Privacy Policy

This privacy policy shall inform you about the personal data processed by using the NorPay Card.

“Personal Data” means any information relating to an identified or identifiable natural person. Below we inform you about the type, extent and purpose of the collection and use of personal data.

  1. Who is responsible for data processing and who can you contact?

The party responsible for data processing is:

NorPay, with its business address in the Lithuania. 

Data Protection Officer:
Raajessh Kashyap
Email: data@norpay.io
Website: https://norpay.io/ 

  1. Which data is being processed and what are the sources of these data?

We process personal data (Art. 4 Nr. 1 GDPR) which we receive in connection with the use of the NorPay Card.

The following data might be processed:
(i) identity data, 

(ii) contact data, 

(iii) communication data, 

(iv) financial data, 

(v) transactional data, 

(vi) profile data, 

(vii) technical data, 

(viii) marketing data. 

Please note that for the verification of your identity data might be processed which belong to the “special categories” of personal data (Art. 9 para 1 GDPR). These categories include racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data. Biometric data may be processed where necessary and with your consent which you may revoke at any time.

  1. For what purpose and on what legal basis is the data processed?

We process personal data in order to be able to provide our services, in order to receive and reply to your requests as well as for marketing and safety purposes. We process personal data in accordance with the following data protection related provisions:

  • Processing personal data with your consent (Art. 6 para. 1 (a) GDPR): We process data according to Art. 6 para 1 (a) GDPR in order to communicate with you and advertise for our services.
  • Processing personal data to fulfil contractual obligations (Art. 6 para. 1 (b) GDPR): If we enter into a contractual relation (including the initiation of contractual relation) the processing of personal data takes place for the provision of our services as provider of a software serving as a platform for user adoption and interactive support according to Art. 6 para. 1 (b) GDPR.
  • Processing personal data to fulfil legal requirements (Art. 6 para. 1 (c) GDPR): In the event that our company is subject to a legal obligation which requires the processing of personal data, such as for example the fulfilment of tax obligations, the processing of personal data is made pursuant to Art. 6 para. 1 lit. (c) GDPR.
  • Processing personal data according to Art. 6 para. 1 (d) GDPR: In exceptional cases the processing of personal data may be required in order to protect the vital interests of the data subject or another natural person. This could for example be the case where a visitor will be injured in our premises and in consequence his name, age, health insurance data or other vital information need to be transmitted to a doctor, hospital or other third party. In that event the processing will be made pursuant to Art. 6 para. 1 lit. (d) GDPR.
  • Processing personal data according to Art. 6 para. 1(f) GDPR: Finally, data processing activities can be conducted on the basis of Art. 6 para. 1 lit. (f) GDPR which covers data processing activities which are do not fall under any of the aforementioned legal provisions and which covers data processing which is necessary for the purposes of the legitimate interests pursued by us or a third party and provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

Legitimate interests of the controller that are being pursued by the controller or a third party.

If the processing of personal data is based on Article 6 para. 1I lit. f GDPR our legitimate interest is the conduct of our business and the related communication with you (recital 47 GDPR) as well as prevention of misuse.

  1. How do we collect data?

Personal Data may be freely provided by you or collected automatically when calling up our website. You can find the details in the following sections of this Privacy Policy.

  • Server Log Files: We collect and store information on the basis of Art. 6 para 1 lit. (f) GDPR about your visits to our website in so called log-files on our server. The log files contain data that your browser is automatically sending to us, such as shortened IP-address, browser type/ browser version, your operating system, referrer URL (or the website visited previously), date and time of the server request, amount of transmitted data, your internet service provider. These data will be collected and processed only for the purpose of measuring the statistics of our website performance. These data will not be connected with data from other data sources.
  • Cookies: This website uses cookies. A cookie is a text file that is placed on the device of the user (PC, tablet, smartphone etc.) and stores certain information referring to the device. If you visit our website from the respective device our server receives information from a cookie. Our server can use this information for different purposes. For example cookies can be used for tailoring advertising to the user or in order to provide statistics for the use of the website. In your browser settings you can allow or deactivate cookies. In the case of deactivating cookies, however, some functionality of our website might not work. The legal basis for using cookies on our website depends on the purpose of the cookies. If cookies are used for the purpose of tracking the legal basis is, if given, your consent according to Art. 6 para 1 lit. (a) GDPR. If cookies are necessary for the functionality of the website the legal basis is Art. 6 para 1 lit. (f) GDPR.
  • Contacting us: If you contact us, we store and process the data submitted by email in order to be able to reply to your request. Storing and processing your personal data in this context is based on Art. 6 para 1, lit (f) GDPR.
  • Applying for the NorPay Card and creating an account: If you apply for the NorPay Card, we need to process your identity data and verification data to fulfil our service. The legal basis is Art. 6 para (b) GDPR.
  • Making transactions: If you make transactions, all data in connection with the transaction and which are necessary to perform the transaction will be processed. The legal basis is Art. 6 para (b) GDPR. Please note that the transaction will be transparent on the blockchain.
  • Participating on the NorPay Platform: If you participate on the platform, your participation and your communication data will be published to other users and or visitors of the website. The legal basis is Art. 6 para (a) GDPR.
  1. How long do we store data?

