1. Introduction 

This Privacy Notice explains how Infinite Payment Technology Limited (“Infinite”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data. 

“Infinite” refers collectively to: 

• Infinite Payment Technology Limited (Ireland), company number 771582 

• Infinite Payment Technology Limited (UK), company number 16378599 

Infinite provides payment technology and related services and operates as an agent of B4B Payments for the provision of regulated electronic money and payment services. 

“B4B Payments” refers collectively to: 

• Payment Card Solutions (UK) Ltd, company number 05941947, authorised and regulated by the Financial Conduct Authority (FCA) as an Electronic Money Institution 

• UAB B4B Payments Europe, company code 505539054, authorised and regulated by the Bank of Lithuania (BoL) as an Electronic Money Institution 

Where regulated payment or electronic money services are provided, they are issued and regulated by B4B Payments, and Infinite acts as its agent. 

This Privacy Notice explains: 

• what personal data we collect 

• how we use it 

• the legal basis for processing 

• how it may be shared 

• how we protect it 

• your rights under UK GDPR and EU GDPR 

2. Who Is Responsible for Your Personal Data 

Depending on the services provided, Infinite and B4B Payments may act as independent data controllers, joint controllers, or processor/controller arrangements for the processing of personal data. 

Generally: 

• Infinite processes personal data to provide technology services, merchant onboarding, operational support, and customer interaction functions. 

• B4B Payments processes personal data to provide regulated electronic money and payment services and to meet financial regulatory obligations including anti‑money laundering (AML), sanctions screening, and financial crime monitoring. 

Both organisations maintain appropriate governance, risk, and compliance processes to ensure personal data is processed lawfully, transparently, and securely in accordance with applicable data protection and financial regulatory requirements. 

If you have questions about this Privacy Notice, you can contact us at: 

Email: dataprotection@infinitepay.tech  

Registered Office Addresses:   

3. Personal Data We Collect 

We may receive personal data from: 

• Merchant owners, directors, employees or authorised representatives who interact with us   

• Merchants using our services   

• Third-party providers such as identity verification providers, payment networks and financial institutions   

• Distribution partners or business partners that introduce merchants or support service delivery 

Where Infinite supports payment services, limited personal data relating to merchants’ customers (such as transaction or payment data) may also be processed as part of providing those services. 

We may collect and process the following categories of personal data: 

Identity Information 

• Full name 

• Date of birth 

• Nationality 

• Government identification (passport, driving licence, national ID) 

Contact Information 

• Email address 

• Phone number 

• Residential address 

Financial Information 

• Payment card details 

• Bank account details (where provided) 

• Transaction data 

• Account information 

• Merchant information (where applicable) 

Verification Information 

• Identity verification checks 

• AML/KYC screening data 

• Sanctions and fraud screening results 

Technical Information 

• IP address 

• Device information 

• Browser type 

• Operating system 

• Log data 

Usage Information 

• How you use our services 

• Interaction with platforms or applications 

• Customer support communications 

Business Information (where relevant) 

• Company name 

• Business registration details 

• Directors and beneficial owners 

• Merchant transaction activity 

4. How We Use Your Personal Data 

We process personal data for the following purposes: 

Providing Services 

• onboarding customers 

• enabling payment services 

• issuing and managing payment accounts or cards 

• processing transactions 

Identity Verification and Compliance 

• performing KYC checks 

• verifying identity 

• monitoring transactions 

• complying with anti-money laundering, sanctions screening, fraud prevention, and financial crime monitoring obligations 

Customer Support 

• responding to inquiries 

• resolving disputes 

• managing customer relationships 

Security and Fraud Prevention 

• detecting fraud 

• preventing financial crime 

• monitoring suspicious activity 

Service Improvement 

• analysing usage patterns 

• improving system performance 

• developing new services 

Legal and Regulatory Compliance 

• meeting obligations under applicable financial services regulations 

• responding to regulatory requests 

• complying with legal obligations

5.Legal Basis for Processing 

Under UK GDPR and EU GDPR, we rely on the following lawful bases: 

Contractual Necessity 

Processing required to provide services you request. 

Legal Obligation 

Processing necessary to comply with regulatory requirements including: 

• anti-money laundering laws 

• financial crime prevention 

• regulatory reporting 

Legitimate Interests 

Processing necessary for: 

• fraud prevention 

• system security 

• improving services 

• internal administration 

Where required, we ensure these interests do not override your rights. 

Consent 

In limited cases (such as marketing communications), we may rely on your consent. 

6. Sharing Your Personal Data 

Infinite may share personal data where necessary to provide services, comply with legal obligations, or support regulated payment activities. 

Personal data may be shared with the following categories of recipients: 

B4B Payments 

As the regulated Electronic Money Institution, B4B Payments may process personal data to provide payment services and comply with regulatory obligations. 

