We working 01.00 AM - 05.00 PM, GMT-0 Now

Privacy policy

Privacy Policy of swap.menu

swap.menu (hereinafter swap.menu.) always monitors legal updates and complies with all the laws governing the activities of financial institutions, anti-money laundering laws and laws against financing of terrorism, as well as European laws and directives related to data privacy. In accordance with the enactment of the General Data Protection Directive (GDPR), swap.menu has undertaken appropriate measures as described herein.

From the day of launch, swap.menu. adheres to a set of core privacy principles. These principles apply to all persons and organizations whose personal data we hold. We focus, in particular, on the following core principles:

  • Principles and practices of swap.menu. should be transparent. Our Clients should understand what personal data swap.menu. collect, for what purposes personal data are collected, how personal data are stored and what our privacy principles mean. 

  • swap.menu. guarantees safety and control of Clients’ personal information and grants our Clients the choice to decide about their personal data. 

  • Main principle of swap.menu. is to protect and keep personal and financial data secure. swap.menu. ensures that appropriate security standards are maintained and Clients’ personal data are protected. 

  • Being a licensed electronic money issuer of small scale, swap.menu. collects personal data to issue electronic money. Personal data are primarily used to prevent frauds and suspicious transactions and to respect local and international laws on preventing money laundering and financing of terrorism.

The purpose of this Privacy Policy is to give clients of swap.menu. information on how swap.menu. collects and processes any personal data when our Clients use the website or register in the payment system swap.menu.. This includes all spheres of interaction with our clients, including our website, business relations and issuing of electronic money.

Under Directive 95/46/EC (General Data Protection Regulation), swap.menu. is a data controller and therefore is responsible for the use of personal data in a secure manner in compliance with the applicable law and in accordance to the agreement between swap.menu. and its Clients.

Please read this Privacy Policy and the additional information related to the services offered by swap.menu.. In case of any questions, please contact us at the e-mail address indicated below.

Definition of personal data. Which data swap.menu. collects about its Clients

Personal data is any information of personal nature which identifies an individual. Personal data do not include data where an individual cannot be identified from the data (anonymised). swap.menu. collects, uses, processes, stores, or transfers personal data such as:

  • Identity Data. These data include full name(s), date of birth, government-issued identity number, date of birth, number and series of any identity documents. swap.menu. uses these data particularly for identifying its Clients, in order

    to provide them with electronic money issuing and to prevent money laundering (ML)

    or financing of terrorism (FT). 

  • Contact Data. These are data used to contact Clients, such as telephone number, address, email, and billing details. These data are also used for two-step identification of the Client to prevent any risks related to ML or FT.

  • Financial Data. These data include bank account number, payment card details and other related financial data. They are also used for the control and identification

    of the Client to prevent any risks related to ML or FT.

  • Payments Details. While onboarding Clients owning a business (which means

    a business using one or more of our services) or a Customer, this includes information relating to a payment when using our products or services.

  • Technical and Access Data. These are data such as Internet usage information, Internet Protocol address (“IP Address”), login data, unique user ID, version

    of software installed, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement,

    the content and pages that the Client accesses on the Website or Platform, and

    the dates and times that the Client visits the Website or Platform, paths taken, and time spent on sites and pages on the Website or Platform.

  • Marketing and Communications Data. These data include both the record

    of the Client’s decision to subscribe for or unsubscribe from marketing materials from swap.menu. or its third parties.

The detailed scope of personal data required for using particular service rendered by swap.menu. can be found in the terms and conditions of swap.menu. service that are available on the website swap.menu

swap.menu. does not collect, store or process any special categories of personal data about its Clients (race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, genetic and biometric data).

To the extent that website of swap.menu. includes links to third-party websites, plug-ins and applications (including cookies and widgets by third-party advertisers), by submitting the Privacy Policy, the Client should understand that by clicking on such links or enabling such connections the Client may allow third parties to collect or share his personal data. swap.menu. has no control over third-party websites and has no impact on their privacy policy.

How personal data are collected in swap.menu

Being a Electronic money issuer of small scale and having obligations regarding the prevention of ML and FT, swap.menu. collects data, including personal data, so as to be able to provide its services and products to the Clients. swap.menu. only collects personal data necessary to operate the Payment System and provide its services related to electronic money:

  • swap.menu. is legally required to authenticate and validate payments to mitigate and protect against identity theft or fraud, money laundering and financing

    of terrorism. To do this, some of the Client’s personal and non-personal data may

    be collected by swap.menu. directly or delivered to swap.menu.

    by Merchants or Customers, and swap.menu. will use these personal data

    to enter into the fraud systems available for such validation and will remain there

    for future reference and cross-reference of information required to validate the payments. 

