Privacy Policy

This Privacy policy together with our Terms of Service sets out the basis on which any Personal Information we collect from you ("you", "your", or "customer"), or that you provide to us, will be processed by us according to the EU General Data Protection Regulation 2016/679 ("GDPR"), its successors or implementing texts. By "Personal Information", we mean any information which, either alone or in combination with other data, enables you to be directly or indirectly identified, for example, your name, email address, username, contact details, or any unique identifier such as an IP address, device ID or other online identifiers

Please read the following carefully to understand what data we collect, how that data is used, and the ways it can be shared by us. If you do not wish for your Personal Information to be used in the ways described within this Privacy Policy, then you should not access or use the Site or use the services, functions, or features offered from time to time on the Site ("Services").

What information do we collect? Information you give us.

This is information about you that you give us by:

  • opening an ArrivalPay OÜ account;
  • using our customer support centre;
  • corresponding with us by phone, email, or otherwise.

The Personal Information most often collected and maintained in a customer file, includes customer identification, transaction history, including records of payments made.

Information we collect about you

Each time you use the Services, we may automatically collect the following information, which may be considered to be Personal Information when combined with other information about you:

  • technical information, including the Internet protocol (IP) address used to connect your computer or other devices to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the dates and times you use the Site length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call the contact phone number provided on our Site.

Similar to other websites, our Sites utilize browser cookies (small text files stored on a user’s web browser when you visit a website), web beacons, and similar tracking technologies (collectively, "Cookies") to collect and store certain information when you use, access, or interact with our services.

Information we may collect from third party sources

We may receive information about you from other sources, including third parties that help us update, expand, and analyse our records, prevent or detect fraud; process payments; or analyse your use of our Services. Our Services may also include integrated content or links to content provided by third parties (such as live chat, social media content, plug-ins, and applications). Additional third parties may include our affiliated entities.

Purposes for which we collect your personal information

If you wish to transact on and use the Site or use the Services, we will collect information about you for the purposes set out below.

  • establish and maintain a responsible commercial relationship with you;
  • understand your needs and your eligibility for products and services;
  • inform you about trading and financing features;
  • provide information to you about developments and new products, including changes and enhancements to the Site;
  • develop, enhance, and market products and services, and provide products and services to you;
  • process billing and collection of any fees;
  • conduct surveys and get feedback from you;
  • deliver products and services to you;
  • provide you with news and other matters of general interest to you as an ArrivalPay OÜ customer;
  • to comply with our legal or regulatory obligations and to respond to legal, regulatory, arbitration, or government process or requests for information issued by government authorities or other third parties or to protect your, our, or others’ rights.

We use IP addresses to analyse trends, administer the Site, track customer movements, and gather broad demographic information for aggregate use. For systems administration and detecting usage patterns and troubleshooting purposes, our web servers also automatically log standard access information, including browser type, access times/open mail, URL requested, and referral URL. This information is not shared with third parties and is used only within ArrivalPay OÜ on a need-to-know basis. We reserve the right to block access for any customer accessing the Site via a proxy service intending to conceal originating identity. This includes access via the Tor anonymity network.

We may also aggregate personal and other data captured by us so that the data is no longer capable of identifying an individual. Aggregated data may cover patterns of usage, and we reserve the right to use this aggregated information for the purposes of improving and enhancing our Services, generating insights, for use in marketing to other users and current and potential partners, and otherwise for the purposes of our business.

Provided that such aggregated data does not directly or indirectly identify you as an individual, this data is not considered to be Personal Information for the purpose of this Privacy Policy.

Legal bases on which we process your personal information

We will process your Personal Information on the following grounds:

  • where it is necessary for us to perform pursuant to our contract with you or in your interests; and/or
  • where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. Legitimate interests mean the interests of our organization to conduct and manage our business to enable us to better serve you and provide you with a secure experience on the Site; and/or
  • as may be required to comply with any legal or regulatory obligations that may apply to us, for instance, under anti-money laundering and sanctions regimes.

We ensure that we balance any potential impact on you and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Generally, we do not rely on consent as a legal basis for processing your Personal Information other than in relation to our use of cookies or when we send third-party direct marketing communications to you via email or text message.

Security and confidentiality

We are committed to protecting your privacy. Internally, only people with a business need to know Personal Information or whose duties reasonably require access to it are granted access to customers’ Personal Information. Such individuals will only process your Personal Information on our instructions and are subject to a duty of confidentiality.

The website’s systems and data are reviewed periodically to ensure that you are getting a quality service and that leading security features are in place. We have put in place procedures to deal with any actual or suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.


