Legal

Privacy Policy

This Privacy Policy describes your privacy rights in terms of gathering, use, storing, sharing, and protecting your personal data, as well as the scope of processed Personal Data, the purposes, sources, recipients and other important aspects of data processing by registering, accessing, or using B4B Payments products, services, solutions, features, and technologies.

If you do not agree, you should stop accessing our website www.b4bpayments.com or our services immediately and refrain from further access and use. We respect the privacy of every individual who visits our website.

Last updated: 10 July 2025

B4B Payments Companies Group

This Privacy Policy applies to the following entities (hereinafter - the Company or we):

  • UAB B4B Payments Europe - company code 305539054, registered address at Didzioji g. 18 LT-01128, Vilnius, Lithuania.
  • Payment Card Solutions Limited - company number 05941947, registered address at 4th Floor, 12-18 Grosvenor Gardens, Belgravia, London, SW1W 0DH, United Kingdom.
  • Payment Card Solutions Group Limited - company number 10149512, registered address at 4th Floor, 12-18 Grosvenor Gardens, Belgravia, London, SW1W 0DH, United Kingdom.
  • B4B Payments (USA) Inc. - company number 7529211, mailing address 40 Washington Street, Suite 150, Wellesley, MA 02481.

General Provisions

We use and process your personal data in accordance with this Privacy Policy and in compliance with the applicable legal acts such as:

  • General Data Protection Regulation (2016/679) (hereinafter - GDPR);
  • UK General Data Protection Regulation (UK GDPR) as retained by the Data Protection Act 2018 (applicable to UK operations);
  • Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania;
  • Law on Legal Protection of Personal Data of the Republic of Lithuania;
  • Gramm-Leach-Bliley Act (hereinafter - GLBA);
  • Other applicable legal acts.

When writing "you", we refer to you as a potential, existing, former client of the Company, our client's employee or other related party such as beneficial owner, authorised representatives, business partners, other associated parties or a user of our website.

Principles of Personal Data Processing

We process your personal data with the following principles:

  • Legality, fairness and transparency - Personal Data is processed in a lawful, honest and transparent way.
  • Purpose limitation - Personal Data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way that is incompatible with those purposes.
  • Data reduction - Personal Data must be adequate, appropriate and only necessary for the purposes for which it is processed.
  • Accuracy - Personal Data must be accurate and, if necessary, updated. All reasonable steps must be taken to ensure that Personal Data which is not accurate is immediately erased or corrected.
  • Limitation of storage length - Personal Data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which the Personal Data is processed.
  • Integrity and confidentiality - Personal Data shall be managed by applying appropriate technical or organisational measures to ensure proper security, including protection from unauthorised or unlawful processing and against accidental loss, destruction or damage.

Information We Collect About You

If you are a potential client, or register with us as a client, we will ask you for information about yourself. The categories of personal data that we may collect about you are as follows:

Type of informationPersonal data
Basic Personal DataName, surname, job title etc.
Identification information and other background verification data(Your or your representative's, ultimate beneficiary owners of legal entities) name, surname, personal identity code, date of birth, social security number (SSN), address, nationality, gender, passport or ID card copy, evidence of beneficial ownership or the source of funds, number of shares held, voting rights or share capital part, title, visually scanned or photographed image of your face or image that you provide through a mobile application or camera, video and audio recordings for identification, telephone conversations to comply with client due diligence / know your client / anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures.
Financial dataTransactional data (e.g. beneficiary details, date, time, amount and currency which was used, name/IP address of sender and receiver), accounts, amount of transactions, income, location, etc.
Information related to legal requirementsData resulting from enquiries made by the authorities, data that enables us to perform anti-money laundering requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that is required to be processed by us in order to comply with the legal obligation to know your client.
Contact dataRegistered/actual place of residence, phone number, email address etc.
Special category dataBiometrical data, i.e. physical or behavioural characteristics resulting from specific technical processing used during remote identification which confirms the unique identification of a person, e.g. facial images.
Any other Personal Data related to youAny other Personal Data related to you that you may provide.

We do not process special category data related to your health, ethnicity, or religious or political beliefs unless required by law or in specific circumstances where, for example, you reveal such data while using services (e.g. in payment details).

