Privacy Policy

Last updated: January 9, 2026

This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.

Welcome

This Privacy Policy (the “Policy”) describes how M.M. VIRTUAL INFORMATION COMMUNICATION TECHNOLOGY LIMITED, trading under the brand name Virtual EPS (“Virtual EPS”, “Company”, “we”, “us”, or “our”), collects, uses, discloses, stores, and protects Personal Data in connection with the operation of the Virtual EPS website and related services (collectively, the “Website”).

This Policy applies to all individuals and entities that access or use the Website, including:

(a) merchants who maintain an account with Virtual EPS and use the Website in connection with the Virtual EPS services (the “Merchants”);

(b) customers, payers, or end users who interact with Merchants and make payments through the Website without creating an account with Virtual EPS (the “Customers”); and

(c) other visitors to the Website, including individuals who browse, communicate with us, or otherwise interact with the Website without engaging in a transaction (the “Visitors”).

This Policy explains:

(i) what categories of Personal Data we collect;

(ii) how and for what purposes we use such Personal Data;

(iii) how and when Personal Data may be shared with third parties;

(iv) the legal bases on which we process Personal Data;

(v) how long we retain Personal Data;

(vi) the rights available to individuals in respect of their Personal Data; and

(vii) how to contact us regarding privacy-related matters.

Virtual EPS operates as a technology platform that facilitates interactions between Merchants and third-party payment processors. Virtual EPS is not a payment processor, acquirer, bank, or financial institution, and does not process, authorize, or settle payments. Personal Data processed through the Website may therefore be subject to the privacy practices of third-party payment processors and service providers engaged directly by Merchants, as further described in this Policy.

This Policy should be read together with the Virtual EPS Website Terms and Conditions, the Services Agreement (for Merchants), and any other Additional Policies referenced therein. In the event of any inconsistency between this Policy and the Services Agreement with respect to Merchant data processing, the Services Agreement shall prevail.

By accessing or using the Website, or by otherwise providing Personal Data to Virtual EPS, you acknowledge that you have read and understood this Policy.

Defined Terms

Definitions of terms used in the policy

Unless otherwise defined in this Privacy Policy, capitalized terms have the meanings set forth below. Capitalized terms not defined herein shall have the meanings assigned to them in the Website Terms and Conditions or, where applicable, the Services Agreement.

For the purposes of this Privacy Policy:

“Account” means the account created and maintained by a Merchant with Virtual EPS to access and use the Website and Services.

“Additional Policies” means the policies, agreements, and documents incorporated by reference into the Website Terms and Conditions, including this Privacy Policy, as such documents may be updated or amended from time to time and made available on the Website.

“Customer” means an individual or entity that uses the Website to make payments to a Merchant or otherwise interact with a Merchant through the Website, without maintaining an Account with Virtual EPS.

“Merchant” means a business entity or individual that maintains an Account with Virtual EPS and uses the Website and Services to facilitate payment interactions with Customers.

“Personal Data” means any information relating to an identified or identifiable natural person, including any information that can be used, directly or indirectly, to identify such person, as defined under applicable data protection laws.

“Processing” or “Process” means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, use, disclosure, transmission, or deletion.

“Services” means the Virtual EPS platform, technology, tools, interfaces, and related services made available to Merchants through the Website, as described in the Services Agreement.

“Services Agreement” means the agreement entered into between a Merchant and Virtual EPS governing the Merchant’s use of the Services, including all fees, obligations, and legal provisions incorporated therein.

“Third-Party Payment Processor” means any third-party payment service provider, acquirer, processor, or financial institution engaged directly by a Merchant to process, authorize, or settle payments.

“User” or “Users” means any person or entity that accesses or uses the Website, including Merchants, Customers, and Visitors.

“Visitor” means any individual or entity that accesses or browses the Website but does not make a payment or maintain an Account with Virtual EPS.

“Website” means the Virtual EPS website and all related pages, content, features, and functionality made available by Virtual EPS to Users.

“Website Terms and Conditions” or “Terms” means the Virtual EPS Website Terms and Conditions, as amended or updated from time to time.

