Start Provider Selector
Legal document

PRIVACY POLICY

This Privacy Policy explains how ADD SALE processes personal data when you access or use the Platform or the Service (as defined in the Terms and Conditions).

This Privacy Policy should be read together with our Terms and Conditions and Cookie Policy. In case of any inconsistency regarding the Platform or the Services, the Terms and Conditions prevail to the extent permitted by law.

Depending on the context, we may act as a controller or, in limited scenarios, as a processor on behalf of a Provider or a business customer (and we will provide appropriate notices where required).

This Privacy Policy is intended for business users and authorised representatives acting on behalf of a business or other legal entity. Where local mandatory laws provide additional rights for individuals, such rights remain unaffected.

1. Controller and contact

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the controller is:

Sabiedrība ar ierobežotu atbildību “ADD sale”, a company incorporated under the laws of the Republic of Latvia with registration number 40103822268 and legal address at Burtnieku iela 36–1, Riga, LV-1084, Latvia (“ADD SALE”, “we”, “us”, “our”).

Contact details (including privacy enquiries): Our contact details and communication channels are published on the Platform and may be updated from time to time.

2. Scope

This Privacy Policy applies to:

  • visitors of the Platform;
  • users who submit enquiries, questionnaires or contact forms through the Platform;
  • users who create or use an account area (where applicable);
  • representatives and contact persons of businesses (including directors, beneficial owners, shareholders or employees) whose data is provided to us in connection with the Services;
  • individuals who communicate with us by email, messaging tools, or other channels made available on the Platform.

The Platform is intended for business users. We do not knowingly collect personal data from children. The Platform is not intended for consumers acting in a purely personal capacity. If you use the Platform outside its intended business purpose, we may be unable to provide the Services and certain rights or obligations may not apply in the same way.

3. Key concepts

“Personal data” means any information relating to an identified or identifiable natural person.

“Processing” means any operation performed on personal data (e.g., collection, storage, use, disclosure).

“Provider” means an independent third-party financial institution or service provider (e.g., bank, acquirer, issuer, PSP, gateway) that may offer products or services relevant to your request.

4. Categories of personal data we may process

Depending on how you use the Platform, we may process the following categories:

A) Identification and contact data

Name, surname, job title/role, company name, business email, business phone number, country and similar business contact details.

B) Business and onboarding-related information (provided by you)

Information submitted via forms/questionnaires (e.g., business model and activity, website/domain, markets/geographies, products/services, expected volumes, currencies, payment methods sought, integration preferences, risk/industry indicators and similar information relevant to a Provider match).

C) Documents and verification-related data (only if you choose to provide them)

Where you decide to share documents or data typically requested by Providers during onboarding (e.g., corporate documents, ownership structure, extracts, copies of ID documents, proof of address, compliance-related responses).

Important: ADD SALE is not a regulated payment service provider and does not conduct KYC “as a PSP”. Where you request it, we may forward information/documents to Providers to facilitate introductions and onboarding.

We are not obliged to collect, verify, review, store or maintain such documents. Where documents are provided, we may (at our discretion) forward them to the relevant Provider, request that you provide them directly to the Provider, or delete them after forwarding/once no longer needed for the requested introduction.

We do not intend to collect or process special categories of personal data (GDPR Art. 9) or personal data relating to criminal convictions and offences (GDPR Art. 10). If such information is included in documents you choose to provide, we process it only to the extent necessary for the purposes described in this Privacy Policy.

D) Technical, cookie and usage data

IP address, device identifiers, browser type, operating system, language settings, approximate location derived from IP, pages viewed, timestamps, referral URLs, and interaction events (e.g., clicks, form progress).

Cookie-related processing is further described in our Cookie Policy.

E) Communications and support data

Messages and correspondence (emails, chat/support enquiries, feedback, attachments) and related metadata.

F) Data received from third parties (where applicable and lawful)

For example, where a Provider confirms the status of an introduction (e.g., contacted / in progress / declined) or provides a quote or onboarding updates, or where certain information is obtained from public registers to support the provision of the Services and reduce obvious errors/fraud risks (where permitted).

5. Sources of personal data

We may collect personal data:

  • directly from you (e.g., when you submit a form or contact us);
  • from the business you represent (e.g., if your employer/partner submits your contact details);
  • from Providers and other partners in the context of introductions and onboarding (e.g., status updates);
  • from public sources (e.g., corporate registers), where permitted and proportionate.

6. Purposes of processing and legal bases

You are responsible for ensuring that the information you submit is accurate, complete and that you have the right to share it with us (including personal data of colleagues, directors, shareholders or beneficial owners). We may rely on the information provided and are not responsible for inaccuracies or unlawful disclosure by you.

We process personal data for the following purposes and based on the following legal grounds (as applicable):

6.1 Providing the Platform and delivering the Services

To handle enquiries, operate questionnaires, facilitate Provider introductions, support communications, and provide requested information.

Legal basis: steps taken at your request prior to entering into a contract (GDPR Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).

6.2 Sharing information with Providers at your request

To share your enquiry and relevant details with selected Providers so they can assess your request, contact you, provide a quote, or initiate onboarding.

Legal basis: steps at your request prior to entering into a contract (Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).

Where consent is legally required for a specific type of communication, we will obtain it.

6.3 Platform security, integrity, fraud and abuse prevention

To protect the Platform, detect malicious activity, maintain security logs, and prevent misuse.

