IAAI
Get Started

Legal

GDPR Compliance

This page outlines how IAAI aligns with the General Data Protection Regulation (GDPR) and protects personal data processed in connection with its website and technology services.

Regulation: EU GDPR (Regulation 2016/679)
Role: Controller & processor (as applicable)
Scope: Personal data protection
Applicability: Website & technology services
LEGAL

GDPR
Compliance

This section explains how IAAI processes personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection principles.

1. Role Under GDPR

IAAI acts primarily as a data controller for personal data collected through its website and as a data processor where applicable in relation to its technology services. IAAI does not process payment transactions or hold personal financial data related to merchant funds.

2. Lawful Basis for Processing

Personal data is processed based on legitimate interest, contractual necessity, legal obligations, or explicit consent, depending on the nature of the interaction and applicable requirements.

3. Categories of Personal Data

IAAI may process limited personal data such as names, contact details, company information, communication records, and technical usage data generated through website access or platform interaction.

4. Data Minimization & Purpose Limitation

Personal data is collected only to the extent necessary for defined purposes, including communication, service evaluation, compliance support, and platform operation. Data is not used for unrelated or excessive purposes.

5. Data Security Measures

IAAI applies technical and organizational measures aligned with industry standards, including access controls, encryption, and internal policies designed to protect personal data from unauthorized access or disclosure.

6. Data Retention

Personal data is retained only for as long as necessary to fulfill its intended purpose or comply with legal and regulatory obligations. Retention periods vary depending on the data category and context.

7. Data Subject Rights

Data subjects have the right to request access, correction, restriction, or deletion of their personal data, as well as the right to object to certain processing activities, in accordance with GDPR provisions.

8. Third-Party Processors

Where third-party service providers are involved in data processing, IAAI ensures that appropriate contractual and technical safeguards are in place to maintain GDPR compliance.

9. Contact & Requests

GDPR-related inquiries or data subject requests may be submitted through IAAI’s official communication channels as listed on this website.

Contact

Talk to a Payments Specialist

Phone
Book Strategy Call

IAAI provides modular payment infrastructure, compliance, and risk technology for high-risk and regulated businesses. No fund holding. Revenue-aligned partnerships.

Company

Solutions

Legal

© 2026 IAAI. All rights reserved.