This Cookie & Privacy Statement is all about safeguarding data and how we process information. We’ve outlined the specifics here for you so all the nuts and bolts are clear. We’re dedicated to protecting your privacy and working ethically and with transparency. This statement is here to let you know why and how we process personal data.
1. Cookie Statement
What are cookies?
Cookies (and similar technologies) are widely used on the internet and allow a website/portal to recognize a user’s device, without uniquely identifying the individual person using the computer. Cookies are small files that get stored on a user’s computer. They are designed to hold a small amount of data specific to a particular client or website. A cookie is basically a web server talking to a web browser so the server can collect information back from the browser. This means the site recognizes your computer each time you visit. These technologies make it easier for you to log on and use our websites and provide information to us, for example which parts of the website you visit.
For more information about cookies, including how to see what cookies have been set and how to manage, block and/or delete them, read the following information on our Cookie Statement.
What cookies do we use and what do they do?
1. Functional and technical cookies
These cookies may store your browser name, the type of computer, and technical information about your means of connection to this website, such as the operating system, browser platform, and other similar information. This information is used to technically facilitate the navigation and use of this website. In addition, functional cookies may be used to store personal settings, such as language, or to remember your information for next visits if you request that. These cookies are stored for a maximum of two years.
2. Analytics cookies
We also use analytics cookies placed by Google Analytics (through Google Tag Manager) to measure the number of visits and the parts of the website that are the most popular among our website visitors, as well as for benchmarking purposes. This information is used to provide aggregated and statistical information on the use of this website and to improve the content we provide to enhance your user experience.
Payvision has followed the Dutch Data Protection Authority manual to ensure that we use Google Analytics in a privacy-friendly way. This means that we disabled the standard setting to share data with Google.
When a user consents to all analytics cookies, we collect aggregated data on which content users engage with. This means the collective data is grouped as a whole and can never be linked back to any individual users. These types of cookies are used for several different vendors (including Google, HubSpot and Hotjar, for example) and are used for a maximum of two years.
3. Marketing, advertising and social media cookies
These kinds of website cookies collect information about browsing habits on our website so that we can deliver the right kind of content and advertisements that are the most relevant to your interests. When visiting this website, Payvision will always ask for your consent to use these cookies. They help measure the effectiveness of various marketing engagement campaigns and are most often placed by third-party websites, like Google, HubSpot and LinkedIn.
On top of that, social media platforms like Facebook and Twitter use these cookies if you’re logged in so you can “Like” content or send things on to your friends. Based on your settings, these third parties may use your information for things like advertising. For more information on their data usage, you can always refer to their privacy statements.
Marketing, social and advertising cookies help remember the websites you visit so we can improve your browsing experience, for example so you don’t see the same ad too many times. Just like with analytical cookies, these cookies are grouped or aggregated too, so we are never able to track any data back to individual users. They also expire after a maximum of two years, but usually are deleted within 180 days.
Managing your settings and deleting cookies
Cookies generally process your IP address, but they do not save your personal information like email address or phone number. If you don’t want cookies stored on your computer, or if you want to remove cookies that have already been stored, you can do this through your browser settings. You can find more information about the removal of cookies on the Dutch Consumer Organization website and the all about cookies website.
2. Privacy Statement
This is the Privacy Statement of Payvision B.V. (“Payvision”), a private limited liability company (besloten vennootschap met beperkte aansprakelijkheid) incorporated under the laws of The Netherlands, registered with the Chamber of Commerce under number 37078111. It applies to all subsidiaries and branches of Payvision to the extent that they process personal data.
Payvision has its registered office at Molenpad 2, 1016 GM Amsterdam, The Netherlands. Payvision is supervised by the Dutch Central Bank (De Nederlandsche Bank N.V., “DNB”). Payvision is registered with the Information Commissioners Office, under registration number ZA121487.