Legal basis: legitimate interests (Art. 6(1)(f)).

6.4 Analytics and improvement

To understand usage patterns, improve user experience, troubleshoot, and enhance Platform performance.

Legal basis: consent (GDPR Art. 6(1)(a)) for analytics/marketing cookies and similar trackers where required. Strictly necessary cookies and related security/diagnostic logs may be processed based on our legitimate interests (GDPR Art. 6(1)(f)) to operate, secure and improve the Platform.

We may also create aggregated and/or anonymised statistics that do not identify individuals and may use them for analytics, product improvement and business planning.

6.5 Business communications and marketing (where applicable)

To send updates about the Platform, Service-related notices, and—where permitted—B2B marketing communications (e.g., newsletter).

Legal basis: legitimate interests (Art. 6(1)(f)) for strictly B2B relationship communications where permitted by law, and/or consent (Art. 6(1)(a)) where required. You may opt out at any time.

You can opt out of marketing at any time using the unsubscribe link or by contacting us.

6.6 Legal compliance and protection of rights

To comply with applicable laws, respond to lawful requests, and establish, exercise or defend legal claims.

Legal basis: legal obligation (Art. 6(1)(c)) and/or legitimate interests (Art. 6(1)(f)).

7. Recipients and disclosures

We may share personal data with:

A) Providers

Where you request contact/onboarding or where sharing is necessary to deliver the Services (e.g., sending your enquiry to selected Providers).

Providers as independent controllers. Where we share your personal data with Providers at your request, such Providers will typically process your personal data as independent controllers under their own privacy notices and policies. We are not responsible for Providers’ processing activities once your data has been shared with them. Providers determine independently what personal data they require, their onboarding/underwriting decisions, and their retention periods, in accordance with their own legal obligations and policies.

B) Service providers (processors)

Vendors who support our operations (hosting, email delivery, CRM, analytics, security, support tools). They process personal data on our instructions under appropriate contractual safeguards. Our vendors may change over time. We select vendors that we consider appropriate for the Services and implement contractual safeguards as required by law.

C) Professional advisers and authorities

Lawyers, auditors, courts, regulators or other authorities where required by law or necessary to protect our rights.

D) Business transfers

In the event of a reorganisation, merger, acquisition, or sale of assets, personal data may be transferred to relevant parties, subject to appropriate safeguards.

We do not sell personal data.

8. International data transfers

Some Providers or service providers may be located outside the European Economic Area (“EEA”). Where personal data is transferred outside the EEA, we use appropriate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs);
  • adequacy decisions, where applicable; and/or
  • other lawful transfer mechanisms permitted under GDPR.

Transfers may occur, for example, where a selected Provider or one of our vendors operates from outside the EEA.

9. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain records, resolve disputes and enforce agreements.

Retention depends on context and may include:

  • enquiry and matching records: retained for a reasonable period after last interaction to support follow-up, auditability and dispute handling;
  • account-related data (if applicable): retained for the duration of the account and a reasonable period thereafter;
  • security logs: retained for a limited period needed to investigate incidents and prevent abuse;
  • marketing subscriptions: retained until you opt out (and then we may keep a minimal suppression record to ensure your preference is respected).

Where longer retention is required by law, we retain data for the legally required period.

Retention periods are determined based on (i) the nature of the request and communications, (ii) our need to demonstrate compliance and resolve disputes, and (iii) applicable statutory limitation periods and record-keeping obligations.

We may delete or anonymise personal data earlier where it is no longer needed for the purposes described above, subject to applicable law and our legitimate record-keeping needs.

10. Your rights

Subject to GDPR and applicable law, you may have the right to:

  • access your personal data;
  • rectify inaccurate or incomplete data;
  • request erasure in certain cases;
  • restrict processing in certain cases;
  • object to processing based on legitimate interests (including, where applicable, direct marketing);
  • receive personal data you provided in a structured, commonly used format (data portability), where applicable;
  • withdraw consent at any time (where processing is based on consent), without affecting prior processing.

To exercise your rights, please contact us via the contact channels published on the Platform. We may request additional information to verify identity and process your request securely.

Your rights are subject to conditions and limitations under GDPR and applicable law. We will respond within the timeframes required by law and may extend deadlines where permitted.

11. Complaints

If you believe we have not handled your personal data properly, you may contact us first via the Platform contact channels. You also have the right to lodge a complaint with the Latvian supervisory authority:

Data State Inspectorate (Datu valsts inspekcija), Latvia. Contact details are available on the authority’s official website.

12. Security

We implement appropriate technical and organisational measures designed to protect personal data, such as access controls, least-privilege, and security monitoring. No system is completely secure; however, we take reasonable steps to mitigate risks.

Transmission of information via the internet is not completely secure. Any transmission is at your own risk. Where you use credentials or an account area, you are responsible for keeping them confidential and for all activity under your account.

13. Automated decision-making

We do not intend to make decisions producing legal or similarly significant effects solely by automated means. If any automated matching or filtering is used, it is intended to support information display and does not replace Provider underwriting, compliance checks, or your own decision-making.

14. Links to third-party websites

The Platform may contain links to Providers’ or other third-party websites. We do not control such websites and are not responsible for their content, security or privacy practices. If you follow a link, the third party’s terms and privacy notice will apply.

Where reasonably practicable, we may highlight material changes on the Platform.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on the Platform and will apply from the date of publication.