Privacy Policy

Last updated: 2/16/2025

1. General Provisions and Scope

This Privacy Policy explains how YP Financial OÜ, collects, uses, stores, and protects personal and business information. It applies to all visitors, users, and clients who access the company's website, mobile applications, or related services.

The Policy is designed in accordance with the EU General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and other applicable privacy laws. By using our website or services, you agree to the terms of this Policy and consent to the processing of your data as described herein.

YP Financial OÜ is committed to ensuring transparency, confidentiality, and the lawful processing of all personal data collected through its platforms and third-party integrations.

2. About YP Financial OÜ (Data Controller Information)

YP Financial OÜ, a private limited company registered in Estonia under registry code 17209402, is the data controller responsible for processing your personal information. The company's registered office is located at Narva mnt 5, 10117 Tallinn, Estonia.

All inquiries related to personal data, privacy, or data protection practices can be directed to:

Email: Loading...

Mail: YP Financial OÜ – Data Protection Officer, Narva mnt 5, 10117 Tallinn, Estonia

YP Financial OÜ operates its financial and payment infrastructure under strict compliance with EU data protection standards and may process data on behalf of its affiliated brands, as part of its service operations.

3. Information We Collect

YP Financial OÜ collects personal and business information necessary to provide its financial, technological, and compliance services. The data collected may include:

  • Identification Data: full name, date of birth, nationality, identification number, and copies of identity documents.
  • Contact Information: email address, phone number, and physical or business address.
  • Financial Information: bank account details, transaction history, payment instructions, and wallet addresses.
  • Business Information (KYB): company name, registration data, directors, shareholders, and beneficial owners.
  • Technical Data: IP address, browser type, device identifiers, login records, and activity logs.
  • Compliance Data: sanctions screening results, KYC/KYB verification, and risk assessments.

All information is collected directly from users during registration or interaction with YP Financial OÜ platforms, and in some cases, through verified third-party providers, strictly for compliance and operational purposes.

4. Purpose and Legal Basis for Data Processing (Legitimate Interest & Contract Performance)

YP Financial OÜ processes personal and business data only when there is a lawful and legitimate basis under the General Data Protection Regulation (GDPR). The main purposes include:

  • To provide and manage services: enabling account registration, verification, payments, and other platform functions.
  • To comply with legal and regulatory obligations: fulfilling Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) requirements, sanctions screening, and record-keeping duties.
  • To perform contractual obligations: processing transactions, communicating with clients, and maintaining service continuity.
  • To protect legitimate interests: preventing fraud, ensuring system security, managing business operations, and improving service quality.
  • To communicate with users: sending updates, legal notices, or service-related information (never for unsolicited marketing without consent).

When we refer to "legitimate interest", we mean YP Financial OÜ's need to use data in ways that are necessary for the operation, protection, and lawful management of its business, without infringing users' rights.

When we refer to "performance of contract", we mean the processing of data required to deliver the services requested by the user under an active business or service agreement.

5. Data Sharing and Disclosure to Third Parties

YP Financial OÜ may share personal and business data only when necessary for legal, regulatory, or operational purposes. Data is never sold, rented, or disclosed for marketing purposes. Sharing occurs under strict confidentiality and data protection standards with the following categories of recipients:

  • Regulated service partners, and similar providers that assist with KYC/KYB verification, payment processing, or wallet operations.
  • Regulatory and supervisory authorities, including the Estonian Financial Intelligence Unit (FIU) or other competent agencies, when required by law.
  • Banking, financial, and compliance partners engaged in transaction settlement, fraud prevention, and sanctions screening.
  • Professional advisors and auditors (legal, accounting, or compliance consultants) bound by confidentiality obligations.
  • Technology and infrastructure providers offering secure hosting, analytics, or support services under GDPR-compliant agreements.

All third parties acting on behalf of YP Financial OÜ process data strictly according to our instructions and are contractually obligated to maintain confidentiality and security standards equivalent to EU requirements.

6. Cookies and Tracking Technologies

YP Financial OÜ uses cookies and similar tracking technologies to enhance website functionality, analyze user behavior, and improve overall service performance. Cookies are small text files stored on your device that help the website recognize your browser and remember certain information.

We use:

  • Essential cookies – required for core site functionality and security.
  • Analytical cookies – to understand how users interact with the website and improve usability.
  • Preference cookies – to remember user settings and language preferences.

You can manage or disable cookies through your browser settings; however, some parts of the website may not function properly without them. By continuing to use the site, you consent to the use of cookies in accordance with this Policy and applicable data protection laws.

7. Data Security and Protection Measures

YP Financial OÜ implements strict technical and organizational measures to ensure the confidentiality, integrity, and availability of all personal and business data. Security practices include:

  • Encryption of data during transmission and storage using industry-standard protocols (SSL/TLS and AES).
  • Access controls that restrict data handling to authorized personnel under confidentiality obligations.
  • Multi-factor authentication (MFA) for internal and partner systems.
  • Regular security audits and penetration testing to identify and mitigate potential vulnerabilities.
  • Continuous monitoring of systems for unauthorized access or anomalies.

While YP Financial OÜ takes all reasonable precautions to safeguard information, users acknowledge that no online platform or electronic transmission can be guaranteed to be completely secure. The company promptly investigates and reports any security breaches in accordance with GDPR and Estonian data protection regulations.

