Data Privacy Statement

The following data privacy statement applies to the use of the website https://kingpay.eu/, hereinafter referred to as "website" and "online offering." We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We process your personal data to be able to offer you this website and related services. We explain here how and for what purpose your personal data is collected and used, and what rights you have in connection with the processing of your data. If you wish to object to the collection, processing, or use of your data by us in accordance with this data privacy statement, either generally or for individual measures, you can address your objection to the data protection officer of the controller.

1 General

1.1 Controller

The controller for the collection, processing, and use of your personal data according to Art. 26 GDPR is:

Card Compact Ltd.483 Green Lanes London N13 4BS United KingdomEmail: support@cardcompact.com

1.2 Data Protection Officer and EU Representative

You can reach our Data Protection Officer and EU Representative at:

Email: privacy@cardcompact.com

2 Data Processing

2.1 Types of data processed

  • Names
  • Date of birth
  • Address data (street, house number, postal code, and city)
  • Contact details (e.g., email, phone numbers)
  • Content data (e.g., text entries, conversation histories, photos)
  • Contract data (e.g., contract number, IBAN, BIC)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta-/communication data (e.g., mobile device information, IP addresses)

2.2 Categories of data subjects

Visitors and users of the online offering. Below, we collectively refer to the data subjects as "Users."

2.3 Purpose of Processing

2.3.1 Registration Process/Conclusion of Contract

For the issuance of cards and accounts and the setup of your account, your personal data is required for filling out the online form during registration. During the application process, you will be informed of the required mandatory information (salutation, first name, last name, street number, postcode, city, date of birth, mobile number, email) and this data will be processed on the basis of Art. 6(1)(b) GDPR for the purpose of fulfilling the contract. As a registered user, you have the option to change or revise your personal data at any time in the "Personal Data" section.

To confirm your identity after registration, you may be asked to upload copies of your ID, proof of address and income, and a photo of yourself.

Card Compact collects, stores, and processes your personal data on its computers to further develop and improve its overall services for you, to communicate with you, and to manage your account.

We will not share data unless in the limited cases described below, to the extent permitted by applicable law, or if you have given us your express consent:

  • To the electronic money issuer Transact Payments Malta Limited, Vault 14, Level 2, Valletta Waterfront, Floriana, FRN 1914
  • To the electronic money issuer Harmoniie SAS. Harmoniie SAS, 1, Rue de la Bourse, 75002 Paris, France
  • To the electronic money issuer Moorwand Ltd. Fora, 3 Lloyds Avenue, London, EC3N 3DS, United Kingdom
  • To the card processor Global Processing Services, 18-20 Hill Rise, Richmond, TW10 6UA UK, which we use for processing your card transactions;
  • To the processor Thredd UK Limited, 09926803, Kingsbourne House, 229-231 High Holborn, London, WC1V 7DA, England, which we use for processing your transactions;
  • To third parties, including card bureaus, which we use for the production of your plastic card. Details of our current suppliers are available on request;
  • To other third parties for the processing of customer identification services including KYC verification. Details of our current suppliers are available on request;
  • To other third parties for the processing of PEP and sanctions checks. Details of our current suppliers are available on request;
  • To auditors to verify compliance with legal requirements. Details of our current suppliers are available on request;
  • To our system provider Mastercard, who may require cardholder data in relation to refunds or disputes, audits, and other exceptional cases. Details of the respective contact point are available on request;
  • To other banks that may require cardholder data in relation to refunds or disputes, audits, and other exceptional cases. Details of the respective contact point are available on request;
  • To anyone to whom we transfer or may transfer our rights and obligations under our General Terms and Conditions with you.

2.3.2 Website Hosting

Our website is hosted by GoDaddy Operating Company, LLC, 2155 E. GoDaddy Way, Tempe, AZ 85284, USA. The hosting service provider provides the infrastructure for the operation of our website, enabling its access and functionality. For this purpose, the processing of connection data (e.g., IP address, access timestamps, technical logs) is necessary to ensure the delivery of the website and its security.

The processing is carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR, as it is necessary for providing a stable and secure online presence. The data may also be transferred to servers in the USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which GoDaddy is obliged to maintain an adequate level of data protection. Further information on data processing by GoDaddy can be found in their privacy policy at https://de.godaddy.com/legal/agreements/privacy-policy.

2.3.3 Answering Contact Requests and Communication with Users

If you contact us (e.g., via contact form, chatbot, or email), we store your information (e.g., name, address, phone number, email address, conversation history) to process your request and in case follow-up questions arise regarding a later contractual or business relationship, in accordance with Art. 6(1)(b) GDPR. We only store and use further personal data if you consent to it or if it is legally permissible without specific consent.

