GDPR clause

GDPR Information Notice – Savio.money

One‑page summary | [14.10.2025]

1) Controllers and roles

Savio Payment OÜ – controller only for website/app operations (hosting, communications, analytics, security).

Quicko Sp. z o.o. (National Payment Institution, Polish FSA register: IP52/2021) – controller for regulated services (onboarding KYC/AML, accounts, transfers, cards). Savio acts as QUICKO’s processor.

2) Purposes and legal bases

• Savio: performance of contract for access to the app/website (Art. 6(1)(b)).
• QUICKO: provision of payment services and legal obligations incl. AML (Art. 6(1)(b)/(c)).
• Legitimate interests: security, anti‑fraud, claims (Art. 6(1)(f)).
• Consent: marketing, push notifications, location, analytics/marketing cookies (Art. 6(1)(a)).

3) Data categories

• Savio: technical/usage data, communications.
• QUICKO: KYC/AML, account/transaction data, cards.

4) Recipients and transfers

IT/cloud/communications/analytics providers, KYC/AML partners (for QUICKO), payment schemes; international transfers safeguarded by SCCs where applicable.

5) Retention

• Savio: operational data – up to 6 years for security/claims.
• QUICKO: KYC/AML – generally 5–10 years.

6) Rights and contacts

Rights: access, rectification, erasure, restriction, portability, objection, consent withdrawal; complaints to Estonian DPA (Savio) / PUODO (QUICKO).

Contacts: Savio – [privacy@savio.money]; QUICKO – [privacy@quicko]; DPO: [dpo@savio.money]/[dpo@quicko].