Table of Contents
1. Data Controller
The controller of your personal data is:
ElyonPay Global Technologies SAS
10 Rue de la Paix, 75002 Paris, France
SIRET: 97898483900032
Email: privacy@elyonpay.com
ElyonPay Global Technologies SAS is a subsidiary of ElyonPay Global Technologies Holding Ltd, a company incorporated under Mauritian law, registered in Ebene, Mauritius.
2. Data Collected
2.1 Data you provide to us
- Identification data: first name, last name, email address, phone number
- Professional data: shop name, type of activity, country of operation
- Financial data: Mobile Money number, bank details (encrypted), account currency
- KYC documents: identity document, proof of address, trade register (for mandatory verification)
- Contact data: messages sent via the contact form
2.2 Data collected automatically
- IP address, browser type, operating system
- Pages visited, session duration, traffic source
- Cookie data (see our Cookie Policy)
- Transaction logs (amount, currency, status, timestamp)
2.3 Data received from third parties
- Mobile Money operators (MTN, Orange, Wave, Moov, Airtel): payment confirmation
- Banking networks: wire transfer status
3. Purposes and Legal Bases
| Purpose | Legal basis |
|---|---|
| Creating and managing your seller account | Performance of contract (Art. 6.1.b GDPR) |
| Processing payments and transfers | Performance of contract |
| Identity verification (KYC/AML) | Legal obligation (Art. 6.1.c GDPR) |
| Fraud prevention and security | Legitimate interest (Art. 6.1.f GDPR) |
| Customer service and support | Performance of contract |
| Commercial communications | Consent (Art. 6.1.a GDPR) |
| Statistical analysis and service improvement | Legitimate interest |
| Regulatory compliance and tax obligations | Legal obligation |
4. Retention Period
| Data type | Duration |
|---|---|
| Active account data | Duration of the contractual relationship |
| Data after account closure | 5 years (legal obligations) |
| KYC documents | 5 years after end of relationship |
| Transaction logs | 10 years (regulatory compliance) |
| Analytical cookie data | Maximum 13 months |
| Contact messages | 3 years |
5. Data Recipients
Your data may be shared with:
- Mobile Money operators (MTN MoMo, Orange Money, Wave, Moov, Airtel) β for payment processing
- Banking and financial networks β for SEPA and international transfers
- Technical service providers β hosting, security, analytics (under GDPR-compliant data processing agreements)
- Competent authorities β upon judicial or regulatory request
- ElyonPay group companies β for internal group management purposes
We never sell your personal data to third parties.
6. International Transfers
ElyonPay operates in Africa, Europe and worldwide. Data transfers may take place to countries outside the European Economic Area (EEA), including Cameroon, CΓ΄te d'Ivoire, DRC, Gabon, Senegal, and Nigeria.
These transfers are governed by:
- Standard Contractual Clauses (SCCs) adopted by the European Commission
- Appropriate safeguards in accordance with Article 46 of the GDPR
- Transfer Impact Assessments (TIA) for each destination country
7. Your Rights
Under the GDPR (EU Regulation 2016/679), you have the following rights:
- Right of access: obtain a copy of your personal data
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure: request the deletion of your data (subject to conditions)
- Right to restriction: restrict certain processing operations
- Right to data portability: receive your data in a structured format
- Right to object: object to processing based on legitimate interest
- Right to withdraw consent: at any time, without prejudice to prior processing
- Right to lodge a complaint: with the ICO (UK) or your local data protection authority
To exercise your rights: privacy@elyonpay.com β Response within 30 days. Proof of identity may be required to verify your identity.
8. Data Security
ElyonPay implements high-level technical and organisational measures to protect your data:
- 256-bit SSL/TLS encryption on all communications
- AES-256 encryption of sensitive data at rest
- PCI DSS Level 1 compliance for payment data
- ISO 27001 certification for information security management
- Two-factor authentication (2FA) on seller accounts
- Regular security audits and penetration testing
- Data access restricted to authorised personnel on a least-privilege basis
In the event of a data breach likely to affect your rights, we will notify you within 72 hours in accordance with Article 33 of the GDPR.
9. Minors
ElyonPay services are exclusively intended for adults (18 years and over). We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, please contact us immediately at privacy@elyonpay.com.
10. Policy Amendments
We may update this policy at any time. In the event of a material change, we will notify you by email or via a notification in your dashboard. The date of last update is always shown at the top of this page.
Your continued use of ElyonPay services after notification of changes constitutes acceptance of the updated policy.
11. Contact & Data Protection Officer
π¬ Contact us about your data
DPO Email: privacy@elyonpay.com
Post: ElyonPay Global Technologies SAS β DPO, 10 Rue de la Paix, 75002 Paris, France
Data Protection Authority: If you believe your rights are not being respected, you may lodge a complaint with your national supervisory authority (e.g. ICO in the UK, CNIL in France): www.cnil.fr