Privacy Policy

Privacy Policy

Oionx Pay Privacy Policy

Effective Date: 22 May 2025

Oionx Pay Ltd ("Oionx Pay", "we", "our" or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store and protect information that can identify you directly or indirectly ("Personal Data") when you visit https://www.oionxpay.com (the "Site"), use any of our payment‑related products, services, mobile or web applications (collectively, the "Services"), communicate with us, or otherwise engage with Oionx Pay.

This Policy is drafted to meet the requirements of the UK General Data Protection Regulation (UK GDPR), the EU GDPR (Regulation (EU) 2016/679) and other applicable privacy laws. Where there is a conflict, the higher protective standard applies.

1. Who We Are

Oionx Pay Ltd is a company registered in England and Wales under company number 15617450 with its registered office at Canterbury Court, 1‑3 Brixton Road, London, SW9 6DE.

Oionx Pay Spółka z Ograniczoną Odpowiedzialnością (NIP: 7252350105, KRS: 0001141605) is registered in the Polish Register of Virtual Currency Activities under number RDWW‑1723 and operates under the supervision of the Director of the Tax Administration Chamber in Katowice, in compliance with Poland’s Anti‑Money Laundering and Countering the Financing of Terrorism Act.

Oionx Pay USA, Inc. is a U.S.‑based entity registered as a Money Services Business (MSB) with the U.S. Department of the Treasury under MSB number 31000299726109, operating in accordance with applicable federal and state financial regulations.

Oionx Pay is powered by Bridge, a licensed MSB holding Money Transmitter Licenses (MTLs) in 48 U.S. states, to facilitate regulated money movement and ensure end‑to‑end compliance for U.S.‑based operations.

As the data controller, we determine the purposes and means of processing your Personal Data.

Data Protection Officer (DPO) – You can reach our DPO at contact@oionxpay.com or by post to the address above, marked "FAO Data Protection Officer".

2. Scope of This Policy

• This Policy applies to visitors to our Site, end‑users of our merchant checkout, account holders, business partners, suppliers, job applicants and anyone who otherwise interacts with us. • It does not cover processing performed by merchants who use Oionx Pay to accept payments – those merchants are independent controllers. Refer to their privacy notices for details.

3. Definitions

Personal Data – Any information relating to an identified or identifiable natural person.

Processing – Any operation performed on Personal Data, e.g. collection, storage, use, disclosure, erasure.

Special Category Data – Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, trade‑union membership; genetic or biometric data; health data; or data concerning a person’s sex life or sexual orientation.

Legal Basis – The lawful grounds under Article 6 or Article 9 GDPR permitting the processing.

EEA – European Economic Area.

4. What Personal Data We Collect

Identity Data – full name, username, title, date of birth, national ID/passport numbers (for KYC).

Contact Data – billing address, delivery address, email, telephone.

Financial Data – payment card PAN (tokenised), bank account number, IBAN, wallet identifiers.

Transaction Data – payment amounts, currency, merchant, timestamps, FX rates, refunds, disputes.

Technical and Usage Data – IP address, device IDs, browser type, operating system, language, referring URLs, session timestamps, click‑stream data, error logs.

Marketing Preferences – opt‑in/opt‑out status, preferred channels.

Compliance Data – PEP and sanctions screening results, fraud scores.

Recruitment Data – CVs, qualifications, interview notes, right‑to‑work checks.

Support Communications – emails, chat transcripts, call recordings (with notice).

We do not intentionally process Special Category Data except where required by law (for example, ID documents may reveal ethnicity) or where you voluntarily provide it in support requests. Such data is protected with enhanced safeguards.

5. How We Collect Your Data

• Direct interactions – you create an account, initiate a payment, contact support, complete forms. • Automated technologies – we collect Technical & Usage Data via cookies, SDKs, pixels and similar technologies. • Third parties – identity‑verification partners, merchants, affiliate networks, public databases. • Observations from the Service – we generate Transaction and Fraud Detection Data as you transact.

6. Purposes and Legal Bases for Processing

Provide the Services, process payments, authenticate users – Contract.

