• Award-Winning Solution
  • Extensive Coverage Worldwide
  • Banking Security Standards
Book a demo

Trust Center

Trust Center

Learn how SurePay is committed to earning your trust

Security and privacy have always been paramount at SurePay. Thus, SurePay is proud to be both GDPR and ISO/IEC 27001:2022 compliant. We regularly engage authorized third parties to perform ISAE 3000 type II audit. These audits assess our adherence to all 93 information security controls specified in Annex A of ISO/IEC 27001:2022. We also have UK CyberEssentials Level 1 certification which can be downloaded from BM Registry 

Certificates-icons-centered-49.png
GDPR Ready
Certificates-icons-centered-50.png
ISAE 3000

Audit Type II Report

Certificates-icons-centered-51.png
ISO 27001:2022

ISO 27001:2022 compliant

Certificates-icons-centered-52.png
Cyber Essentials

Certified

Explore the SurePay Trust Center

DORA Addendum

EU’s Digital Operational Resilience Act (DORA), supplements the provisions for ICT risk management, incident reporting, and audit rights to safeguard critical financial services.

Download PDF  → 

Subcontractors

List of SurePay’s subcontractors and sub processors.

Download PDF  → 

Data Processing Agreement

This DPA supplements the provisions for managing personal data in compliance with applicable privacy laws.

🇪🇺 Download EU DPA →
🇬🇧 Download UK DPA →

Non-disclosure Agreements

Download the NDA for your region below.

🇳🇱 NDA Template Dutch Law →
🇬🇧 NDA Template English Law →
🇩🇪 NDA Template German →
🇫🇷 NDA Template French →

Ecovadis Scorecard

SurePay’s latest sustainability and corporate social responsibility assessment, as rated by EcoVadis. Customers can request access to our EcoVadis Scorecard directly via the EcoVadis platform.

Go to Ecovadis → 

Yearly Financial Audit

Independently audited by EY to ensure full financial transparency and compliance. Results are available for review upon discussion.

Key information on Security, Compliance, Privacy

At SurePay, the security of sensitive data and the integrity of our services are our highest priorities. We employ a comprehensive, multi-faceted security strategy, protecting all sensitive data with strong encryption both at rest and in transit. Our security model is centered on the principle of least privilege, enforced through formal user management processes, mandatory multi-factor authentication (MFA). Our network utilizes a defense-in-depth approach with strict segmentation between production and non-production environments and other best practices. We proactively manage threats using 24/7 monitoring, frequent vulnerability scanning, and proactive threat modeling, while also integrating security directly into our development lifecycle. This entire framework is supported by our people, who complete background checks and mandatory annual security and privacy training. We also have resiliency in form of auto scaling, multi AZ and multi region architecture.

General Data Protection Regulation (GDPR):

SurePay takes utmost care to adhere to the GDPR (EU) and AVG (NL) principles. As a company which handles your data on a daily basis, the safety of your data and protection of your rights is one of SurePay’s top priorities. Therefore, SurePay commits itself and its affiliates to all applicable data protection.

The exercise of your rights is safeguarded by internal policies, and for information on which data we process and why, please check our Privacy Statement on this website.

Our core values

Our core values define the way we do business every day and the way we work with each other, customers and partners.
We Care
We are a supportive employer and understand that health, family and safety are truly important.
Think Forward
By continuously anticipating the needs of tomorrow, we lead the way with solutions that secure the future today.
Build Together
We believe in teamwork and strive for the best results together.
Be Responsible
We all contribute to achieving our mission of reducing fraud and improper payments, leading to a positive impact on society.

Frequently asked
questions

SurePay is ISO 27001 Complaint.

The Statement of Applicability (SOA) is only mandatory for organizations that pursue full certification, therefore, it does not apply to us.

Instead, SurePay holds an ISAE 3000 attestation (not a certification). This attestation demonstrates that our controls are transparent and independently verified, and they are available for review upon request.

Our role (Processor or Controller) depends on the specific service provided and is formally defined in a Data Processing Agreement (DPA).

SurePay will retain your data for 7 years. This is done to enable both you and SurePay to comply with our respective legal obligations.

SurePay and its subprocessors only process personal data within the EEA and UK. Should we be required to transfer data to a third-country, we will apply all safeguards required by the applicable law.

We are happy to provide the extract from the Dutch Chamber of Commerce (KVK), which contains the official information necessary to identify our directors.

For security and privacy reasons we do not supply copies of our directors’ passports to customers. Sharing identity documents broadly creates unnecessary risks, including identity theft which could eventually lead to phishing attacks and other frauds.

If you need copy of the identity documents for a specific compliance purpose, please do reach out to us at any time.

If you require any further information, please reach out to legal@surepay.nl