Purposes and Legal Basis for Personal Data Processing

Your personal data is processed in accordance with the purposes and legal basis indicated in the table below. The legal basis definitions are as follows:

  • Legitimate Interest - The interest of ours as a business in conducting and managing our services to enable us to provide to you and offer the most secure experience.
  • Contract performance - Processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Legal Obligation - Processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
  • Consent - Any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify your agreement to the processing of personal data relating to you.
PurposeLegal basisCategories of Personal Data
Conclusion of the contract or for performance of measures at your request prior to the conclusion of the contract (to get to know, identify and verify our clients)Contract performance
  • Basic Personal Data
  • Identification and other background verification data
  • Contact Data
  • Other Personal Data needed (in order to identify the possibility of providing services)
For the fulfilment of a contract concluded with you, including but not limited to provision of services of issuance, distribution and redemption of electronic money and provision of payment servicesContract performance
  • Basic Personal Data
  • Identification and other background verification data
  • Financial data
  • Information related to legal requirements
  • Contact Data
  • Other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services
Verification of your identity, prevention of money laundering and fraud, control and reporting obligations (e.g. Know Your Customer requirements, preventing, detecting and investigating money laundering, terrorist financing and fraud, sanctions screening, risk management obligations, reporting to tax authorities, police authorities, enforcement authorities and supervisory authorities, bookkeeping regulations, other obligations related to service or product specific legislations)Complying with legal obligations applicable to us
  • Basic Personal Data
  • Identification and other background verification data
  • Financial data
  • Information related to legal requirements
  • Contact Data
  • Other Personal Data provided to us by or on behalf of you or generated by us in the course of providing our services
For remote identification of your personal identity (matching the photo image or video records of your face that you provide through a mobile app or camera with your ID document)Complying with legal obligations applicable to us
  • Special category data, i.e. biometrical data
To prevent, limit and investigate any misuse or unlawful use or disturbance of the services or to establish, exercise and defend legal claimsLegitimate interests
  • Basic Personal Data
  • Identification and other background verification data
  • Financial data
  • Information related to legal requirements
  • Contact Data
  • Other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services
To ensure adequate provision of the services, the safety of information within the services, as well as to improve, develop and maintain applications, technical systems and IT infrastructure or our legitimate business interests, such as enabling us to improve and deliver a better and more personalised serviceLegitimate interests
  • Basic Personal Data
  • Contact Data
  • Other Personal Data provided to us by or on behalf of you or generated by us in the course of providing services
To provide an answer when you contact us through our website or other communication measuresContract performance
  • Basic Personal Data
  • Contact Data
  • Other Personal Data provided to us by you
Direct marketingYour consent
  • Basic Personal Data
  • Contact Data
  • Other Personal Data provided to us by you

How Do We Obtain Your Personal Data?

We collect information you provide directly to us - for example, when becoming a new client, when you access and use our website or mobile application, when you set up an account with us, or when you subscribe to our electronic publications such as newsletters.

Personal Data that we may collect from third parties:

  • When it is provided to us by a third party connected to you and/or dealing with us, for example, business partners, subcontractors, service providers, merchants etc.
  • Third party sources, for example, registers held by governmental agencies or where we collect information to assist with know your client check-ups as part of our client acceptance procedures.
  • From publicly available sources - to help us keep your contact details accurate and up to date, for professional networking purposes, or for providing our services, investigating fraud, money laundering and other.
  • From other entities which we collaborate with.

Our Client Onboarding Tools

iDenfy

In order to make your identity verification, we use the "iDenfy" solution provided by our partner Identifikaciniai projektai, UAB. The solution matches the photo image or video records of your face that you provide through a mobile app or camera with your ID document. For more information on iDenfy please read its privacy policy: www.idenfy.com/privacy-policy

iDenfy is used for comparing live photographic data or video record of yourself and your ID card/passport, to comply with legal obligations (e.g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania and other fraud and crime prevention purposes) and risk management obligations.

The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws. Your provided data is not created, recorded and stored in a way that allows regeneration of raw data from retained information. We ensure that the checks disclosed above are a one-time user authorisation process.

