Legal centre
The terms that govern your use of ePayClub, how we handle your data, and how we use cookies. ePayClub is a trading name of NT ECOMTECH LTD, Limassol, Cyprus.
Last updated: October 2025
Privacy Policy
1. Introduction and Scope
This Privacy Policy explains how NT ECOMTECH LTD, a private limited company incorporated in the Republic of Cyprus under Registration Number HE 472022 and operating under the trade name “ePayClub” (the “Company”, “we”, “our”, “us”), collects and processes Personal Data when you access the ePayClub website and use our services (the “Services”).
This Policy is issued in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and Cyprus Law 125(I)/2018, and should be read together with our Terms of Use and Cookies Policy.
2. Data Controller and Contact
For the purposes of GDPR, NT ECOMTECH LTD is the Data Controller responsible for the processing of Personal Data described in this Policy. Registered office: Agiou Athanasiou 20, Flat/Office No. 1 & 2, Agios Athanasios, 4107, Limassol, Cyprus. Registration No.: HE 472022. Contact for privacy matters: hello@epayclub.com | +357 25 325122.
3. Definitions
“Applicable Law” means GDPR, Cyprus Law 125(I)/2018, the Cyprus Prevention and Suppression of Money Laundering and Terrorist Financing Law 188(I)/2007 (as amended), and other EU/Cyprus laws governing the processing of Personal Data. “Personal Data” has the meaning given in Article 4(1) GDPR; “Processing” has the meaning given in Article 4(2) GDPR.
4. Personal Data We Collect
- Identity and contact data you provide, including full name, date of birth, nationality, residential or business address, email address, telephone number, and account credentials.
- KYC/AML due‑diligence data, including identification documents, proof of address, business registration certificates, director/beneficial ownership information, and sanctions and politically exposed persons (PEP) screening results.
- Technical and usage data collected when you use the Site, including IP addresses, device identifiers, browser characteristics, log files, approximate location, referring URLs and pages viewed.
- Information from third parties, such as licensed payment institutions, banks, fraud‑prevention agencies, identity verification providers, credit reference agencies and public registers.
- Cookies and similar technologies as described in our Cookies Policy.
5. Purposes and Lawful Bases of Processing
- To verify identity, conduct onboarding/KYC checks and ongoing AML/CTF monitoring — legal obligation (Art. 6(1)(c) GDPR).
- To prevent, detect and investigate fraud, abuse and security incidents, and ensure network and information security — legitimate interests (Art. 6(1)(f)).
- To communicate with you about your account, service updates and security notifications — contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).
- To comply with requests or orders from competent authorities and regulators, including the Central Bank of Cyprus and MOKAS — legal obligation (Art. 6(1)(c)).
- To improve and develop the Site and Services, including analytics and performance evaluation — legitimate interests (Art. 6(1)(f)).
- To send marketing communications, where you have provided consent — consent (Art. 6(1)(a)); you may withdraw consent at any time.
6. Processing Methods and Security
We process Personal Data using electronic and, where appropriate, paper means, applying organisational and technical safeguards designed to ensure a level of security appropriate to risk, in accordance with Article 32 GDPR. Measures include access controls, encryption in transit and at rest where appropriate, segregation of duties, logging and monitoring, secure development practices, vendor due diligence and staff training. Access to Personal Data is strictly limited to authorised personnel and service providers on a need‑to‑know basis under confidentiality obligations.
7. Sharing and Disclosures
Personal Data may be shared with licensed payment institutions, banks and financial partners to execute transactions and fulfil compliance‑related requirements. We engage carefully selected service providers (processors) for hosting, analytics, compliance screening and customer support under written data processing agreements. We may disclose Personal Data to competent authorities, courts or law‑enforcement bodies where required by Applicable Law. We do not sell Personal Data.
8. Place of Processing and International Transfers
Personal Data is processed primarily in Cyprus and within the European Economic Area (EEA) and, where necessary, in other jurisdictions in which our service providers operate. Where Personal Data is transferred outside the EEA, we implement appropriate safeguards under Chapter V GDPR, including European Commission Standard Contractual Clauses and, where applicable, additional technical and organisational measures.
