GrinaPay

Privacy Policy

Last updated: May 20, 2025

1. Introduction

At GrinaPay, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and other services (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you provide directly to us, including but not limited to:

  • Contact information (name, email address, phone number, postal address)
  • Account credentials (username, password)
  • Financial information (bank account details, credit card information)
  • Identification documents (passport, driver's license, national ID)
  • Biometric data (for identity verification purposes)
  • Transaction data (payment recipients, amounts, dates, purposes)
  • Communications with us (customer support inquiries, feedback)

2.2 Automatically Collected Information

When you use our Services, we may automatically collect certain information, including:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Location data (with your permission)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We may use the information we collect for various purposes, including to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Verify your identity and prevent fraud
  • Comply with legal and regulatory requirements
  • Communicate with you about products, services, and events
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities
  • Personalize your experience and deliver content relevant to your interests
  • Protect the security and integrity of our Services

4. Regional Data Protection Laws

4.1 European Union (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and similar laws apply to our processing of your personal data.

Legal Bases for Processing

Under the GDPR, we process your personal data on the following legal bases:

  • Contractual Necessity: Processing necessary to perform our contract with you (e.g., providing our financial services)
  • Legal Obligation: Processing necessary to comply with our legal obligations (e.g., anti-money laundering requirements)
  • Legitimate Interests: Processing necessary for our legitimate interests, provided these interests don't override your fundamental rights and freedoms (e.g., improving our services, preventing fraud)
  • Consent: Processing based on your specific consent (e.g., for certain types of marketing communications)

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: You can request a copy of your personal data
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data in certain circumstances
  • Right to Restriction: You can request restriction of processing in certain circumstances
  • Right to Data Portability: You can request transfer of your data in a machine-readable format
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: You can withdraw consent at any time

To exercise these rights, please contact our Data Protection Officer at dpo@grinapay.com. You also have the right to lodge a complaint with your local data protection authority.

4.2 United States

If you are a resident of the United States, various federal and state laws may apply to your personal information.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights:

  • Right to Know: You can request information about the personal information we collect, use, disclose, and sell
  • Right to Delete: You can request deletion of your personal information, subject to exceptions
  • Right to Correct: You can request correction of inaccurate personal information
  • Right to Opt-Out: You can opt out of the sale or sharing of your personal information and limit the use of sensitive personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, please contact us at privacy@grinapay.com or call 1-800-123-4567.

Other State Privacy Laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights to access, delete, correct, and opt out of certain processing of your personal information.

Financial Privacy (GLBA)

As a financial institution, we are subject to the Gramm-Leach-Bliley Act (GLBA), which limits our disclosure of nonpublic personal information and requires us to notify you of our privacy practices.

4.3 Africa

If you are located in an African country, various data protection laws may apply to your personal information.

South Africa (POPIA)

If you are in South Africa, the Protection of Personal Information Act (POPIA) applies to our processing of your personal information. Under POPIA, you have rights to:

  • Be notified when your personal information is collected
  • Access your personal information
  • Request correction or deletion of your personal information
  • Object to processing in certain circumstances
  • Submit a complaint to the Information Regulator

Nigeria (NDPR)

If you are in Nigeria, the Nigeria Data Protection Regulation (NDPR) applies. Under the NDPR, you have rights to:

  • Access your personal data
  • Request rectification or erasure of your personal data
  • Object to processing of your personal data
  • Lodge a complaint with the National Information Technology Development Agency (NITDA)

Other African Countries

Many other African countries have enacted or are in the process of enacting data protection laws, including Kenya, Ghana, Uganda, and others. We comply with applicable data protection laws in all countries where we operate.

5. Sharing of Information

We may share your information with:

  • Service providers who perform services on our behalf
  • Financial institutions to process transactions
  • Business partners with whom we jointly offer products or services
  • Regulatory authorities, law enforcement agencies, and other third parties as required by law
  • Other users with whom you choose to share information (e.g., transaction recipients)
  • Third parties in connection with a merger, acquisition, or sale of all or a portion of our assets

6. International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

6.1 EU-US Data Transfers

For transfers from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Agreement (IDTA)
  • Binding Corporate Rules (BCRs) where applicable
  • EU-US Data Privacy Framework (DPF) certification

6.2 Transfers to and from Africa

For transfers involving African countries, we comply with local requirements for cross-border transfers, including:

  • Obtaining regulatory approvals where required
  • Implementing appropriate contractual safeguards
  • Ensuring adequate protection in recipient countries

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining the retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.

Specific retention periods may vary by region due to local legal requirements:

  • EU: We retain data in accordance with GDPR principles, generally for no longer than necessary for the purposes for which it was collected
  • US: We retain financial records in accordance with federal and state requirements, typically 5-7 years
  • Africa: We comply with local retention requirements, which vary by country

9. Children's Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through our Services or by other means. Your continued use of our Services after such notification constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

GrinaPay Privacy Office
Email: legal@grinapay.com
Address: 8 The Green Street R Dover, DE 19901, United States