Bizaldo EU Legal Pack

Eftaapay Limited is the data controller for personal data collected through the Bizaldo websites, apps and commercial relationships with merchants and prospects. For payment processing data handled on behalf of merchants (e.g., end-customer transaction data flowing through Bizaldo-enabled integrations), Eftaapay Limited acts as a data processor and the merchant is the data controller.

Account & identity data: name, business role, email, phone, password hashes, authentication logs.

Business & KYC data (merchants): legal name, registration numbers, beneficial ownership, risk profile, compliance documents.

Transaction & device data: order IDs, basket info, amounts, currency, timestamps, device identifiers, IP address, user agent, app telemetry, crash logs.

Support & communications: ticket content, call/chat recordings (where permitted), feedback.

Marketing & cookies: marketing preferences, referral data, cookie identifiers; analytics/advertising identifiers where consented.

We process personal data for: 1. Service provision & account administration (Art. 6(1)(b) GDPR – contract; UK GDPR equivalent). 2. Onboarding, KYC/AML, fraud prevention & risk management (Art. 6(1)(c) – legal obligation; Art. 6(1)(f) – legitimate interests). 3. Improving and securing our services (Art. 6(1)(f)). 4. Marketing communications (Art. 6(1)(a) – consent for electronic direct marketing in the EEA; Art. 6(1)(f) – B2B soft opt‑in where permitted; you can opt out at any time). 5. Legal claims, compliance & record keeping (Art. 6(1)(c) and 6(1)(f)).

Where we rely on consent, you may withdraw it at any time via Cookie Settings or by contacting us.

We share personal data with: - Payment and acquiring partners (regulated PSPs/acquirers) to enable merchant acquiring and settlement. - KYC/AML providers & identity verification partners. - Cloud hosting & infrastructure providers. - Analytics, product, and support tools. - Professional advisers (legal, audit, compliance) and where required by law or competent authorities.

A live list of key processors/sub‑processors will be maintained at: bizaldo.com/legal/subprocessors (link to be published).

We may transfer data outside the EEA/UK. Where we do, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, plus technical/organizational measures.

We retain personal data for as long as necessary for the purposes above, and to meet legal/contractual obligations (for example, AML/financial records are typically kept for 5–10 years depending on jurisdiction).

Under EU/UK data protection laws, you may have rights to access, rectify, erase, restrict, object to certain processing, port data, and where applicable withdraw consent. You also have the right to lodge a complaint with your local authority (e.g., ICO in the UK, or your EU supervisory authority).

EU Representative (Art. 27 GDPR): To be confirmed (if required). Details will appear here.

Data Protection Officer (DPO): Not legally required at present; if appointed, details will be provided here.

Bizaldo is a B2B service and is not directed to children under the age of 16.

Questions or requests: privacy@eftaapay.com or postal address above.

These Terms govern access to and use of Bizaldo's POS and related services, apps, dashboards and APIs (the Service). By registering an account or using the Service, you agree to these Terms.

Provide accurate information and keep credentials confidential.

You are responsible for all activities under your account.

We may suspend accounts for suspected fraud, security risks, or legal non‑compliance.

Plans and pricing are shown in the dashboard or order form. Taxes/VAT may apply.

Trials/Betas are provided as‑is and may be discontinued.

Fees are billed per the selected plan and any usage‑based charges (e.g., add‑ons, storage, terminals). Late payments may incur suspension.

License transfer between users; non‑cancellable term - Named-user licenses may be reassigned within the same Merchant account to another individual user (e.g., when staffing changes occur). Reassignment does not reset or extend the subscription term. - Non‑cancellable once active: After a license is first assigned/activated within a billing term, it cannot be cancelled for the remainder of that term; you may only reassign it to another user. Reductions in license quantity take effect at the next renewal unless otherwise agreed in writing. - Entity scope: License transfers are permitted only within the same legal entity (or group entity listed on the Order Form). Transfers to third parties outside your organization are not permitted without our written consent.

