Last updated: March 2026
Paytia Limited is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We process personal data lawfully, fairly and transparently, and only for specified, legitimate purposes.
We rely on several lawful bases for processing personal data, including consent (for marketing communications), contractual necessity (to deliver our services), legitimate interests (to improve our products and website) and legal obligations (to meet regulatory requirements).
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, regular security assessments and staff training. All data is processed and stored within the United Kingdom.
Individuals have the right to access their personal data, request rectification or erasure, restrict processing, object to processing and request data portability. We respond to all valid requests within 30 days. To make a request, contact privacy@paytia.com.
Where Paytia acts as a data processor on behalf of clients, we enter into formal data processing agreements that define the scope, purpose and duration of processing. We do not sub-process personal data without prior written authorisation from the data controller.