Privacy Policy
Last updated: October 30, 2023
  1. Introduction
    This Privacy Policy describes Solidgate’s policies and procedures on the collection, use and disclosure of Personal Data when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal Data to comply with applicable laws and to provide and improve the Service. BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 18 YEARS OF AGE. If You do not agree, or are unable to make this promise, You must not use the Service. In such case, You must contact Solidgate to request deletion of Your data. The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
  2. Definition
    For the purposes of this Privacy Policy:
    • Customer means a person who makes a payment for Merchant’s online goods and/or services.
    • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
    • Solidgate (referred to as either "Solidgate", "We", "Us" or "Our" in this Agreement) refers to:
      • When we process Your transaction as a payment service provider (acquirer) or when we collect Your Personal Data for onboarding of Merchant for acquiring services – Solid Processing Limited;
      • In all other cases – GTWS Tech Limited.
    • GDPR means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
    • EEA includes all current member states to the European Union and the European Economic Area.
    • Process, in respect of Personal Data, includes to collect, store, use, restrict, erasure, destruct and disclose to others.
    • Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
    • Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
    • Merchant means a business that sells online goods and/or services to Customers and accepts Customers’ payments using Solidgate’s services.
    • Affiliate means an entity that controls, is controlled by or is under common control with the Company, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
    • Website refers to Solidgate’s website accessible from https://hub.solidgate.com/
    • Service refers to the services provided by Solidgate, such as acquiring, gateway, and other related technical services, as well as the Website infrastructure, where applicable.
    • Country refers to: Republic of Cyprus.
    • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
    • Personal Data is any information that relates to an identified or identifiable individual, such as a name, email, a telephone number, IP address, etc.
    • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
    • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  3. Data we collect
    1. Personal Data provided by You through the Website
      While registering an account or using Our Website, We may ask You to provide Us with certain Personal Data that can be used to contact or identify You, as well as to reply to your inquiries. Personal Data may include, but is not limited to Your:
      • Full name;
      • Email address;
      • Other data You provide us when using Our Website, such as the messages you sent to our support team.
    2. Personal Data of Customers
      When You shop at Our Merchants, we also process the Personal Data which is necessary to process payment transactions. We receive these data partially from Customers and partially from Merchants. Personal Data may include, but is not limited to the Customers’:
      • Name and cardholder name (if different)
      • Email address;
      • Telephone number;
      • IP address;
      • Address (state, zip code, city);
      • Date of birth;
      • Order description;
      • Date and amount of transaction;
      • User ID;
      • Card Number;
      • Chosen language;
      • Time zone;
      • Device (e.g., operating system and browser).
    3. Personal Data for Merchant’s onboarding
      While onboarding Merchant’s company, We may ask You to provide certain Personal Data that are necessary to facilitate the process of Your company’s processing account(s) opening and advising on its maintenance. We collect only such data related to your beneficial owners, principals, officers, authorized representatives that are requested by acquirers to comply with their regulatory requirements (when We provide gateway Services) and that are required by regulatory requirements directly applicable to Us (when We provide acquiring Services). Personal Data may include, but it not limited to:
      • Name
      • Telephone number
      • Email address
      • Residence address
      • ID / passport details
      • Tax number
      • Bank details, personal income and source of wealth
      • Employment history and education
      • Ownership and directorship in Your company and/or other companies
      • Adverse media and law enforcement information
      • Presence in PEP, sanction, and watch lists
      • Geolocation
      • Our correspondence
    4. Usage Data
      Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data, Your interactions with the Website (e.g., mouse movements, clicks, scrolls, and inputs).
    5. Cookies
      We use Cookies to track the activity on Our Website and store certain information.
      Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.
      We use both session and persistent Cookies for the purposes set out below:
      • Necessary / Essential Cookies
      Type: Session Cookies
      Administered by: Us
      Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
      • Functionality Cookies
      Type: Persistent Cookies
      Administered by: Us
      Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
      • Analytical Cookies
      Type: Persistent / Session Cookies
      Administered by: Google, Getsitecontrol, and Microsoft
      Purpose: These Cookies are used to understand how visitors interact with the Website. These Cookies help provide information on different metrics, such as the number of visitors, bounce rate, traffic source, etc.