9. Retention
We retain Personal Data only for as long as necessary to fulfil the purposes set out in this Policy or to comply with legal, regulatory, tax or accounting requirements. Records required for AML/CTF compliance (including KYC and transaction data) are retained for at least five (5) years following the end of the business relationship, or such longer period as may be required by law.
10. Your Rights
You have the rights of access, rectification, erasure, restriction of processing, data portability, and objection, as set out in Articles 15–21 GDPR. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You may exercise your rights by contacting us using the details in Section 2; we may need to verify your identity before responding.
11. Automated Decision-Making and Profiling
We do not carry out solely automated decision‑making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR. Fraud‑prevention tools and risk scoring may be used to help protect users and the Services, subject to appropriate safeguards and human oversight.
12. Children
The Services are not directed to persons under eighteen (18) years of age. We do not knowingly collect Personal Data from minors. If we become aware that such data has been collected, we will take steps to delete it.
13. Third-Party Sites and Services
The Site may contain links to third‑party websites or integrate third‑party services. Those third parties operate under their own privacy policies and terms. We are not responsible for their practices.
14. Complaints and Supervisory Authority
You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus) at dataprotection.gov.cy regarding our processing of your Personal Data. We encourage you to contact us first so we can address your concerns promptly.
15. Changes to this Policy
We may amend this Privacy Policy to reflect changes in law or our processing activities. We will post the updated version on the Site and revise the “Last updated” date accordingly.
16. Contact Us
NT ECOMTECH LTD (trading as “ePayClub”)
Email: hello@epayclub.com · Phone: +357 25 325122
Last updated: October 2025
Terms of Use
These Terms of Use (“Terms”) form a legally binding agreement between you (“User”) and NT ECOMTECH LTD, a private limited company incorporated in Cyprus under Registration Number HE 472022, with its registered office at Agiou Athanasiou 20, Flat/Office No. 1 & 2, Agios Athanasios, 4107, Limassol, Cyprus (“Company”, “we”, “our”, “us”). The Company operates and provides the online platform and services under the trade name “ePayClub”.
1. Definitions
“Services” refers to the payment processing, invoicing, settlement, account, and related services made available through the ePayClub platform. “User” refers to any individual or legal entity who accesses or uses the Services, including merchants and customers. “Content” refers to all information, data, text, software, and other materials made available through the Site. “Applicable Law” refers to the laws of the Republic of Cyprus and, without limitation, European Union law including Directive (EU) 2015/2366 (PSD2), the GDPR, the Cyprus Data Protection Law 125(I)/2018, and all applicable anti-money laundering legislation (AMLD5/6).
2. Scope of Agreement
These Terms apply to all Users of the Site and Services, including visitors, registered account holders, merchants, and counterparties. Use of the Services is strictly subject to compliance with Applicable Law, including PSD2 and any implementing measures in force in Cyprus, the GDPR and Cyprus Data Protection Law 125(I)/2018, and the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (as amended). Nothing in these Terms grants the User any licence or status to operate as a licensed financial institution, electronic money institution, or payment service provider under PSD2 unless expressly granted by the competent regulatory authority.
3. Eligibility
Access is permitted only to natural persons at least eighteen (18) years of age with legal capacity to enter binding contracts. Legal entities may use the Services provided they are duly incorporated, validly existing and in good standing. By using the Services, the User represents and warrants that they meet the eligibility requirements, are not subject to any prohibition preventing them from receiving the Services, and are not located in, or a national or resident of, any jurisdiction subject to sanctions imposed by the EU, the UN, or the Republic of Cyprus. The Company may refuse, suspend or terminate access where a User does not meet these requirements.
4. Account Registration and Verification
Users may be required to open an account and must provide information that is accurate, complete and current. In accordance with AML/CTF legislation, the Company may require KYC documentation — including proof of identity, proof of address, business registration certificates, details of directors and officers, and ultimate beneficial ownership — and may request additional documentation at any time. False, misleading or incomplete information may result in suspension or termination, and the Company may withhold or delay Services until all required information has been verified.
5. Provision of Services
The Company provides the Services in compliance with PSD2 and other Applicable Law, directly or through duly licensed third-party payment service providers. Transactions may be subject to Strong Customer Authentication (SCA) and other security requirements. The Company does not guarantee that the Services will be uninterrupted or error-free and may suspend or restrict access for maintenance, security, regulatory compliance or other legitimate business reasons.