We process and store personal data only for the period, which is required to meet the purpose of processing, or as long and to the extent as statutory laws require us to process and/or store such data.

If the purpose of processing does not apply anymore and the applicable statutory retention requirement expires, we will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.

  1. Information about the transfer of personal data to a third country

We use services as part of our service, i.e., US-based providers or providers from other states outside EU/EEA who also process personal data on our behalf (e.g. name, e-mail address and possibly others). We expressly point out that, with regard to the USA, no adequacy decision of the European Commission has been issued so far. Whenever we transfer your personal data out of the EU/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least that the country to which we transfer your personal data has been deemed to provide an adequate level of protection for personal data by the European Commission and/or a specific contract approved by the European Commission which gives safeguards to the processing of personal data, the so called Standard Contractual Clauses is used.

Data transfer to third parties:

Your data will – to the extent which is necessary to perform the service – transferred to the following third parties:

To issue the Norpay Card:

KYC & AML Technology Provider:

Onfido LTD, 14-18 Finsbury Square, 3rd Floor, London, England, EC2A 1AH

Fintech & Programming:

NORDEK Lab Technologies LLC, 909 Regal Tower, Business Bay, Dubai, United Arab Emirates

To transfer the money to the merchant:

VISA Inc., principal place of business: 900 Metro Centre Boulevard, Foster City, CA94494, USA

  1. What are your rights?

You may exercise certain rights regarding your information processed by us. In particular you have the right to do the following:

  1. You have the right to withdraw consent where you have previously given your consent to the processing of your information. 
  2. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 para.1 GDPR. 
  3. You have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing. 
  4. You have the right to verify the accuracy of your information and ask for it to be updated or corrected. You have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it. 
  5. You have the right, under certain circumstances, to obtain the erasure of your personal information from us. 
  6. You have the right to receive your information in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.
  7. If you are located in a European Union member state or within the European Economic Area, you have the right to lodge a complaint about our data collection and processing activities with the supervisory authority concerned.

We will comply with the aforementioned requests if and to the extent such compliance is required by the applicable statutory laws. Requests for access to and rectification or erasure of personal data or restriction of processing may be directed to the email or post address stated in our website’s imprint.

If you have any further questions about this Privacy Policy or the processing of your personal data, please contact our data protection officer: Email: data@norpay.io

1. Introduction

These Terms and Conditions (“Terms”) govern your use of the NorPay non-custodial crypto debit card (“Card”) and associated wallet services (“Services”). By using our Card and Services, you agree to be bound by these Terms. Please read them carefully before accessing or using the Services.

You are responsible for determining whether the use of the NorPay crypto debit card or any of the other NorPay services is legal in your jurisdiction and you shall not use the NorPay crypto debit card or any of the other NorPay services should such use be illegal in your jurisdiction. If you are uncertain, please seek independent legal advice.

2. Relationship with Partners

NorPay provides decentralized crypto debit card platform. The Card is issued and payment settlements are managed by our partner, Paytend Europe and AirWallex Singapore. NorPay never holds any user funds. By using the Card, you acknowledge that you are entering into a separate agreement with Paytend Europe or AirWallex, depending on the card issued, and you agree to comply with their terms and conditions.

3. User Eligibility and KYC

3.1. By entering into this Agreement, you acknowledge and confirm that you meet all the conditions set out hereinafter: 

Residents of the following countries are not eligible to apply for the Card (“Prohibited Countries”):

  • Afghanistan
  • Barbados
  • Ghana
  • Haiti
  • Iran
  • Iraq
  • Jamaica
  • Jordan
  • Malta
  • Mauritius
  • Morocco
  • Nicaragua
  • Pakistan
  • Romania
  • Syria
  • Trinidad and Tobago
  • Uganda
  • North Korea
  • United States of America

(i) you are at least eighteen (18) years of age (or the applicable age of majority and contractual capacity in each qualifying jurisdiction);

(ii) you have the full right, power, and authority to agree to these Terms; 

(iii) you are not resident or a Tax resident of, and do not otherwise have any relevant connection with, any Prohibited Countries;

 (iv) you are not a resident or Tax resident of, and do not otherwise have any relevant connection with, any jurisdiction in which entry into or performing your obligations under these Terms is unlawful or restricted in any way or requires licensing, registration or approval of any kind; 

(v) you are not impersonating any other person, operating under an alias or otherwise concealing your identity; 

(vi) you are not located in, under the control of, or a national, citizen or resident of any Prohibited Countries; 

(vii) you will not use the NorPay Card if any applicable laws in your country prohibit you from doing so in accordance with these Terms; 

(viii) you are compliant with all Applicable Law requirements to which you are subject, including without limitation, all tax laws and regulations, exchange control requirements and registration requirements.  

