← Back to Legal

GDPR Compliance

Last updated: February 15, 2026

1. Our Commitment

PG Ecom is committed to complying with the General Data Protection Regulation (GDPR) and ensuring that all personal data is processed lawfully, fairly, and transparently. This page outlines how we meet our obligations under the GDPR when processing the personal data of individuals in the European Economic Area (EEA).

2. Lawful Basis for Processing

We process personal data under the following legal bases:

  • β€’Contract Performance: Processing necessary to provide our card issuing and payment services as agreed in our service terms.
  • β€’Legal Obligation: Processing required for compliance with financial regulations, AML/KYC requirements, and tax obligations.
  • β€’Legitimate Interest: Processing for fraud prevention, service improvement, and security purposes where our interests do not override your rights.
  • β€’Consent: Processing for marketing communications and non-essential cookies, which you may withdraw at any time.

3. Your Rights Under GDPR

As an EEA data subject, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data, subject to legal retention requirements.

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

Right to Object

Object to processing based on legitimate interest or for direct marketing purposes.

4. Data Protection Measures

We implement appropriate technical and organizational measures to protect personal data, including: encryption of data in transit and at rest, role-based access controls, regular security assessments, data minimization practices, and privacy-by-design principles in our product development.

5. International Data Transfers

When we transfer personal data outside the EEA, we ensure adequate protection through: EU Standard Contractual Clauses (SCCs), adequacy decisions by the European Commission, or other approved transfer mechanisms. We conduct transfer impact assessments where required.

6. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where feasible, and affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

7. Data Protection Officer

PG Ecom has designated a Data Protection Officer (DPO) to oversee GDPR compliance. You can contact our DPO at dpo@pgecom.com.

8. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your personal data has been processed in violation of the GDPR. We encourage you to contact us first so we can address your concerns directly.

9. Contact

For GDPR-related inquiries or to exercise your rights, contact us at dpo@pgecom.com.