Privacy Policy


General information

We, DaoPay GmbH (henceforth also referred to as „DaoPay“), appreciate your trust, sharing your information with us. We care about the protection of your personal data. The processing of your personal data takes place according to the data protection regulations (especially GDPR, Data Protection Adaptation Act 2018, TKG, Austrian Payment Act (ZaDiG 2018)). The Privacy Policy describes how DaoPay collects, uses and safeguards information and personal data (henceforth also referred to as Data). DaoPay reserves the right to change this Privacy Policy at any time by publishing a revised version on the company´s website. The revised version will become effective at the time of its publication. This policy should be subject to annual review.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, unless otherwise defined in this Privacy Policy.

About us

PXP Financial Limited (hereinafter “PXP” or “Controller”) with registered office in Roydon Road, Stanstead Abbots, Hertfordshire SG12 8XL, UK is an omni-channel payment provider and holds an FCA license in the UK.

DaoPay GmbH DaoPay GmbH (hereinafter “DaoPay“ or “Joint Controller”) with registered office in Hackhofergasse 5/14, 1190 Vienna, is an all-in-one payment processing provider licenced by the Austrian Financial Market Authority.

Joint Controllers

PXP Financial Limited and DaoPay GmbH have concluded a Joint Controller Agreement which sets out the duties of both Controllers in accordance with Art. 26 of the General Data Protection Regulation (GDPR) and the equivalent provisions of the applicable data protection laws.

Contact details of the Controller and the Joint Controller

PXP Financial Limited

The Corn Mill – Roydon Road, Stanstead Abbots,
Hertfordshire SG12 8XL, UK
Contact details of the data protection officer
Donau-City-Straße 6/20, 1220 Vienna, Austria

DaoPay GmbH

Hackhofergasse 5/14, 1190 Vienna, Austria
Contact details of the data protection officer
Hackhofergasse 5/14, 1190 Vienna, Austria
Email: “

Data Protection Officer

DaoPay’s Data Protection Officer is Christoph Lamprecht. He is responsible for the company’s data protection issues in accordance with legal and regulatory requirements. Data Protection Officer reports directly to the Managing Directors.

The main functions of Data Protection Officer are:

•  Monitoring compliance with data protection regulations and ensuring rule-compliant processes and guideline within DaoPay
•  Data Protection Officer is contact person for the data subject rights
•  Data Protection Officer is also the contact person and informant regarding data protection matters for the other employees within DaoPay
•  Comprehensive advice and support for all special areas of DaoPay in the field of data protection
•  Cooperation with the data protection authority
•  Implementation and release of data protection impact assessments

Personal data

Personal data means all data which may be linked to a specific and real person and which may be utilized to identify this person.

How we use Your Information lawfully

Your personal data will only be processed for specific, explicit and legitimate purposes and in the context of lawfulness. In particular, personal data of data subjects will be processed under the circumstances as described below.

Purposes of the processing and legal grounds

Personal data shall be processed

Without your consent, by the Joint Controllers, for the following purposes:

  • Complying with specific pre-contractual or contractual obligations undertaken by us to our customers;
  • Complying with national or EU laws and regulations, or executing orders or instructions given to the Joint Controllers by judicial authorities, oversight authorities or professional bodies;
  • Exercising the rights of the Joint Controllers, specifically defending themselves in court proceedings.

Based on the legitimate interests of the Joint Controllers to establish and maintain optimal professional relationships with current and prospective customers, personal data shall be processed by the Joint Controllers for the following purposes:

  • Carrying out customer relationship management, develop with the ‘contacts’ of current and prospective customers, and any other persons/entities with whom the Joint Controllers‘ professionals have developed business relationships
  • Complying with the policies and procedures adopted by the Joint Controllers, to manage shared verification processes preliminary to the acceptance and correct performance of possible assignments and quality control processes

With your consent by the Joint Controllers for the following purposes, whereby your consent to the use of the data is optional and therefore you may decide not to give your consent, or to withdraw it at any time:

  • Sending you newsletters, publications and studies, survey results, market analyses or analyses of specific industries or businesses, and any other type of professional information material, as of specific interest to you, published by the Joint Controllers.


DaoPay has taken all precautions to fully comply with the requirements of the GDPR.

Personal data will be stored and processed only insofar as this is necessary for the provision of services. Data is used solely for the purpose of immediate service provision. At no time will this information be disclosed to unauthorized third parties.

DaoPay stores your Data in accordance with the legal obligations to preserve records.

Right to Correct Inaccurate Personal Information

You have right to request correction of inaccurate personal information processed by us.

Children’s Privacy

Under no circumstances we would collect or process personal identifiable information from or about children under 13 years of age.

Data collection and protection

DaoPay will process information or personal data on its servers and protect them through physical, electronic and procedural measures, in accordance with applicable law. This helps prevent unauthorized access, maintains data accuracy and ensures that the information is used correctly.

DaoPay will grant only those employees access to such information who require it to perform their work.

DaoPay does not share personal data with any third party without your consent – unless DaoPay is obliged to do so by law or by court order, or if passing on Data is necessary in order to take legal action against fraudulent access to Internet structures. DaoPay does not pass on Data for any other reason, and will only collect, store and process information to be able to offer you high-standard service, individual information and communication. Naturally, you are entitled to be informed of the purpose of the Data storage; for information about the stored Data, simply send an email to privacy(at)

The storage and processing of the personal data transmitted or disclosed to us, takes place only for the following purposes: processing, billing and controlling payment transactions, providing customer support, assuring the best service possible, for statistical evaluations (not profiling) as well as prevention of fraud and abuse.

Any personal data collected as part of a payment process to conduct business transactions is only transmitted by DaoPay to the extent necessary to the parties involved in the online purchase (the online merchant where the purchase was made, and the payment system operator whose payment system was used to make the payment). The legal basis for processing is Article 6 (1b) GDPR.

