Privacy policy

1. Introduction

This Privacy Policy explains how VertiumScale collects, uses, stores, and protects personal data in connection with its website, platform, and services.

VertiumScale operates exclusively in a business-to-business (B2B) context. Personal data processed by VertiumScale primarily relates to business representatives, authorized users, and individuals acting on behalf of a Merchant.

VertiumScale processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable data protection laws.

2. Roles Under the GDPR

Depending on the context, VertiumScale acts as:

● Data Controller for:

○ website visitors

○ prospects and business contacts

○ direct contractual relationships

● Data Processor when processing personal data on behalf of Merchants as part of operational, technical, or support services.

Where VertiumScale acts as a Data Processor, such processing is governed by a separate Data Processing Agreement (DPA).

3. Personal Data We Process

VertiumScale may process the following categories of personal data:

3.1 Business & Identification Data

● Name

● Job title

● Company name

● Business address

● Email address

● Telephone number

3.2 Compliance & Verification Data (KYC/KYB)

● Identity and verification documents

● Ownership and control information

● Corporate documentation

● Compliance records

3.3 Technical & Usage Data

● IP address

● Device and browser information

● Log files

● Platform usage data

3.4 Communication Data

● Emails

● Support requests

● Communication records

VertiumScale does not intentionally process special categories of personal data as defined under Article 9 GDPR.

4. Purposes of Processing

Personal data is processed for the following purposes:

● Providing and operating the Platform and services

● Merchant onboarding and account administration

● Compliance, verification, and fraud prevention

● Facilitating introductions to payment processors

● Operational delivery (support, disputes, logistics coordination)

● Communication with Merchants and partners

● Legal, regulatory, and contractual compliance

● Security, monitoring, and system integrity

5. Legal Bases for Processing

VertiumScale processes personal data based on one or more of the following legal grounds:

● Performance of a contract

● Compliance with legal obligations

● Legitimate interests, including fraud prevention, security, and business operations

● Consent, where required

Where processing is based on consent, such consent may be withdrawn at any time.

6. Data Sharing

VertiumScale may share personal data with:

● Payment processors and financial service providers

● Cloud hosting and infrastructure providers

● Compliance, verification, and fraud-prevention partners

● Logistics, fulfillment, and operational partners

● Professional advisors (legal, accounting, audit)

● Authorities where required by law

Personal data is shared only where necessary and subject to appropriate contractual and security safeguards.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), VertiumScale ensures that appropriate safeguards are in place, such as:

● Adequacy decisions

● Standard Contractual Clauses (SCCs)

● Other lawful transfer mechanisms permitted under the GDPR

8. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, including:

● Duration of the contractual relationship

● Legal and regulatory retention requirements

● Fraud prevention and dispute resolution

● Audit and compliance purposes

Retention periods may vary depending on the data category and applicable obligations.

9. Data Security

VertiumScale implements appropriate technical and organizational measures to protect personal data, including:

● Access controls and authentication mechanisms

● Encryption where appropriate

● Network and infrastructure security measures

● Monitoring and logging

● Confidentiality obligations for personnel

While no system is completely secure, VertiumScale takes reasonable steps to mitigate risks.

10. Data Subject Rights

Where VertiumScale acts as Data Controller, data subjects have the right to:

● Access personal data

● Rectify inaccurate or incomplete data

● Request erasure where legally permissible

● Restrict processing

● Object to processing

● Data portability where applicable

● Lodge a complaint with a supervisory authority

Where VertiumScale acts as Data Processor, requests should be directed to the relevant Merchant.

11. Cookies

VertiumScale uses cookies and similar technologies.
Further details are available in the Cookie Policy published on the website.

12. Third-Party Websites

The Platform may contain links to third-party websites. VertiumScale is not responsible for the privacy practices or content of such third-party websites.

13. Changes to This Privacy Policy

VertiumScale may update this Privacy Policy from time to time.
The most recent version will always be available on the website. Continued use of the Platform constitutes acceptance of the updated policy.

14. Contact

For questions, requests, or concerns regarding this Privacy Policy or the processing of personal data:

Email: support@vertiumscale.com

‍