      You can find more information about the individual cookies We use and the purposes for which We use them in the table below:
    Source Name Purpose Expiration
    Solidgate PHPSESSID This Cookie is used to maintain an anonymised unique identifier for Your session or ID of Your session as a signed in user. The session Cookie is not persisted on Your hard disk. This Cookie will expire when your browsing session is over.
    Solidgate MYSOLID-SIDEBARMENU-COLLAPSED This Cookie is used to remember Your choice as to expand or collapse the sidebar on the Website. This Cookie will expire when your browsing session is over.
    Solidgate MYSOLIDSESSID_REMEMBERME This Cookie is used to remember Your login and password if You decide to do so. 1 week
    Solidgate _payment_form {name}_split This Cookie is used to keep consistent user experience while paying trough Our payment form across Merchants. 1 hour
    Solidgate lngCache_{identifier} This Cookie is used to persist user-selected language for particular payment or charity page. 60 days
    Solidgate charityLinkParams_{identifier} This Cookie is used to provide ability to repeat charity payment on status page. 30 days
    Solidgate charityPageTrackingConfig_{identifier} This Cookie is used to persist unique tracking identifier of payment for the charity page. 2 days
    Google* __ga This Cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of Website usage for the Website's analytics report. The Cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. 2 years
    Google* _gid This Cookie, installed by Google Analytics, stores information on how visitors use the Website, while also creating an analytics report of the Website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. 24 hours
    Microsoft** _clck This Cookie, installed by Microsoft Clarity, persists the Clarity User ID and preferences, unique to that site is attributed to the same user ID. 30 days
    Microsoft _clsk This Cookie, installed by Microsoft Clarity, connects multiple page views by a user into a single Clarity session recording. 30 days
    Microsoft CLID This Cookie, installed by Microsoft Clarity, identifies the first-time Clarity saw this user on any site using Clarity. 30 days
    Microsoft** ANONCHK This Cookie, installed by Microsoft Clarity, indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn’t use ANID and so this is always set to 0. 30 days
    Microsoft MR This Cookie, installed by Microsoft Clarity, indicates whether to refresh MUID. 30 days
    Microsoft MUID This Cookie, installed by Microsoft Clarity, identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. 30 days
    Microsoft SM This Cookie, installed by Microsoft Clarity, is used in synchronizing the MUID across Microsoft domains. 30 days
    Getsitecontrol*** gsc This local storage file, installed by Getsitecontrol, contains analytical information about the number of visits to our Website. This local storage file will expire when you delete it in your browser
    Getsitecontrol gscs This local storage file, installed by Getsitecontrol for creating an analytics report of the Website's performance. It contains information about geolocation, device, the number of viewed pages, the source you come to our Website from, how many sessions you had on our Website, the date and time of the last visit. This local storage file will expire when you delete it in your browser
    Getsitecontrol gscw This local storage file, installed by Getsitecontrol, collects analytical information about our widgets used on the Website: the statistics of view, submit, closing actions, and start and stop conditions. This local storage file will expire when you delete it in your browser
    * This service may also collect information regarding the use of other sites, apps and online resources. You can learn about Google’s practices on the Google website.
    ** This service may also collect information regarding the use of other sites, apps and online resources, including but not limited to, for site optimization, fraud/security purposes, and advertising. You can learn about Microsoft’s practices on the Microsoft Clarity website..
    *** Getsitecontrol is using local storage instead of cookies. The information about the way Getsitecontrol stores and processes data can also be found on the Getesitecontrol website.
    Your Choice Regarding Cookies
    If You prefer to avoid the use of Cookies on the Website, first You can tick the respective button of our Cookie banner. This will let You set up Your Cookie preferences. In addition, You may disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this website. You may use this option for preventing the use of Cookies at any time.
