Privacy Policy

Truevo Payments Ltd (hereinafter ‘Truevo’) is committed to protect data subjects’ privacy in accordance with the General Data Protection Regulation 679/2016 (hereinafter ‘GDPR’) and the Data Protection Act (Chapter 586 of the Laws of Malta) (hereinafter the ‘Act’). The underlying Privacy Policy provides the data subject with relevant personal data processing information as required in terms of article 13(1) of the GDPR.
    1. Information collected
      When contacting Truevo for the provision of its services, for the purposes of the GDPR, Truevo collects personal data related to the contact person, authorised signatory, shareholders/ultimate beneficial owner(s), directors, company secretaries etc of the prospective Merchant/Customer and/or Merchant/Customer.‘Personal data’ means any information relating to an identified or identifiable natural person, the data subject, and includes (i) a name, (ii) an identification number, (iii) location data, (iv) an online identifier (IP addresses and cookie identifiers) or (v) to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    2. The information is collected by the Data Controller, with details as follows
      Company name: Truevo Payments Ltd (formerly Swish Payments Limited) Company registration number: C 62721 Registered and mailing address: The Watercourse, 3rd Floor, Triq L-Imdina, Zone 3 Central Business District, Birkirkara, Malta, CBD2010 Email: Telephone: +356 2247 4000 Website:
    3. Intended purposes for the processing of personal data
      Truevo is required to process personal data for the purposes of assessing application forms filed by the prospective Merchant/Customer and the rendering of its services to the Merchant/Customer.
      Purpose for processing Legal basis
      Receiving the personal data from the online application page on, the Merchant Application Form and processing such personal data for underwriting/onboarding purposes Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR)
      Drawing up the Client Agreement and executing this Agreement by electronic/written signature
      Performance of all obligations undertaken by Truevo and arising from this Agreement and any subsequent addenda, including but not limited to disclosure of information to, and to the exchange thereof with, all Truevo employees and its subsidiaries, associates, agents, Visa and Mastercard, as well as any third party entitled to receive such information
      Correspondence with the data subject in the performance of all obligations undertaken by Truevo and arising from this Agreement and any subsequent addenda
      Processing and retention of data subject ID documents and proof of address Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR)
      Monitoring, detection and prevention of criminal activity, such as money laundering and funding of terrorism which Truevo is legally bound to report
      Processing for tax and financial reporting purposes
      Processing for the purpose of legal, judicial and regulatory obligations and/or disclosures
      Processing of data subject personal data for those data subjects who opt out of receiving marketing communications
      Debt collection and/or legal claims Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6(1)(f) of the GDPR)
      Network/IT security
      Monitoring, detection and prevention of fraud
      Customer support logs
    4. Recipients of personal data and transfers to third countries
      Personal data may be disclosed to or exchanged with all Truevo employees and its subsidiaries, consultants, associates and agents. Truevo does not share personal data with external companies, organisations and individuals unless one or more of the following circumstances apply:
      • With your consent – Truevo may transfer personal data to external companies, organisations or individuals and requires opt-in consent for the sharing of any sensitive personal data;
      • For external processing – Truevo transfers personal data to trusted businesses or persons to whom Truevo may outsource certain functions from time to time, in order to provide the products or services requested, and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures;
      • For legal reasons – Truevo will share personal data with external companies, organisations or individuals if Truevo has a good-faith belief that access, use, preservation or disclosure of the data is reasonably necessary to:
        • meet any applicable law, regulation, legal process or enforceable governmental request
        • enforce applicable terms of service, including investigation of potential violations
        • detect, prevent, or otherwise address fraud
        • protect against harm to the rights, property or safety of Truevo, our users or the public as required or permitted by law
      Truevo may share non-personally identifiable data publicly. For example, to show trends to about the general use of our services. If Truevo is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal data and give affected users notice before personal data is transferred or becomes subject to a different Privacy Policy.
    5. Personal Data retention periods
      Type of personal data Retention period
      Personal data collected through the Merchant Application Form, the Client Agreement and subsequent addenda 10 years from termination of the business relationship
      Original documents and documents certified by third parties containing subject persons’ personal data
      Powers of attorney
    6. Data Subject rights
      The data subjects may exercise the following rights by contacting Truevo:
      • Right of access
      • Right of rectification
      • Right of erasure
      • Right to restrict processing
      • Right to data portability
      • Right to object
      • Rights in relation to automated decision making and profiling
      Truevo shall endeavor to respond to the data subject’s request within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of the request, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt. Requests in terms of the above listed rights shall be executed by Truevo at no extra cost, subject to the specific conditions as may be listed. Should a request not fulfil the listed conditions then Truevo shall not be in a position to fulfil such request.
    7. Complaints
      If the subject person has any complaint about regarding data protection and/or the privacy of personal data, the data subject may contact Truevo.Truevo shall endeavour to respond to the data subject’s complaint within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of complaint, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt.If the data subject is not satisfied with Truevo’s reply or no resolution has been reached with Truevo, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence or place of work.
    8. Additional website notices
      1. CONTROL OF PERSONAL INFORMATION If a data subject’s personal data changes (such as your area code, phone number, email or postal address), you must correct and update such information by logging into your account and clicking on the “My Details” link. If a data subject no longer desires to use our services, he/she deactivate your account in the “My Details” section. However, Truevo cannot completely delete user information because of legal/regulatory and technical back up requirements. Personal data may still be retained for the purposes and retention periods stipulated above.
      2. LINKS The website may contain links to other sites. Please be aware that Truevo is not responsible for the privacy practices of such other sites. We encourage users to take care when they leave our site and to read the privacy statements of each and every website that collects personal identification information. This Privacy Statement applies solely to information collected by Truevo’s website.
      3. SECURITY Truevo has taken all reasonable measures to secure your account information from unauthorized access, use or disclosure. You must enter your phone number and password each time you want to access your account information or make transactions. Never share your account details with anyone. If you are concerned that your password has been compromised, you can change it any time once you are logged on. Your account login, personal details, and all money transactions are secured using Secure Socket Layer (SSL) technology with high-security 128bit encryption, certified by GoDaddy.