Last updated on August 18, 2025
Corefy takes care of your personal data and does everything possible to protect it. This Privacy Notice is written to help you understand what your personal data is collected, stored and used, and what happens to it when you use our website at corefy.com (“Website”).
Pay your attention! UK leaves the EU by 31 December 2020. Till that time, the whole data processing process will be handled as it goes. After leaving the EU, the UK will become a third country pending a decision on the adequacy of jurisdiction. We will continue to be GDPR compliant and comply with the data processing and transmission requirements, taking into account the GDPR requirements for third countries that are not recognised as an adequate jurisdiction.
By using our software, services, and website, you acknowledge that you have read and understood this Privacy Policy.
In this Privacy Notice we answer the following questions:
We are PayCore.io Limited (the Company), company number 11654625, with a registered address at 37th floor, One Canada Square, Canary Wharf, London, E14 5AA, United Kingdom.
In relation to your personal data, we are the controller and processor at the same time. We are the controller of your personal data of our clients and users, which means that we determine what, for what purpose and how your personal data will be
processed.
If you have any questions, you can contact us by sending an email to info@paycore.io. You can also send us a letter at PayCore.io Limited, 37th floor, One Canada Square, Canary Wharf, London, E14 5AA, United Kingdom.
This Privacy Notice applies to our website and our services. Our websites are corefy.com and PayCore.io .
For the purposes of this Privacy Policy, “Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person, as defined under Article 4(1) of the General Data Protection Regulation (GDPR). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The data we process is divided into two categories: technical information and data that is provided to us by a user, consumer and client.
Technical information. When you visit our website, some data is collected automatically. We need technical data to operate, maintain, and improve our website. This includes data such as an IP address, UTM parameters, geolocation, device type, browser type, cookies, and data about your interaction with the website - session ID.
The session ID includes your interaction with the website, the name of the website from which you went to our website, the functions you use, the pages viewed on our website, the way you use our website, and the actions you take if such actions are present.
Data provided by the client. To perform a contract, we need the following data: full name, date of birth, email, passport details (tax number, address), gender, phone number, position, company name, payment information (bank details, bank card details), and merchant ID credentials.
Data provided by the consumer. In cases where Corefy processes personal data of end users of our clients (consumers), Corefy acts strictly as a Data Processor under the GDPR. The client (our business partner) acts as the Data Controller and determines the purposes and means of processing. Processing is carried out on behalf of and under the lawful instructions of the Data Controller (Art. 28 GDPR). For detailed information about the processing of such personal data, data subjects should contact the relevant controller directly. As a processor, we may process the following data: name, surname, geolocation, address, device hash, email, phone number, tax number, payment information incl. but not limited to bank ID, bank details, payment card details, electronic wallet ID.
Data provided by the user.
For full interaction with our website, we may collect your name, phone number, email, and company name.
Once again, briefly about what personal data we collect:
Type of data | Description of data | Legal basis | Reasons of processing |
---|---|---|---|
Data provided by a client | Full name, gender, date of birth, email, phone number, passport details, position, company name, payment information, merchant ID credentials | Performance of a contract |
Registering an account; Providing a service; Customer support |
Data provided by a client | Position, company name | Legitimate interest |
Analytics; Statistics |
Data provided by a client | Full name, date of birth, email, phone number | Consent | Marketing |
Data provided by a consumer | Name, surname, geolocation, address, device hash, email, phone number, tax number, payment information, bank ID. | Performance of the contract |
Registering an account; Providing a service; Customer support |
Data provided by a consumer | Device hash, payment information | Legitimate interest |
Security; Analytics; Statistics |
Data provided by a consumer | Full name, contact details | Consent | Marketing |
Data provided by a consumer | Name, surname, payment information | Legal obligation | Compliance with the legal obligation |
Data provided by a user | Full name, phone number, email, and company name | Performance of the contract |
Performance of the contract; Providing a service |
Data provided by a user | Name, phone number, email | Consent | Marketing |
Data provided by a client | Full name, payment information | Legal obligation | Compliance with legal obligations |
Automatically collected data |
Technical information Cookies |
Legitimate interest |
website operation; Analytics; Statistics |
Legal Basis for Data Processing. We process personal data based on one or more of the following legal grounds:
Pay your attention. We knowingly do not process the personal data of users under the age of 13 without consent from the legal representative(s). If you are such a user, or you are the legal representative of the user, please let us know by email at info@paycore.io.
We store personal data in the following categories:
Client data. We store personal client data for the duration of the service and 36 months after completion.
Consumer data. We store personal consumer data for the duration of the service and 24 months after completion.