Trial‑and‑Buy model - We may offer a time‑limited Trial (e.g., 14 or 30 days) with stated feature limits. During the Trial, the Service is provided as‑is and may be withdrawn at any time. - Conversion to paid: If you (a) add valid billing details and (b) do not cancel before the Trial ends, the Trial converts to a paid subscription at the plan price shown in the dashboard/order form as of the conversion date. We will provide notice in‑product and/or by email before conversion. - If you do not add billing details or choose not to buy, access will cease at Trial end; your data may be deleted after a grace period per our retention policy. - Any hardware or third‑party services used during Trial are subject to their own terms and charges and are not included unless expressly stated.

Payment acceptance, acquiring and settlement are provided by third‑party regulated payment institutions and/or acquirers. Additional terms from those partners apply. Bizaldo/Eftaapay provides software and technical services and may act as agent or marketplace facilitator where applicable.

(a) breach applicable law (including PSD2, AML, sanctions, export controls);

(b) process Prohibited Activities (see Merchant Agreement Schedule 2);

(c) interfere with or reverse engineer the Service;

(d) misuse personal data.

Integrations (e.g., accounting, ecommerce, analytics) are provided by third parties. Your use is subject to their terms.

We and our licensors own all IP in the Service. You own your content and grant us a limited license to host/process it to provide the Service.

Each party will keep the other's non‑public information confidential, using at least reasonable care.

We process personal data in accordance with the Privacy Statement. Where we act as processor for your end‑customer data, the Data Processing Schedule (see Merchant Agreement Schedule 1) applies.

The Service is provided as‑is. We do not warrant uninterrupted or error‑free operation. Statutory rights are unaffected where they cannot be excluded.

To the maximum extent permitted by law, our aggregate liability for all claims in any 12‑month period is capped at the greater of (i) amounts paid to us by you for the Service in that period or (ii) £10,000. We do not exclude liability for death/personal injury caused by negligence, fraud, willful misconduct, or where otherwise unlawful to exclude.

Either party may terminate for convenience with 30 days' notice, or immediately for material breach. Upon termination, you must cease using the Service and export your data within 30 days (export tools are provided in the dashboard).

We may update these Terms with notice (e.g., via the dashboard or email). Material changes will take effect no earlier than 30 days after notice, except where required by law or for security.

These Terms are governed by the laws of England & Wales. Courts of England have exclusive jurisdiction, except that mandatory consumer protections (if any) remain unaffected. These Terms are B2B.

Eftaapay Limited (acting for Bizaldo) and the Merchant identified in the Order Form or Bizaldo dashboard.

Bizaldo provides: (a) POS software and related services; (b) onboarding and risk assessment; (c) technical integration with acquiring partners; (d) reporting & analytics.

Merchant must supply complete and accurate KYC/AML information, beneficial ownership and required documents. We may decline or suspend Services where risk thresholds are exceeded or information is incomplete.

Payment acquiring and settlement are provided by one or more regulated Acquirers. Merchant authorizes sharing of data necessary for underwriting, chargeback handling, settlement, and compliance. Settlement timelines and payout schedules are governed by the Acquirer's terms.

Fees are specified in the Order Form or dashboard and may include SaaS subscription, payment processing markup, hardware, and third‑party pass‑through costs. Fees are exclusive of taxes. We may set a Reserve or Rolling Reserve based on risk.

Merchant is responsible for chargebacks and agrees to cooperate with evidence requests. Refunds must be processed through the Service/Acquirer. We may offset amounts due (including chargebacks, fees, fines) against amounts owed to Merchant or collect by invoice/direct debit.

Merchant must maintain appropriate security, including: (i) safeguarding credentials and devices; (ii) using approved hardware/software; (iii) complying with PCI DSS and applicable mobile POS/MPoC requirements; (iv) following our security guidance and Acquirer policies.

Merchant will comply with applicable laws (including PSD2/PSR, consumer law, VAT/tax, sanctions, AML). Prohibited Activities are listed in Schedule 2.

For end‑customer data processed via the Services, Bizaldo acts as processor and the Merchant as controller. The Data Processing Schedule (Schedule 1) applies and forms part of this Agreement. Each party will implement appropriate technical and organizational measures.

