logo.svg

Privacy Policy

This Privacy Policy (“Policy”) explains what personal data we collect, how we use and disclose it, and how you can exercise your privacy rights.

In this Policy “Rocka”, “we”, “us”, or “our” refers to Rockabilling Limited, which is responsible for the collection, use, and processing of personal data.

Rocka operates a technical software platform that allows businesses to accept payments. We provide technical and operational services only and do not act as a regulated payment service provider. Depending on the context, “Services” refers to the products and services we provide to business clients (merchants) and, where relevant, personal data processed in connection with transactions involving their customers.

We respect your privacy and handle personal data with care. This Policy is intended to give you clear information about how your data is used and the rights you have in relation to it. We encourage you to read it carefully before using our Services.

This Policy is structured as follows:

1. Who This Policy Applies To
2. Personal Data We Collect and Process
3. Cookies and Similar Technologies
4. Purposes of Processing
5. Legal Bases for Processing
6. With Whom We Share Data
7. International Data Transfers
8. Data Security
9. Data Retention
10. Your Rights
11. Contact Details
12. Changes to This Policy

1. Who This Policy Applies To

This Policy applies to the following categories of persons:

Customers: individuals who make payments, receive refunds, or otherwise interact with our business clients using payment interfaces or checkout pages powered by Rocka.

Business representatives: employees, officers, administrators, authorised users, contacts, or other authorised representatives, acting on behalf of an existing or prospective business clients.

Business contacts and suppliers: individuals acting on behalf of service providers, licensed payment partners, or suppliers who engage with Rocka.

The personal data we collect and how it is used depends on your relationship with us and how you interact with the Services.

2. Personal Data We Collect and Process

In most cases, we collect personal data directly from you. We may also obtain personal data from third parties where permitted by applicable law, such as public registers and databases, verification service providers, partners, or business clients. In addition, certain information may be collected automatically through your use of the Services.

The personal data we process depends on the nature of our relationship with you, the capacity in which you are acting, and how you use or interact with the Services.

Customers

If you are a Customer and a transaction is processed through our platform, we may process the following categories of personal data:

  • Transaction Data. This may include your name, payment method information (such as internal reference number and IBAN), merchant and purchase details, billing address, currency, amount, date, payment status, payment account provider, or payment service providers initiating a transaction, and other information provided to us by you. We may also collect information entered into a checkout form even if the transaction is not completed.
  • Personal Identification Information. Where necessary to complete a transaction, we may process certain identification data. This information may be provided directly by you, received from payment service providers, or obtained from trusted identity verification services, and may include identification documents or photographs.
  • Data Collected Automatically. When you interact with our Services, including the platform and its payment-related interfaces (such as checkout forms), we automatically collect certain technical and usage information about your device and how the relevant forms are used. This may include IP address, device type, browser settings, language preference, pages or screens viewed, and interaction events (such as button clicks). This information may be collected through server logs and similar technologies.
  • Contact Details and Communications. This may include your address, phone, email, and other information you provide to us, as well as communications and correspondence with Rocka, or where relevant, with our business clients (e.g. in case of user disputes) or payment service providers involved in the transaction.

Business representatives

When you act on behalf of an existing or prospective business client, we may process the following categories of personal data:

  • Identity and Verification Information. We may conduct pre-screening for contractual and platform-risk purposes when entering contract with a business client and this may involve processing of full name, date and place of birth, nationality, identification documents, beneficial owner information, photographs, proof of address (such as utility bills), company affiliation, job title, and information obtained from compliance or verification tools, as provided by you or by authorised third parties.
  • Data Collected Automatically. When you interact with our Services, including the platform, dashboards, or API, we automatically collect certain technical and usage information. This may include login details, IP address, device and browser information, access logs, and records of system interactions, to support security, access control, and system operation.
  • Contact Details and Communication. This may include your business address, phone, email, and other information that you provide to us, as well as records of communications with us, including enquiries, correspondence, and feedback you provide in connection with the Services.
  • Marketing Information. Where permitted by applicable law, this may include your contact details and preferences relating to the receipt of marketing or informational communications from us. You may opt out of such communications at any time.

Business contacts and suppliers

If you are an employee, officer, representative, contractor, sub-contractor, or adviser of a supplier, service provider, or partner of Rocka, we may collect and process your full name, role or position, business address, contact details (such as email and phone number), as well as records of communications with us, including enquiries and correspondence.

3. Cookies and Similar Technologies

We may use cookies and similar technologies (e.g. local storage or web beacons) where needed to support the operation of the website. Cookies are small files stored on your device by your browser. They help the website function properly (for example, by remembering the choices you make).

