Back to Home
Data Protection

Privacy
Policy

How we collect, use, and protect your personal data. Your privacy is our priority.

Privacy Focused

Your Data, Protected

Last UpdatedNovember 5, 2025
Data ControllerPaysolo Ltd
Jurisdiction
Bulgaria

Privacy Policy

Data Protection Policy of Paysolo Application

This Policy is addressed to Paysolo users. The Policy describes the rules for the collection and use of Paysolo users' data obtained directly from them or via cookies and similar technologies.

We assure each user that we will exercise the utmost diligence when caring for the protection of personal data. We do not transfer personal data without the consent of our users. We enable users to familiarize themselves with the personal data collected and processed by us, with their consent, and to change them or withdraw their consent.

1. Personal Data Controller

The controller of data collected in connection with the use of the Paysolo application is Paysolo Ltd (also referred to as "Paysolo", "we", "our", "us"), a Limited Liability Company with its registered office in str. ul. TODOR ALEXANDROV No 41, Blagoevgrad, pc 2700, Bulgaria, entered into the Commercial register and register of non-profit legal entities (NPLE) under UIC number 207268330, e-mail: contact@paysolo.io

In matters related to the processing of your data by the Controller, you can contact the above address data or the Data Protection Officer appointed by the Data Controller, at the following e-mail address: support@paysolo.io

2. Scope of Collected Personal Data

2.1
Paysolo enables users to contact the Controller and provide it with identification and contact data, as well as data related to the content of their message or transaction made.
2.2
The Data Controller collects data related to user activity, such as the time spent in the application, date, source of visit, geolocation data, device data and other data that may influence the transaction risk analysis or user identification.

3. Data Source

3.1
If the user contacted the Data Controller, the data was made available to us directly from the user.
3.2
If the user's data has been provided by a third party, the source of the data is that third party. In this case, the Data Controller may receive identification, address, and inquiry-related data.

4. Purpose and Legal Basis

For the processing of personal data

User data may be processed for the purpose of:

Network Traffic Analysis & Security

Network traffic analysis, ensuring security as part of the provision of services by Paysolo and adapting the content to the user's needs based on the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR).

Analytics and Advertising Technologies

Including Google Analytics and Meta (Facebook) Ads tools such as the Meta Pixel - to understand how our services are used, improve performance and user experience, detect and fix defects, and measure the effectiveness of our marketing.

Subject to your settings and consent where required, these tools may process:

  • device and network data (cookie IDs or similar identifiers, IP addresses, browser/OS type and version, screen size, mobile identifiers);
  • usage data (pages viewed, clicks, scrolls, session duration, crash/diagnostic events);
  • campaign data (referrers, UTM parameters, ad impression/clicks, conversions);
  • approximate location derived from IP; and
  • optionally, hashed contact identifiers or advertising IDs if you provide them or your device permits.

Analytical Activities

Analytical activities related to the functioning or optimization of Services or applications and other available services, including their optimal selection, as well as for the purposes of building knowledge about the Customer's needs, researching their satisfaction, including obtaining market opinions, qualitative information, conducting after-sales research. For this purpose, the processing is carried out on the basis of the premise specified in Article 6 sec. 1 (f) of the GDPR, i.e. in the legitimate interest of the Controller.

Marketing Activities

Marketing activities undertaken, in particular in the field of promotion of goods and services of the company or its cooperating entities, including sending commercial information. For this purpose, the processing is carried out on the basis of the premise specified in Article 6 sec. 1 (f) of the GDPR.

Legal Claims

Establishing, investigating or defending against claims. For this purpose, the processing is carried out on the basis of the premise specified in Article 6 sec. 1 (f) of the GDPR, i.e. in the legitimate interest of the Controller, which manifests itself in the right of every person to assert their rights.

Data Sharing for Marketing

Sharing data with other entities cooperating with the Controller, for marketing purposes - the basis for data processing is voluntary consent, provided that such consent has been granted; if consent is not given, personal data is not processed for this purpose. The basis for data processing is the consent referred to in Article 6 sec. 1 (f) of the GDPR.

Profiling

Offering products and services according to customer needs, i.e. profiling. The basis for data processing is the consent referred to in Article 6 sec. 1 (f) of the GDPR.

Complaints

Exercise of rights arising from complaints. The basis for processing is the performance of the controller's obligations arising from the rights of consumers, and in the other category of customers in the legitimate interest of the controller, which is the right to establish, assert and defend claims. For this purpose, the processing is carried out on the basis of the premise specified in Article 6 sec. 1 (f) of the GDPR.

5. Right to Withdraw Consent

5.1
The consent to the processing of contact data may be withdrawn by the user at any time by contacting the Data Controller. Withdrawal of consent may make it difficult or impossible to contact the user and provide the service or make the ordered product available to the user.
5.2
In justified situations referred to in Article 17 sec. 3 of the GDPR, the right to withdraw consent may not be available to the user. The Data Controller may decide that the data is necessary due to, inter alia, compliance with a legal obligation that requires processing under the law of the European Union or the law of the Member State to which the Data Controller is subject, to establish, assert or defend claims, and in other cases specified by law.

6. Obligation or Voluntary Provision of Data

6.1
Providing data by the user for purposes related to setting up an account is voluntary, but necessary. Failure to provide them may make it difficult or impossible to use Paysolo services.
6.2
Providing the data necessary to verify the identity of Paysolo user is voluntary. SumSub is responsible for verifying the identity of the Paysolo user (website: www.sumsub.com), whose privacy policy separately regulates the rules for the protection of users' personal data.

