This Privacy Notice explains how your Personal Data will be Processed by Worldline SA/NV (Chaussée de Haecht 1442, 1130 Brussels – VAT 0418.547.872. hereby referred to as ‘Worldline’, ‘we’, ‘us’) in the context of the Account Information Service. For the processing of personal data in the context of any other product or service of Worldline, please, consult the relevant Privacy Notice provided on our website or at the moment of collection of personal data.

Worldline will store and process your personal data – as Account Owner - in accordance with applicable data privacy legislation. Such information includes:

• Identification data, such as the Name and the country of the Account Owner
• Banking and financial data, such as the bank, bank ID and IBAN, transaction information (such as date, time, amount, currency of the transaction) and your bank details
• Information about your device and online activity, such as your IP address and device ID to the extent that it is necessary for us to deliver our services and verify your identify in accordance with the applicable laws and our General Conditions and our Service Conditions AIS (“Worldline’s Terms and Conditions”).

We receive this information either directly by you (e.g. IBAN, IP address, Device ID) or by your bank (e.g. account information, transaction history).

Worldline will process your personal data for the following purposes:

• For purposes necessary for the performance of the contract with you, once you have agreed with Worldline’s Terms and Conditions. In this context, Worldline will process your data for the purposes described in Worldline’s Terms and Conditions, including for the purposes of managing your account information request and getting access to your financial institution. Worldline will not process any of your personal data before you agree to the Worldline’s Terms and Conditions.
• For the purposes necessary for protecting its and third parties’ legitimate interests (including the account owner and your bank) when these interests are not overridden by your interest, rights and freedoms. This includes processing your data for combatting and preventing abuse and fraud and promoting safety and security on the payments market and our IT systems.
• Worldline Processes the Personal Data on the basis of its own legal and regulatory obligations in order to comply with various laws and regulations (e.g. PSD2, AML & KYC legislation, tax law) and when requested by any judicial authority or governmental authority having or claiming jurisdiction over Worldline. By submitting an account information request through the Service, you commit to provide any and all such information as may be deemed necessary for purposes of complying with applicable regulation regarding anti-money laundering and financing of terrorism. You recognize that non-compliance with such request may result in refusal to provide the Service or other consequences as called for.  

Worldline will share your personal data only if and to the extent required for providing to you the services, as described in the Worldline’s Terms and Conditions, and as required by applicable laws. This includes sharing your data with your bank to the extent that this is necessary for the provision of the service (e.g. providing access to account). Worldline will disclose Personal Data to public authorities, government agencies and judicial authorities (i) if it is required to do so by law or legal process, (ii) when it believes disclosure is necessary to prevent harm or financial loss, (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity, or (iv) when it is required for Worldline to defend itself against legal claims. Worldline may transfer your personal data to third party providers (data processors) in order for them to process the personal data on Worldline’s behalf. We make sure that in these cases the provider has received specific instructions on how to process the personal data and is under the overview of Worldline to process the personal data in accordance with the contractual agreements and the agreed security standards.

Worldline will retain the Personal Data for as long as necessary to deliver the Products and Services during and after the end of its contractual relationship with the Data Subject, according to the industry standards and applicable legislation (for example, transaction information may be retained for a period of up to 10 years after the date of transaction, information about the merchant may be retained for a period of up to 10 years after the termination of the contract in accordance with retention periods defined by Anti-Money Laundering and Counter Terrorism Financing legislation, tax law, contractual law, etc).

Worldline may process Personal Data in countries other than the country where the personal data was collected, including countries outside the European Economic Area (for example, when the account owners bank is located outside the EEA). When the Personal Data is transferred to countries outside the European Economic Area or countries that do not have an adequate level of protection according to the applicable Legislation, Worldline will either rely on a derogation applicable to the specific situation or ensure that adequate safeguards have been put in place to ensure the protection of the Personal Data processed, in accordance with the applicable legislation for the transfer of Personal Data outside the European Economic Area (e.g. Standard Data Protection Clauses under Article 46.2 of the GDPR).

You have, within the limitations of the applicable Legislation, the right of information, access, rectification, erasure, restriction of processing, objection to processing and data portability. You can direct such a request to Worldline’s Merchant Services Data Protection Office at dpoms@worldline.com. For the protection of the privacy of Data Subjects, Worldline will be required to verify your identity before taking actions to address the request.

You also have the right to lodge a complaint with the competent supervisory authority, if according to your view one of the processing activities of Worldline is not in compliance with the Legislation or Worldline failed to address your data subject requests adequately. You have the right to lodge the complaint with the competent supervisory authority of in the Member State of your habitual residence, your place of work or the place where the alleged infringement of the Legislation took place.