6. Fees and Charges
All fees are communicated to Users separately in contracts, schedules or invoices. Users are responsible for all applicable taxes under Cyprus and EU law and authorise the Company or its designated payment processors to collect fees in accordance with the agreed terms.
7. User Responsibilities
Users must use the Services in compliance with Applicable Law and these Terms, safeguard their login credentials, and immediately notify the Company of any unauthorised use or security breach. Users shall not misuse the Services for unlawful purposes, including money laundering, terrorist financing or fraud, and are solely responsible for actions taken through their account.
8. Prohibited Transactions
The Services may not be used for transactions that are unlawful or contrary to Applicable Law, including money laundering, terrorist financing, fraud, illegal gambling, or the sale of prohibited substances, weapons or pornographic material. The Company may restrict, block or reverse any transaction it reasonably believes to be suspicious, fraudulent or unlawful, and may report such activity to the relevant authorities.
9. Data Protection
The Company processes personal data in compliance with the GDPR and Cyprus Data Protection Law 125(I)/2018. Users have the rights of access, rectification, erasure, restriction and portability, as described in the Privacy Policy. Personal data may be transferred outside the EEA subject to appropriate safeguards.
10. Intellectual Property
All intellectual property rights in the Site, the Services and the Content remain the exclusive property of NT ECOMTECH LTD or its licensors. Users are granted a limited, non-exclusive, revocable licence to use the Services for lawful purposes and shall not reproduce, distribute or exploit any part without prior written consent.
11. Third-Party Services
The Services may rely on third-party services including payment processors, software providers and analytics tools. The Company is not responsible for their operation, content or policies; such use is subject to those providers’ separate terms.
12. Disclaimers
The Services are provided on an “as is” and “as available” basis. To the fullest extent permitted by law, the Company disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, title and non-infringement, and makes no warranty that the Services will be uninterrupted, secure or error-free.
13. Limitation of Liability
To the maximum extent permitted by law, the Company shall not be liable for any indirect, incidental, special, consequential or punitive damages, including loss of profits, data, goodwill or business opportunities. The Company’s aggregate liability shall not exceed the total fees paid by the User in the six (6) months preceding the event giving rise to the claim.
14. Indemnification
The User agrees to indemnify and hold harmless NT ECOMTECH LTD, its directors, officers, employees, affiliates and agents from any claims, damages, losses, liabilities, costs and expenses (including reasonable legal fees) arising from the User’s use of the Services, any violation of these Terms, or infringement of third-party rights.
15. Suspension and Termination
The Company may suspend or terminate access at any time, with or without notice, where a User breaches these Terms, engages in unlawful activity or fails to comply with Applicable Law. Termination is without prejudice to accrued rights, and the Company shall not be liable for losses arising from suspension or termination.
16. Force Majeure
The Company shall not be liable for any delay or failure resulting from events beyond its reasonable control, including acts of God, natural disasters, governmental actions, war, terrorism, labour disputes, or failures of telecommunications or internet services, and may suspend performance for the duration of such event without liability.
17. Amendments
The Company may amend these Terms at any time by publishing the revised version on the Site. Amendments take effect upon publication unless otherwise specified, and continued use after the effective date constitutes acceptance.
18. Assignment and Waiver
Users may not assign or transfer their rights or obligations without the Company’s prior written consent; any attempted assignment in violation is null and void. Failure to enforce any provision does not constitute a waiver.
19. Governing Law and Jurisdiction
These Terms, and any non-contractual obligations arising from them, are governed by the laws of the Republic of Cyprus. The User irrevocably agrees that the courts of Limassol, Cyprus, shall have exclusive jurisdiction over any dispute, subject to the Company’s right to bring proceedings in any other jurisdiction necessary to protect its rights or enforce a judgment.
20. Complaints Procedure
To make a complaint about the Services, contact our Complaints Department at complaints@epayclub.com. We will acknowledge your complaint within 3 business days and respond within 15 business days. If you are not satisfied with our resolution, you may escalate to the Financial Ombudsman of the Republic of Cyprus (financialombudsman.gov.cy, +357 22 848 900) or use the EU Online Dispute Resolution platform at ec.europa.eu/consumers/odr.