  • To verify the Client’s identity and compare the Client’s information to verify accuracy. 

  • To save the Client’s data, if the Client exerts his right of refusal of purchases made

    or that the same are the subject of dispute or chargeback, in order to share the information on the transaction and, if required, the Client’s personal information with financial institutions for resolving disputes.

Being obliged by the law and by the terms and conditions (contracts) with the Clients, swap.menu. will not be able to register, authorize and approve the Client’s registration in the payment system until we have received the data we requested.

swap.menu. collects information in different ways on its websites, namely when the Client provides his personal data directly to swap.menu.. This includes:

  • Submitting the Client’s details to website of swap.menu. so that swap.menu. employees can contact the Client about services and products; 

  • Applying for swap.menu. products or services directly on the webpages

    or via e-mail or through swap.menu. appointed suppliers (such as marketplaces); 

  • Entering a competition, promotion or survey;

  • Requesting marketing materials for further use;

  • Sending support requests to swap.menu. support desk. 

swap.menu. collects data using various technologies when the Client accesses and browses swap.menu. websites. These are Usage and Technical Data. swap.menu. has its Cookies Privacy Policy, which is a part of swap.menu. General Privacy Policy.

Moreover, swap.menu. obtains personal data through third parties or if publicly available, namely as follows:

  • Merchants and operators of marketplaces who provide swap.menu. with personal data for the purposes of rendering services related to electronic money that the Client has chosen on a website operated by the Merchants or marketplaces;

  • Profile Data from social platforms and networks when the Client gives swap.menu. the permission to do so and only if applicable;

  • Technical Data for the purposes of fraud and risk prevention; 

  • Identity Data and Contact Data from publicly available sources in compliance with the applicable laws.

How personal data are used by responsible employees of swap.menu

The main and primary purpose for which swap.menu. uses personal data is to provide services related to electronic money, including ensuring proper quality of the service the Client has ordered from swap.menu. (depending on the type of Client). In addition to this, swap.menu. uses Clients’ personal data in the following cases:

  • Where it is necessary for swap.menu. legitimate interests or the legitimate interests of a third party and where such interests override the Client’s interests; 

  • Where swap.menu. uses personal data to comply with its legal obligations – for example, for preventing of ML and FT and also other legal requirements resulting from the services related to Payment services act and other laws applicable to electronic money issuers of small scale; 

  • Personal data are used with the Client’s active and informed consent. The Client

    is entitled to withdraw his consent, if it is not required to comply with legal obligations;

  • To enable swap.menu. to effectively communicate with its Clients, namely

    to send emails to inform Clients about payment products or services, update applicable security and fraud monitoring alerts, or notices, if there is any breach of services

    or other important notices related to services and products of swap.menu.

  • To improve products or services, swap.menu. may use automatic tools, including profiling, automated analysis of Clients’ personal data for the following purposes:

  • To conduct the KYC procedure required by the applicable law, which includes thorough risk assessment procedures in order to authenticate and authorize the Client;

  • To authenticate and validate payments to mitigate and protect against identity theft;

  • Or fraud as required by the applicable law.

swap.menu. collects and uses personal data to provide its services related to electronic money:

  • to conclude and execute the contract between swap.menu. and its Clients,

    to guarantee services related to electronic money and open a payment account in swap.menu. payment system;

  • to process the electronic money transaction that the Client has ordered using swap.menu. services and to notify the Client of the status of this payment. The types of personal data and the legal basis depend on the specific payment methods available in swap.menu. payment system;

  • to conduct KYC and risk assessment procedures in order to authenticate and authorise the Client and his access to swap.menu. services. The type of Data required is Identity Data, Contact Data and Financial Data. This is necessary in order

    for swap.menu. to assess the Client‘s application to receive services and products from swap.menu. under the contract and necessary for legal obligations of swap.menu.;

  • to protect swap.menu. payment system and business processes and to ensure compliance with the law and the regulations for financial institutions. The types

    of personal data may include Identity Data and Transactional Data;

