Privacy Policy

This Policy was last modified on 25/05/2018.

Truevo Payments Ltd (hereinafter ‘Truevo’) is committed to protect data subjects’ privacy in accordance with the General Data Protection Regulation 679/2016 (hereinafter ‘GDPR’) ’) and the Data Protection Act (Chapter 586 of the Laws of Malta) (hereinafter the ‘Act’). The underlying Privacy Statement provides the data subject with relevant personal data processing information as required in terms of article 13(1) of the GDPR.

1. Information collected

When contacting Truevo for the provision of its services, for the purposes of the GDPR, Truevo collects personal data related to the contact person, authorised signatory, shareholders/ultimate beneficial owner(s), directors, company secretaries etc of the prospective Merchant/Customer and/or Merchant/Customer. 

‘Personal data’ means any information relating to an identified or identifiable natural person, the data subject, and includes (i) a name, (ii) an identification number, (iii) location data, (iv) an online identifier (IP addresses and cookie identifiers) or (v) to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. The information is collected by the Data Controller, with details as follows:

  • Company name: Truevo Payments Ltd (formerly Swish Payments Limited)
  • Company registration number: C 62721
  • Registered and mailing address: MWH Building, 1st Floor, Oratory Street, Naxxar NXR 2504, Malta
  • Email:
  • Telephone: +356 2247 4000
  • Website:

3. Intended purposes for the processing of personal data

Truevo is required to process personal data for the purposes of assessing application forms filed by the the prospective Merchant/Customer and the rendering of its services to the Merchant/Customer.

Purpose for processingLegal basis
Receiving the personal data from the online application page on, the Merchant Application Form and processing such personal data for underwriting/onboarding purposes Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR)
Drawing up the Client Agreement and executing this Agreement by electronic/written signature
Performance of all obligations undertaken by Truevo and arising from this Agreement and any subsequent addenda, including but not limited to disclosure of information to, and to the exchange thereof with, all Truevo employees and its subsidiaries, associates, agents, Visa and Mastercard, as well as any third party entitled to receive such information
Correspondence with the data subject in the performance of all obligations undertaken by Truevo and arising from this Agreement and any subsequent addenda
Processing and retention of data subject ID documents and proof of addressProcessing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR)
Monitoring, detection and prevention of criminal activity, such as money laundering and funding of terrorism which Truevo is legally bound to report
Processing for tax and financial reporting purposes
Processing for the purpose of legal, judicial and regulatory obligations and/or disclosures
Processing of data subject personal data for those data subjects who opt out of receiving marketing communications
Debt collection and/or legal claimsProcessing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6(1)(f) of the GDPR)

Network/IT security
Monitoring, detection and prevention of fraud
Customer support logs

4. Recipients of personal data and transfers to third countries

Personal data may be disclosed to or exchanged with all Truevo employees and its subsidiaries, consultants, associates and agents. Truevo does not share personal data with external companies, organisations and individuals unless one or more of the following circumstances apply:

With your consentTruevo may transfer personal data to external companies, organisations or individuals and requires opt-in consent for the sharing of any sensitive personal data;

For external processing – Truevo transfers personal data to trusted businesses or persons to whom Truevo may outsource certain functions from time to time, in order to provide the products or services requested, and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures;

For legal reasons – Truevo will share personal data with external companies, organisations or individuals if Truevo has a good-faith belief that access, use, preservation or disclosure of the data is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request
  • enforce applicable terms of service, including investigation of potential violations
  • detect, prevent, or otherwise address fraud
  • protect against harm to the rights, property or safety of Truevo, our users or the public as required or permitted by law

Truevo may share non-personally identifiable data publicly. For example, to show trends to about the general use of our services.

If Truevo is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal data and give affected users notice before personal data is transferred or becomes subject to a different Privacy Policy.

5. Personal Data retention periods

Type of personal dataRetention period
Personal data collected through the Merchant Application Form, the Client Agreement and subsequent addenda

10 years from termination of the business relationship

Original documents and documents certified by third parties containing subject persons’ personal data
Powers of attorney

6. Data Subject rights

The data subjects may exercise the following rights by contacting Truevo:

  • Right of access
  • Right of rectification
  • Right of erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision making and profiling

Truevo shall endeavor to respond to the data subject’s request within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of the request, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt. Requests in terms of the above listed rights shall be executed by Truevo at no extra cost, subject to the specific conditions as may be listed. Should a request not fulfil the listed conditions then Truevo shall not be in a position to fulfil such request.

7. Complaints

If the subject person has any complaint regarding data protection and/or the privacy of personal data, the data subject may contact Truevo.

Truevo shall endeavor to respond to the data subject’s complaint within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of complaint, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt. If the data subject is not satisfied with Truevo’s reply or no resolution has been reached with Truevo, or if you consider that the processing of your personal data is carried out in an unlawful manner, the data subject may lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence or place of work. For the purposes of Maltese data subjects, this is the Information and Data Protection Commissioner.

8. Additional website notices

If a data subject’s personal data changes (such as your area code, phone number, email or postal address), you must correct and update such information by logging into your account and clicking on the “My Details” link.  Truevo cannot completely delete user information because of legal/regulatory and technical back up requirements. Personal data may still be retained for the purposes and retention periods stipulated above.

The website may contain links to other sites. Please be aware that Truevo is not responsible for the privacy practices of such other sites. We encourage users to take care when they leave our site and to read the privacy statements of each and every website that collects personal identification information. This Privacy Statement applies solely to information collected by Truevo’s website.

Truevo has taken all reasonable measures to secure your account information from unauthorized access, use or disclosure. You must enter your phone number and password each time you want to access your account information or make transactions. Never share your account details with anyone. If you are concerned that your password has been compromised, you can change it any time once you are logged on. Your account login, personal details, and all money transactions are secured using Secure Socket Layer (SSL) technology with high-security 128bit encryption, certified by GoDaddy.