PayLTR

Privacy Policy

Introduction

PayLTR ("we", "us", "our") is a financial technology service that provides cashflow financing solutions for small and medium-sized enterprises.

We are committed to protecting the privacy and security of the personal and business data we process. This Privacy Policy explains how we collect, use, store, and safeguard information in compliance with the General Data Protection Regulation (GDPR).

By using the PayLTR platform, you acknowledge that you have read and understood this Privacy Policy.

Data Controller & Contact Information

📧 support@payltr.com
📞 +31 6 84925325

Categories of Data We Collect

A. Personal Data

  • Name of contact person
  • Email address
  • Phone number
  • KvK number & company details

B. Financial Data

  • Bank transactions
  • Account balances
  • Account identifiers
  • Payment behavior

C. Application Data

  • Requested loan amount
  • Cashflow information
  • Purpose of financing

D. Technical Data

  • IP address
  • Browser agent
  • Device usage data
  • Cookies

Purpose of Data Processing

We process information for the following lawful purposes:

  • Creditworthiness assessment
  • Performing a pre-scan prior to loan forwarding
  • Facilitating financial data retrieval via Ponto (PSD2)
  • Transferring applications to our financing partner
  • Providing customer support
  • Platform security and fraud prevention
  • Compliance with legal obligations

All processing is based on Article 6 GDPR:

  • 6(1)(b): performance of a contract
  • 6(1)(c): legal obligation
  • 6(1)(f): legitimate interest
  • 6(1)(a): explicit consent (PSD2 bank access)

Data Sharing

We share data exclusively with:

A. Ponto (Open Banking provider)

For secure financial data retrieval.

B. Financing Partner (Qred)

Only after completion of the pre-scan and with user consent.

C. Technical infrastructure providers

(e.g., hosting, CRM, analytics) and all GDPR-compliant and bound by strict processing agreements.

We never sell or rent data.

International Transfers

Where data is transferred outside the EEA, PayLTR ensures full GDPR compliance via:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Additional safeguards

Data Retention

We retain data only as long as strictly necessary:

  • Application data: Up to 12 months
  • Financial/PSD2 data: Up to 120 days unless required for compliance
  • Contractual records: Up to 7 years (legal obligation)

Users may request deletion at any time.

User Rights under GDPR

You have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent

Requests can be sent to support@payltr.eu.

Security Measures

PayLTR applies:

  • TLS 1.3 encryption
  • Multi-layer access controls
  • Encrypted secrets storage
  • Pseudonymisation
  • Strict role-based access

Updates to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website.