Last amended as of: 15 June 2021


ENSO considers the observance and protection the interests of our Merchants as the main principles of our work. This principle is also reflected in the collection, storage, processing and transmission of any information relating directly or indirectly to a specific or determined individual (subject of personal data) (hereinafter “Personal Data”).

Our goal is to comply with the interests of our Merchants and ensure security when working with Personal Data. For these purposes we have prepared our Privacy Policy (hereinafter “the Policy”) in strict accordance with the principle of protecting the confidentiality of Personal Data.

The purpose of this Policy is to provide you with a complete and transparent understanding regarding: the legal basis for the collection and processing of your Personal Data; categories of Personal Data that we may collect about you; what happens to the Personal Data we collect; where we process your personal data; how much we store your personal data; to whom we may transfer your Personal Data; and also explain your rights as a personal data subject.

"You, Merchant’s representatives" in this Policy means a person, including any shareholders, beneficial owners, principals, directors, general signatories and staff members accessing our website located at (hereinafter referred to as the "Website"), contacts us with an application to use our Services or with questions about the Account. The Policy also applies to all visitors to our Website.

This Policy applies only to the information that we process. This does not apply to companies that we do not own or control, or employees that we do not manage. Information about our Services may contain links to third-party websites, and any information that you provide to these websites will be covered by any privacy policies that they may have. Be sure to read the privacy policy of any third-party websites that you visit. These websites are required to protect any information that you provide to them, so we cannot be held responsible for the misuse of your personal information.

Please read this document carefully to understand our Policy and practices regarding your Personal Data and how we will treat it. By accessing our Website and using our Services, you agree to collect, use and transfer your Personal Data in accordance with this Policy.

This Policy is an integral part of the Terms of Service, hereinafter referred to as the «Agreement».

Please read carefully the Policy as well as the Terms of Service, before using ENSO. If you wish to become our Merchant, you shall read this Policy in its entirety. If you disagree with this Policy, please do not use our Services.

The Policy shall be deemed accepted by You upon Merchant’s Account registration with ENSO and checking the respective blank “I have read and agree to the Privacy Policy”.

The terms used in this Policy shall be understood in accordance with the Terms of Service and the applicable law.


FinTech Assn Ltd. - a company registered in accordance with the laws of the United Kingdom, registration number: 12630566, registration address: Unit 111375, 2nd Floor, 6 Market Place, London, Fitzrovia, United Kingdom, W1W 8AF (hereinafter “ENSO,“ we ”,“ us ”).

The rules for the processing of Personal Data set forth in this Policy explain our approach to the processing and protection of Personal Data when interacting with our Website or Services. In our approach we comply with the Regulation No. 2016/679 of the European Parliament and the Council, General Data Protection Rules (hereinafter “GDPR”).

In order to prevent the unlawful use of our Services for the purposes of legalizing the proceeds of crime and the financing of terrorism, in order to identify it, we collect the Merchant’s representatives Personal Data specified below in accordance with established cases. Please note that in accordance with UK Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (hereinafter “AML act”), we may additionally conduct checks of Merchants and request other categories of data.


To be able to receive an access to our Services ENSO will ask Merchant’s representative provide the following Personal Data:

  • Merchant’s representative name, surname - to identify you as specific Merchant’s representatives to enter into Agreement,
  • Merchant’s representative confirmation of residential address - is our legal obligation to make sure that you can use our Services and it is our legal obligation in accordance with AML act,
  • Merchant’s representative copies of personal identification documents is our legal obligation in accordance with AML act,
  • Information coming from ENSO questionnaires or similar forms - to be able to enter into Agreement with the Merchant and to provide you with the most convenient use of our Services.

ENSO receives and stores certain information, for example, with the help of cookies every time the Merchant’s representative or Visitor visits our Website. For additional information please refer to our Cookie Policy.

We collect the above Personal Data in order to fulfill the Agreement with you in accordance with Article 6 (1) (b) GDPR and in order to fulfill our legal obligations under Article 6 (1) (c) GDPR.

We may also collect non-personal information about You, which does not identify You as a specific individual. Such non-personal information that we may collect includes:

- Merchant’s data, such as a company’s name, goods and service offerings, certificate of incorporation, Memorandum and Articles of Association, bank account details.