User data. We store users' personal data for 36 months.
Notwithstanding the foregoing, Company may retain personal data for longer periods if required by applicable laws, regulations, or legal obligations, such as tax or accounting purposes, or for the establishment, exercise, or defense of legal claims.
However, you can exercise your right to delete your data. In this case, your data will be deleted from our servers within 30 days of your request.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing of Personal Data, including, as appropriate:
We implement access controls and authentication mechanisms to ensure that access to Personal Data is restricted to authorized personnel only, based on the principles of least privilege and need-to-know.
We maintain and regularly review access logs and audit trails to monitor access to Personal Data.
The Company implement role-based access controls and segregation of duties to prevent unauthorized access, modification, or misuse of Personal Data.
We ensure the physical security of our facilities and data centers where Personal Data is stored or processed, including appropriate access controls, monitoring, and security measures and conduct background checks and require all personnel with access to Personal Data to execute confidentiality agreements and undergo regular security awareness training and education.
We adhere to industry-recognized security standards and best practices, such as ISO 27001, and shall conduct regular audits and assessments of its security measures.
We ensure that any subprocessors engaged in the processing of Personal Data implement appropriate technical and organizational measures to protect the security and confidentiality of Personal Data, as required by this Privacy Policy, GDPR and other applicable laws and regulations.
We regularly review and update our security measures to incorporate new technologies, industry best practices, and emerging threats, and shall continuously strive to improve the security and protection of Personal Data.
We use your personal data to perform a contract and for communication between us and the client, between us and the consumer, and between us and the user. We may share or disclose personal data to third parties in the following limited circumstances:
Third parties to whom personal data may be shared or disclosed include:
Company ensure that any third party to whom personal data is shared or disclosed is bound by appropriate confidentiality and data protection obligations, and required to implement adequate technical and organizational measures to protect the personal data.
In the event that any Personal Data is transferred outside the European Economic Area (EEA) or to any third country, the Parties shall ensure that such transfers are carried out in accordance with the requirements of the GDPR and other applicable data protection laws.
Data subjects have the right to object to the sharing or disclosure of their personal data for direct marketing purposes or on grounds relating to their particular situation, unless the Company can demonstrate compelling legitimate grounds for such sharing or disclosure that override the interests, rights, and freedoms of the data subject.
We shall implement appropriate technical and organizational measures to protect personal data from unauthorized access, use, or disclosure during the sharing or transfer process, such as encryption, access controls, and secure communication protocols.
The sharing or disclosure of personal data shall be limited to what is strictly necessary for the specific purpose, and shall be subject to any applicable exceptions or limitations under applicable laws and regulations.
We will ask for your consent unless the transfer of data is part of a contract.
In the course of providing our services and operating our business, we may need to transfer personal data across international borders, including to countries outside the European Economic Area (EEA) and the United Kingdom (UK). Such transfers may be necessary for the performance of contracts with data subjects, for the implementation of pre-contractual measures taken at the data subject's request, or for the purposes of our legitimate interests.
When transferring personal data outside the EEA or UK, we will ensure that appropriate safeguards are in place to protect the data and comply with applicable data protection laws, including GDPR and the Law.
We may transfer personal data to countries or organizations that have been deemed by the relevant authorities to provide an adequate level of data protection. Alternatively, we may rely on appropriate safeguards such as standard contractual clauses approved by the European Commission or binding corporate rules.
In certain circumstances, we may also transfer personal data to third-party service providers or partners located in other countries for the purposes of providing our services or conducting our business operations. In such cases, we will ensure that appropriate safeguards are in place to protect the data and that the transfer is carried out in accordance with applicable laws and regulations.
Data subjects have the right to be informed about any cross-border transfers of their personal data and the safeguards in place to protect their data. Data subjects may exercise their rights or raise objections to such transfers by contacting us using the information provided this Privacy Policy.
We will comply with all applicable laws and regulations regarding cross-border data transfers, including the GDPR, the Law and the data protection laws of England and Wales.
We may update or modify our practices regarding cross-border data transfers from time to time.
Any changes will be reflected in an updated version of this Privacy Policy, and data subjects will be notified of such changes in accordance with applicable laws and regulations.
All data is now stored on servers in Germany and the UK. When transferring data, we use the necessary protective measures such as encryption and security protocols.
We use the cookies necessary for the functioning of the website. Using cookies, we receive the technical information specified in clause 3 and our Cookie Policy.
