Privacy & Cookies

Privacy Statement

PAY. processes personal data. On this page, we inform you about the types of data we collect when you visit our website (hereinafter Visitor), use our Merchant Admin Panel (hereinafter Merchant) or make a payment to an organisation affiliated with PAY. for which PAY. processes payments (hereinafter End User).

PAY. wants to inform you, as a Visitor, Merchant or End User of PAY., in a clear and transparent manner. We consider it our responsibility to protect your privacy.

In this privacy statement, we explain how we handle the processing of personal data. If you have any questions about our privacy statement, please contact us via privacy@pay.nl.

Whose and what personal data does PAY. process?

PAY. processes the personal data of Merchants and their representatives, as well as that of people who use PAY.’s services.

If you use PAY.’s services as a Merchant, we will process the following personal data:

  • Your full name;
  • Your address information;
  • Your date of birth;
  • Your place of birth;
  • Your nationality;
  • Your email address;
  • Your telephone number;
  • Your IP address;
  • A copy of the document with which your identity was verified;
  • The number, date and place of issue of the document with which your identity was verified;
  • Other data that you provided yourself during your communication with PAY.

Note: If you use PAY.’s services as a Merchant and decide to give your employees access to PAY.’s Admin Panel, you must inform them about the fact that you released personal data to PAY.

If you use PAY.’s services as an End User (meaning that you make a payment to a PAY. Merchant via PAY.'s platform), we will process the following personal data:

  • Your first and last name;
  • Your IP address;
  • Depending on the payment method you selected:
    • Your IBAN number;
    • Your card number (credit card payments, Bancontact)
  • Depending on the Merchant in some cases:
    • Your address information;
    • Your date of birth;
    • Product information;
    • Address information for the purpose of delivering the product (physically and/or digitally);
    • Billing address;
    • Email address.

Why does PAY. process personal data?

PAY. processes personal data because it is necessary to do so in order to provide our services. PAY. processes personal data for the following purposes:

  • To enter into a client relationship;
    If you want to become a client of PAY., we will need personal data from the legal representative, ultimate beneficial owner(s), partners, owners, etcetera. We use these data to assess whether we can accept you as a client of PAY. We may also use data that we receive from third parties for this purpose. Collecting these data also serves a legal purpose in accordance with the Financial Supervision Act and the Money Laundering and Terrorist Financing (Prevention) Act.
  • To maintain our relationship with you and execute our agreement;
    When you become a client of PAY., we use your personal data to contact you. We also store recordings, e.g. telephone conversations and chat sessions. We use these recordings as training tools for PAY. employees, as well as a means to prevent crime and as evidence. We will also release your name and IBAN number to third parties in order to facilitate the payment traffic.
  • To protect your and our interests;
    To safeguard the stability and integrity of our financial system, we conduct research to e.g. prevent fraud and/or study cases of fraud. We use your personal data for this purpose, as well as (public) registries and warning systems, newspapers, news alerts and the internet.
  • To process payments;
    When PAY. processes incoming payments, we may sometimes process personal data on our payment screens in order to perform the transaction. In other cases, we will receive your personal data from your own bank.
  • To meet our legal obligations;
    In accordance with applicable laws and regulations, we are required to collect personal data on our Merchants, their representatives and ultimate beneficial owners and the end users who use PAY. to make payments. For example, the Money Laundering and Terrorist Financing (Prevention) Act requires PAY. to research any unusual transactions on its platform. PAY. may also be asked by a government institution (e.g. De Nederlandsche Bank, the police or the Tax Authority) to release your personal data.
  • For our business operations;
    As a payment institution, we want to know who we are dealing with. A good overview of all our client relations is an essential part of this. We may also record which parties you do business with in order to conduct a risk assessment and determine whether we can and/or want to offer our services to you.

Does PAY. process any special categories of personal data?

PAY. legt geen bijzondere persoonsgegevens van onze Merchants of Eindgebruikers vast die te maken hebben met uw gezondheid, strafrechtelijke zaken, etniciteit, religieuze of politieke overtuigingen, behalve als dit absoluut noodzakelijk is. Dit is bijvoorbeeld noodzakelijk als u een betaling doet aan een apotheek of aan een politieke partij. Hieruit kunnen gegevens over uw gezondheid of uw politieke voorkeur worden afgeleid.

Tevens toetst PAY. bij waarschuwingssystemen zoals het landelijk meldpunt internetoplichting of websites, telefoonnummers en e-mailadressen daar negatief geregistreerd staan. Een positieve of negatieve melding leggen wij altijd vast in ons systeem. Het betreffen hier geen strafrechtelijke gegevens.

Wij verzoeken Merchants en Eindgebruikers van PAY. geen bijzondere persoonsgegevens met ons te delen, tenzij strikt noodzakelijk zoals hierboven omschreven. Indien u besluit deze toch te delen met PAY., dan verwerken wij deze gegevens alleen als dit noodzakelijk is voor onze dienstverlening.

How does PAY. treat my personal data and does PAY. share data with third parties?

