Who we are
CentaPay Limited ("CentaPay", "we", "us", or "our") is a company incorporated in the Astana International Financial Centre (AIFC), Kazakhstan, and authorised by the Astana Financial Services Authority (AFSA) as a Money Services Provider. Our registered office is in Astana, Kazakhstan, and we maintain an operational presence in London, United Kingdom.
B2B only. CentaPay provides cross-border payment infrastructure to international businesses and payment service providers. We do not provide services to retail consumers.
Scope of this policy
This Privacy Policy explains how we collect, use, store, and protect personal data in connection with:
- our website at centapay.com and any associated subdomains;
- our payment processing and settlement services; and
- our business relationships with clients, partners, and prospective clients.
This policy is issued in accordance with the AIFC Data Protection Regulations 2024 and, where applicable, Kazakhstan Law No. 94-V "On Personal Data and Its Protection".
Data we collect
3.1 Website visitors
When you visit our website, we may collect:
- technical data such as IP address, browser type, device type, and operating system;
- usage data such as pages viewed, time on site, and referring URL; and
- any information you submit voluntarily through our contact form.
3.2 Client and partner data
In the course of onboarding and servicing our clients, we collect personal data relating to directors, beneficial owners, authorised representatives, and key personnel. This includes:
- full name, date of birth, and nationality;
- government-issued identification documents;
- proof of address documentation;
- professional role and contact details; and
- information required to satisfy our regulatory obligations, including source of funds and source of wealth where applicable.
3.3 Transaction data
We process transaction data in connection with the payment services we provide. This may include payment instrument details, transaction amounts, merchant identifiers, and payment outcomes.
How we use personal data
- to provide, operate, and improve our payment services;
- to comply with our regulatory obligations, including customer due diligence and transaction monitoring;
- to onboard and manage client relationships;
- to communicate with prospective clients who contact us through our website;
- to maintain the security and integrity of our systems; and
- to comply with applicable law, regulation, or lawful request from a competent authority.
Legal basis for processing
Where processing is required to comply with AFSA rules, AIFC regulations, or applicable law.
Where processing is necessary to perform or enter into a contract with our client.
Where necessary for our legitimate business interests, such as fraud prevention, provided not overridden by the data subject's rights.
Where you have provided your consent, for example by submitting a contact form.
Data storage and transfers
CentaPay stores personal data in accordance with applicable data localisation requirements. Where Kazakhstan law requires personal data to be stored locally, we comply with those requirements.
Some personal data may be processed by third-party service providers located outside Kazakhstan. Where such transfers occur, we ensure appropriate safeguards are in place.
Data sharing
We may share personal data with:
- our acquiring bank partners, as required to process transactions;
- card schemes (Visa, Mastercard) in accordance with scheme rules;
- our technology and infrastructure providers;
- professional advisers, auditors, and legal counsel;
- regulatory and law enforcement authorities where required by law; and
- any other party where we are legally required to do so.
We do not sell personal data to third parties.
Data retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, and contractual requirements.
| Data type | Retention period |
|---|---|
| Client and compliance records | As required by applicable regulation |
| Transaction records | As required by applicable regulation |
| Website contact form submissions | 12 months, unless a business relationship is established |
Your rights
Depending on the applicable data protection framework, you may have the right to:
- request access to the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request deletion of your data, subject to our legal retention obligations;
- object to or request restriction of processing in certain circumstances; and
- withdraw consent where processing is based on consent.
To exercise any of these rights, please contact us at privacy@centapay.com.
Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include encryption, access controls, and regular security assessments.
Changes to this policy
We may update this policy from time to time. Where changes are material, we will update the "Last updated" date at the top of this page.
Contact
Questions about this policy or our data practices?
CentaPay Limited · AIFC, Astana, Kazakhstan
privacy@centapay.com →