1. Personal Data We Collect and How We Use and Share It

This Section describes the categories of Personal Data that Virtual EPS may collect, the purposes for which such Personal Data is used, and the circumstances under which such Personal Data may be shared. The specific Personal Data processed, and the manner in which it is processed, depends on how a User interacts with the Website.

1.1 Merchants

(a) Categories of Personal Data Collected

In connection with a Merchant’s use of the Website and Services, Virtual EPS may collect the following categories of Personal Data relating to Merchants and their authorized users, owners, or representatives:

(i) identification and contact information, such as name, business name, email address, telephone number, business address, and country of establishment;

(ii) account-related information, including login credentials, account identifiers, API keys, configuration settings, and preferences;

(iii) business and operational information, such as transaction metadata, payment method configurations, enabled features, logs, reports, and technical integration details;

(iv) communications and correspondence, including emails, support requests, feedback, and other communications exchanged with Virtual EPS; and

(v) technical and usage data, including IP addresses, device identifiers, browser type, operating system, access timestamps, and activity logs relating to the Merchant’s use of the Website.

(b) Purposes of Use

Virtual EPS uses Merchant Personal Data for the following purposes:

(i) to provide, operate, maintain, and improve the Website and Services;

(ii) to create, administer, and manage Merchant Accounts;

(iii) to facilitate and monitor payment interactions between Merchants and Customers through the Website;

(iv) to generate transaction records, reports, and statements;

(v) to communicate with Merchants regarding the Website, Services, updates, security alerts, and operational matters;

(vi) to detect, prevent, and investigate fraud, abuse, or unauthorized activity;

(vii) to comply with applicable legal, regulatory, and contractual obligations; and

(viii) to enforce the Website Terms and Conditions, Services Agreement, and Additional Policies.

(c) Sharing of Merchant Personal Data

Virtual EPS may share Merchant Personal Data:

(i) with service providers, contractors, and sub-processors who assist in operating the Website and Services, subject to appropriate confidentiality and data protection obligations;

(ii) with Third-Party Payment Processors, to the extent necessary to facilitate integrations or support payment interactions;

(iii) with professional advisors, regulators, courts, or authorities where required by applicable law or legal process; and

(iv) in connection with a corporate transaction, such as a merger, acquisition, reorganization, or sale of assets, subject to applicable data protection requirements.

1.2 Customers

(a) Categories of Personal Data Collected

When Customers interact with the Website to make payments or otherwise engage with Merchants, Virtual EPS may collect the following categories of Personal Data:

(i) transaction-related information, such as payment amount, currency, date and time of transaction, transaction identifiers, and Merchant identifiers;

(ii) contact or identifying information provided during checkout or payment interactions, such as name, email address, billing country, or other information required by the Merchant;

(iii) technical and usage data, including IP address, device information, browser type, operating system, and interaction logs; and

(iv) communications, where a Customer contacts Virtual EPS directly in relation to a transaction or the Website.

Virtual EPS does not intentionally collect or store full payment card numbers, bank account credentials, or other sensitive payment instrument data, which are processed directly by Third-Party Payment Processors engaged by the Merchant.

(b) Purposes of Use

Virtual EPS uses Customer Personal Data solely for the following purposes:

(i) to facilitate payment interactions between Customers and Merchants through the Website;

(ii) to display transaction-related information and confirmations;

(iii) to maintain the security and integrity of the Website;

(iv) to prevent fraud, abuse, or unauthorized activity;

(v) to respond to Customer inquiries or support requests; and

(vi) to comply with applicable legal obligations.

(c) Sharing of Customer Personal Data

Virtual EPS may share Customer Personal Data:

(i) with the relevant Merchant, solely as necessary to complete the transaction and enable the Merchant to provide goods or services;

(ii) with Third-Party Payment Processors, as directed by the Merchant or as required to facilitate the payment interaction;

(iii) with service providers and sub-processors supporting the Website’s operation and security; and

(iv) with authorities or third parties where required by law or to protect the rights, property, or safety of Virtual EPS, Merchants, Customers, or others.

