Who we are
As a registered payment service provider, we offer online retailers (merchants) the possibility to use our payment processing services to conclude online transactions. In order to give you an opportunity to get acquainted with such products and services, we developed a ‘Sandbox Environment’ where you can create a test account and familiarize yourself with our offers.
The types of personal data we process
We start collecting and processing personal data about you from the moment you sign up and start using our ‘Sandbox Environment’ to test our products and services. The data processing is limited to the types mentioned below:
- First and last name
- Email address
- Log in and usage logs
- Browser type and vision
- Device type
- Operating system and version
- IP address
How we collect your data
Your data is collected directly from you, from the moment you visit our site or complete the request form displayed at our Worldline Developers portal.
For which purposes do we use your data
Your data is mainly used to provide you with access to our ‘Sandbox Environment’ and the possibility to test the use of our products and services. To do so, we need basic information about you to provide the necessary account and log in details.
We use your devise and other relevant information for performance monitoring and to detect and correct any issues with your user experience.
We use your location data to understand how well our platform performs in various locations and regions.
Your data may also be used for marketing purposes. We’re interested in providing up to date information to our actual and potential clients about new products and services, as well as new development of existing products. We do so provided we’ve obtained your consent.
Considering our core business – payment processing services – log in and usages logs may be kept to ensure the safety of our solutions and networks. Such logs will only be used in case of a security incident related within the ‘Sandbox Environment’ and are subject to strict internal approval and audit processes. This purpose is based in our legitimate interest of the security and safety of our assets.
In order to better understand the use of our ‘Sandbox Environment’ and the expectations of our potential clients, we may use your data for statistical or analytical purposes. When we do so, we’ll ensure that we only use non-personal or anonymized data.
We base the processing of your personal data on any one of the following permitted lawful grounds, or a combination thereof:
- Processing of your personal data is based on your consent
- Processing of your personal data is necessary for the purposes of our own legitimate interests, or those of a third party where your own privacy rights do not override such interests. We will always weigh your interests against the interests that we are seeking to protect
How long do we keep your data?
Our retention periods are based on business needs or legal requirements and prescribed largely by legislation and regulations that apply to us. Generally speaking, we retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected.
In the case of the ‘Sandbox Environment’ usage, your information is kept during the entire period of your usage. The retention and deletion of personal data is always conducted under the most adequate standards and according to our internal policies.
Where do we store your data
We store your data in secure computer servers located in Amsterdam and Miami, respectively. Both servers are exclusively owned and managed by us. Enough safeguards are in place to protect your data when it is transmitted outside of the European Union. Please see the applicable section below for further clarifications.
Sharing your data with other parties
We may share your personal data with:
- Any of our employees, locally or globally, who has a legitimate business need to access it
- Our marketing partners and the owners of the software solutions used by us for marketing management providers (who may solely process personal data in accordance with our written instructions)
- Third party IT service providers (who may solely process personal data in accordance with our written instructions)
- Companies that we plan to merge with or be acquired by:
- Law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to us or one of our affiliates. Or when we believe, in our sole discretion, that the disclosure of personal data is necessary to prevent physical harm or financial loss, or to report suspected illegal activity
- Other third parties with your consent or direction to do so
We will never sell or rent your personal data to third parties for their marketing purposes without your explicit consent.
We’re committed to protecting the security of your data and shall only process your personal data in accordance with applicable laws and in a proper and careful manner. We use a variety of security technologies and procedures and have implemented technological and organizational measures to safeguard your personal data from unauthorized or improper access during collection and while it’s in our possession.
International transfers of your data
Our partners and subsidiary companies may be located globally. Whenever a recipient of personal data is located outside of the European Economic Area (EEA), we ensure that the required mechanisms are in place to safeguard your data.
Whenever we transfer your data to a non-EEA recipient established in a country that is not deemed to provide adequate respect and protection for personal data, we will enter into a data transfer agreement with them that complies with the requirements of the GDPR.
We may, when necessary and justifiable, share your personal data with one of our sister companies. When we do so, we’ll share your data in accordance with our inter-company data transfer and sharing agreement.
Under data protection law, you have rights including:
Your right to be informed – You have the right to obtain specific information about the processing activities that involve your personal data.
Your right of access - You have the right to ask us for copies of your personal data.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. Please be aware, however, that certain exceptions apply to the exercise of these rights. Therefore, you won’t be able to exercise them in all situations. If you request deletion of your data, we may not be able to execute payment orders you initiated for the purchase of goods or services from a merchant. Because certain regulations, such as fraud screening or anti-money laundering laws, have a direct impact on our business and industry we may also be prevented from deleting your data when we have to comply with the required retention periods.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
Your right to lodge a complaint - If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to complain to the Supervisory Authority of your usual place of residence or place where the alleged breach to the law occurred. Please click here to see the list and contact information of the EU Supervisory Authorities.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Our contact details
Should you have any queries, questions or concerns about an online transaction, you can contact our Data Protection Team. The contact details are as follows:
Name: GlobalCollect Services B.V. trading as Worldline Digital Commerce
Attention: Data Protection Office
Address: Neptunusstraat 41-63, 2132JA Hoofddorp, The Netherlands
Phone Number: +31 23 567 1505