the exercise or defence of legal claims.

Right to object:

You have the right to object to us:

  • processing other information based on legitimate interests or the performance of a task in

the public interest/exercise of official authority (however, if there is an overriding reason

why we need to use the information i.e. legal reasons, we will not accept your request);

  • processing your personal information for marketing purposes (including profiling);

Right to restrict processing:

You can ask us to suspend using your personal data in the following circumstances if:

  • you contest the accuracy of the personal data, and you want us to investigate the accuracy of

the personal data.

  • you have objected to the processing (where it was necessary for the performance of a public

interest task or purpose of legitimate interests), and we are considering whether we have an

overriding reason to use it.

  • When processing is unlawful, and the individual opposes erasure and requests restriction


  • When we no longer need the information, but you want us to continue holding it for you in

connection with a legal claim;

Right to data portability:

The right to data portability allows individuals to obtain and reuse their personal data for their own

purposes across different services. If we are allowed to do so under regulatory requirements,

OROPAY upon your request will transfer your personal information to you in a commonly used,

machine-readable format.

We will stop processing the personal data unless:

  1. we can demonstrate compelling legitimate grounds for the processing, which override the

interests, rights and freedoms of the User; or

  • the processing is for the establishment, exercise or defence of legal claims.


Clients who wish to know more about this Privacy Policy and receive information on how they can

access their personal information as well as ask any specific questions in relation to this Privacy

Policy, are encouraged to contact our appointed Data Protection Officer either by phone or email

(DPO) as follows:

Data Protection Officer of OROPAY:

9 Agiou Athanasiou Avenue, Linopetra, Limassol, 4102

+357 25 752110


If you are not satisfied by the way in which we address your concerns, you have the right to lodge a

complaint with the Supervisory Authority for data protection.

Cyprus Data Protection Commissioner;

Office of the Commissioner for Personal Data Protection

1 Iasonos str., 1082 Nicosia

P.O.Box 23378, 1682 Nicosia

Tel: +357 22818456

Fax: +357 22304565


Contact details of the Data Protection Officer (DPO) of the Commissioner’s Office


    Oro Pay Ltd (license number is authorized as an Electronic Money Institution under the Electronic Money Law of 2012 for the issuance of electronic money. OROPAY is a registered trademark/ brand name of Oro Pay Ltd. All rights reserved © Oro Pay Ltd 2023.
    Contact Us
    23 Agias Paraskevis Street, 8th floor, 2002, Nicosia, Cyprus
    +357 25 752 100
    Follow us
    Oro Pay Ltd (license number is authorized as an Electronic Money Institution under the Electronic Money Law of 2012 for the issuance of electronic money. OROPAY is a registered trademark/ brand name of Oro Pay Ltd. All rights reserved © Oro Pay Ltd 2023.