We do not use cookies, similar technologies, or other technical data for targeting purposes. Where such technologies or data are used, they are limited to those that are strictly necessary to provide the requested functionality and to protect our platform and Services (including, to ensure system security, to detect and prevent misuse).

You can adjust your browser settings to block cookies or to alert you when cookies are set. Please note that disabling cookies may affect the operation of the website or limit certain functionality of the Services.

4. Purposes of Processing

We process personal data for the following purposes:

  • to operate, maintain, and support the technical platform and related Services;
  • to enable payment transactions between merchants (our business clients) and their customers through integrated payment interfaces;
  • to manage relationships with business clients, suppliers, partners, and their representatives;
  • to provide customer and operational support and respond to enquiries;
  • to ensure platform security, prevent misuse, fraud, and unauthorised access;
  • to comply with applicable legal and regulatory obligations;
  • to communicate with you regarding the Services, including service-related notices;
  • to send marketing communications where permitted by law and in accordance with your preferences.

Where we intend to use personal data for a new purpose not described in this Policy, we will provide appropriate notice and, where required, obtain your consent.

5. Legal Bases for Processing

We process personal information only where we have a lawful basis under applicable data protection laws. Depending on the context, processing may be based on one or more of the following grounds:

  • Contractual necessity: where processing is necessary to enter or perform a contract with you in connection with our Services.
  • Legal obligations: where processing is necessary to comply with applicable legal or regulatory requirements, including obligations relating to accounting, record-keeping, and other applicable rules.
  • Legitimate interests: there processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests. This may include operating and maintaining our systems, preventing misuse of the Services and fraud, ensuring security, and managing internal operations and service development.
  • Consent: where you have given your consent to specific processing activities and where such consent is required by law.

Most of the personal data we process is necessary for us to perform our contract and meet legal requirements. If you do not provide this information, we may not be able to provide the Services.

Automated decision-making and profiling

We do not rely on decisions based solely on automated processing of your personal data, including profiling. Any decisions related to the delivery of our Services and data processing are made by authorised staff.

6. With Whom We Share Data

We may share personal data with trusted third parties where this is necessary to operate our Services, meet legal or regulatory requirements, or otherwise for the purposes described in this Policy. Any sharing of personal data is carried out in accordance with applicable data protection laws and subject to appropriate safeguards.

Personal data may be shared with the following recipients:

  • Licensed payment partners: authorised payment service providers involved in the processing of payment transactions through our platform, who act in their own regulated capacity (a list of partners is available here).
  • Payment service providers and financial institutions: banks, electronic money institutions, payment institutions, payment processors, and other financial institutions involved in the processing, authorisation, and settlement of transactions.
  • Technology and infrastructure providers: providers of IT, cloud hosting, security, data storage, communications, and related technical services that support the operation of our systems, products and services.
  • Identity verification and fraud prevention providers: third parties assisting us with identity verification, and, where relevant, sanctions screening, fraud detection, and compliance checks.
  • Professional advisers: legal, accounting, audit, and other professional advisers who provide services to us and are subject to professional duties of confidentiality.
  • Affiliates and group entities: companies within our corporate group, where sharing is necessary for internal administration, corporate governance, or the provision of shared operational and support services.
  • Business partners and service providers: third parties that support specific aspects of our services, such as analytics, billing, customer communications, or marketing activities, where permitted by law and subject to any required consent.
  • Regulatory and public authorities: supervisory authorities, tax authorities, courts, or law enforcement bodies, where disclosure is required or permitted by applicable law.

7. International Data Transfers

We may transfer personal data to countries outside of the EU or EEA as necessary for the purposes described above, including to countries that may not provide the same level of data protection as your home country. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

These safeguards may include: (a) transfers to countries recognised by the European Commission as providing an adequate level of protection; (b) the use of standard contractual clauses approved by the European Commission; and (c) other safeguards provided by Articles 46 and 49 of the GDPR.

Where required by applicable law, you may request further information about the safeguards we use for international data transfers, including a copy of the relevant mechanisms, by contacting us using the details set out below.

8. Data Security

We protect personal data by implementing appropriate technical and organisational measures designed to safeguard it against accidental loss, destruction, alteration, unauthorised access, or disclosure. The level of security we apply is based on an assessment of the risks involved in the processing activity.

