logo
bg

PRIVACY POLICY

Last Updated: 13.03.2026

1. GENERAL PROVISIONS

This Privacy Policy explains how Concrete Gate Limited ("we", "us", "the Company") collects and processes personal data. We operate as a technical payment gateway provider.

  • As a Data Controller: We determine the purposes of processing for data related to our Merchants (B2B contacts) and website visitors.
  • As a Data Processor: We process transaction data on behalf of our Merchants (who act as the Data Controllers) solely for the technical facilitation of payments.

2. CATEGORIES OF DATA SUBJECTS

We process the data of the following groups of individuals:

  • Merchants: Representatives, employees, or business owners utilizing our Gateway.
  • End-Users (Merchant Customers): Individuals making payments through our Merchants' platforms.

3. DATA WE COLLECT

3.1. Merchant Data (B2B)

  • Identification: Full name, job title, copy of ID (for KYB/AML purposes).
  • Contact Information: Business email, phone number, office address.
  • Corporate Data: Company registration documents, bank account details for billing purposes.

3.2. Transaction Data (End-User Data)

As a technical gateway, we process:

  • Payment Details: Cardholder name, masked card number (PAN), expiry date, and secure tokens.
  • Technical Data: IP address, device fingerprint, browser type, and location data (for fraud prevention purposes).
  • Transaction Information: Amount, currency, payment timestamp, and Order ID provided by the Merchant.
  • Important: We strictly adhere to PCI DSS standards and never store raw CVV/CVC codes.

4. DATA TRANSFER

We may transfer data to the following parties:

  • Acquiring Banks and Payment Schemes: (Visa, Mastercard, etc.) for transaction authorization.
  • Anti-fraud Services: For risk assessment and theft prevention.
  • Cloud Infrastructure: Secure Data Centers.

5. DATA SECURITY

  • PCI DSS Level 1 Certification: Annual external audits of our technical environment.
  • Encryption: Use of TLS 1.2+ protocols for all data in transit.
  • Tokenization: Replacing sensitive card data with unique identifiers (tokens).
  • Access Control: Strict monitoring of all internal access to our systems.

6. RETENTION PERIODS

  • Transaction Logs: Retained for 5 years in accordance with financial legislation and AML (Anti-Money Laundering) requirements.
  • Cookies/Analytics: Retained for 6 months.
  • Merchant Data: Retained for the duration of the contract.

7. YOUR RIGHTS

In accordance with international standards (GDPR) and local laws, you have the right to:

  • Access your personal data.
  • Rectify inaccurate information.
  • Erasure ("Right to be Forgotten"), except in cases where retention is mandatory by law.
  • Restrict processing or request data portability.

8. COOKIE FILES

Мы используем технические cookies для функционирования Личного кабинета и аналитические cookies (например, Google Analytics) для улучшения работы сайта. Вы можете управлять ими в настройках вашего браузера.

9. CONTACT INFORMATION

For any privacy-related questions or to contact our Data Protection Officer (DPO), please reach out to: 

Email: [email protected]
Address: Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Republic of the Marshall Islands MH 96960.

Contact Us

Let’s talk about your business needs. Please fill out the form and our team will reach out to you.

Do you have any License?