Service Providers 

Trusted third-party providers including: 

• identity verification providers 

• fraud and AML screening services 

• payment processing partners and merchant acquirers 

• cloud infrastructure providers 

• IT and security providers 

• hardware suppliers, logistics providers, and fulfilment partners supporting the delivery of payment devices or related equipment 

Regulators and Authorities 

Where required by law or regulation, including: 

• Financial Conduct Authority (FCA) 

• Bank of Lithuania 

• law enforcement agencies 

• financial intelligence units 

Business Partners 

Where necessary to deliver services, such as payment networks (for example card schemes), banking partners, distribution platforms, or other regulated counterparties involved in the delivery of payment services. 

All third parties are required to maintain appropriate contractual, technical, and organisational safeguards to protect personal data. Where third parties process personal data on behalf of Infinite, they are appointed as data processors under written data processing agreements and are subject to oversight through Infinite’s Data Processor Register. 

7. International Transfers 

Where personal data is transferred outside the United Kingdom or European Economic Area, Infinite ensures appropriate safeguards are implemented in accordance with GDPR requirements. 

These safeguards may include: 

• UK International Data Transfer Agreements (IDTA) 

• EU Standard Contractual Clauses (SCCs) 

• transfers to jurisdictions recognised as providing adequate levels of data protection 

International transfers may occur where data is processed by regulated partners, payment networks, financial institutions, or technology service providers supporting the delivery of payment services. 

8. Data Retention 

Infinite retains personal data in accordance with its Records Retention Schedule and applicable legal and regulatory requirements. 

Retention periods are determined based on: 

• UK GDPR and EU GDPR storage limitation principles 

• UK Money Laundering Regulations 2017 (as amended) 

• Payment Services Regulations 2017 

• Applicable legal limitation periods 

• Regulatory expectations for financial institutions and intermediaries 

Where personal data is processed in connection with regulated payment services, records may be retained for a minimum of five (5) years after the end of a customer or merchant relationship, and longer where required under applicable financial services or anti-money laundering laws in relevant jurisdictions. 

Where multiple regulatory or legal retention obligations apply, the longest applicable retention period will apply. 

Personal data may be retained in secure systems, authorised third‑party service providers, backups, and archival systems where required for regulatory compliance. 

Once retention periods expire, personal data will be securely deleted, anonymised, or archived in accordance with Infinite’s internal data protection and information security procedures. 

9. Data Security 

We implement appropriate technical and organisational security measures to protect personal data, including: 

• encryption 

• access controls 

• secure infrastructure 

• monitoring systems 

• staff training 

Despite these measures, no system can guarantee absolute security. 

10. Automated Decision-Making 

Infinite and B4B Payments may use automated tools to support identity verification, fraud prevention, sanctions screening, transaction monitoring, and financial crime risk assessment. 

These tools may help identify potential risks, suspicious activity, or inconsistencies in information provided to us. Where automated tools are used, they are generally used to support risk assessment and operational decision-making. 

We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects on individuals without appropriate human involvement, unless permitted by applicable law. 

Where you have rights under UK GDPR or EU GDPR in relation to automated decision-making, including the right to request human review, you may contact us using the details set out in this Privacy Notice. 

11. Your Data Protection Rights 

Infinite maintains internal procedures to support the exercise of data subject rights, including Data Subject Access Requests (DSARs), rectification, erasure, and restriction requests. 

Requests are handled in accordance with Infinite’s Privacy Operations and Data Subject Rights Procedures, which ensure requests are assessed, verified, and responded to within applicable GDPR timeframes. 

Under UK GDPR and EU GDPR, you have the right to: 

• Access 

Request a copy of the personal data we hold about you. 

• Rectification 

Request correction of inaccurate or incomplete data. 

• Erasure 

Request deletion of personal data where applicable. 

• Restriction 

Request restriction of processing under certain circumstances. 

• Data Portability 

Request transfer of personal data to another provider. 

• Objection 

Object to processing based on legitimate interests. 

• Withdraw Consent 

Withdraw consent where processing is based on consent. 

To exercise your rights, contact: dataprotection@infinitepay.tech  

We may need to verify your identity before responding. 

12. Complaints 

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. 

• United Kingdom 

Information Commissioner’s Office (ICO) 

• European Union 

Your local Data Protection Authority. 

13. Changes to This Privacy Notice 

We may update this Privacy Notice periodically to reflect changes in our services, regulatory requirements, or data practices. 

The latest version will always be available on our website https://infinitepay.tech 

Last updated: 06/05/2026  

14. Contact Us 

If you have questions about this Privacy Notice or our data practices, please contact: 

Email:  dataprotection@infinitepay.tech 

Addresses: