Support i jule- og nytårsperioden 🎄
Telefonerne er lukket i jul- og nytårsperioden. Mailsupport på support@epay.dk er åben som normalt - vi er tilbage mandag den 5. januar kl. 09:00.
ePay logo

Privacy Policy

Privacy Policy for ePay

1. Introduction

Welcome to ePay ApS. We are committed to protecting your personal data and processing it in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). This privacy policy explains how we collect, use, protect, and share your personal data.

2. Data Controller and Contact Information

ePay ApS, CVR no. 44307499, located at Lansen 19, 9230 Svenstrup J, Denmark, is the data controller responsible for processing your personal data.
If you have any questions about this privacy policy, you can contact us through our support function or at the email address you provided when entering into your agreement with us.

3. What Personal Data We Process

We process the following categories of personal data:

  • Card information
  • Phone number and email address
  • First and last name
  • Customer ID and date of birth (only for MitID verification and age control)
  • IP address

4. Purpose of Processing

We process personal data to:

  • Enable online payments
  • Comply with legal obligations, including anti-money-laundering rules
  • Prevent and detect fraud
  • Provide support and documentation
  • Send relevant operational and support notifications

5. Legal Basis for Processing

Our processing of personal data is based on:

  • Performance of a contract (GDPR Article 6(1)(b))
  • Legal obligation (GDPR Article 6(1)(c))
  • Legitimate interest (GDPR Article 6(1)(f)) in improving our services and preventing fraud

6. Data Retention

We retain your personal data for up to five years after termination of the contract, unless other laws require longer retention.

7. Sharing of Personal Data

Your personal data may be shared with the following subprocessors:

  • Amazon Web Services (cloud hosting)
  • Zendesk (support systems)
  • Wildbit (Postmark, email transmission)
  • Infobip (SMS transmission)
  • Maxmind (fraud validation)
  • Digitaliseringsstyrelsen (MitID verification)
  • Criipto (EID Broker)

Transfers to third countries are only carried out in accordance with GDPR, including the use of the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.

8. Security Measures

We take the security of your data seriously and have implemented appropriate technical and organizational measures, including:

  • PCI-DSS certification for card data
  • Encryption of sensitive information
  • Restricted access to data

9. Your Rights

You have the following rights regarding your personal data:

  • Right of access
  • Right to rectification
  • Right to erasure in certain cases
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right not to be subject to automated decisions

You may exercise your rights by contacting our support team.

10. Data Breaches

In the event of a data breach, we will notify the relevant authorities and affected individuals without undue delay, where required.

11. Changes to the Privacy Policy

We reserve the right to update this privacy policy. The latest version will always be available on our website.

12. Contact Information

If you have any questions about this privacy policy, please contact us via our support or at the email address you have registered with us.

Last updated: 17/3 2025

Make your first test payment
in just a few minutes.
Try ePay for free and get started right away.
How to get started