1.3 Website Visitors

(a) Categories of Personal Data Collected

When Visitors browse or interact with the Website without making a payment or maintaining an Account, Virtual EPS may collect:

(i) technical information, such as IP address, device identifiers, browser type, operating system, and access timestamps;

(ii) usage and interaction data, including pages viewed, links clicked, and referring URLs; and

(iii) information voluntarily submitted through contact forms, inquiries, or other communications.

(b) Purposes of Use

Virtual EPS uses Visitor Personal Data for the following purposes:

(i) to operate, maintain, and improve the Website;

(ii) to understand how the Website is used and optimize performance and functionality;

(iii) to respond to inquiries or communications submitted by Visitors;

(iv) to ensure Website security and prevent misuse; and

(v) to comply with applicable legal obligations.

(c) Sharing of Visitor Personal Data

Virtual EPS may share Visitor Personal Data with service providers and partners who assist in analytics, hosting, security, and Website operations, and with authorities or third parties where required by law or necessary to protect Virtual EPS and Users.

2. More Ways We Collect, Use, and Share Personal Data

In addition to the Personal Data described in Section 1, Virtual EPS may collect, use, and share Personal Data through the following methods and in the following contexts.

2.1 Cookies and Similar Technologies

(a) Virtual EPS uses cookies, pixels, local storage, and similar technologies (collectively, “Cookies”) to operate, maintain, and improve the Website.

(b) Cookies may be used for the following purposes:

(i) to enable core Website functionality and security;

(ii) to remember user preferences and settings;

(iii) to analyze Website usage and performance; and

(iv) to detect and prevent fraudulent or unauthorized activity.

(c) Some Cookies are set directly by Virtual EPS, while others may be set by third-party service providers that assist with analytics, security, or Website functionality.

(d) Users may manage or disable Cookies through their browser settings. Please note that disabling certain Cookies may affect the functionality or availability of the Website.

2.2 Analytics and Performance Monitoring

(a) Virtual EPS may collect and process Personal Data for analytics and performance monitoring purposes to better understand how the Website and Services are used.

(b) Such data may include:

(i) page views, navigation paths, and interaction patterns;

(ii) device and browser information;

(iii) approximate location derived from IP address; and

(iv) error logs, latency metrics, and system performance data.

(c) Analytics data may be processed using third-party analytics providers acting on behalf of Virtual EPS and subject to contractual data protection obligations.

(d) Virtual EPS uses analytics data in aggregated or de-identified form where reasonably possible.

2.3 Communications and Support

(a) Virtual EPS collects and processes Personal Data when Users communicate with us, including through:

(i) email correspondence;

(ii) support tickets or inquiries;

(iii) feedback submissions; and

(iv) other communications initiated through the Website.

(b) Such Personal Data is used to:

(i) respond to inquiries and provide support;

(ii) verify identity and account ownership, where applicable;

(iii) improve the Website and Services; and

(iv) maintain records of communications for quality assurance, security, and compliance purposes.

2.4 Marketing and Informational Communications

(a) Virtual EPS may send Merchants informational or service-related communications regarding the Website or Services, including updates, security notices, operational announcements, or changes to policies.

(b) Where permitted by applicable law, Virtual EPS may also send marketing or promotional communications to Merchants relating to the Services.

(c) Users may opt out of marketing communications at any time by following the unsubscribe instructions provided in such communications or by contacting Virtual EPS directly.

(d) Virtual EPS does not send marketing communications to Customers in connection with their payment interactions unless expressly permitted by applicable law.

2.5 Third-Party Service Providers and Integrations

(a) Virtual EPS relies on third-party service providers and sub-processors to support the operation of the Website and Services, including providers of:

(i) hosting and infrastructure services;

(ii) data storage and backup;

(iii) analytics and monitoring;

(iv) customer support tools; and

(v) security and fraud prevention services.

(b) Virtual EPS may also facilitate integrations between Merchants and Third-Party Payment Processors. Personal Data shared in connection with such integrations is shared at the direction of the Merchant and solely to support the requested functionality.

(c) All third-party service providers engaged by Virtual EPS are required to process Personal Data only on behalf of Virtual EPS and in accordance with contractual confidentiality and data protection obligations.