2.3.4 Data Analytics

Data analytics helps to adapt our services to individual user preferences and optimize their functionality and navigation. Insights into user behavior enable a personalized experience that improves usability and efficiency. Wherever possible, anonymized data is used to optimize the user experience.

2.3.5 Securing Information and Infrastructure for Providing Our Services

Security measures such as encryption, fraud detection, and access controls are based on data processing. Monitoring and logging user activities help prevent unauthorized access and ensure system integrity. Data processing supports the detection of suspicious activities, the prevention of fraudulent transactions, and the mitigation of security risks. This includes identifying policy violations, restricting unauthorized activities, and conducting internal investigations if necessary. Wherever possible, anonymized data is used to prevent and investigate misuse without compromising security.

2.3.6 Further Development of Our Services

Collected data supports product improvements, feature optimizations, and innovations in services. Analyzing user feedback and usage statistics helps identify trends and areas for technological advancements. For development purposes, anonymized data processing is preferred.

2.3.7 Cookies

Cookies are a common technology consisting of small text files stored on the user's device. We use both first-party and third-party cookies, which may receive personal data. These help improve the user experience by making the website more user-friendly and secure. Furthermore, cookies can be used to adapt website content to visitors' interests or to optimize the offering through statistical analyses. The processing of personal data through essential cookies, which are necessary for the operation and functionality of the website, occurs as needed. All other cookies (analytics, marketing, and personalization cookies) require your consent, which can be managed via our consent banner. This is accessible at any time from the bottom of the website.

You can also manage your cookie settings through your browser settings or our cookie consent manager. However, it is important to note that disabling cookies may limit or even prevent certain website functionalities.

2.3.8 Meta-Pixel/Ads

We use the Meta Pixel, a tracking tool from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to analyze and optimize our advertising efforts on Meta platforms (such as Facebook and Instagram). The Meta Pixel allows us to track user behavior after interacting with our ads and being redirected to our website. This helps us measure the effectiveness of our ads and improve their targeting. The data collected may include information such as your IP address, browser type, and user behavior on our website.

The processing of this data is based on your consent according to Art. 6(1)(a) GDPR, which you can revoke at any time by adjusting your cookie settings. The collected data may also be transferred to servers of Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which Meta is obliged to maintain an adequate level of data protection. Further information on data processing by Meta can be found in Meta's privacy policy at https://www.facebook.com/privacy/policy.

2.3.9 Google Ads, Google Analytics, and Google Search Console

We use various services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, including Google Ads, Google Analytics, and Google Search Console, to analyze and optimize the reach and effectiveness of our website and our advertising measures.

  • Google Ads is used to measure the effectiveness of our online advertising and to deliver targeted ads. This allows us to track what actions users take after clicking on an ad.
  • Google Analytics enables us to analyze general user behavior on our website (e.g., page views, time spent, interactions) to improve usability.
  • Google Search Console helps us monitor our website's visibility in Google search results, identify technical errors, and optimize the findability of our content.

The data collected may include information about your IP address, browser type, device used, pages visited, search queries, and general usage statistics.

The processing is based on your consent in accordance with Art. 6(1)(a) GDPR, which you can revoke at any time by adjusting your cookie settings. The collected data may also be transferred to servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which Google is obliged to maintain an adequate level of data protection.

Further information on data processing by Google can be found in Google's privacy policy at: https://policies.google.com/privacy.

2.3.10 Zoho SalesIQ (Chatbot)

We use Zoho SalesIQ, a live chat and tracking tool from Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands, to enable direct communication with us via the chat function on our website and to improve your user experience. Through the chat, we can answer your inquiries in real time. Technical data (e.g., IP address, browser type, operating system), communication content, and usage information (e.g., duration of visit, pages accessed) are collected and stored.

The processing is carried out exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR, which you can revoke at any time via your cookie settings. The collected data may be transferred to servers of Zoho Corporation, 4141 Hacienda Drive, Pleasanton, CA 94588, USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which Zoho is obliged to maintain an adequate level of data protection. Further information on data processing by Zoho can be found in Zoho's privacy policy at https://www.zoho.com/privacy.html.

2.3.11 Webflow

Our website is provided via the Webflow service, operated by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. Webflow, as a hosting service provider, handles the technical provision, management, and display of our website. In doing so, data from website visitors, such as IP address, browser information, device information, access times, and log files, are automatically processed to ensure the secure and stable operation of the website.

The processing of this data is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR, as it is necessary for providing a functional and secure internet presence. The collected data may be transferred to Webflow servers in the USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which Webflow is obliged to maintain an adequate level of data protection. Further information on data processing by Webflow can be found in Webflow's privacy policy at https://webflow.com/legal/privacy.