Comply with anti‑money‑laundering (AML), counter‑terrorist‑financing (CTF), sanctions and consumer‑protection laws – Legal obligation.

Detect, prevent and remediate fraud, abuse and security threats – Legitimate interests.

Improve, test and develop our Services and Site – Legitimate interests.

Market our Services to business prospects – Consent or legitimate interests (depending on channel and jurisdiction).

Handle disputes, chargebacks and complaints – Contract, legitimate interests.

Recruitment and HR administration – Contract, legal obligation.

Corporate transactions (for example, merger or acquisition) – Legitimate interests.

Where we rely on legitimate interests, we balance our interests against your rights and expectations and document such assessments.

7. Cookies and Similar Technologies

We use:

• Essential cookies – required for Site operation, security and checkout sessions. • Analytics cookies – help us understand Site usage. Set only with your consent. • Advertising cookies – allow personalised ads across the web. Disabled by default in the EEA/UK unless you opt in.

A detailed breakdown and retention times are available in our Cookie Policy, which you can find on our website. You can change your preferences at any time via the "Cookie Settings" link in the Site footer.

8. Disclosures of Your Personal Data

We share Personal Data only when necessary and subject to appropriate safeguards:

• Payment networks and banks – to route transactions and handle chargebacks. • Identity‑verification and fraud‑prevention partners – to satisfy AML/CTF obligations. • Service providers and sub‑processors – cloud hosting, email delivery, analytics, customer‑support platforms (all bound by written data‑processing agreements). • Merchants – when you pay a merchant using Oionx Pay, limited data (for example, name, email, shipping information, payment status) is provided to that merchant as independent controller. • Corporate group companies – within the Oionx Pay corporate group for internal administration, governance and consolidated reporting. • Authorities and regulators – where required by law or court order, or to defend legal claims.

We never sell your Personal Data.

9. International Transfers

Oionx Pay primarily stores data in the United Kingdom and the European Union. When we transfer Personal Data outside the UK/EEA (for example, to U.S. cloud providers), we rely on:

• Adequacy Regulations or Adequacy Decisions (UK/EU) where applicable; or • Standard Contractual Clauses (SCCs) and, where needed, the UK Addendum; and • Supplementary measures based on transfer‑impact assessments.

You may request a copy of the relevant safeguards by contacting the DPO.

10. Data Retention

We retain Personal Data only for as long as necessary for the purposes set out in this Policy, including to comply with legal, accounting or reporting requirements.

• Transaction records – seven years from the transaction date (AML). • KYC/identity documentation – five years after account closure (MLR 2017). • Support correspondence – three years. • Marketing opt‑in records – until you withdraw consent plus six years (limitation period).

We may retain anonymised or aggregated data indefinitely.

11. Security

We implement appropriate technical and organisational measures, including encryption of data in transit (TLS 1.3) and at rest (AES‑256), an ISO 27001‑aligned information‑security management system, strict access controls with multi‑factor authentication, regular penetration testing and PCI‑DSS v4.0 Level 1 certification for card data.

12. Your Privacy Rights

Under the GDPR and, where applicable, other laws, you have the right to:

• Access – obtain confirmation whether we process your Personal Data and receive a copy. • Rectification – correct inaccurate or incomplete data. • Erasure – request deletion where processing is no longer necessary or lawful. • Restriction – ask us to suspend processing in certain circumstances. • Data portability – receive data in a structured, commonly used and machine‑readable format and transmit it to another controller. • Objection – object to processing based on legitimate interests or direct marketing. • Withdraw consent – withdraw at any time where processing relies on consent (effects future processing only). • Automated decision‑making – not be subject to a decision based solely on automated processing that produces legal effects.

How to exercise your rights – Email contact@oionxpay.com or write to our DPO. We may need to verify your identity. We respond within one month, extendable by a further two months for complex requests as permitted by Article 12 GDPR.

If you are unhappy with our response you can complain to the Information Commissioner’s Office (ICO) in the UK or to your local supervisory authority in the EEA.

13. Children’s Privacy

Our Services are not directed to children under sixteen and we do not knowingly collect Personal Data from them. If you believe a child has provided us with data, contact us and we will delete it.