2.6 Legal Compliance and Protection of Rights

(a) Virtual EPS may collect, use, and disclose Personal Data where necessary to:

(i) comply with applicable laws, regulations, legal processes, or governmental requests;

(ii) enforce the Website Terms and Conditions, Services Agreement, or Additional Policies;

(iii) protect the rights, property, or safety of Virtual EPS, Merchants, Customers, Visitors, or the public; or

(iv) detect, investigate, or prevent fraud, security incidents, or other harmful or unlawful activity.

3. Legal Bases for Processing Personal Data

Virtual EPS processes Personal Data in accordance with applicable laws and regulations. For Merchants and Customers located in jurisdictions requiring legal bases for data processing, Virtual EPS relies on the following grounds:

3.1 Performance of a Contract

(a) Virtual EPS processes Personal Data to perform its obligations under the Services Agreement (for Merchants) or to facilitate payment interactions and related transactions on the Website (for Customers).

(b) Such processing may include:

(i) creating, maintaining, and managing Accounts;

(ii) providing the Services and transactional tools;

(iii) facilitating communications between Users; and

(iv) delivering operational updates, notices, and support.

3.2 Legitimate Interests

(a) Virtual EPS may process Personal Data to pursue legitimate interests, provided such interests are not overridden by the rights or freedoms of the User.

(b) Legitimate interests include, but are not limited to:

(i) ensuring the security and integrity of the Website and Services;

(ii) preventing fraud, misuse, or unauthorized access;

(iii) conducting analytics and improving the Website and Services; and

(iv) enforcing compliance with these Terms, the Services Agreement, or other legal obligations.

3.3 Legal Compliance

(a) Virtual EPS may process Personal Data to comply with applicable laws, regulations, legal obligations, or governmental requests.

(b) Such processing may include sharing information with courts, regulatory authorities, law enforcement agencies, or other competent governmental bodies when required by law.

3.4 Consent

(a) In limited circumstances, Virtual EPS may process Personal Data based on the User’s explicit consent, including for optional marketing communications or promotional messages.

(b) Users may withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

4. Your Rights and Choices

Virtual EPS respects your privacy and is committed to giving Users control over their Personal Data. Depending on your jurisdiction and applicable law, you may have certain rights regarding the collection, use, and disclosure of your Personal Data. This section explains those rights and how you may exercise them.

4.1 Access and Correction

(a) Users have the right to request access to the Personal Data that Virtual EPS holds about them.

(b) Users may request that Virtual EPS correct, update, or complete any Personal Data that is inaccurate or incomplete.

(c) Virtual EPS may require verification of identity before fulfilling any access or correction request.

4.2 Deletion and Restriction

(a) Users may request that Virtual EPS delete their Personal Data, subject to Virtual EPS’s legal obligations and the retention of data required to fulfill contracts or comply with law.

(b) Users may request restriction of processing of their Personal Data in certain circumstances, including where the accuracy of the data is contested, the processing is unlawful, or the User objects to processing pending verification of overriding legitimate grounds.

4.3 Objection and Opt-Out

(a) Users may object to the processing of their Personal Data where processing is based on Virtual EPS’s legitimate interests, including for marketing purposes.

(b) Upon receipt of a valid objection, Virtual EPS will cease processing unless required to continue by law or compelling legitimate grounds.

(c) Users may opt out of marketing communications at any time by following the instructions included in such communications or by contacting Virtual EPS directly.

4.4 Withdrawing Consent

(a) Where processing of Personal Data is based on consent, Users may withdraw that consent at any time.

(b) Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.5 Exercising Rights (How to Contact Us)

(a) Users may exercise any of the rights described in this section by contacting Virtual EPS.

(b) Virtual EPS will respond to all requests in accordance with applicable law and within any required statutory timeframes.

(c) Virtual EPS may request additional information to verify the identity of the User making the request before processing it.

5. Security and Retention

Virtual EPS is committed to protecting the security and integrity of User Personal Data. This section outlines the measures we take to safeguard Personal Data and the principles guiding the retention of such data.

5.1 Security Measures

(a) Virtual EPS employs administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

(b) Security measures include, without limitation:

(i) encryption of data in transit and at rest where applicable;

(ii) access controls and authentication mechanisms for authorized personnel;

(iii) network and application monitoring for anomalies or breaches; and

(iv) regular testing and evaluation of security processes and infrastructure.

