This Privacy Policy explains how HIGHPEAKS HOLDING LTD (trading as "Alp‑Pay", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our payment processing services and website.
1. About Us
Data Controller: HIGHPEAKS HOLDING LTD
Registered Address: 7 Bell Yard, London, England, WC2A 2JR
Contact: support@alp-pay.com
2. Information We Collect
2.1 Personal Information You Provide
- Account Information: Name, email address, phone number, business details
- Identity Verification: Government-issued ID, proof of address, business registration documents
- Business Information: Company name, registration number, VAT number, business type, beneficial ownership details
- Financial Information: Bank account details, transaction history, payment card information (processed by certified payment processors)
- Communication Data: Messages, emails, support tickets, and phone call recordings
2.2 Information We Collect Automatically
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent on site, click patterns, referral sources
- Transaction Data: Payment amounts, currencies, merchant information, transaction status
- Security Data: Login attempts, device fingerprinting, fraud prevention metrics
2.3 Information from Third Parties
- Identity verification services and KYC/AML providers
- Credit reference agencies and fraud prevention agencies
- Government databases and sanctions screening services
- Banking partners and payment networks (Visa, Mastercard)
3. How We Use Your Information
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Providing payment processing services | Contract performance | Account, business, financial data |
| Identity verification and KYC/AML compliance | Legal obligation | Identity, business, verification documents |
| Fraud prevention and security | Legitimate interests | Technical, usage, transaction data |
| Customer support and communications | Contract performance | Contact details, communication records |
| Service improvement and analytics | Legitimate interests | Usage data, technical data (anonymized) |
| Marketing communications (with consent) | Consent | Contact details, preferences |
4. Information Sharing and Disclosure
4.1 Service Providers and Partners
We may share your information with trusted third parties who help us provide our services:
- Banking Partners: Licensed banks and financial institutions for payment processing
- Payment Networks: Visa, Mastercard, and other card schemes
- KYC/AML Providers: Identity verification and compliance screening services
- Technology Partners: Cloud hosting, security, and analytics providers
- Professional Services: Legal, audit, and compliance advisors
4.2 Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal obligations, court orders, or regulatory requests
- Prevent fraud, money laundering, or other financial crimes
- Protect our rights, property, or safety, or that of our users
- Assist law enforcement investigations
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to appropriate safeguards.
5. International Data Transfers
Your personal data may be transferred to and processed in countries outside the UK/EEA. When we do this, we ensure appropriate safeguards are in place through:
- Adequacy decisions by the UK Government or European Commission
- Standard contractual clauses approved by the UK ICO or European Commission
- Binding corporate rules or certification schemes
- Other appropriate safeguards as required by UK GDPR
6. Data Retention
We retain your personal information for as long as necessary to:
- Provide our services and maintain your account
- Comply with legal and regulatory obligations (typically 7 years for financial records)
- Resolve disputes and enforce our agreements
- Prevent fraud and ensure security
Specific Retention Periods:
- Account Data: Duration of relationship + 7 years
- Transaction Records: 7 years from transaction date
- Identity Documents: 7 years from account closure
- Marketing Data: Until consent is withdrawn
- Website Analytics: 26 months (anonymized)
7. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
7.1 Right of Access
You can request a copy of the personal data we hold about you, along with information about how we process it.
7.2 Right to Rectification
You can ask us to correct inaccurate or incomplete personal data.
7.3 Right to Erasure
You can request deletion of your personal data in certain circumstances (subject to legal retention requirements).
7.4 Right to Restrict Processing
You can ask us to limit how we use your personal data in certain situations.
7.5 Right to Data Portability
You can request your data in a portable format to transfer to another service provider.
7.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
7.7 Rights Related to Automated Decision-Making
You have rights regarding automated decision-making and profiling that produces legal or significant effects.
Exercise Your Rights
To exercise any of these rights, please contact us at:
We will respond to your request within one month.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience on our website:
8.1 Types of Cookies We Use
- Necessary Cookies: Essential for website functionality and security
- Preference Cookies: Remember your settings and preferences
- Analytics Cookies: Help us understand how you use our website
- Marketing Cookies: Used to deliver relevant advertisements (with your consent)
8.2 Managing Cookies
You can control cookies through your browser settings or our cookie preferences center. Note that disabling certain cookies may affect website functionality.
9. Security Measures
We implement comprehensive security measures to protect your personal data:
- Encryption: Data is encrypted in transit and at rest using industry-standard protocols
- Access Controls: Strict role-based access controls and multi-factor authentication
- Network Security: Firewalls, intrusion detection, and regular security monitoring
- Compliance: PCI DSS Level 1 certification and regular security audits
- Training: Regular security awareness training for all staff
- Incident Response: Comprehensive data breach response procedures
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will delete it promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:
- Post the updated policy on our website with a new "last updated" date
- Notify you via email or through our platform for material changes
- Obtain fresh consent where required by law
12. Contact Information
For any questions about this Privacy Policy or our data practices, please contact us:
Data Protection Contact
Email: privacy@alp-pay.com
Address: HIGHPEAKS HOLDING LTD
7 Bell Yard, London, England, WC2A 2JR
13. Complaints
If you believe we have not handled your personal data in accordance with this policy or applicable data protection laws, you have the right to lodge a complaint with:
UK Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
This policy is effective from 23 July 2025. By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.