ARYZE

Version 1.0 · Last updated: 26 March 2026

Privacy Policy

Aryze Pay by Bank (UK)

1. Introduction

  1. 1.1 This Privacy Policy explains how personal data is processed when you use Aryze Pay by Bank services (the “Services”).
  2. 1.2 The Services are made available under the Aryze brand in connection with a merchant, platform or other business (the “Merchant”).
  3. 1.3 Aryze ApS, Bredgade 3, 1260 Copenhagen, Denmark (“Aryze”, “we”, “us”), acts as a technology provider and interface layer for the Services.
  4. 1.4 Where the Services involve regulated payment initiation services (“PIS”) in the United Kingdom, such services are provided by Volt Technologies Holdings Limited (“Volt”), a company authorised and regulated by the Financial Conduct Authority.
  5. 1.5 Depending on the context, Aryze and Volt may act as independent data controllers in relation to their respective parts of the Services.

2. Who Is Responsible for Your Data

  1. 2.1 Aryze acts as a data controller for personal data processed in connection with:
    • the user interface and payment flow
    • service orchestration and transaction routing
    • fraud prevention and security (at platform level)
    • analytics, performance and service improvement
    • user support and communications
  2. 2.2 Volt acts as a data controller for personal data processed in connection with:
    • regulated payment initiation services (PIS)
    • regulatory compliance obligations
    • transaction execution instructions
  3. 2.3 Your Bank acts as a separate data controller for your payment account and authentication.
  4. 2.4 The Merchant acts as a separate data controller for your purchase and customer relationship.

3. Personal Data We Collect

We may process the following categories of personal data:

3.1 Identification Data

  • Name
  • Account holder name
  • Merchant reference identifiers

3.2 Payment Data

  • Bank account identifiers (e.g. sort code, account number, IBAN where applicable)
  • Payment amount
  • Transaction reference
  • Payment status

3.3 Technical and Device Data

  • IP address
  • Device type and operating system
  • Browser type
  • Session identifiers
  • Log data

3.4 Usage Data

  • Interaction with the payment flow
  • Timestamp data
  • Error logs
  • Performance data

3.5 Fraud and Security Data

  • Risk indicators
  • Fraud signals
  • Behavioural patterns
  • Security logs

3.6 Communications Data

  • Customer support requests
  • Feedback or complaints

4. How We Collect Data

We collect personal data:

  1. 4.1 Directly from you when you use the Services
  2. 4.2 From your Bank via secure open banking connections (only where necessary for payment initiation)
  3. 4.3 From the Merchant
  4. 4.4 From Volt (in connection with regulated PIS services)
  5. 4.5 Automatically through your use of the Services

5. Purposes of Processing

We process personal data to:

5.1 Provide the Services

  • enable Pay by Bank payments
  • manage the payment flow
  • confirm transaction status

5.2 Payment Processing

  • initiate payments via regulated PIS provider (Volt)
  • communicate with Banks and payment systems

5.3 Security and Fraud Prevention

  • detect and prevent fraud
  • protect users and systems
  • monitor suspicious activity

5.4 Legal and Regulatory Compliance

  • comply with applicable laws
  • respond to authorities
  • maintain records

5.5 Service Improvement

  • analyse performance
  • optimise user experience
  • develop and improve services

5.6 Customer Support

  • respond to inquiries
  • handle complaints

6. Legal Basis for Processing

We rely on the following legal bases:

  1. 6.1 Contractual Necessity
    Processing is necessary to provide the Services.
  2. 6.2 Legal Obligations
    Processing is required to comply with laws and regulations.
  3. 6.3 Legitimate Interests
    Including:
    • fraud prevention
    • service security
    • service improvement
    • operational efficiency
  4. 6.4 Consent
    Where required (e.g. for non-essential cookies or optional features).

7. Data Sharing

We may share personal data with:

7.1 Banks

To enable payment initiation and processing.

7.2 Merchants

To confirm payment status and complete transactions.

7.3 Volt

As regulated PIS provider for payment initiation.

7.4 Infrastructure Providers

  • Mastercard Open Banking connectivity
  • payment networks
  • cloud hosting providers

7.5 Fraud and Compliance Providers

  • fraud detection tools
  • sanctions screening providers

7.6 Authorities

Where required by law or regulation.

7.7 Service Providers

  • analytics providers
  • technical infrastructure providers
  • customer support tools

8. International Transfers

  1. 8.1 Personal data may be transferred outside the United Kingdom or European Economic Area.
  2. 8.2 Where this occurs, appropriate safeguards are implemented, including:
    • Standard Contractual Clauses
    • adequacy decisions
    • other legally approved mechanisms

9. Data Retention

  1. 9.1 We retain personal data only as long as necessary to:
    • provide the Services
    • comply with legal obligations
    • resolve disputes
    • prevent fraud
  2. 9.2 Retention periods may vary depending on:
    • regulatory requirements
    • transaction history
    • risk and fraud considerations

10. Your Rights

Depending on applicable law, you may have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion
  • restrict processing
  • object to processing
  • request data portability

10.2 You may also have the right to lodge a complaint with a supervisory authority, such as the UK Information Commissioner's Office (ICO).

11. Security

  1. 11.1 We implement appropriate technical and organisational measures to protect personal data.
  2. 11.2 This includes:
    • encryption
    • access controls
    • monitoring systems
    • secure infrastructure
  3. 11.3 Despite this, no system can be guaranteed to be completely secure.

12. Cookies and Tracking

  1. 12.1 We use cookies and similar technologies to:
    • operate the Services
    • improve performance
    • analyse usage
    • enhance security
  2. 12.2 Where required, we obtain consent before placing non-essential cookies.
  3. 12.3 For more information, please refer to our Cookie Policy.

13. Third-Party Services

  1. 13.1 The Services may involve third parties including:
    • your Bank
    • Volt
    • Merchants
    • payment networks
  2. 13.2 Aryze is not responsible for the privacy practices of third parties.

14. Changes to This Policy

  1. 14.1 We may update this Privacy Policy from time to time.
  2. 14.2 Updated versions will be made available via the Services.

15. Contact

Aryze ApS

Bredgade 3

1260 Copenhagen

Denmark

Email: legal@aryze.io

← Back to Legal Policies