Privacy policyEffective from 11.11.2025.1)
Data ControllerController: Actisas OÜ (registry code 16787203)
Address: Str. Ravi 2, Harju County, Kesklinna District, Tallinn, 10134, Estonia
Email: mi@actisas.ee
Website: https://payca.vcActisas OÜ acts as the
Data Controller under the EU General Data Protection Regulation (GDPR) for all data processed within the Actisas OÜ Platform.
2) Categories of Data ProcessedThe Company may process the following categories of personal data:
Identification data: name, date of birth, nationality, ID/passport details
Contact data: email, phone number, address
Account & platform data: login credentials, authentication logs, user activity
Compliance data: KYC/AML documentation, proof of address, source-of-funds, selfies
Technical data: IP address, device info, browser metadata, session data
Risk & monitoring data: sanctions checks, PEP status, adverse media, KYT indicators
3) Purposes of ProcessingPersonal data is processed for the following lawful purposes:
ü Providing access to the Actisas OÜ Platform and related services
ü Performing the Agreement (Terms of Service) between the Client and Actisas OÜ
ü Compliance with AML/CTF, sanctions, tax, and regulatory obligations
ü Fraud prevention, risk management, and security monitoring
ü Improving Platform performance, user experience, and service quality
ü Handling support requests, disputes, and user inquiries.
4) Legal BasisProcessing is based on:
Art. 6(1)(b) GDPR – performance of a contract
Art. 6(1)(c) GDPR – compliance with legal obligations (AML/CTF, sanctions, tax, accounting)
Art. 6(1)(f) GDPR – legitimate interests (security, fraud prevention, platform improvement)
Art. 28 GDPR – processing by authorised processors under DPAs
5) Data RetentionData is retained for:
Ø
5 years after the end of the business relationship (AML/CTF requirement)
Ø Longer when required by applicable law
Ø Technical logs and security metadata — 12–24 months
After expiry, data is securely deleted or anonymised.
6) Data SharingData may be shared with:
ü Licensed financial institutions and payment/e-money providers
ü KYC/AML and blockchain analytics providers
ü Fraud-prevention and sanctions-screening partners
ü IT, hosting, and infrastructure providers
ü Regulatory, tax, and law enforcement authorities (where required by law)
All partners operate under
data-processing agreements (DPAs) or are independent controllers (financial institutions).
7) Data LocationPersonal data is stored on secure servers located in the
EU/EEA.
Where transfer outside the EU/EEA is required, it is protected by:
Standard Contractual Clauses (SCC)Appropriate safeguards under GDPR
Partner-specific compliance mechanisms
Actisas OÜ never sells personal data.
8) Client Rights (GDPR)Clients have the right to:
ü Access their personal data
ü Correct inaccurate or incomplete data
ü Request deletion (where permitted by law)
ü Restrict or object to processing
ü Request data portability
ü File a complaint with the
Estonian Data Protection Inspectorate (AKI)Requests are handled via support or email.
9) Security MeasuresActisas OÜ applies industry-standard security controls, including:
ü HTTPS/TLS encryption in transit
ü Password hashing
ü Multi-factor authentication
ü Role-based access control (RBAC)
ü Continuous monitoring of the Platform
ü Limited access for authorised personnel only
ü Secure storage and controlled deletion
10) Contact for Data RequestsAll privacy or GDPR-related requests may be submitted to:
��
mi@actisas.eeSubject: Data Protection Request