Privacy Policy
Last updated: 12.09.2025.
NumaFi Solutions S.L. acts as a trusted bridge between merchants and acquiring banks. More than a traditional referral or lead generation provider, our mission is to deliver security, transparency, and compliance across every stage of the merchant–acquirer relationship.
This Privacy Policy (“Policy”) sets out how NumaFi Solutions S.L. (“NumaFi,” “we,” “us,” or “our”) gathers, processes, safeguards, and manages the personal data of individuals (“you,” “your,” or “User”) who access or interact with our Website.
We are dedicated to ensuring the confidentiality of your information and handle your personal data in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Spain’s Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
By voluntarily providing your personal data and using our Website, you acknowledge that your information will be processed in Spain, where NumaFi is established, and subject to the protections and safeguards described in this Policy. Where required by local law, we will also uphold your data privacy rights under the applicable data protection regulations in your jurisdiction.
NumaFi is the data controller responsible for the collection and processing of your personal data in this Website.
Registered Name: NumaFi Solutions S.L.
CIF: B22757561
Office Address: Calle Rio Nilo, Urb. Altos del Rodeo, Manzana 17, Casa 5, 29660 Marbella, Spain
This Policy covers the personal data gathered from individuals who visit and use this Website. If you are a client of our platform, please consult the specific data processing agreement included in your service contract, which explains in detail how we process information related to your business and your customers.
NumaFi primarily serves clients in the EU and Latin America, and we respect the data privacy laws in place within these regions. If you are located in Latin America, we will process your personal data in accordance with this Privacy Policy and the applicable local data protection laws of your jurisdiction. While our data processing is primarily governed by the GDPR and LOPDGDD, we also take into account regional privacy frameworks, including but not limited to Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – LGPD) and Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).
We may gather and handle the following types of personal data:
Identity and Contact Data: This includes your full name, username, email address, and phone number, which you provide when completing the contact form on our Website.
Technical Data: This encompasses your Internet Protocol (IP) address, browser type and version, operating system, device details, and other technologies on the devices you utilize to access our Website.
Communication Data: This consists of the content of your inquiries, feedback, and any correspondence sent to us through the contact form.
Usage Data: This refers to information regarding how you engage with our Website, including the pages you visit, the time and date of your visit, and the referring website. This data is collected through cookies and similar technologies to assist us in understanding user behavior and enhancing our site's performance.
We gather personal information through two primary methods. Firstly, when you fill out our contact and application forms, the details you submit, including your name, email address, and message, are collected and retained.
While you engage with our Website, specific technical and usage data—like your IP address, browser type, device details, and the pages you visit—are automatically gathered via cookies and related technologies.
We use cookies and similar technologies on our Website to ensure its proper functioning, improve user experience, analyze performance, and, with your consent, provide personalized content and advertising. Strictly necessary cookies are essential for technical operation and do not require consent, while analytics, functionality, and advertising cookies are only activated if you choose to enable them through our cookie consent tool or your browser settings. You may accept, reject, or manage your preferences at any time. For further details on our use of cookies, please read our Cookie Policy.
NumaFi is committed to ensuring that all personal data is processed lawfully, fairly, and transparently, in accordance with Article 5(1)(a) of the General Data Protection Regulation (GDPR). We only collect and process personal data for specified, explicit, and legitimate purposes, as required by Article 5(1)(b) GDPR, and we do not process data in ways that are incompatible with those purposes.
We rely on the legal bases set out in Article 6(1) GDPR, which include your consent when you provide information voluntarily, compliance with legal obligations such as tax, accounting, or anti-fraud requirements, and our legitimate business interests. These interests cover activities such as communicating with you, responding to inquiries, ensuring website and system security, improving our services, and managing business relationships.
In addition, NumaFi complies with its accountability obligations under Article 24 GDPR, maintains records of processing activities in line with Article 30, and has procedures to notify supervisory authorities and affected individuals of any personal data breaches as required by Articles 33 and 34 GDPR.