In the event that we subsequently ascertain that you have not met or do not meet any of these conditions anymore, we may suspend the provision of the NorPay Services to you and close your NorPay Account, and do not allow you to use the NorPay Services. 

In the event that we subsequently ascertain that you have not met or do not meet any of these conditions anymore, we may suspend the provision of the NorPay Services to you and close your NorPay Account, and do not allow you to use the NorPay Services. 

3.2. At any time, at our sole and absolute discretion, without liability to you, we can: (i) refuse your request for granting of a NorPay Crypto Debit Card; (ii) change the conditions for entering into the Agreement or use of the NorPay Crypto Debit Card; (iii) suspend the provision of the NorPay Crypto Debit Card or of all or part of the of the NorPay Services; or (iv) change, update, remove, cancel, suspend, disable or discontinue any features, component, content, incentive of the NorPay Crypto Debit Card. 

3.2. To use our Services, you must go through the Know Your Customer (KYC) process, which is managed by Onfido (https://onfido.com/). You must provide accurate and complete information during the KYC process, and agree to keep your information up-to-date. NorPay reserves the right to suspend or terminate your access to the Services if you fail to comply with the KYC requirements.

4. Use of Services

You agree to use the Services only for lawful purposes and in compliance with these Terms and any applicable laws, regulations, and policies. You acknowledge that NorPay may, at its sole discretion, suspend or terminate your access to the Services without prior notice if you violate these Terms or any applicable laws.

5. Limitation of Liability

NorPay, its affiliates, and partners shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising from your use of the Services, including but not limited to loss of profits, data, or business opportunities. You agree to indemnify and hold harmless NorPay, its affiliates, and partners from any claims, damages, or losses arising from your use of the Services.

6. Changes to Terms

NorPay may update these Terms from time to time. We will notify you of any changes by posting the updated Terms on our website. Your continued use of the Services after any changes to the Terms constitutes your acceptance of the revised Terms.

7. Risk Disclosure

The regulatory status of the Digital Assets is currently unsettled, varies among jurisdictions and is subject to significantly uncertainty. It is possible that in the future, certain laws, regulations, policies or rules relating to the Digital Assets or blockchain technology, may be implemented, which would directly or indirectly affect or restrict the NorPay Crypto Debit Card or any of the other NorPay Services. 

We may be forced to suspend or discontinue or to change aspects of the NorPay Crypto Debit Card or any of the other NorPay Services in any jurisdictions if demanded by the regulators or Applicable Law, without notice and for whatever reason. In such case the Digital Assets in your NorPay Account may be frozen for an indefinite period of time until the matter is definitively resolved. However, the funds in your wallet are in your control and we recommend transferring amounts which you are looking to spend added to the Norpay card via your wallet. 

NorPay shall not be liable for any delay, error, interruption or failure to perform any obligation under these Terms, where the delay or failure is directly or indirectly resulting from any cause beyond our control, including but not limited to: 

(i) acts of God, nature, court or government; 

(ii) failure or interruption in public or private telecommunication networks, communication channels or information systems; 

(iii) acts or omissions of acts of a party for whom we are not responsible; 

(iv) delay, failure or interruption in, or unavailability of, third-party services; 

(v) strikes, lockouts, labour disputes, wars, terrorist acts and riots. 

You understand and agree that you use the NorPay Account and the NorPay Crypto Debit Card at your own risk. This section is not exhaustive and does not disclose all the risks associated with the Digital Assets and the use of the NorPay Crypto Debit Card and any of the other NorPay Services. You should, therefore, carefully consider whether such use is suitable for you in light of your circumstances and financial resources.

8. Data Protection

By using any of the NorPay Services, you confirm that you have read and accepted our Privacy Notice and understand how we and/or NorPay collect, use, disclose and share amongst ourselves your Personal Data and disclose such Personal Data to our authorised service providers and relevant third parties. For full and comprehensive information about when and why we collect personal information about you, how we use it, the conditions under which we may disclose it and how we keep it secure, please refer to our Privacy Notice, which is accessible at norpay.io/privacy

9. Non-Financial Advice

We do not provide any type of investment or financial credit advice. We may provide information concerning types of currencies and digital payment tokens,  prices, and events that may have influenced prices, all of which should not be considered investment advice. If you require investment advice, you should contact a financial advisor. You are solely responsible for how you use our services and the financial results of your actions.

10. Severability

If any provision of these Terms shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, the invalidity or unenforceability of such provision shall not affect the other provisions of these Terms and all provisions not affected by such invalidity or unenforceability shall remain in full force and effect. Such provision will be changed and interpreted to accomplish the objectives of the provision to the greatest extent possible under any Applicable Laws.

11. Governing Law and Jurisdiction

These Terms and any disputes or claims arising from your use of the Services shall be governed by and construed in accordance with the laws of the Lithuania where NorPay is registered. You agree to submit to the exclusive jurisdiction of the courts in that jurisdiction to resolve any disputes or claims.

By using the NorPay non-custodial Crypto Debit Card and associated Services, you agree to be bound by these Terms and Conditions.