Get reviewed in 24h Get reviewed

Privacy Policy

Last Modified:

1. Introduction

CardCorp Ltd. (“CardCorp”, “we”, “us”, “our”) operates the CardCorp platform and related marketing websites, including https://cardcorp.com, https://highrisk.cardcorp.com, and associated subdomains (collectively, the “Site”).

CardCorp provides merchant acquisition, onboarding facilitation, and payment-related services, with a particular focus on high-risk and regulated business categories.

Security, regulatory compliance, and data protection are core to our operations. CardCorp processes Personal Data in accordance with:

  • Regulation (EU) 2016/679 (GDPR)
  • Applicable financial-services and anti-money-laundering regulations

This Privacy Policy explains:

  • What Personal Data we collect
  • How and why we process it
  • With whom it may be shared
  • Your rights under GDPR

By using the Site or submitting information through our forms, you agree to this Privacy Policy.

2. Summary

Data Controller:
CardCorp Ltd.
[Registered address – Gibraltar / EU-aligned jurisdiction]

Contact:
privacy@cardcorp.com

We collect:

  • Lead and contact information
  • Business and onboarding data
  • Technical and usage data

We use data to:

  • Qualify leads
  • Facilitate merchant onboarding
  • Comply with legal and regulatory obligations

Your rights:
Access, correction, deletion, restriction, portability, objection.

3. Definitions

  • Service: CardCorp’s merchant acquisition and onboarding services.
  • Visitor: Any individual accessing the Site.
  • Lead: A business or individual submitting information via our forms.
  • Client: A merchant accepted for onboarding with a Financial Institution.
  • Personal Data: Any information relating to an identifiable individual.
  • Financial Institution: Acquiring banks, payment institutions, or PSPs.
  • Fillout: Third-party form provider used for lead capture.
  • Usage Data: Automatically collected technical data.

4. Information We Collect

4.1 Information You Provide (Leads & Contacts)

Via Fillout forms or direct contact:

  • Full name
  • Email address
  • Phone number
  • Company name
  • Website / business URL
  • Country and jurisdiction
  • Business activity description
  • Estimated volumes and risk indicators

Submitting a form does not guarantee acceptance or onboarding.

4.2 Merchant Onboarding & Compliance Data

If you proceed beyond lead stage, we may collect:

  • Director / UBO personal details
  • Identity documents
  • Corporate documents
  • Banking information
  • Compliance questionnaires
  • Risk and transaction profiles

This data is required by Financial Institutions and regulators.

4.3 Automatically Collected Data

  • IP address
  • Device and browser identifiers
  • Pages visited
  • Session duration
  • Referral and campaign data

Used for:

  • Security
  • Fraud prevention
  • Analytics
  • Funnel optimisation

5. Legal Basis for Processing (GDPR)

We process Personal Data based on:

  • Performance of pre-contractual steps
  • Legal and regulatory obligations
  • Legitimate interests (lead qualification, fraud prevention)
  • Consent (where required)

6. How We Use Your Data

  • Respond to enquiries
  • Qualify and score leads
  • Assess eligibility for high-risk processing
  • Facilitate onboarding with Financial Institutions
  • Send transactional and onboarding communications
  • Improve Site performance and security
  • Meet AML / KYC obligations

7. Landing Pages, Fillout & Integrations

7.1 Fillout Forms

Lead data submitted through Fillout is processed securely and transmitted to CardCorp systems.

7.2 CRM & Communication Tools

Lead data may be sent to:

  • CRM systems (pipeline management)
  • Email and onboarding platforms
  • Internal compliance tools

All providers operate under GDPR-compliant agreements.

8. Sharing of Personal Data

CardCorp does not sell Personal Data.

We may share data with:

  • Acquiring banks and PSPs
  • Compliance and verification providers
  • Hosting and infrastructure providers
  • Professional advisors
  • Regulators and authorities (where required)

9. International Transfers

Data may be processed outside your country under:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Other lawful safeguards

10. Data Retention

Data is retained only as long as necessary for:

  • Lead evaluation
  • Regulatory compliance
  • Legal obligations
  • Dispute resolution

Rejected leads are periodically deleted or anonymised.

11. Your Rights

You may request:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Objection

Email: privacy@cardcorp.com

12. Security

We apply:

  • Encryption
  • Access controls
  • Audit logging
  • Segregation of sensitive data

No system is entirely risk-free.

13. Children

The Site is not intended for individuals under 18.

14. Changes

Updates become effective upon publication.

15. Contact

CardCorp Ltd.
privacy@cardcorp.com