Payvision treats personal data which it receives through its websites, portals and any other means with due care and is dedicated to safeguarding any personal data it receives. Payvision is bound by the General Data Protection Regulation (Regulation (EU) 2016/679), the Dutch Data Protection Act (Wet bescherming persoonsgegevens) and the Dutch Telecommunications Act (Telecommunicatiewet).
This Privacy Statement is designed to advise you about the type of information that Payvision collects and the purposes for which this information is being processed, used, maintained and disclosed.
This Privacy Statement aims to explain in a simple and transparent way what personal data we gather about you and how we process it. It applies to the following persons:
- the legal representatives and ultimate beneficial owners of all past, present and prospective Payvision merchants (webshops/online retailers) and other commercial contracting parties such as independent sales agents (also known as referral partners). We are legally obliged to retain personal data of these persons, also for a certain period after the relationship has ended, in compliance with ‘know your customer’ (“KYC”) regulations;
- anyone involved in any transaction with our payment institution, including non-Payvision customers such as consumers/payees of Payvision merchants; and
- anyone visiting the Payvision website.
We may update this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on February 24, 2020. You can always find the most recent version here.
3. Personal data
Personal data refers to any information that tells us something about you, or that we can link to you. Payvision processes any information we receive from you, including personal and financial information you provide to us, such as when you or your business: make a payment, inquire or make an application for Payvision’s services, register to use and/or use any of our services, and when you communicate with us through email, text message, WhatsApp, a website or portal, telephone or any other electronic means. Such information may include you or your customers’:
- name, including first name and family name, date of birth, email address, billing address, username, password and/or photograph, address, nationality and country of residence;
- card account number, card expiration date, CVC details, bank and/or issuer details; and/or
- information relating to any items purchased, including the location of the purchase, the value, the time and any feedback that is given in relation to such purchase.
By “processing,” we mean everything we can do with this data, such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting. For more information about the way we use your personal data, please refer to Section 4 “What we do with your personal data.”
You share personal information with us, for example when you: visit our website, complete a(n) (online) (application) form, sign a contract, make a payment or alternatively use our payment services, or contact us through one of our channels.
We also use data that is legally available from public sources such as commercial registers, debtor registers and the media, or data that is legitimately provided by other companies within the Payvision Group or by third parties.
4. Sensitive data
We do not record sensitive data relating to your health, ethnicity, religious or political beliefs, unless it is strictly necessary. When we do, it is limited to specific circumstances, for example if you as a customer of a Payvision merchant make a payment for a membership fee to a political party or religious organization.
5. What we do with your personal data
We only use your personal data for legitimate business reasons. This includes:
- Administration: When you open a merchant account, we are legally obliged to collect personal data that verifies your identity (such as a copy of your ID card or passport) and to assess whether we can accept you or your company as a customer. We also need to know your address or phone number to contact you.
- Managing customer relationships: We may ask you for feedback about our products and services and share this with certain members of our staff to improve our offering. We might also use notes from conversations we have with you online, by telephone or in person to customize products and services for you.
- Credit risk: To assess the financial position of your company, we apply specific risk models that may involve the use of personal data.
- Personalized marketing: We may send you letters, emails, or text messages offering you a product or service based on your personal circumstances, or show you such an offer when you log in to our website or mobile apps. You may unsubscribe from such personalized offers. You have the right not to consent or to object to personalized direct marketing or commercial activities, including profiling related to these activities.
- Providing you with the best-suited products and services: When you visit our website, call us or visit our offices we gather information about you. We analyze this information to identify your potential needs and assess the suitability of products or services. For example, we may suggest opportunities suited to your profile. We analyze your payment behavior, such as large amounts entering or leaving your account. We assess your needs in relation to key moments when a specific product or service may be relevant for you.
Improving and developing products and services: Analyzing how you use our products and services helps us understand more about you and shows us where we can improve. For instance,
- When you open a merchant account, we measure the time it takes until your first transaction to understand how quickly you are able to use your merchant account.