  • to manage relationships of swap.menu. with the Client. This includes notifying the Client of changes in the Contract, Terms of Service or this Privacy Policy,

    or to ask the Client to provide information on how swap.menu. can improve

    or develop new services or products;

  • to provide the Client with service assistance and problem solutions or to contact

    the Client, or to send the Client a notification related specifically to the services swap.menu. offers, such as failures and system updates;

  • to inform the Client of the status and history of transactions that is required from swap.menu. as a electronic money issuer of small scale under the Payment services act;

  • to issue and store invoices and accounting documents;

  • to use the Client’s personal data in transactional or monitoring reports as a part

    of swap.menu. performance of the contract;

  • to use the Client’s personal information for internal purposes, such as audits, reporting, data analysis or data mining, research for improving products or developing new ones, services and communications;

  • to use data analytics to improve websites, products or services, marketing

    and experiences. This can be Technical and Access Data which will be used

    for the analysis of swap.menu. and the development or improvement of products and/or services, or for the provision of promotions or benefits, which can improve Clients’ interaction and use of swap.menu. and/or future development.

Disclosure and sharing of Clients’ personal data with other institutions 

While operating with personal data of the Clients, swap.menu. shares such data with:

  • Internal Third Parties – responsible employees of swap.menu. staff and specific third parties, such as groups of companies providing marketing support, IT support and development, finance and compliance support, and ML/FT services.

  • External Third Parties:

  • Merchants, in accordance with Service Agreements and terms and conditions;

  • Service providers under contracts who assist swap.menu. with its business operations, i.e. providers of IT infrastructure, payment risk analysis software, marketing services, compliance officials;

  • Authorized third-party financial institutions and banking partners that swap.menu. partners with to jointly create and offer products and services. Depending on the type of payment, swap.menu. will share the data with the financial institutions that validate and process each means of payment, for an appropriate approval, validation, and settlement. This means that the Client’s personal data may be collected for these purposes by financial issuing institutions for the means of payment, acquiring financial institutions, payment schemes, franchises such

    as Visa, MasterCard, loan institutions, etc.

In any case of law enforcement, court order, National Bank inquiry, Financial Arbitrator inquiry or any other similar legal procedure, swap.menu. shall take all reasonable organizational and technical measures to ensure that every third party involved in the processing of the Client’s personal data uses protection standards in accordance with the applicable laws and in accordance with the principles set out in this Privacy Policy.


Providing numerous payment solutions and services, swap.menu. sends marketing notifications and messages. swap.menu. sends marketing notifications and messages only if the Client has subscribed for services or products from swap.menu.. The Client will also receive marketing communications from swap.menu., if he has entered into a promotional competition, promotional offer or survey, where swap.menu. requests its Clients to provide Contact Details in order to enter or partake in the survey. In each case, swap.menu. keeps a register of marketing communications data used by swap.menu., and each Client is entitled at any time to unsubscribe from receiving such marketing notifications by clicking on the unsubscribe link provided in such swap.menu. marketing communications. swap.menu. may also use Marketing and Communications Data in order to improve and customize the content of ads and promotions that may be of interest to the Client.

International data transfers

swap.menu. does not share personal data of its Clients with third parties, excluding parties which are parts of swap.menu. legal obligations and third parties under contractual relations when transferring of personal data is made to provide services related to electronic money. The transfer is necessary to perform and comply with the provision of our Services or to meet other operational needs of the business or in development of some of the purposes set forth in this Privacy Policy. Whenever swap.menu. transfers personal data to third parties, the Client can be assured that there is a similar level of protection of his data as by swap.menu..

Data retention

swap.menu. may store Clients’ personal data for as long as required for the fulfilment of the purposes swap.menu. collected them for. The retention of data by swap.menu. is determined by considering compliance with legal (contractual or statutory requirements), accounting and compliance reporting requirements. swap.menu. also takes into consideration the temporary limits established in the commercial or data privacy laws in the different countries in which swap.menu. provides its services.

Clients’ rights related to personal data

Any Client can claim his rights specified in the applicable law. swap.menu. guarantees the following rights related to personal data protection:

  • The right of access to the

Client’s personal data

Every individual in contractual relationships with swap.menu. has the right to ask for information about 

his personal data being processed by swap.menu.. 

  • The right to correct or change the Client’s personal data. Any inaccurate personal data should be corrected by amendments sent from the Client.