You hereby confirm that any Personal Data provided by you is true, accurate and applies exclusively to you or that you provided only such data, the use of which does not violate the rights of third parties. You should always notify us of any changes to your Personal Data in order to process only complete and current data, regardless of whether such an update is requested or not required.


We process your personal data legally. Therefore, we process your Personal Data only if:

  • You have consented to the processing of your Personal Data in any of the ways provided for in the Policy and/or Agreement; or
  • The processing of your Personal Data is necessary for the execution of the Agreement; or
  • The processing of your data must be carried out by us in accordance with the requirements of the applicable legislation, a decision of a court or other competent state or municipal authority.


ENSO protects your personal data and provides it to third parties only in the cases specified in this Policy:

  • With your consent or direction;
  • When required to carry out your instructions;
  • In accordance with the requirements of the legislation;
  • To enforce the terms of the Agreement or to protect the rights, property and security of ENSO, Merchants, Merchant’s representative or the public.


We do not disclose information that can personally identify you to any person, except as described in this Policy, including:

  • Fraud prevention agencies (including action fraud, financial fraud, and financial fraud bureaus);
  • Payment Partners with which ENSO has concluded appropriate contracts for the processing of payments;
  • In cases where it is required or permitted by law: in accordance with the law, we can transfer information about you to regulatory authorities and law enforcement agencies around the world, or we can otherwise determine that this is appropriate or necessary. Such disclosures may include requests from state authorities for litigation, national security, or in cases where we consider this to be in the national interest or otherwise lawfully.
  • With your consent: Your information may also be used for other purposes for which you provide your specific consent or, when required by law, in any relevant jurisdiction. Unless permitted, ENSO does not sell, rent, lease or disclose information about its Merchants to third parties, or disclose it in any other way for commercial purposes.


All categories of Personal Data received from the Merchant’s representatives are stored on servers in the European Economic Area (EEA), in Germany. Personal data may also be processed by employees working within and / or outside the EEA who work for ENSO or one of our Payment Partners. Such employees may, inter alia, engage in the provision of ancillary services in the provision of services within our Services. We will take all reasonable steps to ensure the safe handling of your Personal Data in accordance with this Policy.

We always comply with the GDPR, as well as the provisions of AML act on the protection of Personal Data, in relation to any such transfer of Personal Data. Please note that in countries outside the EEA, the level of data protection may differ from the level of data protection in EEA countries: however, in all cases, our requirements for the storage and use of your Personal Data will continue to be governed by this Policy.

ENSO may process payments through other Payment Partners as part of our Services. Payment Partners can process and store your Personal Data outside the EEA, and we and they must disclose your information to foreign authorities to help them in the fight against crime and terrorism. Please note that if these organizations are based outside the EEA, your Personal Data may not be protected in accordance with the same standards.

Using our Services, you give ENSO informed consent to the use of your Personal Data in the manner described in this Privacy Policy.


We pay great attention to the security and privacy policies of ENSO, which our colleagues must support, adherence to internal instructions and selection of contract partners who must always meet the highest standards of protection and will always treat your data in accordance with these policies. When processing your Personal Data, we use the most advanced technical resources for maximum protection.

We process your Personal Data in such a way as to prevent any unauthorized and / or accidental access to Personal Data, their change, destruction or loss, unauthorized transfer and unauthorized processing, as well as any other improper use of your Personal Data.

All data storage systems are protected in accordance with the applicable standards and are themselves not available in our Services. Conventional means are used to protect data from known types of external attacks. We do not use profiling or automated decision-making.

For example, we provide:

  • Restricting and specifying the list of ENSO employees who have access to Personal Data;
  • Familiarization of ENSO staff with the requirements of the applicable legislation and regulations on the processing and protection of Personal Data;
  • The recording, storage and use of physical information carriers, which excludes theft, substitution, unauthorized copying and destruction of information;
  • Identification of security threats to the confidentiality of Personal Data during their processing and the formation of threat scenarios;
  • Development of personal data protection systems based on threat scenarios;
  • Checking the readiness and effectiveness of the use of information security tools;
  • Implementation of an authorization system for access to information resources, software and hardware for processing and protecting information;
  • Registration and recording the actions of Merchant’s representatives of Personal Data information systems;
  • Password-protected access of Merchant’s representatives to the Personal Data information system;
  • Antivirus control, prevention of introduction into the corporate network;
  • Detection of intrusions into the ENSO corporate network that violate or create conditions for violation of the Personal Data security requirements;
  • Centralized management of the Personal Data protection system;
  • Training of employees using the information protection tools used in the Personal Data information systems on the rules for working with them;
  • Monitoring the actions, conducting of proceedings on violations of personal data security requirements.