In all cases, NumaFi balances its legitimate interests with your fundamental rights and freedoms, ensuring that your data is handled responsibly and with due care. We will not use your personal data for any purpose that is inconsistent with this Policy or incompatible with the legal bases defined under the GDPR.
We utilize personal information we gather for the following reasons:
Communications: To address your questions, offer service updates, and deliver essential notifications.
Service/Website Enhancements: To examine usage patterns, refine Website performance, and improve the overall user experience.
Technical Monitoring: To detect, prevent and address technical issues on our Website.
Legal Compliance: To adhere to relevant laws, regulations, and legitimate requests from public and governmental entities.
We do not share, sell, rent, or trade your personal information with third parties for their commercial purposes. We may share your data with the following parties only when necessary:
Internal Departments: The data and information submitted through our contact and application forms are sent directly to our team. Access to personal information within the organization is restricted to authorized personnel whose job functions necessitate such access. All staff members are required to adhere to stringent confidentiality provisions and an obligation to maintain our data protection policies in compliance with the GDPR.
Service Providers: Third-party vendors that offer services on our behalf, including cloud hosting, analytics, and communication services. These processors are also subject to data protection agreements.
Legal and Regulatory Authorities: Information may be disclosed when mandated by law, court order, or other valid legal orders.
NumaFi does not transfer or store personal information beyond the European Economic Area (EEA). All data is handled and stored within EU jurisdiction, fully adhering to the GDPR to guarantee that your information is safeguarded by the utmost standards of privacy and security.
Should a data transfer outside the EEA be required in the future, NumaFi will make certain that these transfers are conducted in line with GDPR stipulations and that a comparable level of protection is upheld.
NumaFi upholds the principles of data minimisation Article 5(1)(c) GDPR and storage limitation Article 5(1)(e) GDPR, ensuring that personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. Cookies are stored only for their designated duration, unless you choose to remove them earlier through your browser settings.
As a data controller and/or processor, NumaFi respects all rights granted to data subjects under Chapter III (Articles 12–23 GDPR). You may exercise the following rights:
Rights of Access and Rectification – You have the right to know whether we process your personal data, to obtain a copy of such data, and to request the correction of any inaccurate or incomplete information.
Right to be Forgotten – You may request the deletion of your personal data when certain conditions apply, such as when the data is no longer necessary for the purposes collected or when consent has been withdrawn.
Right to Restrict Processing – You may request that the processing of your personal data be limited in specific circumstances, for example, while a complaint is being reviewed or the accuracy of the data is under verification.
Right to Data Portability – You may request to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another controller where technically feasible.
Right to Object – You may object to the processing of your personal data when it is based on our legitimate interests, and you may request that your data not be used for marketing purposes.
Right to Withdraw Consent – Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out prior to withdrawal.
Right to Lodge Complaint - If you believe that your data protection rights have been infringed, you also have the right to lodge a complaint with the Spanish Data Protection Agency or with your local supervisory authority.
NumaFi implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, in line with Article 32 GDPR. These measures are designed to protect data against loss, unauthorized access, misuse, alteration, or disclosure, and include safeguards such as encryption, strict access controls, and regular security assessments.
Our Website and services are not directed at or intended for children under the age of 16 (or the equivalent minimum age required by the laws of your country). We do not knowingly collect personal data from individuals under this age. If you believe that a child has provided us with personal data, please contact us immediately.
We might update this Policy occasionally to account for changes in our practices or for various operational, legal, or regulatory purposes. We recommend that you check this page regularly for the most current information regarding our privacy practices.
If you have any questions or concerns about this Privacy Policy or our data privacy practices, please contact us at:
Email: dpo@numafi.com
Mailing Address: Calle Rio Nilo, Urb. Altos del Rodeo, Manzana 17, Casa 5, 29660 Marbella, Spain
Calle Rio Nilo, Urb. Altos del Rodeo, Manzana 17, Casa 5, 29660 Marbella, Spain