  • The right to erase the Client’s personal data. On demand of the Client, swap.menu. will erase personal data of the Client, excluding those data, which are

    to be stored under legal obligations.

  • The right to restrict the processing of the Client’s personal data. On the Client’s demand, swap.menu. can mark certain personal data as restricted for processing in certain circumstances.

  • The right to data portability. On the Client’s demand, swap.menu. can transmit the Client’s personal data provided to swap.menu. to another data controller.

  • The right to automated individual decision-making, including profiling.

  • The right to object to direct marketing.

Security and storage of personal data

swap.menu. takes legal, technical and organizational measures that it considers necessary in order to maintain the security of Clients’ personal data, with due observance of the applicable obligations and exceptions under the legislation in force. swap.menu. follows the payments industry’s standards regarding the protection of personal data, including, among other measures, standard options of transparent encryption (Transparent Data Encryption) of databases. All data related to personal data of the Clients are encrypted by AES 256 algorithm with a cryptoperiod of 1 year. The encryption key is encrypted by the standard X.509, with a key length of 2048 bits and a 1 year-long cryptoperiod. A private key is divided between only a few employees of swap.menu. under the Shamir scheme, so that none of the employees has separate access to the data independently from other employees. The access to the informational infrastructure is safe under the PCI DSS standard.

swap.menu. reviews its policy regarding the collection, storage and processing 

of Clients’ personal data, including physical security measures, to prevent adulteration, loss, query, use or fraudulent or unauthorized access to Clients’ personal information.

swap.menu. has installed process procedures to deal with any suspected personal data breach and will notify its Clients and any applicable regulator of a breach where swap.menu. is legally required to do so.


swap.menu. does not voluntarily or actively collect, use or disclose personal data of minors, according to the minimum age equivalent in the relevant jurisdiction, without the prior consent of the parents or guardians of the minor. The services of swap.menu. are not intended or designed to attract minors.

If in some reason a swap.menu. employee understands or finds out that swap.menu. has collected personal information of a minor according to the jurisdiction, without first receiving any verifiable parental consent, swap.menu. will take steps to delete the information as soon as possible.

The right to raise a complaint

Every Client has the right to raise a complaint about swap.menu. processing and storing of personal data with the data protection regulator in the Client’s jurisdiction.

Every Client has the right to withdraw the consent to processing of personal data that 

the Client has given to swap.menu. and prevent further processing, if there is no other legitimate ground upon which swap.menu. can process the Client’s personal data.

If any complaint or claim regarding personal data or the need of their withdrawal appears, please contact us at the email address indicated below. To raise a complaint, withdraw the consent or make any other changes to personal data, please fill in the application below and send it to the email address [email protected]

Cookies and other access techniques policy

swap.menu. uses cookies, web beacons and other access techniques (hereinafter “cookies”) on its website, mobile application and within payment system. By “cookies” are meant all IT data, text files stored on users’ terminals with the purpose of using websites. Through such files, swap.menu. recognizes the user’s terminal and displays the website in a relevant way, adapted to the user’s preferences. “Cookies” usually contain the name of the website they come from (redirect), time of being stored on the terminal and a unique number. “Cookies” are used for the purpose of adapting the contents of websites to the user’s preferences and optimizing the use of websites. They are also used to prepare anonymous, aggregate statistics which help swap.menu. understand how the user benefits from websites, which allows for improvement of their structure and contents, excluding the user’s personal identification.

swap.menu. uses two types of “cookies” – “session” and “fixed”. The “session” files are temporary files which remain on a user’s terminal until logging out from a website or closing an application (web browser). The “fixed” files remain on the user’s terminal for the time defined in cookie parameters or until they are deleted manually by the user. Personal data collected with the use of “cookies” may be collected only to perform certain functions for the user. Such data are encrypted in a way to make it impossible for unauthorised persons to access them. In general, an application used to browse through websites allows saving “cookies”  on the terminal by default. These settings may be changed so that automatic management of “cookies” is blocked in web browser settings or the user is informed each time “cookies” are sent to his terminal. Detailed information on the possibility and ways of dealing with “cookies” is available in application (web browser) settings. The limitations of using “cookies” may affect some features available on the website. “Cookies” used by partners of the website operator, including, without limitation, website users, are subject to their own privacy policies.

This website uses cookies to improve your experience.