If you want to disable cookies, then you can find instructions for managing your browser settings at these links:
You, as Data Subjects, have the following rights:
The right to obtain confirmation from the Company as to whether their personal data is being processed, and if so, to access their personal data and receive a copy of it. The Company shall provide the personal data in a commonly used and machine-readable format.
The right to request the rectification of inaccurate or incomplete personal data concerning them. The Company shall rectify such personal data without undue delay.
The right to request the erasure of their personal data without undue delay in the following circumstances:
We erase the personal data without undue delay, unless the processing is necessary for the establishment, exercise, or defense of legal claims or for compliance with a legal obligation under applicable law.
Data Subjects have the right to request the restriction of processing of their personal data in the following circumstances:
Data Subjects have the right to receive their personal data, which they have provided to the Company in a structured, commonly used, and machine-readable format.
Data Subjects have the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
Data Subjects have the right to object to the processing of their personal data for purposes other than direct marketing, where the processing is based on the legitimate interests of the Company, unless the Company demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defense of legal claims.
To exercise your rights, write us an email at info@paycore.io. If your request was not satisfied, you can file a complaint to the regulatory body, the ICO via live chat service ico.org.uk/livechat or ico.org.uk/global/contact-us .
The Company shall respond to such requests without undue delay and in any event within one month of receipt of the request, unless the request is particularly complex or numerous, in which case the Company may extend the time limit by a further two months, informing the Data Subject of the extension and the reasons for the delay.
This privacy policy and the relationships falling under its effect are regulated by the GDPR.
The Company reserves the right to modify, update, or amend this Privacy Policy at any time, in its sole discretion, to reflect changes in legal requirements, business practices, or technological advancements.
Any changes to this Privacy Policy will be communicated to Data Subjects through appropriate means, such as by posting a notice on the website, sending an email notification, or other reasonable methods.
The Company shall provide reasonable advance notice of any material changes to this Privacy Policy, allowing Data Subjects sufficient time to review the updated terms.
The effective date of any changes to this Privacy Policy will be clearly stated in the updated version, and Data Subjects' continued use of the services or website after the effective date shall constitute acceptance of the updated Privacy Policy.
Data Subjects may request access to previous versions of this Privacy Policy for reference or comparison purposes by contacting the Company using the contact information provided this Privacy Policy.
The Company shall periodically review and update this Privacy Policy as necessary to ensure compliance with applicable laws and regulations.
You as a Data Subject are encouraged to review this Privacy Policy regularly for any updates or changes. Any questions or concerns regarding changes to this Privacy Policy should be directed to the Company using the contact information provided in this Privacy Policy.
We make these disclosures to those visiting our websites who reside in California which supersede and replace any conflicting disclosures found elsewhere on our websites as well as reflect your privacy rights granted by the California Consumer Privacy Act (CCPA).
Opt-out of disclosure for direct marketing purposes. The California laws allow its residents to learn the identities of entities that received their personal data for marketing purposes and the categories of information disclosed. You may request such information by contacting us by email at info@paycore.io.
Please be aware that this opt-out does not prohibit our disclosure of personal data for any purpose other than direct marketing. The data we process and share may include your name, address, email address, and telephone number.
Automatic gathering of information. We collect data that you provide to us online, and through websites of unaffiliated third parties.
Automatic gathering of information by third parties. When you visit our websites, third parties can collect personal data about your online activities over time and across different websites pertaining to your visit to or use of our and other websites.
California residents visiting our websites may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet. Such requests are typically made through web browser settings that control signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal data about an individual consumer's online activities over time and across third-party websites or online services. We currently do not have the ability to honour these requests. We may modify this Notice as our abilities change.
The CCPA has extended California residents’ data protection rights. However, we have already guaranteed all these rights and described them precisely in this Notice as well as a means of rights exercising. Please refer below to investigate.
Right to be informed. Please find a list of personal data we collect about you and your activity, sources and business purposes of personal data collection, and third parties we may share your personal data within Section 3 - 6 of the Notice.
Your Right of access, Data portability, and Right to delete are prescribed by Section 7 of the Notice.
You can exercise these rights any time by contacting us via email at info@paycore.io.
Notice, the CCPA envisages some specific requirements related to the exercising of these data protection rights. Considering them we may:
Also, please be aware that we are allowed to maintain personal data after deletion request is received as permitted by the CCPA (for instance, for the purposes of detection of security incidents, repair errors, comply with legal obligations, transaction completion).
We want to draw your special attention that Corefy does not sell, rent, or trade your personal data to anyone.
Non-discrimination right. We definitely will not discriminate (including, by denying Services, charging different prices for Services, providing different quality of Services) against you for exercising any of your CCPA data protection rights.