Third parties to whom Personal Data can be transferred to support the operation of ENSO may be located in other countries where Personal Data Processing laws may be less stringent than in your country. From time to time, Personal Data can also be stored in other places, and in such cases we guarantee that Personal Data will be stored and processed with the appropriate level of protection and security.


ENSO can periodically make changes to the Policy: in case of significant changes, ENSO will publish notices on the Website, in the Merchant’s Account or otherwise notify you so that you can read the changes before how to continue working with our Services. If you do not agree with any changes, you as a Merchnt’s representative can delete Merchant’s Account. Continuing to work with ENSO after publishing or distributing a notice of changes to the Policy means that you agree with the changes made.


Here we have summarized the principal rights that you have under data protection law. Some of the rights are complex, might contain restrictions depending on the legal basis for processing the data and not all of the details have been included in our summaries. For example, you will not be able to request that we delete all of your Personal Data if you used our Services because it will be necessary for our accounting obligations. We will always let you know the legal basis for this. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Right to access

As a data subject you have the right to obtain from us free information about your Personal Data processed at any time and a copy of this information. Furthermore, you will have access to the following information: the purposes of the processing; the categories of Personal Data concerned; where possible, the envisaged period for which the Personal Data will be processed, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of Personal Data, or restriction of processing of Personal Data concerning you, or to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; where the Personal Data are not collected directly from you, any available information as to their source; and the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.

Right to rectification

You have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Data completed via your Account, including by means of providing a supplementary statement.

Right to be forgotten

You have the right to obtain from us the erasure of Personal Data concerning you as soon as possible, and we shall have the obligation to erase Personal Data without undue delay where required by the law, including when:

  • the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • there is no longer a legal ground for the processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing;
  • the Personal Data has been unlawfully processed;
  • the Personal Data must be erased for compliance with a legal obligation in accordance with the applicable law to which we are subject.

Right to restriction of processing

You have the right to obtain from the restriction of processing where one of the following applies:

  • the accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of the Personal Data;
  • the processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead;
  • we no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; and/or
  • you have objected to processing pursuant to applicable laws.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time, to the processing of Personal Data concerning you. We shall no longer process the Personal Data in the event of the objection, unless we can demonstrate reasonable grounds for the processing, which override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.

Right to withdraw data protection consent

To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time.

You may exercise any of your rights in relation to your Personal Data by contacting our customer support.

Right to transfer data

If we process your data in accordance with the contract or with your consent and by automated means, you have the right to receive personal data concerning you in a structured, widely used and machine-readable format, or you have the right to transfer your personal data to another controller of your choice. This right shall not adversely affect the rights and freedoms of other parties.

Your right to lodge a complaint with the information commissioner's office

You have the right to complain to the Information Commissioner's Office (ICO) if you believe that we illegally use your personal data. However, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.

For information on contacting the ICO please see their website at

Rights related to automated decision-making and profiling

As a data subject, you have the right not to be subjected to a decision based solely on automated processing.


All Personal Data is usually processed in the EU member states (in Germany). Your data is never transferred outside the EU Member States, unless otherwise described in this Policy.

If we find that there is a risk to the security of your Personal Data, we will immediately notify you of this fact.

ENSO store your Personal data as long as Merchant’s Account is active or while it is necessary. ENSO may store certain information even after the removal of the Merchant’s Account, if it is necessary to comply with legal requirements, resolve disputes, prevent fraud or abuse, and to ensure the provisions of this Privacy Policy. ENSO may store Personal Data for a limited period of time in accordance with legal requirements.

We process your Personal Data during the term of our Agreement and not more than 5 years after its termination, in order to comply with our accounting obligations, to resolve any disputes that may arise regarding the relationship between the Merchant and ENSO.


If anything is left unclear in the text of this Policy, we will be happy to clarify its provisions.

For questions related to the processing of your Personal Data, please contact us via email