This policy explains what personal data The Payments Edge collects, why, how it is used, and what rights you have. It also covers the cookies and similar technologies this site uses. Plain language throughout — no legalese for its own sake.
Last updated: 23 June 2026
1. Who We Are
The Payments Edge is an independent media and educational platform covering payments, merchant accounts, compliance, and related topics for businesses operating in medium and high-risk industries.
Operator: The Payments Edge
Based in: The Netherlands
Website: https://thepaymentsedge.com
Contact: Use our contact form
The website is hosted on servers located in France. As both the Netherlands and France are EU member states, no cross-border data transfer outside the European Economic Area occurs in the ordinary operation of this site.
For the purposes of the General Data Protection Regulation (GDPR), we act as the data controller for personal data collected through this site.
2. What Data We Collect and Why
2.1 Newsletter subscribers
When you subscribe to the newsletter, we collect your email address and, if you provide it, your first name. This data is used solely to send you the newsletter and related editorial updates from The Payments Edge.
Legal basis: Consent (Article 6(1)(a) GDPR). You may withdraw consent and unsubscribe at any time using the unsubscribe link in every email.
Retention: Until you unsubscribe or request deletion.
2.2 Contact and enquiry forms
If you use a contact or enquiry form on the site, we collect the information you submit (typically name, email address, and message content). This is used only to respond to your enquiry.
Legal basis: Legitimate interests (Article 6(1)(f) GDPR) — responding to a communication you initiated.
Retention: Up to 12 months after the enquiry is resolved, then deleted.
2.3 Analytics data
We use Google Analytics (via Google Site Kit) to understand how visitors use the site — which pages are read, how people arrive, and general engagement patterns. Google Analytics sets cookies in your browser and collects data including your IP address (anonymised), browser type, device type, and pages visited.
This data is processed by Google LLC. Google may transfer it to servers in the United States under the EU–US Data Privacy Framework. For more information, see Google’s Privacy Policy.
Legal basis: Consent (Article 6(1)(a) GDPR and ePrivacy Directive). Analytics cookies are only placed after you accept them via the cookie consent notice. You may withdraw consent at any time by adjusting your cookie preferences (see Section 4).
Retention: Analytics data is retained for 14 months in Google Analytics, after which it is automatically deleted.
2.4 Server logs and security
Our web hosting and the Wordfence security plugin automatically log server access data, including IP addresses, request timestamps, URLs requested, and HTTP status codes. This data is used exclusively for security monitoring, intrusion detection, and diagnosing technical faults.
Legal basis: Legitimate interests (Article 6(1)(f) GDPR) — maintaining the security and integrity of the site.
Retention: Log data is retained for up to 30 days and then purged.
2.5 Embedded content
Articles on this site may include embedded content from third-party services (for example, video players or interactive tools). Embedded content behaves as if you had visited the third-party website directly — that site may collect data about you, set cookies, and track your interaction with the content. We do not control third-party data practices. Where we embed third-party content, we will note it in the relevant article.
3. What We Do Not Do With Your Data
- We do not sell your personal data to any third party.
- We do not share your data with commercial partners for their marketing purposes.
- We do not build advertising profiles or use behavioural advertising.
- We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
4. Cookies and Similar Technologies
Cookies are small text files stored in your browser. This site uses the following categories of cookies.
4.1 Strictly necessary cookies
These cookies are required for the site to function. They do not collect personal data for marketing purposes and do not require your consent.
| Cookie name / prefix | Purpose | Duration |
|---|---|---|
| wordpress_*, wp-settings-* | WordPress session and preferences (admin users only) | Session / 1 year |
| wfvt_*, wordfence_* | Wordfence security — bot and threat detection | Up to 24 hours |
| Cookie consent preference | Remembers your cookie consent choice | 12 months |
4.2 Analytics cookies (consent required)
These cookies are only set if you accept analytics cookies via the consent notice.
| Cookie name | Set by | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users | 2 years |
| _ga_* | Google Analytics | Session and campaign tracking | 2 years |
| _gid | Google Analytics | Distinguishes users (session) | 24 hours |
| _gat | Google Analytics | Throttles request rate | 1 minute |
4.3 Managing your cookie preferences
You can accept or decline non-essential cookies when you first visit the site. To change your preferences later, clear your browser cookies for this domain and reload the page — the consent notice will reappear.
You can also control cookies at the browser level. Most browsers allow you to block or delete cookies in their settings. Note that blocking strictly necessary cookies may affect site functionality. For guidance on browser-level cookie controls, see your browser’s help documentation or visit aboutcookies.org.
To opt out of Google Analytics across all websites, you can install the Google Analytics Opt-out Browser Add-on.
5. Third-Party Processors
We use a small number of trusted third-party services to operate this site. Each processes personal data only as necessary to deliver their service and under appropriate data processing agreements.
| Service | Purpose | Data processed | Location |
|---|---|---|---|
| Hosting provider | Website hosting | All site traffic, server logs | France (EU) |
| Google Analytics (Site Kit) | Site analytics | Anonymised IP, behaviour data | EU / USA (DPF) |
| Newsletter plugin | Email newsletter delivery | Email address, first name | EU (server-side) |
| WP Mail SMTP | Transactional email delivery | Email address, message content | Depends on SMTP provider configured |
| Wordfence | Security monitoring | IP addresses, request logs | USA (under DPA) |
6. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure — you can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it.
- Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
- Right to data portability — where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, machine-readable format.
- Right to object — you can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
- Right to withdraw consent — where processing is based on consent (newsletter, analytics cookies), you can withdraw at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, use our contact form. We will respond within 30 days. We may ask you to verify your identity before processing the request.
You also have the right to lodge a complaint with a supervisory authority. The relevant authority for the Netherlands is:
Autoriteit Persoonsgegevens (AP)
Website: autoriteitpersoonsgegevens.nl
Telephone: +31 (0)70 888 85 00
7. Data Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption for all data in transit, server-side firewall and intrusion detection via Wordfence, and restricted access to backend systems.
No method of transmission over the internet is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals as required by GDPR.
8. Children’s Privacy
This site is intended for adults operating or managing businesses. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has submitted personal data through this site, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the “Last updated” date at the top of this page. Continued use of the site after a change constitutes acceptance of the updated policy. We recommend reviewing this page periodically.
10. Contact
For any questions, requests, or concerns about this policy or how we handle your personal data, please use our contact form.
The Payments Edge
Based in: The Netherlands