Truevo Payments Ltd (hereinafter ‘Truevo’) is committed to protect data subjects’ privacy in accordance with the General Data Protection Regulation 679/2016 (hereinafter ‘GDPR’) and the Data Protection Act (Chapter 586 of the Laws of Malta) (hereinafter the ‘Act’). The underlying Privacy Policy provides the data subject with relevant personal data processing information as required in terms of article 13(1) of the GDPR.

  1. Information collected

    When contacting Truevo for the provision of its services, for the purposes of the GDPR, Truevo collects personal data related to the contact person, authorised signatory, shareholders/ultimate beneficial owner(s), directors, company secretaries etc of the prospective Merchant/Customer and/or Merchant/Customer.

    ‘Personal data’ means any information relating to an identified or identifiable natural person, the data subject, and includes (i) a name, (ii) an identification number, (iii) location data, (iv) an online identifier (IP addresses and cookie identifiers) or (v) to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  2. The information is collected by the Data Controller, with details as follows

    Company name: Truevo Payments Ltd (formerly Swish Payments Limited)
    Company registration number: C 62721
    Registered and mailing address: MWH Building, 1st Floor, Oratory Street, Naxxar NXR 2504, Malta
    Telephone: +356 2247 4000

  3. Intended purposes for the processing of personal data

    Truevo is required to process personal data for the purposes of assessing application forms filed by the prospective Merchant/Customer and the rendering of its services to the Merchant/Customer.

    Purpose for processing Legal basis
    Receiving the personal data from the online application page on, the Merchant Application Form and processing such personal data for underwriting/onboarding purposes Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR)
    Drawing up the Client Agreement and executing this Agreement by electronic/written signature
    Performance of all obligations undertaken by Truevo and arising from this Agreement and any subsequent addenda, including but not limited to disclosure of information to, and to the exchange thereof with, all Truevo employees and its subsidiaries, associates, agents, Visa and Mastercard, as well as any third party entitled to receive such information
    Correspondence with the data subject in the performance of all obligations undertaken by Truevo and arising from this Agreement and any subsequent addenda
    Processing and retention of data subject ID documents and proof of address Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR)
    Monitoring, detection and prevention of criminal activity, such as money laundering and funding of terrorism which Truevo is legally bound to report
    Processing for tax and financial reporting purposes
    Processing for the purpose of legal, judicial and regulatory obligations and/or disclosures
    Processing of data subject personal data for those data subjects who opt out of receiving marketing communications
    Debt collection and/or legal claims Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6(1)(f) of the GDPR)
    Network/IT security
    Monitoring, detection and prevention of fraud
    Customer support logs
  4. Recipients of personal data and transfers to third countries

    Personal data may be disclosed to or exchanged with all Truevo employees and its subsidiaries, consultants, associates and agents. Truevo does not share personal data with external companies, organisations and individuals unless one or more of the following circumstances apply:

    • With your consent – Truevo may transfer personal data to external companies, organisations or individuals and requires opt-in consent for the sharing of any sensitive personal data;
    • For external processing – Truevo transfers personal data to trusted businesses or persons to whom Truevo may outsource certain functions from time to time, in order to provide the products or services requested, and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures;
    • For legal reasons – Truevo will share personal data with external companies, organisations or individuals if Truevo has a good-faith belief that access, use, preservation or disclosure of the data is reasonably necessary to:
      • meet any applicable law, regulation, legal process or enforceable governmental request
      • enforce applicable terms of service, including investigation of potential violations
      • detect, prevent, or otherwise address fraud
      • protect against harm to the rights, property or safety of Truevo, our users or the public as required or permitted by law

    Truevo may share non-personally identifiable data publicly. For example, to show trends to about the general use of our services.

    If Truevo is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal data and give affected users notice before personal data is transferred or becomes subject to a different Privacy Policy.

  5. Personal Data retention periods
    Type of personal data Retention period
    Personal data collected through the Merchant Application Form, the Client Agreement and subsequent addenda 10 years from termination of the business relationship
    Original documents and documents certified by third parties containing subject persons’ personal data
    Powers of attorney
  6. Data Subject rights
    The data subjects may exercise the following rights by contacting Truevo:

    • Right of access
    • Right of rectification
    • Right of erasure
    • Right to restrict processing
    • Right to data portability
    • Right to object
    • Rights in relation to automated decision making and profiling

    Truevo shall endeavor to respond to the data subject’s request within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of the request, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt.

    Requests in terms of the above listed rights shall be executed by Truevo at no extra cost, subject to the specific conditions as may be listed. Should a request not fulfil the listed conditions then Truevo shall not be in a position to fulfil such request.

  7. Complaints

    If the subject person has any complaint about regarding data protection and/or the privacy of personal data, the data subject may contact Truevo.

    Truevo shall endeavour to respond to the data subject’s complaint within thirty (30) days from date of receipt. In circumstances which require a delay of maximum three (3) months from date of receipt of complaint, Truevo shall advise accordingly within the initial thirty (30) day period from date of receipt.

    If the data subject is not satisfied with Truevo’s reply or no resolution has been reached with Truevo, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence or place of work.

  8. Additional website notices
      If a data subject’s personal data changes (such as your area code, phone number, email or postal address), you must correct and update such information by logging into your account and clicking on the “My Details” link. If a data subject no longer desires to use our services, he/she deactivate your account in the “My Details” section. However, Truevo cannot completely delete user information because of legal/regulatory and technical back up requirements. Personal data may still be retained for the purposes and retention periods stipulated above.
    2. LINKS
      The website may contain links to other sites. Please be aware that Truevo is not responsible for the privacy practices of such other sites. We encourage users to take care when they leave our site and to read the privacy statements of each and every website that collects personal identification information. This Privacy Statement applies solely to information collected by Truevo’s website.
      Truevo has taken all reasonable measures to secure your account information from unauthorized access, use or disclosure. You must enter your phone number and password each time you want to access your account information or make transactions. Never share your account details with anyone. If you are concerned that your password has been compromised, you can change it any time once you are logged on. Your account login, personal details, and all money transactions are secured using Secure Socket Layer (SSL) technology with high-security 128bit encryption, certified by GoDaddy.