Each party retains its IP. Merchant grants Bizaldo a license to use its marks for Service delivery and case studies (with consent). Both parties will keep Confidential Information secure.

Each party warrants it has authority to enter this Agreement. Otherwise, the Services are provided as‑is; no implied warranties.

Merchant will indemnify Bizaldo and the Acquirer(s) against losses arising from (a) Merchant breach of this Agreement or law; (b) Prohibited Activities; (c) chargebacks/fines due to Merchant acts/omissions. Bizaldo will indemnify Merchant against third‑party IP claims alleging the Service infringes IP, excluding claims arising from Merchant content, misuse, or combinations not provided by Bizaldo.

Subject to exclusions for death/personal injury, fraud, and non‑excludable statutory liabilities, each party's aggregate liability in any 12‑month period is capped at the greater of fees paid in that period or £50,000. Neither party is liable for indirect/consequential damages, loss of profits, or loss of data (except to the extent data export obligations are breached).

Either party may terminate: (i) for convenience with 30 days' notice; (ii) for material breach (after 10 business days to cure); (iii) immediately if required by law/regulator/Acquirer. Upon termination, outstanding balances become due; Merchant must cease using the Services; we will provide data export for 30 days.

England & Wales law; courts of England. Each party submits to exclusive jurisdiction.

Subject matter: Provision of Bizaldo Services to Merchant. Duration: Term of Merchant Agreement plus retention periods. Nature & purpose: Hosting, transmitting, analyzing payment and retail data; fraud prevention; support. Types of personal data: End‑customer identifiers, contact details where provided, order details, payment tokens, device/telemetry data, support interactions. Categories of data subjects: Merchant personnel, end‑customers, payers, authorized users. Processor obligations: 1. Process only on documented instructions from Merchant. 2. Maintain confidentiality; ensure staff are bound by confidentiality. 3. Implement appropriate technical and organizational measures (access controls, encryption in transit/at rest, logging, backups, vulnerability management, secure SDLC). 4. Sub‑processors: use vetted providers; maintain an online list; notify material changes and allow objection on reasonable grounds. 5. Assist with data subject requests, DPIAs, and breach notifications. 6. Delete or return personal data at end of Services (subject to legal retention). 7. Make available information to demonstrate compliance and allow reasonable audits (subject to confidentiality and security limitations). 8. International transfers: use SCCs/UK IDTA where required. Merchant responsibilities: configure the Service securely; provide lawful instructions; maintain privacy notices; obtain valid consents where required; comply with PCI/MPoC and consumer law.

Illegal products/services; narcotics; weapons; adult content involving minors; hate/abuse; pyramid schemes; unlicensed gambling; sanctions‑restricted activities; counterfeit or IP‑infringing goods; high‑risk CBD/THC where unlawful; any activity prohibited by Acquirer or regulator. (A full, up‑to‑date list will be posted in the dashboard.)

We use cookies and similar technologies on our websites and apps to provide the Service, understand usage, improve performance, and personalize content/ads where you have given consent.

Strictly Necessary – required for site/app functionality (e.g., session cookies, load balancing, security). Always active.

Preferences – remember choices (language, region, UI settings).

Performance/Analytics – measure usage (e.g., page views, features used) to improve the Service.

Advertising/Marketing – personalize or measure ads across our properties and partners.

Functional – enhanced features such as chat widgets, video players.

For non‑essential cookies, we rely on consent (EU ePrivacy/GDPR). You can change or withdraw consent at any time via Cookie Settings.

Cookies may be session‑based or persist for up to 24 months (or as otherwise disclosed in the Cookie Settings panel). Analytics data may be aggregated/de‑identified after shorter periods.

Some cookies are set by third parties (e.g., analytics, advertising, A/B testing, support chat). We do not control their cookie lifetimes. See the Cookie Settings panel for current vendors and purposes.

Use the Cookie Settings panel to toggle categories on/off, or adjust your browser/device settings. Disabling certain cookies may impair features.