Global Collect Services Privacy Policy for Transactions

Global Collect Services offers online retailers (Merchants) the opportunity to outsource the payment processing in e-commerce and mail order/telephone order to Global Collect Services. Global Collect Services takes the privacy of consumers seriously and we are committed to protecting your privacy. We recognize our responsibility to keep confidential at all times any information about you which we acquire in connection with your payment order and we are committed to safeguarding your privacy while executing your payment on behalf of our clients. With respect to any of your Personal Data (defined herein) collected during or otherwise processed in connection with your payment order, Global Collect Services B.V. acts as “data controller” and adheres to the Dutch Data Protection Act and the EU General Data Protection Regulation.

Objective and scope of this Privacy Policy

This Global Collect Services Privacy Policy (“Privacy Policy”) is issued by Global Collect Services B.V. for itself and its affiliates (collectively “Global Collect”, “We”, or “Us”) to explain the data processing activities of Global Collect. This Privacy Policy describes your privacy rights regarding Global Collect’s collection, use, storage, sharing and protection of your Personal Data as part of our business activities and the services we provide to online retailers: a business that is selling goods or services via card not present channels and that has chosen Global Collect for payment processing services (collectively "Global Collect Services"). It applies to the Global Collect platform and all related custom hosted payment pages, applications, services and tools regardless of how you access or use them.

Legal basis for processing Personal Data

The processing of Personal Data is necessary when you initiate a payment under the purchase agreement you have entered into with a Merchant for the delivery of goods or services by such Merchant. Personal Data is required for us to execute the payment you wish to make for the purchase of goods or services from the Merchant. Withholding Personal Data may prevent Global Collect from proper fulfillment of the payment execution and will result in non-payment and therefore non-delivery of the goods or services that you have ordered from the Merchant.

How we collect information about you

When you initiate a payment on a Merchant’s website with via Global Collect Services, we collect information sent to us by the Merchant, our payment platform, your computer, mobile phone and/or other access device with the utmost care. The information sent to us includes data on the pages you access, your IP address, device identifiers, the type of operating system you are using, your location, mobile network information, standard web log data and other information. Web log data includes the browser type you are using and traffic to and from Global Collect’s payment platform.

What information do we collect?

The Personal Data and other information that we process varies depending on the payment method you have chosen and in order to enable us to process your payment. Among the Personal Data and other information that we may request and process is the following:

• Contact information, such as your name, address, phone, email and other similar or relevant information;
• Financial information, such as the full bank account numbers and/or credit card numbers that you link to your payment or information you give us when you use Global Collect Services to make a payment;
• Detailed Personal Data such as your date of birth or social security number if so required for successful execution of your payment order;
• Information retrieved from your computer or other access device, such as the IP address (a unique identifier for your computer or other access decide). This information will not be used by Global Collect to identify you in any way.

Special categories of Personal Data

We do not process special categories of Personal Data such as data relating to your health, ethnicity, religious or political beliefs unless it is strictly necessary. The processing of sensitive Personal Data is limited to specific circumstances, for example if we are instructed to process a transaction for the payment of a membership fee to a political party.

How do we use your personal data?

Global Collect processes Personal Data for a variety of purposes:

• To verify, process, and settle your payment orders and any refunds or chargebacks;
• To respond to payment queries and complaints received from you;
• To prevent, detect and control fraud and money laundering;
• To meet our legal and regulatory obligations and to protect Global Collect’s legal rights;

We may also render your Personal Data anonymous and use such data and other non-personal information for statistic and analytical purposes. 

How long do we keep your Personal Data?

Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain the information you provided to us as long as necessary to provide you with the services you requested through our website and until the time limit for claims which may arise from those services has expired, or to comply with regulatory requirements regarding the retention of such data. If we use your personal information for more than one purpose we will retain it until the purpose with the longest period expires; but we will stop using it for the purpose with a shorter period once that period expires.

When Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use that anonymised data) or securely destroy the data.

Where and how do we store your Personal Data?

Your Personal Data is stored by Global Collect on secure computer servers located in The Netherlands and Miami (see Transfer of Personal Data to Third Parties and outside European Economic Area below). Some Personal Data is transferred to affiliates of Global Collect Services B.V. outside the European Union, including the United States and may be transferred to third parties. All Personal Data is stored according to industry standards. See Security below.

