Skip to content Skip to footer
Start Now

PRIVACY POLICY

Last Updated: 02-03-2026

At OnlyTeaCorp OÜ (“the Company”, “we”, “us”, or “our”), we take your privacy and the security of your data extremely seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

As an Estonian registered company, we strictly adhere to the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Estonian data protection laws.

1. Data Controller Information

  • Legal Name: OnlyTeaCorp OÜ

  • Registry Code: 17328029

  • Registered Address: Kaupmehe 7-2, Tallinn, Estonia

  • Data Protection Contact: support@ireowo.es

2. Our Role as an Intermediary (CRITICAL DISCLAIMER)

OnlyTeaCorp OÜ operates as an Independent Sales Organization (ISO). We facilitate the connection between Merchants and acquiring banks or payment processors. We do NOT process, store, transmit, or have access to the credit card numbers, CVV codes, or sensitive financial data of the Merchant’s end-customers. All end-customer payment data is handled securely and directly by the partnered Payment Card Industry (PCI) compliant acquiring bank or gateway.

3. What Information We Collect

To provide our intermediation services and fulfill regulatory requirements, we collect data exclusively from our Clients (the Merchants) and their representatives. This includes:

  • Corporate Data: Company name, registration numbers, tax ID/VAT, website URLs, and business models.

  • KYC / AML Data (Know Your Customer / Anti-Money Laundering): Passports, national ID cards, proof of address (utility bills), bank statements, and details of Ultimate Beneficial Owners (UBOs) or company directors, which are strictly required for pre-screening.

  • Contact Data: Email addresses, phone numbers, and physical addresses of the Merchant’s primary contacts.

  • Technical Data: IP addresses, browser types, and usage data collected via cookies when you navigate our website.

4. How We Use Your Information

We use the collected data under the lawful bases of Contractual Necessity, Legal Obligation, and Legitimate Interest for the following purposes:

  1. To act as the first line of support and pre-screen your business for acquiring bank approval.

  2. To forward your KYC/AML documentation to our partnered acquiring banks, payment gateways, and POS providers for account creation.

  3. To issue invoices, manage billing, and collect agreed-upon setup, monthly, and processing fees.

  4. To communicate with you regarding account status, technical updates, or compliance requirements.

  5. To prevent fraud, money laundering, and unauthorized transactions.

5. Sharing Your Information

We do not sell your personal or corporate data. We only share your information with trusted third parties necessary to execute our services:

  • Acquiring Banks and Payment Processors: Your data and KYC documents are shared directly with these financial institutions to secure your merchant account.

  • Regulatory Authorities: We may disclose your information if requested by law enforcement, courts, or financial regulators (e.g., the Estonian Financial Intelligence Unit) to comply with AML/CFT laws.

  • Debt Collection Agencies: As stated in our Terms and Conditions, in the event of unpaid invoices, your corporate and contact details will be shared with legally recognized debt collection agencies.

6. Data Retention Policy

We retain your personal and corporate data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Due to stringent European Anti-Money Laundering (AML) and accounting regulations:

  • Accounting Data: Invoices and billing records are kept for a minimum of seven (7) years as required by the Estonian Accounting Act.

  • KYC/AML Data: Client verification records are kept for a minimum of five (5) to ten (10) years after the termination of the business relationship, as mandated by the Estonian Money Laundering and Terrorist Financing Prevention Act.

7. Your GDPR Data Protection Rights

Under the GDPR, you possess the following rights regarding your personal data:

  • Right to Access: You can request copies of your personal data.

  • Right to Rectification: You can request that we correct any inaccurate information.

  • Right to Erasure (“Right to be Forgotten”): You can request the deletion of your data. Please note: This right is NOT absolute. We cannot delete data that we are legally required to keep under AML or Estonian corporate laws.

  • Right to Restrict Processing: You can request we restrict the processing of your data under certain conditions.

  • Right to Object: You can object to our processing of your personal data.

  • Right to Data Portability: You can request we transfer your data to another organization.

To exercise any of these rights, please contact us at support@ireowo.es. We have one month to respond to your request.

8. International Data Transfers

While we are based in Estonia (EEA), some of our partnered acquiring banks or service providers may be located outside the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our operational practices. We will notify you of any significant changes via email or through a prominent notice on our website.