Handi Cash logo

Specializing in Micropayments

 

Handi.cash Limited GDPR Privacy Policy

Handi.cash Limited is strongly committed to protecting your privacy and complying with your choices. Both personal and non-personal information collected is safeguarded according to the highest privacy and data protection standards adopted worldwide. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586).

Data Controller

Handi.cash Limited
Registered Address: 107/1, Suite 6, Triq il-Gallina, Kappara, San Gwann, SGN 4118, Malta
Company Registration No: C 70142
Email: dpo@handi.cash
Tel: +356 21 686 850

Our Commitment

Handi.cash Limited does not sell personal data. We only share personal data with service providers, partners, or authorities where this is necessary, lawful, and subject to appropriate safeguards. We use state-of-the-art security measures to protect your information from unauthorized users. We give you the possibility to control and manage information that you shared with us.

Handi.cash Limited is committed to processing data in accordance with its responsibilities under the GDPR.

Article 5 of the GDPR requires that personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Notice

We will clearly inform you when information that personally identifies you ("personal information") is asked for and you will have the choice to provide it or not. Generally, this information is requested when you [install/download/subscribe] to product updates, newsletters or other online services.

Legal Bases for Processing

Handi.cash Limited processes personal data in accordance with the lawful bases set out in Article 6 of the GDPR and the Data Protection Act (Cap. 586). Depending on the specific processing activity, your personal data may be processed on the following legal bases:

Contractual Necessity

Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.

This includes:

  • Providing the Handi.cash services
  • Executing transactions
  • Managing your account and verifying your identity
  • Providing customer support

Legal Obligations

Processing is necessary for Handi.cash Limited to comply with its legal obligations, including obligations under:

  • Anti-Money Laundering and Counter-Financing of Terrorism laws (AML/CFT)
  • MFSA rules and regulatory requirements
  • Sanctions screening
  • Tax, bookkeeping and record-keeping laws
  • Fraud prevention and reporting obligations
  • Law enforcement or regulatory requests

Legitimate Interests

Processing is necessary for the purposes of Handi.cash Limited's legitimate interests, provided these do not override your fundamental rights and freedoms.

These include:

  • Fraud prevention and transaction monitoring
  • Improving and developing our services and user experience
  • Ensuring network and information security
  • Preventing misuse of the Handi.cash application
  • Internal management and business continuity purposes

Consent

Where applicable, and only when freely given, we process certain personal data on the basis of your consent.

This applies to:

  • Marketing communications
  • Access to your contact list (if you choose to enable this feature)
  • Any optional services that require your explicit approval

You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to your withdrawal.

Personal Information may include the following:

1. Identification Data

  • Name and surname
  • Date of birth
  • Place of birth
  • Identification document details (type, number, issuing authority, issue/expiry dates)
  • Facial image (selfie/photo) used for identity verification
  • Citizenship and nationality

2. Contact Data

  • Residential address
  • Email address
  • Mobile and telephone numbers

(The previous "contact list" fields — title, work email, company, job title, etc. — have been removed as they are not necessary and would violate the Storage Limitation Principle unless the app actually syncs contacts.)

3. KYC / AML Due Diligence Data

  • Information about your transaction counterparties
  • Information on business activities
  • Data related to origin of funds or wealth
  • Data relating to AML/CFT screening, sanctions checks, and monitoring
  • Information obtained from law enforcement, regulators, notaries, courts, and other competent authorities
  • Payment behaviour and transaction monitoring information

4. Financial & Transactional Data

  • Bank account numbers and card/payment instrument information
  • Transaction history and details
  • Credits, debits, income, liabilities
  • Records of executed transactions through the Handi.cash app
  • Fees, charges, applications, requests, complaints
  • Data relating to business relationships with legal entities (e.g., authorised signatory data)

5. Contractual Relationship Data

  • Information relating to the performance or failure of agreements
  • Service usage information
  • Account lifecycle data
  • Records of interactions relating to customer support

6. Communication Data

  • Communications via phone, email, chat, messages, or other tools
  • Visual and audio recordings (e.g., recorded support calls where applicable)
  • Data collected during visits to our website or communication through other digital channels

7. Device & Technical Data

  • IP address
  • Mobile device identifiers
  • Operating system information
  • Language and region settings
  • Log data and online identifiers
  • Security and diagnostic data (e.g., crash logs, behavioural analytics for fraud prevention)
  • GPS coordinates or approximate location data where necessary to provide the service

8. Special Categories of Personal Data (Processed Only When Necessary)

Special categories are only processed where strictly required and legally permissible, for example for identity verification:

  • Biometric data (e.g., facial recognition data used for identity and liveness-check verification)

(Note: These must be processed under explicit consent or substantial public interest + legal obligation — depending on your onboarding flow.)