You agree that we have the right to share your Personal Information with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, including their respective contractors, affiliates, employees, or representatives.
  • Our service providers, to the extent necessary to supply the Services to you.
  • Selected third parties, including analytics and search engine providers that assist us in the improvement and optimization of the Services.
  • Authorities and law enforcement agencies worldwide either when ordered to do so or on a voluntary basis if this appears reasonable and necessary to us (please refer to our Law Enforcement Requests Policy).

We will also disclose your Personal Information to third parties:

  • If ArrivalPay OÜ or substantially all of its assets are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service and other agreements; or to protect the rights, property, or safety of us, our clients, or others.


Your Personal Information will be stored in European Union servers and may be transferred worldwide.

Personal Information and other data may therefore be exported outside of the jurisdiction in which you reside. Your Personal Information may be processed and stored in a foreign country or countries. Under those circumstances, the governments, courts, law enforcement, or regulatory agencies of that country or those countries may be able to obtain access to your Personal Information through foreign laws. You need to be aware that the privacy standards of those countries may be lower than those of the jurisdiction in which you reside.

Unfortunately, the transmission of information via the Internet is not completely secure. While we do our utmost to protect your Personal Information, we cannot guarantee the security of your data transmitted to us over email or through the Site; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorized access.

EEA customers only: We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. All the data you provide to us is stored on our secure servers. Where we transfer our data outside of the EEA, we ensure that adequate safeguards are in place. Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information out of the EEA.

Your rights

All Customers

You may access and verify your Personal Information held by us by submitting a written request to

If you no longer wish to receive marketing communications from us, you can also let us know via the methods stated below. The electronic marketing communications we send to you also contain opt-out mechanisms that allow you to opt-out from receiving those communications, update your contact information, or change your preferences at any time. We will honor your choice and refrain from sending you such announcements.

You may also opt back in to receive those communications at any time.

EEA Customers

You have a number of rights in relation to how we process your Personal Information. These include the right to:

  • access the Personal Information that we may hold about you;
  • rectify any inaccurate Personal Information that we may hold about you;
  • have your Personal Information erased in certain circumstances, for example, where it is no longer necessary for us to process your Personal Information to fulfil our processing purposes; or where you have exercised your right to object to the processing;
  • restrict the processing of your Personal Information where, for example, the information is inaccurate, or it is no longer necessary for us to process such information or where you have exercised your right to object to our processing;
  • object to the processing of your Personal Information which may be exercised in certain circumstances, for example, where we are processing your Personal Information for direct marketing purposes, or where your own legitimate interests outweigh ours;
  • have your data ported to a new service provider if you no longer wish to use the Services.

You may exercise these rights by contacting us (see details below).

No fee usually required

You will not have to pay a fee to access your Personal Information or to exercise any of your other rights. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Other websites and protecting your personal information

This Privacy Policy and the use of your Personal Information only applies to the information you provide to us. You are cautioned that if you disclose Personal Information or personally sensitive data through the use of the Internet, such as through chat rooms, communities, bulletin boards, or other public online forums, this information may be collected and used by other persons or companies over which we have no control. Our Site and other services may include integrated content or links to content provided by third parties (such as video materials, social media content, plug-ins, and applications). Please note that the websites, applications, and services of third parties (including affiliate entities, associated companies, sponsors, advertisers, or other persons) will be governed by the privacy settings, policies, and/or procedures of the third-party which may differ from this Privacy Policy. This Privacy Policy does not address, and we are not responsible for or able to control the privacy, security, or other practices of any third parties. It is your responsibility to review the privacy statements, policies, terms, and conditions of any person or company to whom you choose to link or with whom you choose to contract. We are not responsible for the privacy statements, policies, terms, conditions, or other content of any website not owned or managed by us.

We take all reasonable efforts to protect and safeguard Personal Information, but there are protective measures you should take, as well.

Do not share your Personal Information with others unless you clearly understand the purpose of their request for it, and you know with whom you are dealing. Do not keep sensitive Personal Information in your email inbox or on Webmail. If you are asked to assign passwords to connect you to your Personal Information, you should use a secure password and always use two-factor authentication (2FA), where available. You should change your password regularly.

Changes to our privacy policy

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.


Questions, comments, and requests regarding this Privacy Policy should be addressed to

EEA customers only: Should you have any concerns about how we handle your Personal Information, please contact us in the first instance. We will do our best to resolve your concern. Alternatively, you may prefer to submit a complaint directly to the national supervisory authority within your jurisdiction, details of which can be found online.

Data subjects under eighteen

Our business is not directed at anybody under the age of eighteen, and we will never knowingly collect Personal Information from individuals under the age of eighteen.