New Gastelum is now live across the EU/EEA. Talk to our team →
Gastelum
Contact sales
Legal

Privacy Policy.

How We collect, use, share and safeguard the personal information You entrust to Us when You use the Gastelum Payments website.

Last updated: 13 April 2026

We at Gastelum Payments (“Gastelum”, “We”, “Us” or “Our”) are committed to protecting the privacy of Our users. As part of this commitment, it is important for Us to be transparent about how We (and others on Our behalf) handle the information We collect about Our users, when We collect it, and how We use it.

This is the privacy policy of https://gastelumpayments.com (the “Policy” and the “Website”). In this Policy You (“You”, “Your” or “User”) may find information about the types of information We collect about Users of Our Website, when We collect it, how We use it, how We share it with third parties and how We retain it, as well as the rights available to You.

In this Policy, any reference to “Personal Data” is to any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or in combination with additional information that We hold or have access to.

When do We collect information about You?

We may collect Personal Data about You in the following circumstances:

  • When You access or use the Website and the services made available through it (the “Services”); and
  • When You communicate with Us by email, through Our social channels, or through any other channel.

You are under no legal obligation to provide any information about You, and any information is provided at Your own free will. However, if You choose not to provide certain information, We may be unable to provide You with some or all of the Services.

What type of information do We collect?

We (or third parties on Our behalf) may collect the following types of Personal Data about You:

  • Website usage information — including online activity logs and traffic information such as IP address, time and date of access, the web or mobile pages You visit, the language used, software crash reports, the type of browser used and information about the device You use. Some of this information may not identify You personally and therefore does not constitute Personal Data.
  • Website activity information — whenever You use the Website We monitor and record Your activity, including the searches You perform, the content You view, how long You engage with that content and how You interact with the Website.
  • Communication information — when You contact Us, including through the Website or Our social channels, You may provide Us with Your full name, corporate affiliation, address, contact information (such as email address and telephone number) and the content of Your communication with Us.

You are responsible for ensuring the accuracy of the information You provide to Us (or to others on Our behalf). Inaccurate information may affect Our ability to provide You with some of the Services and to contact You as described in this Policy.

What is the legal basis for processing Your Personal Data?

We process Personal Data on the following legal grounds:

  • Performance of a contract — where processing is necessary to provide the Services.
  • Legitimate interests — for fraud prevention, analytics, security and improving the Services.
  • Legal obligations — to comply with applicable laws or regulatory requirements, including anti-money-laundering and financial-services rules.
  • Consent — where You have given Your explicit consent, for example to receive marketing communications.

How do We use Personal Data?

We may use Personal Data about You for the following purposes:

  • To operate, maintain and improve the Website and the Services.
  • To contact You for operational, customer-support or security purposes.
  • To personalise content or offers for You.
  • To respond to Your queries, requests or complaints.
  • To send You marketing materials, subject to Your consent.
  • To carry out and support the activities behind the offering and provision of the Services, including back-office functions, business development, strategic decision-making and financial management.
  • To protect Our interests and those of third parties, including the establishment, exercise or defence of legal claims.
  • To meet Our legal and regulatory obligations.

What rights do You have?

Subject to applicable law, You have the following rights:

  • Right to access — request a copy of the Personal Data We hold about You.
  • Right to rectification — correct inaccurate or incomplete Personal Data.
  • Right to erasure (“right to be forgotten”) — request deletion of Personal Data, subject to legal exceptions.
  • Right to restriction — request limited processing under certain conditions.
  • Right to data portability — receive Your Personal Data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent — withdraw Your consent where processing is based on consent.

To exercise any of these rights, You may contact Us at privacy@gastelumpayments.com. You also have the right to lodge a complaint with Your local data-protection authority.

Sharing of Personal Data

We will not disclose or share Personal Data about You with third parties except as described in this Policy.

We may transfer Personal Data to entities that control Us, that are under Our control, or that are under common control or ownership with Us (collectively, the “Group”). Such entities may use the Personal Data to support the needs of the Group.

We may share Personal Data about You with the following third parties or for the following purposes:

  • Upon Your consent or instruction;
  • With third parties that provide Us with services related to the Website and the Services, such as hosting, identity verification, analytics, communications and security, acting on Our instructions under contract;
  • With regulated banking, acquiring and payment partners where necessary to deliver transactions and settlements;
  • With supervisory bodies, law-enforcement and other authorities where We are legally required or permitted to disclose information;
  • In connection with a sale, assignment, merger, acquisition, insolvency or other transaction in which Personal Data may be transferred to a successor or acquirer;
  • To protect Our rights, property and interests, or those of third parties, and to comply with a court order or legal process.

Joint controllership disclosure

To reach potential new customers, We may share hashed versions of existing customer identifiers (such as email addresses) with Meta Platforms Ireland Limited (“Meta Ireland”) to create “Lookalike Audiences”. For the collection and transmission of this data, Gastelum and Meta Ireland act as joint controllers in accordance with Article 26 of the GDPR. To protect Your privacy, all identifiers are transformed into hashed, cryptographically protected signatures before being shared, so that the platform can match the data without receiving raw contact information in plain text. Further information on how Meta Ireland processes Personal Data, the legal basis it relies on and how to exercise Your rights against Meta Ireland can be found in Meta Ireland’s privacy policy and the applicable joint-controller addendum.

Transfer of Personal Data abroad

We may transfer Personal Data about You outside the jurisdiction in which You reside and store it in other countries; the data-protection and other laws of those countries may not be as protective as those in Your jurisdiction. In these cases We will take steps to ensure that an appropriate level of protection is given to Your Personal Data, such as the use of the European Commission’s Standard Contractual Clauses or an applicable adequacy decision.

Retention of Personal Data

We will retain Personal Data about You only for as long as necessary to fulfil the purposes for which it was collected. We may retain Personal Data for longer where necessary to comply with legal, regulatory, anti-money-laundering or tax obligations applicable to Us. Once the relevant retention period expires, We securely delete or anonymise the data.

Changes to this Policy

We may update this Policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

For privacy-related inquiries, please contact Us at privacy@gastelumpayments.com. For regulatory and compliance matters You can also reach Us at compliance@gastelumpayments.com.