Transfer of Personal Data to Third Parties and outside European Economic Area

Global Collect may transfer your Personal Data to third parties as permitted by this Privacy Policy and applicable law. You understand and accept that by utilizing the Global Collect Services, your Personal Data can be transferred to countries outside of the European Union, which do not offer an adequate level of protection. Global Collect transfers Personal Data to third parties only where the third party:

• a) has signed an agreement with Global Collect regarding the transfer of Personal Data in accordance with the General Data Protection Regulation; or
• b) is located in the European Union or another country which is deemed to provide adequate protection of Personal Data under the Data Protection Regulation; or
• c) is certified under the EU-US Privacy Shield Program of the United States Department of Commerce. EU-US Privacy Shield status confirms that a company’s data protection policies meet the standards of the General Data Protection Regulation.

We may share your Personal Data with:

• Any employee of Global Collect or its affiliates, located outside of the European Union, including the United States;
• The payment method supplier chosen by you order and/or your bank to execute your payment;
• Third party IT service providers (who may solely process Personal Data in accordance with Global Collect’s instructions);
• Companies that assist us in the detection and prevention of fraud and misuse of Personal Data and money laundering;
• Banking partners as required by credit card association rules;
• Companies that we plan to merge with or be acquired by. Should such a combination occur, we will require that the new combined entity follow this Privacy Policy with respect to your Personal Data;
• Law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to Global Collect or one of its affiliates; when we need to do so to comply with law or credit card rules; or when we believe, in our sole discretion, that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our Merchant Acceptance and Monitoring Guide.
• Other third parties with your consent or direction to do so.

Global Collect will not sell or rent your Personal Data to third parties for their marketing purposes without your explicit consent.

 Security

Global Collect is committed to protecting the security of your data and shall only process your Personal Data in accordance with applicable laws and in a proper and careful manner. We use a variety of security technologies and procedures and have implemented technological and organizational measures to safeguard your Personal Data from unauthorized or improper access during collection and while it is in our possession. Sensitive financial information (such as gender and financial information) is subject to heightened security measures. We do not collect special categories of Personal Data such as ethnicity, political beliefs and/or religion.

Exercising your rights

We respect your rights as a customer to determine how your personal information is used. Under certain conditions, you may have the right to require us to:

• a) provide you with further details on the use we make of your information;
• b) provide you with a copy of information that you have provided to us;
• c) update any inaccuracies in the personal information we hold
• d) delete any personal information that we no longer have a lawful ground to use;
• e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;
• f) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
• g) restrict how we use your information whilst a complaint is being investigated.

You can exercise your rights by contacting our Customer Service department at dataprotection@epay.ingenico.com or by writing to:

Global Collect Services B.V.
Attn. Data Protection
Neptunusstraat 41 – 63
2132 JA Hoofddorp
The Netherlands

Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise them in all situations. If you request deletion of your data, we may not be able to execute payment orders you initiated for the purchase of a good or service from a Merchant.

Data Protection Officer

We have appointed a Data Protection Officer (DPO). If you want to know more about our data protection policies and how we use your personal, you can send us an email: dataprotection@epay.ingenico.com

Complaints

If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the Supervisory Authority of your usual place of residence or place where the alleged breach to the law occurred. Please click here to see the list and contact information of the EU Supervisory Authorities.

Limitation of Liability

Global Collect uses reasonable efforts to comply with the terms of this Privacy Policy and applicable law regarding the processing of your Personal Data. Except as provided by applicable law, Global Collect shall not be responsible for direct or indirect damages that may result from non-compliance with this Privacy Policy.

Changes to Privacy Policy

We may amend this policy at any time by posting a revised version on our platform. The revised version will be effective at the time we post it.

Version: 1.2
Issue Date: May 2018

Global Collect Services B.V. is located in the Netherlands and registered with the Chamber of Commerce under number 34140462. Global Collect Services B.V. falls under the supervision of the Dutch Central Bank and is licensed to act as a payment institute within the European Economic Area.