- We analyze data on transactions between you and our corporate customers (merchants) to offer information services. When Payvision processes personal data for this purpose, aggregated data may be made available to the Payvision merchant (webshop/retailer). This merchant cannot identify you from this aggregated data.
- We analyze the results of our marketing activities to measure their effectiveness and the relevance of our campaigns.
Data security and preventing and detecting fraud: We have a duty to protect your personal data and to prevent, detect and contain data breaches. This includes information we are obliged to collect about you, for example to comply with regulations against money laundering, terrorism financing and tax fraud.
- We may process your personal information to protect you and your assets from fraudulent activities, for example if you are the victim of identity theft, if your personal data was disclosed, or if you are hacked.
- We may use certain information about you for profiling (e.g. name, account number, age, nationality, IP address, etc.) to quickly and efficiently detect a particular crime and the person behind it.
- Our merchants (webshops/retailers) may use contact and security data to secure transactions and communications made via remote channels.
- Internal and external reporting: We process your data for our payment operations and to help our management make better decisions about our operations and services. To comply with a range of legal obligations and statutory requirements (anti-money laundering legislation and tax legislation, for example).
Data that we process for any other reason is anonymized or we remove as much of the personal information as possible.
6. Who we share your data with and why
Whenever we share personal data internally or with third parties in other countries, we ensure the necessary safeguards are in place to protect it. For this, Payvision relies on:
- EU Model clauses, which are standardized contractual clauses used in agreements with service providers to ensure personal data transferred outside of the European Economic Area complies with EU data protection law.
- Privacy Shield framework that protects personal data transferred to the United States.
To be able to offer you the best possible services and remain competitive in our business, we share certain data both internally as well as outside of the Payvision Group. This includes:
We transfer data across Payvision businesses and branches for operational, regulatory or reporting purposes, for example to comply with certain laws, secure IT systems or provide certain services (see section 4 “What we do with your personal data”). We may also transfer data to centralized storage systems or to process it globally for more efficiency.
Independent sales agents
We share information with independent sales agents (referral partners) who act on our behalf.
To comply with our regulatory obligations, we may disclose data to the relevant authorities, for example to counter terrorism and prevent money laundering. In some cases, we are obligated by law to share your data with external parties, including:
- public authorities, regulators and supervisory bodies such as fraud protection agencies and the central banks of the countries where we operate;
- judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legal request; and
- lawyers, for example, in case of a claim or bankruptcy, trustees who take care of other parties’ interests and company auditors.
When funds are transferred from a payer to a payee, the transaction involves other financial institutions, banks or a specialized financial company. Payvision may process payments through such other financial institutions. These external organizations may process and store your personal information abroad and we and/or they may have to disclose your information to foreign authorities to help them in their fight against crime and terrorism.
To process payments, we have to share information about the transaction with other financial institution, such as your name and account number. We also share information with financial sector specialists who assist us with financial services like:
- payments and credit transactions worldwide;
- processing electronic transactions worldwide; and
- settling domestic and cross-border security transactions and payment transactions.
Sometimes we share information with banks or financial institutions in other countries, for example when you make or receive a foreign payment.
Third-party service providers
When we use other service providers, we only share personal data that is required for the specific task we involve the service provider for. Service providers support us with activities like:
- performing certain services and operations;
- design and maintenance of internet-based tools and applications;
- marketing activities or events and managing customer communications;
- preparing reports and statistics, printing materials and designing products; and
- placing advertisements on apps, websites and social media.
Payvision may buy or sell business units or affiliates. In such circumstances, we may transfer customer information as a business asset. Without limiting the foregoing, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
With your permission
Your information may also be used for other purposes for which you give your specific permission, or when required by law or where permitted under the terms of the laws of the relevant jurisdiction.
If you have any questions or concerns, feel free to contact us at privacy^AT^payvision^DOT^com.
