SECURITY POLICY (personal data protection)
1.1.  General Data Protection Regulation (GDPR) – updated rules for personal data processing, established by the General Data Protection Regulation (EU Regulation 2016/679) dated 27 April 2016. It enhances and standardizes personal data protection for all parties within the European Union (EU).

1.2.  The company is "GBPay" LLC.

1.3.   Customer – a legal entity or individual (data subject), registered at, who uses or has expressed the wish to use any goods and/or services of the Company.
1.4.   Personal data — any information pertaining to an identified or identifiable individual, which can be used to identify him/her directly or indirectly.
1.5.   The Personal Data Information System comprises personal data stored in personal databases and the information technologies and equipment to process it.
Personal Data Processing means a set of actions (operations) performed on personal data using means of automation, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of the personal data. 
Personal data blocking means a temporary or definitive cessation of personal data processing.
1.8.   Personal data destruction means actions resulting in the impossibility to restore the contents of personal data in the information system, and/or resulting in the destruction of physical media on which the personal data is stored.

2.1.   Confidentiality policy  - Personal Data protection (hereinafter, Policy) for data subjects from EU countries, prepared in accordance with Regulation N 2016/679 of the European Parliament and the of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. General Data Protection Regulation (GDPR) is the document regulating the procedure for processing and protecting personal data. 

2.2.  The purpose of this Policy is to secure the rights of citizens in the processing of their personal data and to take precautions against unauthorized access to, accidental or illegal destruction, loss,
alteration, or unauthorized transfer of personal data stored or otherwise processed, as well as against other unlawful acts in respect of the personal data of the Company’s customers.

2.3.   Personal data is processed only for purposes directly related to the business of GBPay LLC, namely:
*Customer registration on the Company website;
*provision of access to the Customer Profile;
*Customer authorization and authentication in the Profile;
*Customer verification procedure;
*enabling Customers to order GBPay cards;
*training sessions, seminars, and other events held or participated in by the Company;
*monitoring customers’ compliance with the Company’s fraud-related regulations;
*monitoring the Customer’s advertising activities to detect any dissemination of false information about the Company, its services, products, etc.;
*selecting and hiring employees to work in the Company’s representative and other offices.

2.4.   The Company gathers data only to the extent necessary to achieve the above objectives.

2.5.   Any transfer of personal data to third parties shall be subject the Customer’s written consent.

2.6.   Personal data shall not be used to cause property and/or moral damage to the Company’s customers.

2.7.   Legal entities and individuals possessing, receiving, and using Customer information within the scope of their authority shall be liable for any breach of the provisions of this document on personal data protection.

2.8.   The Company may make any amendments to this Policy. After making any such amendments, the new version of the Policy shall become effective upon its publication on the website.

2.9.  The electronic version of the Confidentiality Policy can be found on the GBPay LLC website at

3.1.   The Company will process the following personal data of the Customer:
*email address;
*full name;
*international phone number;


4.1.   The Company shall process the Customer’s personal data using means of automation (automated processing).

4.2.   Personal data is processed based on the following principles:

4.2.1.   lawfulness of the purposes and means of processing personal data;

4.2.2.   the scope and nature of personal data to be processed and the processing methods shall answer to the purposes stated in Paragraph 2.3 of these Rules; 

4.2.3.   the reliability of personal data and its sufficiency for processing purposes;

4.2.4.   no processing shall be performed in respect of personal data which is superfluous in comparison with the stated purpose of gathering the personal data;

4.2.5.   destruction of personal data after the processing purpose has been achieved and/or if the purpose no longer needs to be achieved;

4.2.6.   personal accountability of the website Administration for the integrity and confidentiality of personal data.
4.3.   Any inaccurate personal data shall be deleted and/or corrected (at the user’s request).

4.4.   Personal data shall be processed only subject to the Customer’s consent to the processing of its personal data, which it shall demonstrate in the form of clear, deliberate actions, by accepting the terms of the USER AGREEMENT during registration on the Company’s website.
5.1.   In order to secure human and civil rights and freedoms, the Company shall comply with the following general requirements when processing customers’ personal data:

5.1.1.   The Customer’s personal data shall be processed only for the purpose of providing access to products and services offered by the Company;
5.1.2. The Company shall not receive or process personal data regarding the nationality, political views, religious or philosophical beliefs, health condition, or the sexual life of the Customer;
5.1.3.   The Company shall notify the Customer or its representative of any personal data related to the respective Customer;
5.1.4.   The Company shall store and protect the Customer’s personal data from unauthorized use, and in case of its loss, ensure that it is restored at its own expense, in accordance with applicable international laws;
5.1.5. The notice of personal data shall be provided to the Customer upon request, in any available form, and shall not contain any personal data of other Customers;

5.1.6.   Upon finding, at the request of the Customer, the personal data to be false or discovering that any unlawful acts have been performed in respect of it, the Company shall block the personal data for the duration of the audit;
5.1.7.   If the personal data is confirmed to be false, the Company shall correct the personal data based on the documents provided by the Customer and unblock it;

5.1.8.   Should the Customer revoke its consent to the processing of its personal data, the Company shall cease its processing and destroy all the data within three business days.


6.1.   The right to access his/her own personal information.

6.2.   The right to be informed about personal data processing methods.

6.3.   The right to revoke consent to personal data processing.

6.4.   The right to prohibit the dissemination of personal data without his/her consent.

6.5.   The right to demand that his/her personal data be changed, corrected, or destroyed.

6.6.   The right to supplement personal data at the subject’s discretion.

6.7.   The right to data portability, where the Company provides a free electronic copy of personal data to another company at the request of the data subject.

6.8.  The right to be forgotten, i.e. the ability to have his/her own personal data deleted upon request, to avoid its unauthorized dissemination or transfer to third parties.
7.1.   A threat or danger of loss of personal data is understood as a single or systematic, real or potential, active or passive manifestation of the malicious capabilities of external or internal threat sources to create adverse conditions or have a destabilizing effect on the information under protection.

7.2.   Potential threats to any information resources include natural disasters, extreme situations, terrorist acts, accidents involving vehicles or communications, other external circumstances, as well as persons interested and disinterested in the threat.

7.3.   Personal data protection is a rigidly regulated technical process preventing any disruption to the availability, integrity, authenticity, and confidentiality of personal data, ultimately ensuring a sufficient level of information security in the Company’s business.


8.1.   The Company shall be liable for personal information in its possession, and hold its employees personally accountable for compliance with the privacy principles established by the Company.

8.2.   Every employee of the Company allowed to access physical media carrying personal data shall be responsible for the integrity of the media and confidentiality of the information.

8.3.   The Company undertakes to maintain a system for accepting, registering, and monitoring the processing of Customer complaints, available via telephone, wire, or mail.

8.4.   Any person may file a complaint to a Company employee in respect of any breach of this Policy. Complaints and applications in respect of compliance with data processing requirements shall be processed within thirty business days from receipt.

8.5.   Company employees shall ensure the due consideration of requests, applications, and complaints filed by the Customer, and assist in achieving compliance with the requirements of competent authorities. Persons breaching the provisions of this Policy shall be held liable in accordance with the provisions of international laws.
Any inquiries in respect of the processing of your personal data can be addressed to: