Control Portal Privacy Policy – Littlepay
Control Portal Privacy Policy
Last updated: November 02, 2023


The Control Portal is operated by Littlepay Limited and its affiliates (“Littlepay”, “we” or “us”). 

Littlepay is committed to protecting the data we have access to in the course of providing our services. Please take the time to review this Control Portal Privacy Policy, which explains what personal data we collect, how we use it, and your rights. Littlepay is the controller of the data collected via or in connection with the Control Portal in the European Economic Area and the United Kingdom. For residents of California, the United States, Littlepay Inc. controls the data described in the California Privacy Notice below.

It is important that you read this Control Portal Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

What data do we collect and process?

When you use the Control Portal, we may collect, use, store and transfer the following personal data:

Personal data collected from Control Portal users. We will ask you to provide us with personal data such as your email address in order to provide you with access to the Control Portal. 

Device Identifiers and Usage Data. We collect certain standard information that is automatically sent by your browser to the Control Portal. This includes technical information about your device, such as your IP address, browser type, device identifiers, operating system, language, time zone setting, access times and any referring website addresses, as well as usage information, such as what pages you visit, time spent on each page, and URLs.

Other data you provide to us. We may collect any other data you choose to provide to us when you interact with us, such as when you send us an email or request technical support. This may include your name, contact details, and any other information you provide when communicating with us.


Please see our Control Portal Cookie Policy for information about how we use cookies in the Control Portal.

What do we use this data for?

We use your data to:

  • Fulfil our contractual obligations to our Merchant.
  • Comply with our legal and regulatory requirements and obligations.
  • Market, advertise and promote our services.
  • Contact and communicate with you in connection with the provision of our services or where you have got in touch with us.
  • Conduct analytics and carry out market research.
  • Perform other business-related purposes, including negotiating, concluding and performing contracts, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory and internal investigations.

Legal basis for processing your data

Our legal basis for processing your data under applicable data protection laws are: 

  • Your consent: In certain circumstances (e.g., for direct marketing, advertising and promotional purposes), we may request your consent to process your personal data. In such cases, consent will be collected in accordance with applicable legal requirements. Where we rely on consent as a legal basis to process your personal data you have a right to withdraw consent at any time by contacting us.
  • Contract: the processing is necessary in order for us to fulfil our contract with the Merchant to provide payment processing services. Where we need to collect your personal data in order to fulfil our contract with you and you fail to provide the data where requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the payment processing services to which you have subscribed or are seeking to subscribe.
  • Legal obligation: the processing is necessary for our legal compliance.
  • Legitimate interests: Where processing is necessary for Littlepay’s legitimate interests (to the extent your rights and interests do not override our legitimate interests), which may include one or more of the following:
    • running our business;
    • developing our products and services and growing our business;
    • improving the Control Portal and/or our website and keeping it up to date and relevant;
    • provision of internal administration and IT services;
    • keeping our records up to date; and
    • securing our network and systems.

Who do we share your data with?

We share your data in the following circumstances:

  • People within our organisation who have a ‘need to know’ that data for business or legal reasons, for example in order to carry out an administrative function.
  • With any entity within the Littlepay group of companies worldwide, as we operate internationally.     
  • With service providers performing services on our behalf, and our professional and legal advisors, as necessary for the running of our business.
  • With third parties who provide us with fraud prevention and detection and security services.
  • With law enforcement or other governmental authorities, e.g. to report a fraud or in response to a lawful request or to comply with a lawful obligation.
  • With third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.
  • Otherwise where we have your consent or are otherwise legally permitted to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Storage and Retention

If you are a resident of the European Economic Area (“EEA”) or United Kingdom (“UK”), when we transfer data outside the EEA/UK (as applicable) we will, as required by applicable law, ensure that your privacy rights are adequately protected by: (i)  only transferring your personal data to countries that have been deemed to provide an adequate level or protection for personal data, or (ii) appropriate safeguards, such as the EU’s standard contractual clauses (or such other data transferring clauses or safeguards that may be approved by the relevant data protection supervisory authority from time to time). Please contact us at if you would like more information about these safeguards.

We will keep your data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.

Your rights and choices

Legal Rights

Depending on your jurisdiction of residence, you may, under certain circumstances have certain rights in respect of your data, including:

  • the right to access your personal data; 
  • the right to request the correction of your personal data;
  • the right to request the erasure of your data;
  • the right to request the restriction of your personal data;
  • the right to withdraw consent to the processing of your personal data; and
  • the right to request the transfer of your personal data.

You may also, in certain circumstances, have the right to object to your data being used for certain purposes, including to send you marketing. See ‘Marketing’ below, for more details of how to opt-out of marketing.

We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request. To make any requests regarding your data, or if you have any questions or concerns regarding your data, you should contact us using the details below.

If you are a resident of the EEA or the UK and have a complaint regarding our processing of data, you are entitled to contact your supervisory authority for data protection. However, where possible, we would appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so we ask that you please contact us in the first instance.

If you are a resident of California in the United States, please see our California privacy notice below.


Depending on your relationship with us, we may send you marketing from time to time.  Where you are a customer or partner, we may send such marketing communications on the basis of our legitimate interests. If you have no pre-existing relationship with us, we will seek your consent to send you marketing communications. 

If you would no longer like to hear from us, please use the details provided in the marketing communication to unsubscribe or contact us at with the subject line “Unsubscribe.”

Contact Us

If you have any queries on any aspect of our Control Portal Privacy Policy, please contact our legal department by email at or by post to one of our offices.

VeraSafe has been appointed as Littlepay’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to Littlepay, only on matters related to the processing of personal data. 

To make such an enquiry, please contact VeraSafe using this contact form: or via telephone at: +420 228 881 031. Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd. Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23AT2P, Ireland.

Changes to this Privacy Policy

We reserve the right to update this Control Portal Privacy Policy at any time, and we will place any updates here. At the start of this privacy notice, we will tell you when it was last updated. We encourage you to check this page regularly for any changes. By continuing to use the Control Panel, you are confirming that you have read and understood the latest version of this Control Panel Privacy Policy.

Third-Party Links

The Control Portal may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Control Portal, we encourage you to read the privacy policy of every website you visit.

California Privacy Notice

This section provides additional details about the personal information (as that term is defined in the California Consumer Privacy Act (CCPA)) we collect about California consumers, as well as requests California consumers can make regarding their personal information.

Please note that this section applies only to information that Littlepay controls as a “business.” Where Littlepay processes your information on behalf of a Merchant as a “service provider,” you must contact the Merchant to learn more about your rights with respect to your personal information.

How We Collect, Use, and Disclose your Personal Information. The “What data do we collect?” section above describes the categories of personal information we may collect. We collect this information for the purposes described in the “What do we use this data for?” section, and we share this information as described in the “Who do we share this personal data with?” section.

Requests About Your Personal Information. California consumers can make the following requests with respect to their personal information:

  • A list of the categories of personal information we have collected about you, as well as the sources of that information, the purposes for which we collected it, and the categories of third parties with whom we share it;
  • The specific pieces of information we have collected about you;
  • Deletion of the personal information we have collected from you (subject to exceptions under applicable law).

Please note that we will need to request information to verify your identity before responding to your request.

Sale of Information. Littlepay does not “sell” (as such term is defined in the CCPA) information about consumers within the meaning of the CCPA.

Shine the Light. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.