Examples of measures we use include:

  • restricting access to personal data to staff and service providers on a need-to-know basis;
  • pseudonymisation and encryption of personal data, where appropriate;
  • security controls designed to ensure the ongoing confidentiality, integrity, availability, and resilience of our systems and services;
  • backup and recovery measures to restore access to personal data in a timely manner in the event of a physical or technical incident; and
  • regular testing and review of our technical and organisational measures, and staff training where appropriate, to help ensure those measures remain effective.

While we endeavour to always protect our systems, operations, and information from unauthorised access, use, alteration, or disclosure, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee the absolute security of personal data transmitted to or stored on our system.

9. Data Retention

We retain personal data only for as long as it is needed for the purposes for which it was collected. When determining the appropriate retention period, we consider the following criteria:

  • retention requirements imposed by applicable law or regulation, including, for example, tax and accounting record-keeping obligations and related reporting or audit requirements;
  • duration of the relevant contractual relationship and the amount, nature, and sensitivity of the personal data;
  • potential risk of harm resulting from unauthorised use or disclosure of the personal data;
  • whether the data remains necessary and whether the same outcome can reasonably be achieved using less data; and
  • applicable limitation periods, where we reasonably consider that retention is necessary in connection with potential legal claims.

In some circumstances we may anonymise personal data so that it can no longer be associated with you. Where data has been anonymised, it may be used for statistical or research purposes without further notice to you.

10. Your Rights

Subject to applicable law, you may have certain rights in relation to your personal data. Details of such rights are set out below:

  • Access. You have a right to know whether we process your personal data and, if so, to request a copy of that data. Please note that we cannot give you information that contains personal data about other people.
  • Rectification. You may ask us to rectify your personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Erasure. You may ask us to delete your personal data in certain situations, including where: (a) it is no longer needed for the purposes for which it was collected; (b) you withdraw your consent; (c) you successfully object to the processing; or (d) the data has been processed unlawfully. We may retain personal data where required or permitted by applicable law.
  • Restriction. You may ask us to restrict the processing of your personal data in certain situations, including where: (a) you contest its accuracy; (b) the processing is unlawful and you prefer restriction instead of deletion; (c) we no longer need the data but you ask us to keep it for legal claims; or (d) you have objected to processing and we are assessing whether our legitimate grounds override your interests. Where processing is restricted, we will store the data and only process it where permitted by law.
  • Portability. You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to request that this data be transferred to another data controller, where the processing is based on your consent or a contract and is carried out by automated means.
  • Objection. Where we process your personal data based on our legitimate interests, you have the right to object to that processing on grounds relating to your particular situation. We will stop processing your data unless we can demonstrate an overriding reason why we need to use your personal data, or where the data is needed for legal claims. You may object at any time to the use of your personal data for direct marketing.
  • Withdraw Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time. Please note that withdrawal of consent does not affect the lawfulness of processing which may have taken place prior to withdrawal of consent.

You may exercise any of your rights by contacting us at privacy@rocka.live. We may need to verify your identity or confirm that you are authorised to make the request. Where a request involves correcting or updating personal data, we may also take reasonable steps to verify the accuracy of the information provided before making any changes.

If you are unhappy with how we process your personal data, you may submit a complaint by writing to privacy@rocka.live.

If you are a customer of one of Rocka’s business clients, this client may be responsible for responding to your request, and we recommend that you contact them directly.

You also have the right to lodge a complaint with a competent supervisory authority if you believe that we have not complied with applicable data protection laws. A list of EU supervisory authorities is available here.

11. Contact Details

For the purposes of applicable data protection laws, the data controller is:

Rockabilling Limited

Stasinou 1
Mitsi Building 1, 1st Floor, Flat/Office 4
Plateía Eleftherías 1060
Nicosia, Cyprus

If you have any questions, requests, or concerns regarding this Policy or how we process personal data, you may contact us at privacy@rocka.live. We will be happy to assist.

12. Changes to This Policy

We may update this Policy from time to time to reflect our new services or changes in business practices, applicable laws, or regulatory requirements. You are encouraged to review this Policy periodically to stay informed.

We will notify you of any changes by revising the date shown at the top of this page. If we make material changes to how we collect, use, or share your personal data, we will endeavor to post a notice on the main page of our website or notify you by other means (e.g. by email) before such changes take effect.

logo.svg

© 2026 RockaBilling Limited. All Rights Reserved.

Privacy PolicyTerms of Use

Rockabilling Limited (Company No. HE 464511) is a technical services provider, registered at:
Stasinou 1, Mitsi Building 1, 1st Floor, Flat/Office 4, Plateía Eleftherías 1060, Nicosia, Cyprus.

Contact us: support@rocka.live