This Data Protection Policy conforms to the information and transparency requirements established in Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016. This regulation concerns the protection of natural persons regarding the processing of personal data and the free circulation of that data (hereinafter, RGPD). This Data Protection Policy also conforms to Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (in hereinafter, LOPDGDD) and that are detailed below.


  • Identification and contact details of the data controller

EASY PAYMENT & FINANCE, EP-SAU (hereinafter, “EASY” or “the entity”), is responsible for controlling data, carrying out the processing of personal data collected directly from its customers, either in a in person, by email, telephone, postal mail or through the website

If you have any questions regarding the processing of personal data, you can contact EASY at:

  • Name: Easy Payment & Finance, EP-SAU
  • NIF: A-85785905
  • Postal address: Gran Vía street, number 51, 6th floor, Madrid postal code 28013
  • Email:
  • Contact telephone number: 91 787 62 00


  • Origin and type of data processed

In general, EASY only handles the personal data that the users themselves provide when filling in the contact form, when making a communication addressed to the entity, when browsing the web, requesting a service, etc.

However, the money transfer services may also process data provided by third parties (for example, third-party payment service providers, technology providers, commercial agents, etc.) and other beneficiaries.

Personal data is information about an identified and identifiable natural person, that is, of any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, identification number, data location, online identifier, among others.

In addition, while browsing the web, information provided by the device may be processed through cookies enabled on your computer. You can access detailed information on the treatment of cookies in our Cookies Policy.

In general, EASY treats the following types of data:

  • Identification and representation data (name, surname, identification number, power of attorney, contact details of representatives, etc.)
  • Contact information (mobile phone, postal address, email, etc.)
  • Bank details (SWIFT, IBAN, Account number, etc.)

EASY informs users of the necessary nature of the collection and registration of certain personal data, marked with an asterisk (*), since not providing them could prevent the entity from responding to the contact request or information requested through of the contact form or perform the requested service.


  • Purposes of the treatment

The processing of personal data carried out by EASY carries out the following purposes:

  1. Articulate the legal relationship with the client.
  2. Transmit and execute the requested transfers.
  3. Optimize the provision of the transfer and/or currency exchange management services through the management of payment orders.
  4. Comply with the applicable regulations, especially regulations on the prevention of fraud, money laundering and the financing of terrorism.
  5. Comply with service quality levels.
  6. Answer contact requests through the form.
  7. Send communications to the client about products or services contracted.
  8. Send advertisements, with prior consent, to the client about products or services similar to those contracted of other products.


  • Legal basis for the treatment

EASY processes personal data with the legitimacy established in article 6 of the RGPD and indicated below:

  1. The treatment is necessary for the execution of a contract or pre-contract.
  2. The treatment is necessary for compliance with the legal obligations applicable to EASY.
  3. The treatment is necessary for the satisfaction of the legitimate interests of EASY (for example, to articulate the legal relationship with the client, send communications about the products and services contracted, etc.).
  4. The explicit consent of the interested party (for example, to receive commercial communications about products not related to similar or previous products).


  • Conservation period

The personal data provided is kept for the minimum necessary time needed to fulfill the indicated purposes and to respond to any claims and obligations that may arise.

Data is stored for a minimum of 10 years in accordance with the applicable regulations on the prevention of money laundering and terrorist financing, for the duration of the contractual relationship, etc.


  • Assignments

EASY does not transfer personal data to third companies, except through legal obligations wherein such transfer is necessary for the management of the client’s relationship or operation or unless they the client is considered data managers.

In this sense, EASY may transfer personal data to:

  • Third parties and/or payment service providers, such as the managers, banks or financial entities that pay the destination countries, technology service providers and correspondent entities.
  • State administrations and organizations
  • Treatment managers

Third-party payment service providers, as well as payment systems and technology service providers to which the data is transmitted to carry out the service may be required, by the legislation of the State where they are located or by Agreements, to provide information on the transaction to the authorities or official bodies of other countries. These authorities may be located both inside and outside the European Union, within the framework of the fight against the financing of terrorism and the prevention of money laundering.


  • International transfers

For the correct performance of the service contracted with EASY, it is necessary to carry out international transfers of personal data to third countries outside the European Economic Area or to countries that do not have the same level of adequacy in relation to Data Protection.

For example, this may occur when one requests to send money to a beneficiary who is located in a country outside the European Economic Area.

These international transfers are covered by EU-US Privacy Shield agreements that are necessary for the execution of the contracted service, in accordance with article 49 of the RGPD.


  • Rights of the Holder of personal data

The data protection regulations grant to the owner of the personal data (hereinafter, “the interested party”) a series of rights in relation to their treatment as carried out by EASY.

Specifically, these are the rights of access, rectification, deletion, limitation, opposition, portability, as well as not to be subject to automated decisions and to withdraw consent at any time.

Next, we detail what each right consists of:

  • Right of access: the right to request the details of the data that EASY has about the interested party and how it treats them, as well as to obtain a copy of the data.
  • Right of rectification: the right to rectify inaccurate or erroneous data, as well as to complete the input of information that was previously left incomplete.
  • Right of deletion: the right to request the deletion or deletion of data and information in certain circumstances. However, there are certain occasions in which EASY is legally entitled to continue conserving and processing your data (for example, to comply with a legal obligation to conserve data).
  • Right of limitation: the right to restrict or limit the processing of data in certain circumstances (for example, if the deletion of data is requested, but, instead of eliminating them, the owner prefers that the data be blocked and treated solely for the purposes conservation, since they will be necessary later to file a claim).
  • Right of opposition: the right to object to EASY processing your data for a specific purpose, in certain circumstances provided for in the regulations and related to the personal situation of the owner.
  • Right to data portability: the right to receive the data of the interested party in a commonly used format that allows them to be ported to another company, as well as, where appropriate, to request EASY to directly transmit them to said other company when technically possible.
  • Right not to be subject to automated decisions: the right to oppose being the subject of a decision based solely on automated data processing (without human intervention), including profiling, which may have legal repercussions in and on itself or affects the user in a meaningful way.
  • Right to withdraw consent at any time: the right to withdraw consent at any time to the processing of data for a specific purpose, when the processing of said data is based on consent.

In the event that a user requests their data to be rectified or deleted, EASY will proceed to block the information, adopting technical and organizational measures, to prevent their usage, except when required by judges and courts.

EASY states that it performs data processing based on automated decisions or profiling (without human intervention) that may produce negative legal effects on the owner of personal data.


  • Exercise of rights

The owner of the personal data can exercise the rights indicated in the previous section, by sending an email, specifying the name, surname and address for notifications, as well as the right they wish to exercise and a copy of their identity document, to the following addresses:

In turn, if you are not satisfied, you can file a claim with the Spanish Data Protection Agency (AEPD) as the competent control authority in the matter, at the following address C / Jorge Juan, 6 – 28001, Madrid ; or through the following link