8. Data Retention and Storage Periods

YP Financial OÜ retains personal and business data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Retention periods depend on the nature of the data and applicable regulatory obligations:

  • KYC/KYB and transaction records: retained for a minimum of five (5) years after the end of the business relationship, extendable to ten (10) years if required by financial or regulatory authorities.
  • Compliance and audit logs: retained to meet AML/CTF and legal reporting obligations.
  • Technical and operational data: stored for as long as needed to maintain system integrity and resolve disputes.

After the retention period expires, data is securely deleted or anonymized in accordance with GDPR and Estonian data protection standards. Users may request information about specific retention timelines related to their data by contacting YP Financial OÜ.

9. Age of Consent and Protection of Minors

YP Financial OÜ's website and services are intended exclusively for individuals aged 18 years or older. The company does not knowingly collect, process, or store personal data from minors. If it is discovered that personal information has been collected from a person under 18 without verified parental or guardian consent, the data will be deleted immediately.

Parents or legal guardians who believe that a minor has provided personal information to YP Financial OÜ may contact the company at Loading... to request its removal. The company applies enhanced data protection and verification standards to prevent unauthorized access or use by underage individuals.

10. User Rights Under GDPR

Under the General Data Protection Regulation (GDPR), users have full control over their personal data processed by YP Financial OÜ. You may exercise the following rights at any time:

  • Right of Access: request a copy of the personal data we hold about you.
  • Right to Rectification: request correction of inaccurate or incomplete information.
  • Right to Erasure ("Right to be Forgotten"): request deletion of your data where legally permissible.
  • Right to Restrict Processing: request limitation of how your data is used in specific circumstances.
  • Right to Data Portability: request the transfer of your data to you or to another service provider.
  • Right to Object: object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: withdraw your consent at any time when processing is based on prior authorization.

Requests can be submitted by email to Loading.... YP Financial OÜ will respond within the timeframes established by GDPR and may require identity verification to ensure the security of your request.

11. International Data Transfers

YP Financial OÜ may transfer personal or business data to trusted partners or service providers located outside the European Economic Area (EEA) when necessary for service delivery, compliance checks, or transaction processing. These transfers are conducted only under conditions that ensure equivalent levels of data protection.

All international data transfers comply with GDPR Chapter V and rely on one or more of the following safeguards:

  • Adequacy decisions by the European Commission confirming adequate data protection in the recipient country.
  • Standard Contractual Clauses (SCCs) approved by the European Commission, binding partners to GDPR-level standards.
  • Data Processing Agreements (DPAs) that impose strict confidentiality and security obligations on all external processors.

By using YP Financial OÜ's platforms and services, users acknowledge that their data may be securely processed in other jurisdictions strictly for operational, compliance, or technical purposes.

12. Updates and Changes to This Policy

YP Financial OÜ may revise or update this Privacy Policy periodically to reflect regulatory changes, technological developments, or adjustments to its business operations. Any modifications will be published on the official website (www.ypfinancial.eu) with the updated effective date clearly stated at the top of the document.

Users are encouraged to review this Policy regularly to stay informed about how their data is collected and processed. Continued use of the website or related services after updates are posted will constitute acceptance of the revised Policy. If any material changes affect users' rights or data processing practices, YP Financial OÜ will provide additional notice through email or platform notifications where appropriate.

13. Requests for Access or Modification of Personal Data

Users may at any time request access to the personal data held by YP Financial OÜ, as well as corrections, updates, or deletions in accordance with GDPR rights. To submit a request, users must send a written notice to Loading... including sufficient information to verify their identity and specify the data or action requested.

Upon receiving a valid request, YP Financial OÜ will:

  • Confirm receipt of the request.
  • Verify the requester's identity to prevent unauthorized disclosure.
  • Process the request within the time limits established by the General Data Protection Regulation (GDPR), typically within 30 days.

If additional time or information is required to fulfill the request, the company will inform the user promptly and explain the reason for the delay.

14. Complaints and Supervisory Authority

If you believe that YP Financial OÜ has mishandled your personal data or violated your privacy rights, you have the right to file a complaint directly with the company or with the competent data protection authority.

Users are encouraged to first contact YP Financial OÜ at Loading... to resolve the matter amicably. The company will investigate all complaints promptly and respond in accordance with GDPR requirements.

If you are not satisfied with the company's response, you may lodge a formal complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), the supervisory authority responsible for monitoring data protection compliance in Estonia.

Contact of Supervisory Authority:

Estonian Data Protection Inspectorate

Tatari 39, 10134 Tallinn, Estonia

Email: Loading...

Website: www.aki.ee

15. Contact Information and Response Time

For any questions, requests, or concerns regarding this Privacy Policy or the processing of personal data, users may contact YP Financial OÜ directly:

Data Protection Officer

YP Financial OÜ

Narva mnt 5, 10117 Tallinn, Estonia

Email: Loading...

All inquiries will be acknowledged promptly and answered within 30 calendar days, as required under the General Data Protection Regulation (GDPR). In cases involving complex or extensive requests, YP Financial OÜ may extend this period by an additional 60 days, notifying the user of the reason and expected resolution date.