Privacy Policy


Exactly (hereinafter also referred to as the "Data Controller") means. Opay Holding Limited, registered office in Ground Floor, 4 Victoria Square, St Albans, Hertfordshire, United Kingdom, AL1 3TF, company registration number: 11921832. Terms such as "we", "us", "our", "ours", etc., that may be used in the Privacy Policy also have the same meaning. Opay Holding Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN: 901022).


This Privacy Statement is provided pursuant to General Data Protection Regulations 2018 (“GDPR”) and The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) (No. 2) Regulations 2019. This Privacy Policy governs the way we process personal data and ensure its protection in the Exactly Payment System. Please read the following policy carefully to understand how do we use your personal data. Please note, that by using our services, you authorize and consent to exchange of any information about you between us and third parties in connection with identity or account verification, fraud detection, or collection procedure, or as may otherwise be required by applicable law.


Collected information is in line with relevant regulations and law. We may collect the following information about you:

  • Name, surname, title, birth code or date of birth, place of birth, sex;
  • Permanent residence or other residence and citizenship, phone number, e-mail address;
  • Copies of identification documents proving identity;
  • For natural persons doing business: registered business name, place of business and the person’s identification number;
  • Bank account number;
  • Data about implemented and cancelled payment transactions;
  • Data about credit, debit or other payment card including PAN, expiry date;
  • Information obtained from Exactly questionnaires or similar forms;
  • IP address;
  • Data about visits to our website, in particular operational data;

We may collect the following information from other sources:

  • information you’ve asked us to collect for you, e.g. information about your accounts or holdings with other companies including transaction information;
  • information from third party providers, e.g. information that helps us to combat fraud;

We collect, process, and use information about you for the following purposes:

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  • to improve, personalize and facilitate your use of our services;
  • to analyze your use of our services;
  • to prevent or detect crime;
  • to establish, exercise or defend our legal rights, or rights of our

We may disclose your information to the third parties, for the purposes stated in the Article 4 of this policy.

Any third party that we disclose your information is required to protect such disclosed information and use it only to carry out the services they are performing for you or for us, unless otherwise required or permitted by law.


We store your information for as long as it is necessary to duly perform our services to you and other obligations resulting from the binding agreements and as long as it is required by the applicable law. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. If we need to retain information for any longer, we may destroy, delete or anonymise it.


In accordance with applicable regulations, you have the following rights:

  • To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data;
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified accordingly;
  • To erase: you can require the deletion of your personal data, to the extent permitted by law;
  • To restrict: you can request the restriction of the processing of your personal data;
  • To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.

Please note, that we may continue to retain your information if we’re entitled or required to retain it.

You can exercise your rights by contacting us using the details set out in the Contact Details section below. You also have a right to complain to the UK Information Commissioner’s Office by visiting, or to the data protection regulator in your country.


We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We hold information about you at our own premises in accordance with the recommendations of the Payment Card Industry Security Standards Council, Customer card details are protected using Transport Layer encryption — TLS 1.2 and application layer with algorithm AES and key length 256 bit. We restrict access to personal information to our employees, contractors, and agents who need to know that information in order to transmit, store, or process it, who are subject to contractual confidentiality obligations consistent with this Policy, and who may be disciplined or terminated if they fail to meet these obligations.

Please note that no transmission of information via the internet is completely secure and no storage system is guaranteed to be entirely secure. If you have any reason to believe that your interaction with us is no longer secure, please contact us immediately.


We may change or update this Privacy Policy. Any changes we may make to this Privacy Policy in the future will be posted on the Website and any such changes will be effective starting from the date when we post the revised Privacy Policy. We may provide You with notifications regarding the changes in the Privacy Policy by posting them on our Website.


If you have any questions relating to our use of your personal data under this Privacy Policy, please contact our data protection officer or the following address:

Ground Floor, 4 Victoria Square,St Albans, Hertfordshire,United Kingdom, AL1 3TF

v. 1.0
We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalised content and targeted ads, to analyse our website traffic, and to understand where our visitors are coming from. More info: Cookie Policy.