Your rights

You are entitled to know, free of charge, what type of information Handi.cash holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what Handicash is doing to comply with data protection legislation. To review the personal information you have provided us and ensure that it is accurate and current at all times. To review or update this information simply send an email to dpo@handi.cash or request that we send you this information.

The GDPR establishes a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by Handi.cash. Requests for access to personal information by data subjects are to be made in writing and sent to dpo@handi.cash. Your identification details such as ID number, name and surname have to be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.

Handi.cash aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.

All data subjects have the right to request that their information is not used or is amended if it results to be incorrect. Data subjects may also request that their data is erased.

These rights may be restricted, if applicable, as per Data Protection Legislation.

Security of information

Handi.cash Limited is strongly committed to protecting your information and ensuring that your choices are honored. We have taken strong security measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. All sensitive data is stored behind multiple firewalls on secure servers with restricted employee access.

We guarantee that all transactions follow the latest security measures and use the best available technologies. Secure Sockets Layer (SSL) technology is employed when you transmit sensitive information. SSL is one of the safest methods of passing information over the Internet.

Handi.cash Limited implements ICT and security measures aligned with Regulation (EU) 2022/2554 (DORA) and the MFSA ICT Governance Guidelines, including multi-factor authentication, encryption, role-based access controls, incident reporting, and regular testing of business continuity systems.

Retention of information

For AML/CFT purposes, certain records must be retained for five (5) years from the termination of the business relationship or the execution of an occasional transaction, in accordance with the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR).

Disclosures and Data Recipients

Handi.cash Limited does not sell personal data. However, in order to operate our services, comply with our legal obligations, and protect our users, we may disclose personal data to the following categories of recipients, strictly on a need-to-know basis and subject to appropriate technical and organisational safeguards:

Group Entities and Internal Functions: Staff members and internal departments (including Compliance, Risk, Payments Operations, Customer Support, IT and Security) where access is strictly necessary for their duties.

Service Providers (Processors): Handi.cash engages third-party service providers who process personal data on our behalf, including:

  • IT and cloud hosting providers
  • Software development and systems maintenance providers
  • Identity verification and biometric verification providers
  • KYC/AML screening, sanctions screening and transaction-monitoring solution providers
  • Fraud detection and prevention service providers
  • Customer support and communication tool providers
  • Data storage, email, and secure hosting infrastructure providers

All service providers are bound by written data processing agreements under Article 28 GDPR.

Financial and Payment Partners: To execute payments and support financial operations, we may share personal data with:

  • Correspondent banks
  • Card processors and payment service providers
  • Other financial institutions involved in a transaction
  • E-money and payment infrastructure partners

Professional Advisors: Where required, we may share personal data with:

  • External legal counsel
  • Auditors and accountants
  • Regulatory compliance consultants

Public Authorities and Regulators: We may disclose personal data where legally required or permitted to:

  • The Malta Financial Services Authority (MFSA)
  • The Financial Intelligence Analysis Unit (FIAU)
  • The Central Bank of Malta
  • Law enforcement authorities
  • Tax authorities
  • Courts, tribunals, and other competent bodies

Such disclosures may occur for AML/CFT compliance, sanctions enforcement, regulatory inspections, reporting obligations, or to comply with legal process.

Third Parties in Connection with Corporate Events: If Handi.cash undergoes restructuring, merger, acquisition, investment, or corporate reorganisation, personal data may be disclosed to relevant third parties subject to confidentiality and GDPR safeguards.

Third Parties Authorised by You: We may disclose your personal data to third parties where you explicitly request or consent to such disclosure.

EU and EEA Users' Rights

If you are habitually located in the European Union or European Economic Area, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:

You have the right to access your personal data and, if necessary, have it amended or deleted or restricted. In certain instances, you may have the right to the portability of your data. You can also ask us to not send marketing communications and not to use your personal data when we carry out profiling for direct marketing purposes.

What we do with the Information you share

We share personal data only where necessary, lawful, and subject to safeguards, including with payment partners, IT service providers, KYC/AML solution providers, auditors, and regulatory authorities. Inside the company, data is stored behind multiple firewalls on secure servers with restricted user access.

When you register to our handi.cash app, you are asked to provide your contact information, including a valid email address. We use this information to send you updates and information about our services.

In very rare instances handi.cash may disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the requirements of the law or comply with legal process served on handi.cash; (b) protect and defend the rights or property of handi.cash; and (c) act in urgent circumstances to protect the personal safety of users of handi.cash.

Does Handi.cash Limited privacy policy apply to linked websites?

Our Privacy Policy applies solely to information collected through handi.cash app.

The handi.cash app contains links to web sites of third parties. Handi.cash is not responsible for the actions of these third parties, including their privacy practices and any content posted on their web sites.

We encourage you to review their privacy policies to learn more about what, why and how they collect and use personal information. Handi.cash adheres to industry recognized standards to secure any personal information in our possession, and to secure it from unauthorized access and tampering.