    If You do not accept Our Cookies, You may experience some inconvenience in your use of the Website and some features may not function properly.
    If You'd like to delete Cookies or instruct your web browser to delete or refuse Cookies, please visit the help pages of your web browser.
    For any other web browser, please visit your web browser's official web pages.
  4. How do we use Data
    1. When You request us to contact You
      Via our website, You can address Us Your questions, queries, comments or complaints. You can also contact us by e-mailing us using for example the contact details listed in this Privacy Policy or on our Website. When You do so, We will collect the information that You fill out, including Your name, email address and your message to attend and manage Your requests. Therefore, We use this data for our legitimate interest of conducting business with You or for the performance of a contract with You.
    2. Data we collect automatically when You use this Website
      When You access the Website, We may collect certain information automatically, including, the Usage Data, Cookies, and similar tracking technologies.
      This information is collected for Solidgate’s legitimate interest to improve and to administer Our Service, including data analysis, troubleshooting, statistical and survey purposes.
      You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some features of our Website.
    3. Data we collect as a gateway service provider
      As a gateway (technical) services provider, We process some Personal Data of Customers (e.g., cardholders), such as transaction data necessary to provide gateway services. We make these data available to Merchant through the Website so that it can manage payments with Customers, build analytics and customer support.
      Also, We process certain Personal Data that are necessary to facilitate the process of Merchant company’s merchant processing account(s) opening and advising on its maintenance. We collect only such data related to the Merchant’s beneficial owners, principals, officers, authorized representatives that are requested by acquirers to comply with their regulatory requirements.
      Please note, that as a Controller, Merchant shall bear primary responsibility for the processing of Customers’ Personal Data, including:
      • Ensuring the protection of Personal Data in accordance with applicable data protection regulations (e.g., the GDPR);
      • providing Customers with necessary information about the processing and the recipients of their Personal Data, such as Solidgate;
      • supporting the exercise of the rights of Customers under the applicable legislation, etc.
      To the extent that We are acting as a Processor, We will process Customers’ Personal Data in accordance with the terms of Our agreement with Merchant and Merchant’s lawful instructions.
    4. Data we collect as a payment service provider (acquirer)
      As an acquirer, We process some Personal Data of Customers and cardholders, such as transaction data necessary to accept Customers’ payments for our Merchants. We make these data available to Merchant through the Website so that it can manage payments with Customers, build analytics and customer support. Therefore, We use this data for our legitimate interest of providing acquiring services to Merchants.
      Also, We process certain Personal Data that are necessary to facilitate the process of Merchant company’s merchant processing account(s) opening and advising on its maintenance. We collect only such data related to the Merchant’s beneficial owners, principals, officers, authorized representatives that are necessary to comply with Our regulatory requirements. We process such Personal Data to comply with our legal obligations as a financial institution, such as the applicable the European Union and/or EU member states’ legislation to combat money laundering and terrorist financing.
  5. Recipients of Data
    1. Service Providers. If necessary, we may share Your Personal Data with Service Providers to monitor and analyze the use of our Service, to store the Personal Data, to show advertisements to You, to help support and maintain Our Service, to contact You, etc. Our Service Providers include, but are not limited to, Google, Microsoft, Amazon, Getsitecontrol, etc. We have concluded agreements with our Service Providers to protect Your Personal Data.
    2. Business transfers. If the Company is involved in a merger, acquisition, reorganization, assignment, transfer, change of control, or asset sale, Your Personal Data may be transferred to third parties in connection with such transaction. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
    3. Affiliates. We may share Your Personal Data with Our Affiliates, in which case we will require those Affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
    4. Business partners. We may share Your information with Our business partners to offer You certain products, services or promotions.
    5. Payment services providers. We may share the Personal Data related to Customers (e.g., transaction data) and Merchant’s representatives (e.g., KYC data) with Merchant’s payment services providers (acquirers) to provide Our gateway services.
    6. Card schemes. We may share the Customer’s Personal Data, such as personal details and transactional data, with international card schemes (e.g., Visa and Mastercard) to the extent necessary to accept Customers’ payments made on the websites of Merchants.