14. Changes to This Policy

We may update this Policy to reflect legal, technical or business changes. We will post the updated version on the Site with a revised "Effective Date" and notify account holders of material changes via email or dashboard message at least thirty days before they take effect.

15. Contact Us

Oionx Pay Ltd Canterbury Court, 1‑3 Brixton Road, London, SW9 6DE, United Kingdom Email: contact@oionxpay.com Phone: +44 1865 648 328

© 2025 Oionx Pay Ltd. All rights reserved.


Oionx Pay

Fast, secure, and borderless payments—powered by stablecoins.

Oionx Pay LTD is a company registered in England and Wales under company number 15617450, with its registered office at Canterbury Court, 1-3 Brixton Road, London, SW9 6DE. Oionx Pay Spółka z Ograniczoną Odpowiedzialnością (NIP: 7252350105, KRS: 0001141605) is registered in the Polish Register of Virtual Currency Activities under number RDWW-1723 and operates under the supervision of the Director of the Tax Administration Chamber in Katowice, in compliance with Poland’s Anti-Money Laundering and Countering the Financing of Terrorism Act. Oionx Pay USA, Inc. is a U.S.-based entity registered as a Money Services Business (MSB) with the U.S. Department of the Treasury under MSB number 31000299726109, operating in accordance with applicable federal and state financial regulations. Oionx Pay is powered by Bridge, a licensed MSB holding Money Transmitter Licenses (MTLs) in 48 U.S. states, to facilitate regulated money movement and ensure end-to-end compliance for U.S.-based operations. For all regulatory inquiries, please contact us at contact@oionx.com.

ⓒ 2025 Oionx Pay LTD. All Rights Reserved

  • Oionx

  • Pay

Oionx Pay

Fast, secure, and borderless payments—powered by stablecoins.

Oionx Pay LTD is a company registered in England and Wales under company number 15617450, with its registered office at Canterbury Court, 1-3 Brixton Road, London, SW9 6DE. Oionx Pay Spółka z Ograniczoną Odpowiedzialnością (NIP: 7252350105, KRS: 0001141605) is registered in the Polish Register of Virtual Currency Activities under number RDWW-1723 and operates under the supervision of the Director of the Tax Administration Chamber in Katowice, in compliance with Poland’s Anti-Money Laundering and Countering the Financing of Terrorism Act. Oionx Pay USA, Inc. is a U.S.-based entity registered as a Money Services Business (MSB) with the U.S. Department of the Treasury under MSB number 31000299726109, operating in accordance with applicable federal and state financial regulations. Oionx Pay is powered by Bridge, a licensed MSB holding Money Transmitter Licenses (MTLs) in 48 U.S. states, to facilitate regulated money movement and ensure end-to-end compliance for U.S.-based operations. For all regulatory inquiries, please contact us at contact@oionx.com.

ⓒ 2025 Oionx Pay LTD. All Rights Reserved

  • Oionx

  • Pay

Oionx Pay

Fast, secure, and borderless payments—powered by stablecoins.

Oionx Pay LTD is a company registered in England and Wales under company number 15617450, with its registered office at Canterbury Court, 1-3 Brixton Road, London, SW9 6DE. Oionx Pay Spółka z Ograniczoną Odpowiedzialnością (NIP: 7252350105, KRS: 0001141605) is registered in the Polish Register of Virtual Currency Activities under number RDWW-1723 and operates under the supervision of the Director of the Tax Administration Chamber in Katowice, in compliance with Poland’s Anti-Money Laundering and Countering the Financing of Terrorism Act. Oionx Pay USA, Inc. is a U.S.-based entity registered as a Money Services Business (MSB) with the U.S. Department of the Treasury under MSB number 31000299726109, operating in accordance with applicable federal and state financial regulations. Oionx Pay is powered by Bridge, a licensed MSB holding Money Transmitter Licenses (MTLs) in 48 U.S. states, to facilitate regulated money movement and ensure end-to-end compliance for U.S.-based operations. For all regulatory inquiries, please contact us at contact@oionx.com.

ⓒ 2025 Oionx Pay LTD. All Rights Reserved

  • Oionx

  • Pay