Privacy Policy

Last updated: April 2026

Introduction

Symba Global ("we", "us", "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store and protect personal data in connection with our website and our business-to-business (B2B) software services for microfinance institutions (MFIs) and savings and credit cooperative organisations (SACCOs).

Symba Global is the data controller for the personal data described in this policy. We are established in the European Economic Area (EEA) and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

Symba Global
Willemsplantsoen 9
3511 LB Utrecht
The Netherlands
Email: info@symbaglobal.com

What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Contact information — name, email address, phone number and job title of individuals representing our B2B clients, provided during contract negotiations or support requests.
  • Billing information — company name, billing address and VAT number for invoicing purposes.
  • Website usage data — anonymised analytics data such as pages visited, browser type and referring URLs, collected through standard web server logs.
  • Communication records — emails and other correspondence with our team.

How We Use Personal Data

We use personal data for the following purposes:

  • To provide, maintain and support our software services under your contract.
  • To send invoices and process payments.
  • To respond to support requests and other communications.
  • To comply with legal and regulatory obligations.
  • To improve our website and services.

Legal Basis for Processing

We process personal data on the following legal bases under the GDPR:

  • Performance of a contract (Article 6(1)(b)) — processing necessary to deliver our services under your contract.
  • Legitimate interests (Article 6(1)(f)) — processing necessary for our legitimate business interests, such as improving our services and maintaining security, where these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)) — processing necessary to comply with applicable laws, such as tax and accounting requirements.

Card Payment Processing and Security

We accept credit and debit card payments (Visa, Mastercard) for invoice settlement through our payment service provider, Wise Europe SA, which works with the payment processor Adyen. When you pay an invoice using a card payment link:

  • Symba Global does not collect, store or process your card details. Card information is entered directly into the secure payment gateway operated by Wise and its processor Adyen.
  • All card transactions are protected by industry-standard encryption (TLS) and are processed in compliance with PCI DSS (Payment Card Industry Data Security Standards).
  • 3-D Secure authentication (such as Visa Secure and Mastercard Identity Check) is used to provide an additional layer of security for card-not-present transactions.
  • Wise and Adyen act as independent data controllers for the card payment data they process. Their privacy policies apply to the processing of your card details:

Data Sharing

We do not sell personal data. We may share personal data with the following categories of recipients, only to the extent necessary:

  • Payment service providers — Wise Europe SA and Adyen, for processing card payments on our behalf.
  • Cloud infrastructure providers — for hosting our services, with appropriate data processing agreements in place.
  • Professional advisors — such as accountants and legal advisors, where necessary and subject to confidentiality obligations.
  • Legal and regulatory authorities — where required by law or to protect our legal rights.

International Data Transfers

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with the GDPR, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law. Specifically:

  • Contract and billing data — retained for the duration of the contract and for 7 years thereafter for tax and accounting purposes.
  • Communication records — retained for the duration of the business relationship and a reasonable period thereafter.
  • Website usage data — anonymised data may be retained indefinitely for analytical purposes.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — to obtain a copy of your personal data.
  • Right to rectification — to have inaccurate personal data corrected.
  • Right to erasure — to request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing — to limit how we use your personal data.
  • Right to data portability — to receive your personal data in a structured, commonly used format.
  • Right to object — to object to processing based on legitimate interests.

To exercise any of these rights, please contact us at info@symbaglobal.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your country of residence.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

Contact

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

Symba Global
Willemsplantsoen 9
3511 LB Utrecht
The Netherlands
Email: info@symbaglobal.com