Crunch GDPR Practises: Balancing Regulation And Data Accuracy

24th March 2024

The GDPR is an EU regulation which sets rules on how data relating to individuals (personal data) can be processed. Crunch GDPR practices are enforced and monitored by our dedicated compliance team, who ensure that the utmost protection is maintained for our clients and their customers.

Following Brexit, both the UK and Gibraltar created retained versions of the GDPR through their respective European Union withdrawal acts. In the UK, this is referred to as the UK GDPR.

Crunch withholds the utmost protection for its clients, whilst carefully balancing the need for up-to-date information.

Why does Crunch collect customer data?

  • Ensuring network security
  • Information about criminal acts
  • For the purpose of preventing fraud
  • Answering future questions/chargeback requests for TXS of our products.
  • Internal processing
  • Abiding by current laws and regulations on financial services

Crunch makes it clear from the outset why we are collecting the personal data of our clients, and relevant details are clearly explained in Crunch’s privacy policy and terms and conditions.

Ensuring we follow the correct procedures is essential to the safety of our clients. Everything Crunch does is underpinned by these essential principles, and we proactively self-regulate our practices to ensure we are maintaining the highest level of protection.

starting a card programme

What data do Crunch collect from its clients?

At all times, the data subject must give active consent to the processing of his or her personal data for one or more specific purposes. Crunch may be required to collect information about the clients, the cardholders, account holders and/or wallet holders that use our products every day. Examples of data that Crunch may collect, that can be used to identify people (potentially personal data of a natural person) can include:

  • Name/s
  • Address
  • DOB
  • Contact information such as email and mobile number

How do Crunch GPDR Practises impact data storage?

Crunch GDPR practises proactively create an internal reviewing system for the storage of personal information. In each case where data storage is required, a review is made of what information is required from users, and how long this information needs to be stored. Where possible, Crunch complies with data erasure requests and securely deletes the information entirely. The exception of this is transactional information (information about a person’s spending and their details) that allow us to identify them, which is kept by Crunch and processors for a minimum of 5 years.

Who has access to Crunch clients’ personal information?

Our use of tokenisation, pseudonymisation, encryption and our permission-based softwares allow us to control which staff members have access to customer information. These processes help to protect personal information from unlawful processing, accidental loss, destruction or damage. 

We hope this overview of Crunch GDPR practises was insightful and reassuring to clients and future customers alike.

If you have any queries over the descriptions stated within this blog, please contact our Compliance Team at

Card Issuing

Crunch provides all of the components you need to launch your own bespoke card programme.

Learn more
Gift cards

Your new go-to destination for revolutionising the gifting experience!

Introducing Giftstarr
  • By providing us with your details, you consent to us using this information to contact you regarding our products and services. Please tick the box to confirm.