Privacy Policy

Last updated: October 9th, 2025

1. Introduction

This Privacy Policy provides transparent information about the processing of personal data by Lepta for visitors to our website www.leptapay.com (“Website”), and the related services, functions, and content. We explain what personal data we collect, process, and use. The Terms of Use for the Website are available via the link in the footer.

In this Privacy Policy, “Lepta”, “we”, “our,” or “us” refers to LEPTA PAYMENT SOLUTIONS LIMITED, a company incorporated and registered in the Republic of Ireland (registration number 769911) (“Lepta”).

  • Contacting us: When you contact us via e-mail or through other communication means, we process the data you voluntarily provide (name, email address, nature of the inquiry, subject, and content of your message as well as other fields completed in forms on our Website). This data is processed solely for handling your inquiry, getting in touch with you if desired, and providing you with the requested information. This data processing is necessary for the performance of a contract or to take steps prior to entering into a contract.
  • Server log files: We collect and process the following data when you visit our Website and hence access the server containing the requested service (server log files): name of the accessed Website, file type, date and time of access, data volume, server status codes, processing time, browser and client type and version, operating system, IP address, and requesting provider. This data is generated automatically and is necessary for operating our Website, distributing web server requests, detecting and rectifying errors, and security purposes. This data processing is necessary for our legitimate interest in operating error-free and secure Websites.
  • Registration and User Account: When you register on our Website and have a user account for our Online Services, we process the following personal data: title, name, company, email address, address, telephone number, IP address, VAT number, and access data. This data is processed solely for operating your account and billing our services. This processing is necessary for the performance of a contract or to take steps at your request before entering into a contract. Further information on our data processing in the context of the business relationship is available in our “Privacy Statement for Contracting Parties.” The actual provision of the service is carried out on your behalf, in our role as a processor.

3. Cookies

Cookies are files transmitted from our web server to your web browser and are stored on your device for later retrieval. Through such cookies, our Website can store important data to provide you with our services and to make the use of our Website more comfortable for you. You are not required to consent to the use of reporting cookies to use the Website.

Types of Cookies:

  • Session Cookies: are temporary cookies valid for the duration of your visit and are erased automatically thereafter.
  • Persistent Cookies: stay on your device and are not erased automatically when you close your browser. Persistent cookies improve your user experience by customizing the Website to your needs and optimizing loading time.

You can accept or reject individual or all types of cookies that are not strictly necessary easily via our “Cookie Settings” tool, which also includes details on the types of cookies we use on this Website.

Most internet browsers accept cookies by default, but you can adjust your settings to control the placement and storage of cookies:

Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Chrome: https://support.google.com/chrome/answer/95647?hl=en

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

In addition, you can deactivate cookies via Your Online Choices. This process will ask your device for an ID-Tag of an “opt-out-cookie” preventing data to be linked/associated with your device. Note that this process does not remove the opt-out-cookie; it must remain on your device for the opt out to work successfully, recognizing your opt-out. You will need to repeat this process on each internet browser you use and if you delete all cookie data from your device. Nonetheless, the use of Your Online Choices does not guarantee that no third parties use cookies through our Website.

4. Data Disclosures

To the extent necessary, we disclose your personal data to recipients as stated in this Privacy Policy and to the following categories of recipients:

  • Employees, freelancers, independent contractors, advisors or other authorized personnel of Lepta acting as individual controllers or as joint controllers, and Lepta group members.
  • Public authorities as required by, or to comply with, applicable law, regulation, court or tribunal processes, or other statutory requirements;

(Sub-)Processors operating on our behalf, such as IT-service providers and/or providers of data hosting solutions or similar services, providers of tools and software solutions that support us in the provision of our Website and the performance of our services (including providers of cookies, as well as communication service providers).

Processing of your data or using services of third parties in a third country (i.e., outside the European Economic Area (EEA) and not being recognized by the European Commission as having an adequate level of protection) is only carried out to the extent necessary and in accordance with the GDPR.

Therefore, your personal data will be transferred to third countries only if and as long as the data is protected by appropriate safeguards, you have consented to the data transfer, or the transfer is necessary for the performance of a contract or due to a legal obligation. We have implemented suitable and appropriate safeguards to ensure that the transfer of your data to the respective third country complies with data protection requirements (e.g., by concluding approved EU-Standard Contractual Clauses and necessary supplementary measures). Upon your request, we will provide you with a copy of such suitable safeguards, provided that we process or have your data processed in third countries or transfer data to third countries.

5. Data Retention

We store your personal data for no longer than is necessary for the purposes for which the personal data are processed. Depending on the respective legal basis this generally means:

  • for as long as it is required to perform our contractual obligations;
  • when processed based on legitimate interest, for as long as they are not overridden by the interests or fundamental rights and freedoms of the data subject;
  • when processed based on consent, for as long as the consent is not withdrawn and the purposes is not fulfilled; or
  • for as long as necessary to comply with statutory provisions, particularly according to legal retention periods (which is typically six years).

In further detail:

  • Usage data: stored according to Cookie Settings until you withdraw your consent.
  • User account data: stored until the end of your client relationship or as per legal retention periods (typically six years).
  • In addition, we will retain your data as long as legal claims arising from our relationship are enforceable (typically six years, inter alia as per Ireland’s Statute of Limitations Act 1957). This retention will occur only if litigation becomes apparent or until the final resolution of an incident or court proceedings. Such processing is based on our legitimate interests in establishing, exercising, or defending legal claims.

6. Your Rights under GDPR, and other Data Protection Laws

You have the right to access your personal data that is being processed by us (Art. 15 GDPR). Apart from that, you have the right to rectification of inaccurate or incomplete data (Art. 16 GDPR). You have a right to erasure if, (i) your personal data is no longer necessary for the purposes for which we have collected it, (ii) you withdraw your consent and there is no other legal basis for processing by us (cf. Section 2), (iii) you object to the processing and there are no overriding legitimate grounds for the processing (except in the case of processing for direct marketing purposes), (iv) your personal data has been unlawfully processed, or (v) for compliance with our legal obligations (Art. 17 GDPR). Additionally, you have the right to restriction of processing (Art. 18 GDPR) as well as the right to data portability concerning the data you have provided us with (Art 20. GDPR).

We may process your data on the basis of legitimate interests (in particular cf. Section 2) in which case you have the right to object. In the case you object to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing of this data which override your interests, rights and freedoms (weighing of interests) or for the establishment, exercise or defense of legal claims.

Additionally, you have the right to withdraw your consent at any time with effect for the future.

Finally, you have the right to lodge a complaint with the responsible supervisory authority (Art. 77 GDPR).

Contacting us:

If you have questions regarding this policy, or wish to exercise any of the data protection rights outlined above, feel free to contact us at:

LEPTA PAYMENT SOLUTIONS LIMITED
Attention: Data Protection Officer
Postal Address: Watch Tower House, Blackditch, Newcastle, Co. Wicklow, A63 RF61 Ireland

You have the right to lodge a data protection complaint with the Irish Data Protection Commissioner’s Office. However, we would be grateful for an opportunity to resolve matters with you in the first instance.

7. Data security

Information security is critical to our business. We implement appropriate technical and organisational security measures, taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons pursuant to Art. 32 GDPR and other applicable data protection laws.

8. Amendments of our Privacy Policy

We will amend our Privacy Policy as necessary to reflect changes to the legal landscape as well as the development of our services and the internet. Amendments will be published on our Website, so you should visit this Privacy Policy regularly to stay informed about the current status.

Picture of an arrow icon pointing up