GDPR Compliance
Last Updated: May 1, 2025
Circopay is committed to protecting the personal data of all our users, including those in the European Economic Area (EEA). This page explains how we comply with the General Data Protection Regulation (GDPR) and outlines your rights under this regulation.
The GDPR is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
Our Commitment
At Circopay, we are committed to ensuring that all personal data processing activities comply with the GDPR. We have implemented appropriate technical and organizational measures to protect your data and respect your privacy rights.
Data Security
We employ robust security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and employee training.
How We Process Your Data
Legal Basis for Processing
Under the GDPR, we process your personal data based on one or more of the following legal bases:
- Consent: You have given clear consent for us to process your personal data for a specific purpose.
- Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
Data Minimization
We collect and process only the personal data that is necessary for the specific purpose for which it was collected. We do not collect or store excessive data and ensure that the data we collect is adequate and relevant.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Once the data is no longer necessary, it is securely deleted or anonymized.
International Data Transfers
As a company based in the United States, we may transfer personal data from the EEA to the United States. When we do so, we ensure that appropriate safeguards are in place to protect your data, such as:
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules
- Adequacy decisions by the European Commission
Your Rights Under GDPR
Right to Access
You have the right to request copies of your personal data that we hold.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Object
You have the right to object to our processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us using the information provided in the "Contact Us" section below.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR compliance statement and our privacy practices. If you have any questions about this statement or how we handle your personal data, please contact our DPO at:
Data Protection OfficerCircopay LLC
123 Payment Street
New York, NY 10001
Email: contact@circopay.com
Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and not later than 72 hours after having become aware of the breach.
The notification will include:
- The nature of the personal data breach
- The categories and approximate number of data subjects concerned
- The name and contact details of our DPO or other contact point
- The likely consequences of the breach
- The measures taken or proposed to address the breach
Additional Information
For more information about how we collect, use, and protect your personal data, please refer to our Privacy Policy.
For information about how we use cookies and similar technologies, please refer to our Cookie Policy.
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. For users in the EEA, you can find your national data protection authority on the European Data Protection Board website.
For questions about our GDPR compliance, please contact us.