    7. Law enforcement. Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
    8. Other legal requirements. The Company may disclose Your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation, to protect and defend the rights or property of the Company, to prevent or investigate possible wrongdoing in connection with the Service, to protect the personal safety of Users of the Service or the public, to protect against legal liability.
  6. Data retention
    We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. For example, We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
    The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
    We will retain the Personal Data of Customers (e.g., transaction data) and representatives (e.g., KYC data) only to the extent and for such period as required by applicable laws (when we act as a payment service provider) and our legal agreement concluded with Merchant (when we act as a gateway service provider).
  7. Data transfers
    We will take all steps reasonably necessary to ensure that Your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your Personal Data and other information.
    Your Personal Data may be shared with other companies outside of the European Economic Area ("EEA"), when this is necessary for the purposes of providing Our Service. It may include the countries in which some of Our Affiliates and/or Service Providers are located, such as the United States. In case of such transfer we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to third countries. We rely on Data Privacy Framework (for EU-US transfers) or Standard Contractual Clauses as approved by the European Commission in order to offer sufficient safeguards on data protection for the data to be transferred internationally.
  8. Data security
    We put security at the forefront of business operations. The Company has implemented a range of technical and organizational measures appropriate to secure Your Personal Data in a manner that takes account of the potential risks for Your interests and rights. We are certified with Payment Card Industry Data Security Standard (PCI Service Provider Level 1). Even though We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
  9. Your rights
    You may have the following rights with regard to Your Personal Data:
    • to obtain confirmation as to whether or not We process Your Personal Data, and, where that is the case, the information about such processing;
    • to request rectification of inaccurate Personal Data;
    • to request erasure of Your Personal Data in certain circumstances provided by law;
    • to restrict the processing, for example when the processing is unlawful;
    • to object to processing of Your Personal Data which is based on a legitimate interest;
    • to receive Your Personal Data We process in a structured, commonly used and machine-readable format and to transmit those data to another controller;
    • to withdraw any consent that was given at any time.
    If you wish to exercise any of the rights set out above, please contact Us by email: legal@solidgate.com.
    You also have the right to lodge a complaint with a supervisory authority of the country in which You live or work or the country in which We are located (Cyprus).
  10. Children
    Our Service does not address anyone under the age of 13, and we request that they not provide Personal Data through the Service. We do not knowingly collect Personal Data from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
  11. California residents
    1. Information on Our privacy practices.
      You may find in this Privacy Policy and in Our Cookies Policy the information on Our privacy practices and access information as required by the California Consumer Privacy Act (“CCPA”), in particular the information about:
      • the categories of Personal Data to be collected;
      • the purposes for which the categories of Personal Data shall be used;
      • the categories of sources from which the Personal Data are being collected;
      • the categories of third parties with whom We may share Personal Data.
    2. Access to Your Personal Data.
      We may also provide You with specific pieces of Personal Data We has collected about You but no more than twice in a year. To obtain this information from Us, please send an email to legal@solidgate.com. which includes “Request for California Privacy Information” on the subject line and Your state of residence and email address in the body of your message. If You are a California resident, We will provide the requested information to You at your email address in response.
    3. We do not sell Your Personal Data.
    4. Your right to deletion.
      You can request that We delete any Personal Data about You which We have collected from You, except for the cases explicitly provided for by the CCPA (e.g., when We need such data to detect security incidents, protect against illegal activity, comply with a legal obligation, etc).
    5. Non-discrimination.
      Solidgate does not discriminate against You in case You exercise any of the consumer’s rights under this Privacy Policy and/or the CCPA in any way. If you wish to exercise any of the rights set out above, please contact Us by email: legal@solidgate.com.
  12. Third-party websites
    Our Service may contain links to other websites that are not operated by Us. For example, third-party service for customer support. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
  13. Updates
    We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let You know via a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
  14. Contact Us
    If you have any comments or questions about this Privacy Policy or our data protection practices, You can contact us by email: legal@solidgate.com