7. Rights Resulting from the GDPR

The user has the right to:

  • request the Data Controller to provide the user with access to their data, as well as a copy of it (Article 15 of the GDPR);
  • request the Data Controller to rectify or correct their data (Article 16 of the GDPR) - in reference to the request for rectification of data when the user notices that their data is incorrect or incomplete;
  • request the Data Controller to delete their data (Article 17 of the GDPR);
  • request the Data Controller to limit processing (18 GDPR) - e.g. when the user notices that their data is incorrect - the user may request the restriction of the processing of their data for a period that allows to check the correctness of this data);
  • lodge a complaint in connection with the processing of their personal data by the Controller to the supervisory body dealing with the protection of personal data.

Commission for Personal Data Protection

Address: 2 Tsvetan Lazarov Bvd, 1592, Boulevard "Professor Tsvetan Lazarov" 2, 1784 Sofia, Bulgaria

8. Recipients of Personal Data

8.1
The recipients of the user's personal data may only be entities that are authorized to receive it under the law. In addition, user data may be made available to couriers, postal and telecommunications operators, hosting providers, and mail servers.
8.2
We reserve the right to share and receive information with the affiliated company SumSub exclusively for the purpose of verifying data associated with the transfer of funds, encompassing both fiat and cryptocurrency, during the processing of your withdrawal requests. This collaborative exchange of information ensures the accuracy and legitimacy of the transaction, aligning with our commitment to secure and transparent financial operations.

9. Duration of Data Storage

9.1
The user's personal data will be kept for the period necessary to achieve the purposes of processing, but not shorter than the period specified in the provisions of law, including the provisions on archiving.
9.2

Personal data processed in connection with the concluded Agreement are stored for the period of its validity and until the claims in this respect are time-barred.

  • Personal data processed on the basis of consent or the legitimate interest of the Controller - until an objection is raised or the consent is withdrawn by the data subject or the purpose of processing ceases to exist.
  • Personal data processed for the purpose of a complaint - until the end of its consideration or until the dispute in this respect is resolved.
  • Personal data processed in order to exercise consumer rights - for the period necessary to assert them.
9.3
Data related to the analysis of network traffic collected through cookies and similar technologies may be stored until the cookie expires. Some cookies never expire, therefore the data storage time will be equivalent to the time necessary for the Data Controller to achieve the purposes related to data collection, such as ensuring security and analyzing historical data related to website traffic.

10. Co-administration of Personal Data

10.1
The Data Controller, in the scope of personal data processing by itself, allows for the possibility of adopting a model of co-administration of personal data in accordance with Article 26 of the GDPR.
10.2

Co-administration of data may take place if the Data Controller and at least one other entity jointly determines the purposes and methods of personal data processing. This means that in a given process of personal data processing, three conditions must be met simultaneously, i.e. the Data Controller and at least one other entity must:

  • be a controller within the meaning of Article 4 point 7 of the GDPR,
  • jointly determine the purposes of data processing,
  • jointly determine the methods (technical and organizational) of data processing.
10.3
If the conditions referred to in clause 10.2 are met, the Data Controller and at least one other entity become joint data controllers in the scope of a given personal data processing process.
10.4
In the case of adopting the data co-administration model, the data co-controllers, by way of joint arrangements, transparently define the respective scopes of their responsibility regarding the fulfillment of obligations under the GDPR.

11. Disclosure to Public Authorities

11.1
The user's personal data may be made available to public authorities, including financial institutions, tax institutions, law enforcement agencies, etc. Such disclosure of personal data does not violate the provisions on the protection of personal data.
11.2
Due to the fact that pursuant to Article 4 point 9 of the GDPR, public authorities are not considered recipients, the Data Controller is not obliged to inform the Paysolo users about disclosing their personal data to these authorities.

12. Risk-based Approach

As regards the applied solutions relating to the processing of personal data, in particular with regard to security, the Data Controller applies the risk-based approach.

13. Cookies and Similar Technologies

13.1
Paysolo enables the collection of information about the user via cookies and similar technologies, the use of which most often involves the access of this tool on the user's device (computer, smartphone, etc.). This information is used to save the user's decisions (accepting the policy), maintaining the user's session (e.g. after logging in), saving the password (with consent), collecting information about the user's device and their visit to ensure security, but also for visit analysis and content customization.
13.2
Information obtained through cookies and similar technologies is not combined with other data of Paysolo users, nor are they used to identify them by the Data Controller.
13.3
The user can set the browser to block certain types of cookies and other technologies, by specifying, for example, that only those that are necessary for the correct display of the page will be allowed. By default, most browsers allow the use of all cookies, but the user can change these settings at any time, and can also delete already installed cookies. Each browser allows this through one of the options available in the settings or preferences.
13.4
By using Paysolo without changing the settings, i.e. with the default acceptance of cookies and similar technologies, you consent to their use for the purposes set out above. The Controller does not use the obtained information for marketing purposes.

14. Automated Decision Making

And Profiling

14.1

The processing of the user's personal data may be automated, which may involve automated decision-making, including profiling, which is performed by the Data Controller under applicable law. This applies to the following cases:

  • verifying the identity of the Paysolo user, where the assessment is made by SumSub (www.sumsub.com) based on the established criteria.
  • assessing the risk of violating the law, where the assessment is made on the basis of the obtained data and established criteria.
14.2
The consequence of the performed assessment, in the above cases, is automatic classification to a risk group, where being classified to the unacceptable risk group may entail consequences provided for by law.

15. Policy Review and Updates

15.1
The policy is periodically reviewed in terms of its adequacy, at least once a year.
15.2
Whenever the legal provisions which are the source of the obligations indicated in the Policy change, or there are significant factual changes within the Data Controller's structure, the Policy review is carried out immediately.

Contact & Inquiries

Paysolo Ltd

Data Controller

Paysolo Ltd
UIC: 207268330
Bulgaria

General Contact

contact@paysolo.io

Data Protection Officer

support@paysolo.io