7. Your rights and how we respect them
We take respecting your rights very seriously, which is why you should know exactly how you can determine the way your personal data is used. These rights include:
Right to access information
You have the right to ask us for an overview of your personal data that we process.
Right to rectification
If your personal data is incorrect, you have the right ask us to rectify it. If we shared data about you with a third party that is later corrected, we will also notify that party.
Right to object to processing
You can object to Payvision using your personal data for its own legitimate interests. You’ll find a list of contact details at the end of this Privacy Statement. We will consider your objection and whether processing your information has any undue impact on you that requires us to stop doing so.
You can also object to receiving personalized commercial messages from us. You cannot object to us processing your personal data if we are legally required to do so, even if you have opted out of receiving personalized commercial messages.
Right to object to automated decisions
We sometimes use systems to make automated decisions based on your personal information if this is necessary to fulfill a contract with you, or if you gave us consent to do so. You have the right to object to such automated decisions (for example requiring a new passport copy if the one we on file for you as representative of your company is no longer valid) and ask for an actual person to make the decision instead.
Right to restrict processing
You have the right to ask us to restrict using your personal data if:
- you believe the information is inaccurate;
- we are processing the data unlawfully;
- Payvision no longer needs the data, but you want us to keep it for use in a legal claim; and/or
- you have objected to us processing your data for our own legitimate interests.
Right to data portability
You have the right to ask us to transfer your personal data directly to you or to another company. This applies to personal data we process by automated means and with your consent or on the basis of a contract with you. Where technically feasible, we will transfer your personal data.
Right to erasure
You may ask us to erase your personal data if:
- we no longer need it for its original purpose;
- you withdraw your consent for processing it;
- you object to us processing your data for our own legitimate interests or for personalized commercial messages;
- Payvision unlawfully processes your personal data; and/or
- a law of the European Union or a member state of the European Union requires Payvision to erase your personal data.
Right to make a complaint
If you’re unhappy for any reason with the way Payvision treats your personal data, you can send an email to privacy^AT^payvision^DOT^com. You can also file a complaint with Payvision’s Compliance Officer at compliance^AT^payvision^DOT^com. You can also contact the data protection authority in your country.
Exercising your rights
How you can exercise your rights depends on the type of personal data Payvision processes. It could be through our website, by fulfilling our KYC obligations, or by processing a transaction. We aim to respond to your request as quickly as possible.
In certain cases, we may deny your request. If it’s legally permitted, we will let you know within a reasonable timeframe why we denied it.
If you want to exercise your rights or submit a complaint, contact us at privacy^AT^payvision^DOT^com.
8. Your duty to provide data
There’s certain information that we must know about you so that we can commence and execute our duties as a payment institution and fulfill our associated obligations. There’s also information that we are legally obligated to collect. Without this data, we may for example not be able to open a payment processing account for your company.
9. How we protect your personal data
We apply an internal framework of policies and minimum standards to keep your data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments. More specifically and in accordance with the law, we take appropriate technical and organizational measures (policies and procedures, IT security, etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed.
In addition, Payvision employees are subject to confidentiality and may not disclose your personal data unlawfully or unnecessarily.
10. What you can do to help us keep your data safe
Unfortunately, the transmission of information via the internet in general is not always completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
We do our utmost to protect your data, but there are certain things you can do, too:
- Install anti-virus software, anti-spyware software and a firewall on your computer and keep them updated.
- Do not leave verification tokens or your credit card unattended.
- Keep your passwords strictly confidential and use strong passwords, i.e. avoid obvious combinations of letters and figures.
- Be alert online and learn how to spot unusual activity, such as a new website address or phishing emails requesting personal information.
11. How long do we keep your personal data?
We will retain your personal information for a reasonable period, or as otherwise allowed or required by law.
12. Contact us
If you want to know more about Payvision’s data policies and how we use your personal data, you can send us an email at the following dedicated email address: privacy^AT^payvision^DOT^com.