Back to Home

Privacy Policy

Last updated: 23/12/25

PfandPay Ltd (“PfandPay”, “we”, “us”, “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the PfandPay app and related services.

PfandPay is registered in the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

PfandPay Ltd is the data controller responsible for your personal data. If you have any questions about this policy or how we use your data, you can contact us at:

Email: privacy@pfandpay.com

Website: www.pfandpay.com

Company: PfandPay Ltd

Postal address:
PfandPay Ltd.
7-75 Shelton St,
Covent Garden,
London, WC2H 9JQ
United Kingdom

2. What Data We Collect

We only collect personal data that is necessary to provide our services and protect the platform.

Children's Data

PfandPay’s services are not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

Information you provide:

  • Email address
  • Mobile phone number
  • Account identifiers (user ID)

Automatically collected information:

  • Device and app metadata (e.g. device type, operating system)
  • Log and usage data
  • Website cookies and analytics data (if you visit www.pfandpay.com): IP address, device type, browser information, pages viewed, and cookie identifiers. We may use essential cookies required for the website to function and, where enabled, privacy-friendly analytics to understand website performance.
  • Transaction references and timestamps

Payments data:

Payments and refunds may be processed by third-party payment providers (such as Stripe). PfandPay does not store full payment card details. Payment providers handle sensitive payment information in accordance with their own security standards and privacy policies.

3. How We Use Your Data

We use your personal data to:

  • Create and manage your PfandPay account
  • Process and display deposit refunds
  • Enable withdrawals via our payment provider
  • Prevent fraud, misuse, and abuse of the service
  • Comply with legal and regulatory obligations
  • Provide customer support
  • Improve the reliability and security of the app

4. Our Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – to provide the PfandPay service, including refunds and withdrawals
  • Legitimate interests – to protect the platform, prevent fraud, and ensure security
  • Legal obligation – to retain transaction and financial records where required

We do not rely on consent for core app functionality. Consent is only used for optional communications such as marketing.

5. Payments & Financial Information

Payments and refunds are processed through third‑party payment providers (currently Stripe).

  • These providers process payment and payout data on our behalf (as a data processor) to enable deposits, refunds, and withdrawals where available.
  • PfandPay does not store full payment card details. Where funds or balances are involved, they are handled through our payment providers and related financial infrastructure according to the applicable product configuration and legal requirements.
  • PfandPay operates the platform experience and instructions, while payment providers execute payment processing. If you have questions about how a particular payment flow works, contact us using the details above.

Stripe processes personal data in accordance with its own privacy policy.

6. Fraud Prevention & Security

To protect users and the integrity of the service, we process limited data for fraud and security purposes, including:

  • Monitoring transaction patterns
  • Applying limits and checks
  • Investigating suspicious activity

These measures are proportionate, minimised, and designed to protect both users and the wider recycling scheme.

7. How We Protect Your Data

We apply appropriate technical and organisational security measures, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Secure cloud infrastructure
  • Audit logs and monitoring

Access to personal data is limited to authorised personnel only.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary:

  • Account data: while your account is active
  • Transaction records: up to 6–7 years (legal and audit purposes)
  • Logs and security data: up to 24 months
  • Marketing data: until you opt out

9. Sharing Your Data

We may share personal data with:

  • Payment providers (e.g. Stripe)
  • Technology and hosting providers
  • Legal or regulatory authorities where required by law

We do not sell your personal data.

10. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Object to certain processing
  • Request data portability

You can exercise your rights by contacting us using the details above.

11. International Transfers

Where personal data is processed outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted in the app or on our website.

13. Complaints

If you have concerns about how we handle your data, you may contact us directly.
You also have the right to complain to the Information Commissioner’s Office (ICO).