2.3.12 LinkedIn

We use the LinkedIn Insight Tag, an analytics tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, to analyze and optimize our advertising efforts on LinkedIn. The Insight Tag allows us to collect information about visits to our website, including URL, referrer, IP address, device and browser properties, and timestamps. This data helps us measure the effectiveness of our ads, better target audiences, and increase the relevance of our content.

The processing of this data is based on your consent according to Art. 6(1)(a) GDPR, which you can revoke at any time by adjusting your cookie settings. The collected data may also be transferred to servers of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which LinkedIn is obliged to maintain an adequate level of data protection. Further information on data processing by LinkedIn can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.

2.3.13 Reddit Ads

We use advertising services from Reddit Ireland Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland, to analyze and optimize our marketing efforts on the Reddit platform. For this purpose, the so-called Reddit Pixel is used, which allows us to track user behavior after interacting with our ads and being redirected to our website. In this way, we can measure the effectiveness of our campaigns and improve their targeting. The data collected may include information such as your IP address, device information, browser type, and your user behavior on our website.

The processing of this data is based on your consent according to Art. 6(1)(a) GDPR, which you can revoke at any time by adjusting your cookie settings. The collected data may also be transferred to servers of Reddit Inc., 548 Market Street, Suite 16093, San Francisco, CA 94104, USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which Reddit is obliged to maintain an adequate level of data protection. Further information on data processing by Reddit can be found in Reddit's privacy policy at https://www.redditinc.com/policies/privacy-policy.

2.3.14 Twitter Ads

We use the Twitter pixel, a tracking tool from Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, to analyze and optimize our advertising efforts on Twitter (now "X"). The Twitter pixel allows us to track user behavior after interacting with our advertisements and being redirected to our website. This helps us measure the reach and effectiveness of our ads and improve their targeting. The data collected may include information such as your IP address, the browser type used, referrer URLs, and interactions on our website.

The processing of this data is based on your consent according to Art. 6(1)(a) GDPR, which you can revoke at any time by adjusting your cookie settings. The collected data may also be transferred to servers of Twitter Inc. (X Corp.), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which Twitter/X is obliged to maintain an adequate level of data protection. Further information on data processing by Twitter/X can be found in Twitter's privacy policy at https://twitter.com/de/privacy.

2.3.15 Mailchimp

We use Mailchimp, a service of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, for sending and analyzing newsletters. Mailchimp enables us to organize, analyze, and stay in contact with you regarding email dispatches. When you sign up for our newsletter, the data you provide (e.g., email address, name, possibly IP address and time of registration) is stored on Mailchimp's servers. With the help of Mailchimp, we can track whether a newsletter message has been opened and which links have been clicked. This information helps us to optimize our newsletter offering and to better tailor it to the interests of our subscribers.

The processing of your data is based on your consent according to Art. 6(1)(a) GDPR, which you can revoke at any time with effect for the future by unsubscribing from the newsletter or adjusting your consent. The collected data may also be transferred to servers in the USA. For the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework"), on the basis of which Mailchimp is obliged to maintain an adequate level of data protection. Further information on data processing by Mailchimp can be found in Mailchimp's privacy policy at https://mailchimp.com/legal/privacy/.

2.3.16 Processing of Personal Data in Connection with Job Applications

If you apply for a position with us, we process the personal data you provide during the application process (e.g., contact details, resume, certificates, qualifications). This data is processed exclusively for the purpose of carrying out the application procedure and deciding on the establishment of an employment relationship. Your data will only be shared internally with persons involved in the specific selection process. Data will not be passed on to third parties. If no employment relationship is established, your data will be deleted no later than six months after the conclusion of the application process, unless there are legal retention obligations or you have expressly consented to a longer storage period (e.g., for inclusion in a talent pool).

3 Storage Duration

Unless otherwise stated, we store your personal data only as long as necessary for the purpose of fulfilling the purpose or as required by legal retention obligations. Furthermore, your data will be deleted as soon as it is no longer required for fulfilling contractual or legal retention obligations (e.g., tax and commercial law requirements) or for processing potential warranty and similar obligations.

We may also store your personal data to assert, exercise, or defend legal claims. If your data can no longer be processed for the original purpose but is still subject to retention obligations, it will be archived and removed from active processing systems. It will then be completely deleted from operational systems, with access strictly restricted.

Once all retention obligations have been met, legal storage rights have expired, and applicable deletion periods have passed, the corresponding data will be permanently deleted as part of our routine processes.

4 Your Rights as a Data Subject

According to applicable law, you have the following rights regarding your personal data. If you wish to exercise these rights, please send your request by email or post to our data protection officer and ensure your identity is clearly proven.

4.1 Right of Access

You have the right to request confirmation from us as to whether we are processing your personal data. If this is the case, you have the right to receive free information about the personal data stored by us and a copy of this data.