Equifax

We also use the identification solution "Equifax" provided by Equifax Limited before providing our services in the UK. Equifax compares your information entered with other data sources from the UK and internationally and a decision on the authenticity of the identity is provided to you in real-time. For more information on Equifax please read its privacy policy: www.equifax.co.uk/privacy-hub

If you do not feel comfortable with these identification methods, you may contact us by email data@b4bpayments.com for alternative ways to identify yourself.

Your Rights Regarding Your Personal Data

As a data subject you have the following rights in respect of Personal Data that we hold on you:

Right to access your Personal Data

You have the right to know about processing of your Personal Data as well as to have access to your Personal Data and processing. Your right to access may, however, be restricted by legislation, protection of other persons' privacy and consideration for the Company's business concept and business practices.

Right to have your Personal Data erased

At any time you can make a request for us to erase or delete all or some of your personal data, however, in certain cases we may not be able to erase all of your Personal Data, due to the fact that we need to store your Personal Data due to a contractual relationship or law.

Right to demand rectification of incorrect or incomplete Personal Data

In cases where you find out that your Personal Data is incorrect, you always have the right to request a rectification. You may do it by yourself by logging in to your account and changing the profile settings. If your Personal Data was transferred to third-party data processors, they will be notified of any editing or deletion.

Right to request restriction of processing

You shall always be able to demand that our processing of your Personal Data be restricted for a period of time, for example when you believe that Personal Data about you is inaccurate and we need to verify it, or when you object to processing based on a legitimate interest.

Right to obtain a copy of your Personal Data

You may always request a copy of your Personal Data, except in cases where the provision of such data may affect and harm the rights and freedoms of others.

Right to data portability

Transfer your Personal Data to another data controller or receive it directly in a convenient format. Applicable to Personal Data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of a contract.

Right to object to processing based on legitimate interests

You may always object to the processing of your Personal Data when the processing is based on a legitimate interest.

Right to withdraw your consent

You are always able to withdraw your consent to process your Personal Data when the Personal Data is being processed based on your consent. Such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right not to be subjected to a decision based solely on automated processing

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to lodge a complaint

In cases when you believe that the processing of your Personal Data is not in compliance with GDPR or other applicable legal acts, you may submit a complaint to us or to the relevant supervisory authority.

How to exercise your rights

For complaints regarding B4B Payments services, you can contact us via email: complaints@b4bpayments.com or by ordinary mail sent to our registered address at 4th Floor, 12-18 Grosvenor Gardens, Belgravia, London, SW1W 0DH, United Kingdom. Please clearly disclose your name, surname, contact details and the relevant information.

Your requests shall be fulfilled or refusal communicated within 30 (thirty) calendar days from the date of submission, meeting our internal rules and GDPR. This timeframe may be extended for a further 30 (thirty) calendar days by giving prior notice if the request is related to a great scope of Personal Data.

For complaints regarding UAB B4B Payments Europe services: you may address the State Data Protection Inspectorate (Lithuania) - vdai.lrv.lt

For complaints regarding B4B Payments UK services: you may address the Information Commissioner's Office (ICO) - ico.org.uk/make-a-complaint

Data Retention Period

We will retain your data for a statutory period, following the principle of limitation of the length of the storage. We may use your data for as long as reasonably necessary for the limited purpose of providing our services to you. The terms of retention are as follows:

  • We retain your personal data as long as your consent remains in force, if there are no other legal requirements which must be fulfilled concerning personal data processing.
  • In case of the conclusion and execution of contracts - we retain your personal data for the duration of the contract concluded between you and us, and up to 10 (ten) years after the contractual relationship between you and us has ended.
  • The data of our registers shall be stored for at least 8 (eight) years from the day of termination of transactions or other business relationship with you. The storage period may be extended additionally upon a reasoned instruction of a competent institution, but the extension cannot last longer than 2 (two) years.
  • Documents confirming monetary operation or transaction or other documents having legal force related to the performance of the monetary operations or conclusion of the transactions shall be stored for 8 (eight) years from the day of the performance of the monetary operation or conclusion of the transaction. The storage period may be extended additionally upon a reasoned instruction of a competent institution, but the extension cannot last longer than 2 (two) years.
  • Copies of the documents proving your identity, invoices and/or contractual documentation shall be stored for 8 (eight) years from the day of termination of the transactions or business relationship with you. The storage period may be extended additionally upon a reasoned instruction of a competent institution, but the extension cannot last longer than 2 (two) years.
  • Written or electronic correspondence relating to the business relationship with you shall be stored for 5 (five) years from the day of the termination of the transactions or business relationship with you. The storage period may be extended additionally upon a reasoned instruction of a competent institution, but the extension cannot last longer than 2 (two) years.
  • Results of investigations of complex or unusually large transactions and unusual transaction structures are stored for 5 (five) years in paper format or on an electronic medium. The storage period may be extended additionally upon a reasoned instruction of a competent institution, but the extension cannot last longer than 2 (two) years.
  • Your personal data submitted through our website is kept for a period necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 (six) months after the last day of the communication, unless there are legal requirements to keep it longer.

In the cases when the terms of data keeping are indicated in the legislative regulations, the legislative regulations are applied.

Your Personal Data might be stored longer if: it is necessary in order for us to defend ourselves against claims, demands or action and exercise our rights; there is a reasonable suspicion of an unlawful act that is being investigated; your Personal Data is necessary for the proper resolution of a dispute or complaint; or under other statutory grounds.

Job applicant data is retained for the period of 6-12 months once the recruitment exercise ends based on a legitimate interest to back up our decision making related to possible complaints. If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for a longer period agreed on individually.

Automated Decision-Making

In some cases, we may use automated decision-making which refers to a decision taken solely on the basis of automated processing of your Personal Data.

Automated decision-making refers to the processing using, for example, a software code or an algorithm, which does not require human intervention.

We may use forms of automated decision making on processing your Personal Data for some services and products. You can request a manual review of the accuracy of an automated decision in case you are not satisfied with it.

Who Data Will Be Shared With

We may transfer your Personal Data in accordance with the principles of confidentiality to the following categories of recipients:

  • Between the companies belonging to the B4B Payments companies group.
  • Our business partners, agents or intermediaries who are a necessary part of the provision of our products and services, as well as card organisations (such as Visa or Mastercard) - in connection with our payment services.
  • Governmental bodies and/or supervisory authorities (in accordance with the requirements and obligations under the provisions of legal acts concerning anti-money laundering, fraud prevention, counter terrorist financing), credit, financial, payment and/or other electronic money institutions.
  • Pre-trial investigation institutions, the State Tax Inspectorate, ICO and other.
  • Lawyers, bailiffs, auditors etc.
  • Service providers who make your identity verification by using their IT solutions.
  • Companies providing services for money laundering, politically exposed persons and terrorist financing check-up and other fraud and crime prevention purposes and/or companies providing similar services.
  • External service providers (that provide such services as, for example, system development and/or improvement, audit services).
  • Beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction.
  • Other entities that have a legitimate interest or where the Personal Data may be shared with them under the contract concluded between you and us.
  • Other entities under an agreement with us.

Disclosures to government or regulatory bodies may include transaction data, profiling data, onboarding, identification and screening data, user interaction logs. Disclosure to a government entity or a regulatory authority shall include existing and former customers, whose data we still retain.

When disclosing to third parties which support our financial services, we use scheme rules or apply need-to-know principles. B4B Payments does not disclose personal data to non-affiliated third parties except as explained in this section.

International Transfer of Personal Data

For the purpose of providing our services we may engage third-party service providers outside the European Economic Area (EEA). The transfer of Personal Data outside the EEA may be considered as needed in order to conclude the contract between you and us and/or to fulfil the obligations under such contract; in cases indicated in laws and regulations for protection of our lawful interests; or in order to fulfil legal requirements or to realise public interest.

In all other cases where your Personal Data is transferred outside the EEA, we will take all steps to ensure that your data is treated securely and in accordance with this Privacy Policy. We will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the Personal Data. This can be done in a number of different ways, for example:

  • The country to which we send the Personal Data is approved by the European Commission as having an adequate level of protection.
  • The recipient has signed standard data protection clauses which are approved by the European Commission.
  • Special permission has been obtained from a supervisory authority.