However, as is true with all online actions, it is possible that third parties may unlawfully intercept transmissions of personal information, or other users of the Site may misuse or abuse your personal information that they may collect from the Site.

Handi.cash uses mobile analytics and tracking technologies (such as device identifiers, crash logs, and behavioural metrics) to improve app performance and security. We do not use advertising cookies within the app.

This site will also allow you to review the third-party advertising companies' privacy policies.

International Data Transfers

Handi.cash Limited may transfer personal data outside the European Union ("EU") or European Economic Area ("EEA") where this is necessary for the provision of our services, for operational continuity, or to comply with our legal and regulatory obligations. Any such transfers are performed in accordance with Chapter V of the GDPR and are subject to appropriate safeguards to ensure that your personal data remains protected.

1. Adequacy Decisions

Where personal data is transferred to a country that has been granted an Adequacy Decision by the European Commission, the transfer is treated as offering an equivalent level of protection to that of the EU/EEA.

2. Standard Contractual Clauses (SCCs)

For transfers to countries without an adequacy decision, Handi.cash Limited relies on the European Commission's Standard Contractual Clauses (SCCs) as the lawful transfer mechanism. These contractual clauses impose data protection obligations on the recipient to ensure an essentially equivalent level of protection.

3. Transfer Impact Assessments (TIAs / TRAs)

Before transferring personal data outside the EU/EEA on the basis of SCCs, Handi.cash Limited carries out a Transfer Impact Assessment (TIA) or Transfer Risk Assessment (TRA) to evaluate:

  • the legal and regulatory landscape of the recipient country;
  • risks related to access by public authorities;
  • the technical, organisational, and contractual safeguards available.

Where required, supplementary measures are implemented, such as encryption, data minimisation, or additional contractual protections.

4. Processors and Sub-Processors Outside the EU/EEA

Where our third-party service providers or their sub-processors are located outside the EU/EEA, they are contractually bound to comply with the SCCs and any supplementary measures required under GDPR and EDPB recommendations.

5. Your Rights

You may request further information regarding international transfers, including a copy of the relevant SCCs, by contacting us at dpo@handi.cash.

Profiling & Automated Decision-Making

Handi.cash Limited may use automated systems to support decisions required for the provision of its services and to comply with legal and regulatory obligations. These systems help us detect fraud, assess risk, and meet our AML/CFT and sanctions-screening duties.

1. Types of Automated Processing

We may use automated tools for:

  • Fraud detection and transaction monitoring
  • Sanctions and politically exposed persons (PEP) screening
  • Automated risk scoring and ongoing AML/CFT risk assessment
  • Security and behavioural analytics for the prevention of misuse or unauthorised access

These processes are necessary to comply with legal obligations and to protect both users and the integrity of the financial system.

2. Impact on You

Some automated decisions may affect your ability to use certain features of the Handi.cash app (for example, blocking or flagging a transaction, restricting an account, triggering enhanced verification, or preventing high-risk activity).

Such processing is performed only where authorised by law, necessary for contract performance, or based on your explicit consent when required.

3. Your Rights Under GDPR

In accordance with Article 22 GDPR, where a decision is based solely on automated processing and produces legal or similarly significant effects, you have the right to:

  • Request human intervention
  • Express your point of view
  • Contest the decision

You may exercise these rights by contacting us at dpo@handi.cash. We will review your request and ensure that a qualified team member assesses the situation and responds without undue delay.

Changes to this Policy

If we make changes to our Privacy Policy, we will post these changes here so that you are always aware of what information we collect, how we use it and under what circumstances, if any, we disclose it. If at any point we decide to use your information in a manner different from that stated at the time it was collected, we will notify you by email.

Enforcement of Policy

If for some reason you believe handi.cash Limited has not adhered to these principles, please notify us and we will do our best to promptly make corrections.

Questions or Comments

If you have questions or comments about this privacy policy, please email us or write us at:

Handi.cash Limited
107/1 Suite 6, Triq il-Gallina
Kappara San Gwann
SGN 4118
Malta

dpo@handi.cash

For information about how to contact handi.cash limited please visit our contact page.

Last Updated: 15th December 2025

 

We are a group of forward thinking Europeans happily living in Malta. We seek to offer, for all those living on these islands, a fast & simple way of using their smartphone as an electronic wallet.

Available for

Quick Links

Home





Legal

Terms and Conditions
Supplementary T&Cs for Merchants
Cookie Policy



Contact

handi.cash Ltd. (C70142)

Registered address: 107/1 Suite 6 Triq il-Gallina, Kappara-SGN 4118-Malta
Office address: handi.cash Limited, Office 12 Level 2, Vision Exchange Building, Triq il-Territorjals, Zone 1, Central Busniess District, Birkirkara, CBD1070 Malta
+356 21686850
support@handi.cash