Your personal data are carefully stored for no longer than necessary for the purpose for which they were processed, taking the legal retention period into account. At PAY., your personal data can only be accessed by employees who, given the nature of their function, must have access to these data. All PAY. employees have signed a confidentiality agreement. We do not share your personal data with third parties, unless this ties into the purpose for which you provided the data to us or to meet a legal obligation. Think of e.g. releasing your data to third parties in order to provide our payment services, such as offering payment-in-arrears methods for which the payment method in question needs your personal data to make payment in arrears possible. We may also share your data with the authorities in order to meet our legal obligation to do so. We will not sell or rent out your personal data.

How does PAY. protect your personal data?

In addition to the organisational measures that PAY. has taken to protect your personal data, i.e. your data are only accessible to PAY. employees who need such access due to the nature of their function, PAY. has also taken various technical measures to secure your data. Our data security measures are regularly assessed. PAY. has a PCI DSS Level 1 certification, among others. Since 2014, we are audited every year by a Qualified Security Assessor and an external accountant.

Is PAY. a controller or a processor under the terms of the GDPR?

PAY. has adopted the position that it is a controller of the personal data of our Merchants under the provisions of the General Data Protection Regulation (GDPR), due to the fact that:

  • PAY. requires its Merchants to provide certain personal data;
  • PAY. has to meet its legal obligations (e.g. the Financial Supervision Act, the Money Laundering and Terrorist Financing (Prevention) Act and the Inheritance Tax Act).

When it comes to processing transactions and therefore the personal data of End Users, PAY. is both a controller and a processor. PAY. has adopted this position due to the fact that:

As a controller:

  • PAY. decides what personal data to process for the execution of a payment;
  • PAY. processes payments on behalf of our Merchants. To do so, PAY. processes personal data, which we are allowed to do in order to provide our services. Processing payments is a main activity for PAY.

As a processor:

  • PAY. requests additional personal data, which we process to facilitate payments via e.g. payment-in-arrears methods. These data (e.g. name and address information and product information) are sent to PAY. by the Merchant. Acquiring these data is necessary in order to provide the aforementioned payment methods.
  • PAY. requests additional personal data, e.g. name and address information and product information, in order to facilitate and improve its transaction monitoring and fraud monitoring capabilities.

For the cases in which PAY. acts as a processor of personal data, we have drawn up a processor agreement for our Merchants.

READ OUR BLOG ABOUT THE GDPR

Learn everything you need to know about the introduction of the GDPR at PAY.

Your rights

As a Merchant, Visitor or End User, you have the right to access, correct or delete your personal data that PAY. processes. PAY. will grant such requests as soon as we are able to verify your identity and determine that the request actually comes from you. Furthermore, we cannot grant your request if doing so would be in violation of PAY.’s legal obligations, e.g. pertaining to the retention period of data.

You can submit your request to privacy@pay.nl.

What should I do as a Merchant?

As a Merchant, you are responsible for your own data and the data you share with us for which PAY. acts as a processor. You must inform your customers of the fact that you use PAY. as a Payment Service Provider. You can do so in your own privacy statement. Your customers must accept both your general terms and conditions and your privacy statement.

The use of Cookies

We collect data for research purposes in order to gain more insight into the usability of our website and our clients, so we can tailor our website and services accordingly.

This website uses cookies (small text files that are stored on your computer) and similar technologies to help us analyse how users use our website. The information generated by these cookies about your use of our website may be transferred to Pay.nl’s own secure servers or those of a third party. We use this information to monitor how you use our website, draw up reports about our website activity and offer additional services pertaining to website activity and internet usage. A cookie is a simple, small text file that is sent by a website and stored on your computer’s hard drive by your web browser. Cookies are used to store the settings and preferences of website visitors.

This website uses four types of cookies:

  • Functional cookies that are automatically generated by the website’s CMS (content management system). The CMS uses these cookies to manage the session of a (new) user. This cookie is only used when someone logs in to the website.
  • Analytical cookies from Google, which uses cookies to provide its statistics and analysis services. We use this service to monitor and draw up reports on how visitors use our website. Google may release this information to third parties if it has a legal obligation to do so or if these third parties process the data on Google’s behalf. We cannot affect this form of data processing.
  • Analytical cookies from NewRelic, which uses cookies to monitor the performance of our platform. This allows us to combine the loading speeds of pages with the necessary processes on our servers. These cookies are automatically deleted when you close your browser window and do not contain any personal data.
  • Data cookies, which you can use on your local workstation to store data in order to automatically complete forms, e.g. your email address or your first and last name. These cookies are only saved if you have given your explicit consent.

The cookies contain anonymised information and are stored by your browser for a period of no more than two years.

Cookies from third parties

This website does not use cookies that third parties can use for advertising purposes. It only uses cookies that help us safeguard the correct performance of the website itself and monitor how users navigate around our website.

Turning off cookies

You can delete and turn off cookies via your web browser. The way to do so differs per browser. The website of the Dutch Consumer Association contains more information about how to turn off cookies.

We're happy to help

Contacting us is quick and easy.
PAY. uses cookies for a correct user experience, statistical insight, monitoring of our technique and for playing videos on our website.