top of page

Privacy Policy

This Privacy Policy ("Policy") for InvokaPAY B.V., a limited liability company incorporated in the Netherlands, registered with the Dutch Chamber of Commerce under number 97789283, having its registered office at Hullenbergweg 278, 1101BV Amsterdam, Netherlands, (“InvokaPAY”, “we”, “our”, or “us”), describes the legal basis upon which we collect and process personal data of users of InvokaPAY’s website https://www.invokapay.com and related services (“Services”) in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and the Uitvoeringswet Algemene verordening gegevensbescherming (UAVG), the Dutch GDPR Implementation Act.
InvokaPAY acts as a verwerkingsverantwoordelijke (data controller) within the meaning of Article 4(7) GDPR. This means we determine the purposes and means of the processing of your personal data.
If you have any questions about this Policy or our processing activities, you may contact us by post at the address listed above.

Legal Bases for Processing (Article 6 GDPR and UAVG)

We process personal data only on one or more of the following legal bases:

  • Consent (Article 6(1)(a)) — for example, for sending marketing communications or use of non-essential cookies. You have the right to withdraw consent at any time.

  • Contractual necessity (Article 6(1)(b)) — to provide the Services as contractually agreed.

  • Legal obligation (Article 6(1)(c)) — where we are required by Dutch or EU law to retain or disclose certain data (e.g. under AML legislation).

  • Legitimate interests (Article 6(1)(f)) — such as fraud prevention, system security, and improvement of our services, provided these interests are not overridden by your fundamental rights.

Children’s Data

Under the UAVG Article 5(1), the age of digital consent in the Netherlands is 16 years. Our Services are not intended for individuals under this age. We do not knowingly collect data from children under 16 without verified parental consent.

Your Rights under the GDPR and UAVG

You have the following rights under the GDPR as implemented in the Netherlands:

  • The right to access your personal data (Article 15 GDPR);

  • The right to rectify inaccurate or incomplete data (Article 16);

  • The right to erasure (“right to be forgotten”) in certain circumstances (Article 17);

  • The right to restrict processing (Article 18);

  • The right to data portability (Article 20);

  • The right to object to processing based on legitimate interests (Article 21);

  • The right to withdraw consent at any time, where processing is based on consent (Article 7(3)).

To exercise these rights, you may contact us at the above contact details. We will respond to your request within one month, extendable by a further two months in complex cases (Article 12(3)).
You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) if you believe we are unlawfully processing your data. You can do so via: https://autoriteitpersoonsgegevens.nl

International Data Transfers

If we transfer personal data outside the European Economic Area (EEA), we ensure such transfers are made in accordance with Chapter V of the GDPR, including where necessary, implementing Standard Contractual Clauses (SCCs) approved by the European Commission.
Where we rely on SCCs or other appropriate safeguards under Article 46 GDPR, we ensure they are supplemented by additional technical and organisational measures where needed.

Retention Period

We retain your data only for as long as necessary for the purposes set out in this Policy, or as required to comply with applicable Dutch or EU law, including retention obligations under the Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft) (Anti-Money Laundering and Anti-Terrorist Financing Act).

Security Measures

We implement appropriate technical and organisational measures to safeguard your data as required under Article 32 GDPR, including but not limited to encryption, access control, and regular security assessments.
However, no transmission or storage system can be guaranteed to be 100% secure, and you are encouraged to notify us immediately of any suspected breach.

Cookies and Tracking Technologies

The use of cookies and tracking technologies is subject to your consent in accordance with the Telecommunicatiewet (Dutch Telecommunications Act) and the GDPR. Non-essential cookies are only used with your express consent.
You can manage your preferences at any time using your browser settings or the cookie banner provided on our website.

Changes to this Policy

We may amend this Policy from time to time. Changes will be published on our Website with a clear indication of the date of the latest revision. We encourage you to check this page regularly to stay informed about how we are protecting your data.

bottom of page