The downstream payment processing is performed by authorized payment system providers and our contracted business partners (typically banks and credit card or telecommunication companies) that are authorized to carry out the relevant payment process and have in place appropriately secured systems. This is necessary in order to process distance selling payments and to facilitate the use of DaoPay services.

Protecting your privacy is very important to us, and we are always happy to answer any questions you may have via e-mail at privacy(at)

Data protection declaration for the use of Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses “cookies”. These are text files which are stored on your computer and make it possible to analyze your use of the website. The data generated by the cookie about your use of this website is generally transmitted to the Google server in the USA, where it is stored.

If you are located in a member state of the European Union, or another state which is party to the Agreement on the European Economic Area, and you have activated IP anonymization for this website, your IP address will, however, first be abridged by Google. Only in exceptional cases, your full IP address is transmitted to the Google server in the USA, where it is then abridged. Google uses this information by order of the operator of this website to analyze your use of the website, to compile reports on website activity and to provide further services connected with the use of this website and the Internet to the the website operator. The IP address identified on your browser by Google Analytics is not connected to other Google data.

DaoPay and our service providers use the IP address to enable you to access and use our website and also to detect and ward off attacks against our website. Unfortunately, there are repeated attacks against the websites, in order to damage its operators or users (e.g. prevent an access to the website, spying on the data, exuding of malicious software (e.g. Viruses) or other illegal purposes). The appropriate use of our website and its functionality and the security of the users of our websites may be affected through such attacks. The processing of the IP address including the time of the access, takes place to ward off such attacks and avert the potential dangers for us and for the users of our website. We pursue with the processing through our service providers the legitimate interest of the maintenance of our business and the defense of illegal malfunction against us and the users of our website. The legal basis for processing is Article 6 (1f) GDPR. The stored IP data will be deleted by anonymization, if it is no longer needed for the detection or defense of the attack.

We will collect and store the information in this form for the following purposes:

  • to contact you once you have submitted a form on our website
  • to send you information which we think may be of interest to you
  • to send you marketing communications related to our products and services to comply with regulations

In the course of your visit to our website, your computer may be issued with cookies. Cookies are files containing a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from our website when you visit and are stored on your computer’s hard drive. Our website uses these “cookies” to collect information and to improve our service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, some portions of our service will not be available any longer.

Cookies are commonly used on the Internet and do not harm your system. Cookies have a number of uses.

You are at liberty to prevent cookies from being stored by adjusting your browser software accordingly. We regret to inform you, however, that you may not be able to make full use of all the functions on this website if you do so. In addition, you can prevent the data generated by the cookie and the data concerning your use of this website (including your IP address) from being transmitted to or processed by Google by clicking on the following link and downloading and installing the browser plug-in:

Your rights

You have the rights to information and access, rectification and erasure of your personal data, restriction of processing, revocation of your consent and right to object. To perform your rights, please contact DaoPay GmbH, Hackhofergasse 5/14, 1190 Vienna, Austria, e-mail: privacy(at)

If you think that, the processing of your Data breaches data protection law or if your data protection rights have been violated in any other way, please feel free to lodge a complaint with the regulatory authority. In Austria, this is the data protection authority.

How long do we keep Your Data

We will keep your data collected during our business relationship for 7 years upon the end of your contract with us. In relation to our legal obligations our records are kept for the relevant legal retention periods.

Other Purposes

We process the information provided by you for the following purposes, on base of the performance of a contract between you and us, to comply with applicable legal obligations and to provide you with a good customer service

  • to conclude and execute agreements with you and provide services to you.
  • to send administrative information to you, for example, information regarding our websites and changes to our Terms and Conditions.
  • to process consumer transactions on behalf of you
  • to complete and fulfill your order, have your order delivered to you, communicate with you regarding the service and provide you with related customer service.
  • to respond to your inquiries and fulfill your requests, such as to respond to your questions and comments.
  • to contact you when we have an obligation to do so.
  • to offer and facilitate the provision of services upon your request
  • to improve our service and developing new services.
  • to resolve conflicts, manage litigation, resolve issues, and provide you customer service (including troubleshooting in connection with customer issues).
  • to provide you with updates and announcements concerning our products, promotions, and programs and to send you invitations to participate in special programs (direct marketing). The personal data collected for direct marketing purposes may be processed only with the unambiguous active consent of you which clearly indicates that you agree with the processing of your personal data for direct marketing. You have a right to withhold your consent or withdraw previously given consent without any adverse effect.
  • to personalize your experience on the website by presenting products and offers tailored to you. The legal basis for data processing is our legitimate interest.
  • for our business purposes, such as analyzing and managing our businesses, business mergers, and acquisitions, market research, audits, developing new products, enhancing our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and gauging customer satisfaction. As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence.

Contact form

If you send us an inquiry via the contact form, we will collect the data provided in the form including the provided contact details to respond to your inquiry and for any follow-up questions. We never disclose these details without your permission.

Newsletter details

If you would like to receive the newsletter offered on our website, we require a valid email address and information that allows us to verify that you are the owner of the email address you have provided and that you agree to receive the newsletter. Other data is not collected. We use this data exclusively for sending out the requested information and do not pass it on to third parties.

You may revoke your consent for storing your data, your email address, and its use for sending you the newsletter at any time, for example, by following the “Unsubscribe” link in the newsletter.

References to norms and standards



Responsibility Role
Document Owner Creation and maintaining this document Head of Legal & Compliance
Legislative Statement of liability Managing directors
Implementation Execution CISO
Administration Operations CISO, IT
Inspection Audit of the company Internal IT Revision
Risk analysis Evaluation of the results IT-Security Management Team