(c) Despite these safeguards, Virtual EPS cannot guarantee absolute security of Personal Data. Users acknowledge that no method of transmission or storage is completely secure, and accept the inherent risks associated with data processing.

5.2 Retention Periods

(a) Virtual EPS retains Personal Data only for as long as necessary to:

(i) provide and maintain the Website and Services;

(ii) fulfill contractual obligations with Merchants or Customers;

(iii) comply with legal obligations or regulatory requirements;

(iv) resolve disputes, enforce agreements, and protect Virtual EPS’s legal rights.

(b) Once Personal Data is no longer required for the purposes stated above, Virtual EPS will securely delete or anonymize such data in accordance with internal policies and applicable law.

6. International Data Transfers

Virtual EPS may transfer Personal Data across borders as necessary to provide the Website and Services. This section explains how such transfers are managed and the safeguards in place.

6.1 Transfers to Third-Party Processors

(a) Personal Data may be shared with service providers, partners, or other third-party processors located outside the User’s country of residence.

(b) These transfers are necessary for Virtual EPS to provide, maintain, and improve the Website and Services, including processing payments, hosting infrastructure, analytics, and customer support.

(c) Virtual EPS ensures that all third-party processors implement appropriate technical and organizational measures to protect Personal Data in accordance with applicable privacy laws.

6.2 Adequacy and Safeguards

(a) International transfers are conducted only to countries recognized by the applicable data protection laws as providing an adequate level of protection, or where appropriate safeguards are in place, including:

(i) standard contractual clauses approved by relevant authorities;

(ii) binding corporate rules; or

(iii) other mechanisms recognized by law to ensure adequate protection of Personal Data.

(b) Virtual EPS remains responsible for ensuring that any international transfer of Personal Data is compliant with applicable law and that users’ rights and protections are maintained.

7. Updates and Notifications

Virtual EPS may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons.

(a) When changes are made, Virtual EPS will revise the “Last Updated” date at the top of this Privacy Policy to indicate the most recent update.

(b) Significant changes that materially affect how Personal Data is collected, used, or shared will be communicated to Users via the Website, email, or other reasonable means.

(c) Continued access to or use of the Website and Services after posting of any updated Privacy Policy constitutes acceptance of those changes. Users are responsible for reviewing this Privacy Policy regularly to stay informed about updates.

(d) If a User does not agree with any changes, they should immediately cease using the Website and Services and may exercise their rights under Section 4, including deletion of Personal Data where applicable.

8. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the processing of your Personal Data, you may contact Virtual EPS using the following details:

8.1 Privacy Contact

(a) Users may direct all inquiries regarding Personal Data, privacy rights, or data protection to Virtual EPS’s designated contact point:

Email: info@virtualeps.com

(b) The designated contact will respond to inquiries, assist with exercising rights under Section 4, and provide guidance regarding the Privacy Policy.

8.2 Legal Entity Details

(a) Virtual EPS is operated by:

Company Name: M.M. VIRTUAL INFORMATION COMMUNICATION TECHNOLOGY LIMITED (HE 133357)
Registered Address: 81 Omonia Avenue, 5th floor, Office 52 3048 Limassol, Cyprus
Mailing Address: P.O. Box 55675, Limassol 3782, Cyprus

(b) This information is provided to ensure transparency and enable Users to exercise their rights under applicable data protection laws.

(c) Users may reference these details in any formal communication or legal correspondence relating to data protection or privacy matters.

---

Note for Merchants

(a) For Merchants, the Services Agreement governs all aspects of the relationship with Virtual EPS, including the processing of Personal Data, obligations, fees, and compliance requirements.

(b) In the event of any inconsistency or conflict between this Privacy Policy and the Services Agreement with respect to Merchant data processing or related obligations, the Services Agreement shall prevail.

(c) This Privacy Policy is intended to provide information regarding Virtual EPS’s practices and the rights of Users, and does not create additional contractual obligations for Merchants beyond those set forth in the Services Agreement or other legally binding agreements.