4.2 Right to Rectification

You have the right to demand the immediate rectification of inaccurate personal data we have stored about you. In addition, taking into account the purposes of the processing, you can demand the completion of incomplete personal data, including by means of a supplementary declaration.

4.3 Right to Erasure ("Right to be Forgotten")

You have the right to demand the immediate erasure of your personal data. We are obliged to comply with this request unless legal or contractual obligations require further storage of certain data. In such cases, the further processing of your data will be restricted.

If we have made your personal data public and are obliged to erase it, we will take appropriate measures, considering available technology, implementation costs, and technical feasibility, to inform other controllers that you have requested the erasure of all copies or replications of the data.

4.4 Right to Restriction of Processing

You have the right to demand the restriction of the processing of your data, especially in cases where immediate erasure is not possible. You can also demand that we restrict processing to personal data that is essential for providing our services.

4.5 Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from us.

4.6 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling based on these provisions. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

4.7 Right to Withdraw Data Protection Consent

You have the right to withdraw a previously given consent for the processing of your personal data at any time and without giving reasons. If there is no other legal basis for the further processing of your data, your personal data must be deleted immediately. Otherwise, the processing of your personal data will be temporarily restricted (blocked).

4.8 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes legal provisions. For Card Compact, the competent supervisory authority is:

  • UK: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow Cheshire, SK9 5AF
  • Malta: Information and Data Protection Commissioner, Floor 2, Airways House, Triq Il-Kbira, Tas-Sliema SLM 1549, Malta
  • France: Commission nationale de l'informatique et des libertés, 3 Place de Fontenoy,TSA 80715, 75334 PARIS CEDEX 07, FRANCE

5 Data Security

We commit to ensuring the security of your personal data in accordance with applicable data protection laws and the best available technical measures. To protect your data from accidental or unlawful destruction, loss, alteration, unauthorized access, disclosure, or other unlawful forms of processing, we implement a range of technical, physical, and organizational safeguards.

All transfers of personal data, including order processing and customer logins, are encrypted using SSL (Secure Socket Layer) protocol. Nevertheless, we point out that data transmission over the internet, especially email communication, can still pose security risks, and complete protection cannot be guaranteed.

Access to personal data is strictly controlled and limited to authorized individuals who can access this data exclusively via encrypted connections. By default, access to personal data is blocked, and only employees with special authorization receive access according to a strict role and authorization framework. Furthermore, the performance and availability of our system are continuously monitored by internal and external services to ensure security and reliability. Our technical and organizational security measures are regularly updated to conform to the latest technological developments.

Although we strive to provide an uninterrupted service, we cannot guarantee constant availability, as disruptions, interruptions, or failures may occasionally occur. In the event of a data breach that poses a risk to your personal data, we will promptly notify you and the competent supervisory authorities. This notification will include information about the scope of the incident, the data affected, possible impacts on the service, and the measures taken to secure the data and mitigate potential damage.

6 Automated Decision-Making

Automated decision-making based on the collected personal data does not take place.

7 Disclosure of Data to Third Parties, Data Transfer to Non-EU/EEA Countries

As a matter of principle, we use your personal data exclusively within our company. We may share your personal data with partners who provide services on behalf of Card Compact. These recipients are exclusively authorized to process your personal data in connection with the provision of our services to you.

Your data will only be disclosed to third parties under certain circumstances: if you have given your explicit consent, if the transfer is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., for tax compliance or participation in criminal investigations), or if the transfer is necessary to protect our legitimate interests, provided that your fundamental rights and freedoms, which require the protection of personal data, do not outweigh these interests.

If third parties are involved in the fulfillment of contractual obligations, they will only receive personal data to the extent necessary for the provision of their respective services. If we commission external service providers for data processing, we ensure through contractual agreements that they process personal data exclusively in accordance with data protection laws and this privacy policy, while also safeguarding the rights of the data subjects.

Furthermore, the transfer of personal data to institutions or persons outside the EU/EEA is only permissible under the conditions set out in Article 44 et seq. of the GDPR. In such cases, adequate protection is ensured through appropriate security measures, such as the standard contractual clauses of the EU Commission.

8 Data Protection Officer

Should you have any further questions about our data protection or this privacy policy, or wish to exercise your rights, please contact our data protection officer (contact details can be found under section 1.2).

9 Changes to the Privacy Policy

Card Compact reserves the right to amend the privacy policy to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this applies only to declarations regarding data processing. If user consent is required or if parts of the privacy policy contain provisions of the contractual relationship with the users, changes will only be made with the consent of the users. Users are requested to regularly inform themselves about the content of the privacy policy. You can save and print this privacy policy at any time.

(Updated: August 2025)

By clicking on”accept“  you agree to the storage of cookies on your device to improve site navigation, analyze site usage, and support our marketing efforts. For more information, see our Privacy statement.

Cookie SettingsReject allAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
uk flag
English