We may transfer Personal Data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR.

If You Subscribe to Our Mailing List

From time to time we may offer to distribute news and other marketing content to individuals who have asked us to do so. We will do this via mailing lists.

You always have the chance to withdraw your consent, even before receiving your first email. Where you do not object to the use of your email for marketing, you are provided with a clear, free of charge and easily realisable unsubscribe link in all emails from our mailing lists, so that you can remove your contact information at any time.

We will only contact you via your email address in the way which you have given your consent and will only send you emails on topics as described during the mailing list signup.

We will not share our mailing list subscribers with any other third party, other than as required for us to send emails to the mailing list. We will only store email addresses in our mailing list.

If you do not agree to receive marketing emails, this will not have any impact on the provision of services to you as the client.

Cookies

We use cookies and other similar technologies to ensure the stable operations of our website, in order to adapt its content to your needs, to improve the features of our website and to manage advertising campaigns based on the interests of our website audience. For more information regarding cookies, please read our Cookies Policy.

Security

The Company will take reasonable precautions to prevent the loss, misuse, accidental or unlawful destruction, modification, disclosure, unauthorised access, alteration or any other unlawful handling of information you give us. Agents or contractors of ours who have access to information which you give us in the course of providing services to B4B Payments are required to keep that information confidential and are not permitted to use it for any purpose other than to carry out the services which they are performing for B4B Payments.

The Company and any third-party service providers that may engage in the processing of Personal Data on our behalf are also contractually obligated to respect the confidentiality of the Personal Data.

B4B Payments will maintain all applicable PCI DSS requirements to the extent proportional to the cardholder data processed or transmitted on behalf of you, or to the extent that B4B Payments could impact the security of your cardholder data environment.

Changes to This Privacy Policy

We regularly review this Privacy Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes and clarifications will take effect immediately upon their publication on our website. Please review this Privacy Policy from time to time to stay updated on any changes.

Privacy Notice for Job Applicants

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as prospective employees of our Company, of the types of data we process about you when you apply for a job.

We follow these principles to ensure that: data processing is fair, lawful and transparent; data is collected for specific, explicit and legitimate purposes; data collected is adequate, relevant and limited to what is necessary; data is kept accurate and up to date; data is not kept for longer than is necessary; data is processed in a manner that ensures appropriate security including protection against unauthorised or unlawful processing and accidental loss; and we comply with the relevant GDPR procedures for international transferring of personal data.

We keep the following types of data on prospective employees:

  • Personal details such as name, address, phone numbers.
  • Information of any disability or other medical information relevant to the role.
  • Right to work documentation.
  • Information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter.
  • References from former employers (not applicable to Lithuanian office).
  • Criminal background information (not applicable to Lithuanian office).
  • Social background information for some staff (not applicable to Lithuanian office).
  • Passport or photo ID copy.
  • Proof of address (not applicable to Lithuanian office).

You provide several pieces of data to us directly during the recruitment exercise. In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies. Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.

This data is collected on the following lawful basis: (1) legal obligations under Lithuanian and UK law, (2) your consent and (3) legitimate interests of B4B Payments such as making decisions on employment, salary, benefits and other motivation, determining your suitability for the position, skill level and assessing your training needs, preventing fraud, dealing with legal claims against B4B Payments.

Some of this data is a special category of data, which is collected for the purposes of equal opportunities monitoring, meeting your specific needs for the work environment, and your eligibility for certain positions following PCI DSS requirements (criminal conviction data based on our legitimate interests).

EU and UK job applicant data is not shared outside the EU and UK. US job applicant data is not shared outside the US, EU and UK.

Contact Us

You may contact us by writing to us at data@b4bpayments.com or by mail to our relevant registered office address.

Our Data Protection Officer

Our Data Protection Officer (DPO) continuously monitors our privacy compliance and communicates with us on data protection matters relevant to the provision of our services. You may contact our DPO regarding all issues relating to our company's processing of your personal data and the exercise of your data protection rights by sending an email to: data@b4bpayments.com