Compliance obligations
You may be an Adyen customer as a merchant, platform, user / sub-merchant (for instance by using our services through a third-party platform), card holder, business account holder, or card program provider. If you sign up to become one of our customers by entering into an agreement with Adyen (including by accepting our terms and conditions), we will collect information we need to establish and perform a contract with you; this includes your contact information, address, ID documentation, tax information, creditworthiness, and payment details. We use this information to set up our products and services for you, and to provide you with support, onboarding, and integration to our platform. We also use this information to help you with configuring settings in the Adyen Customer Area, POS terminal field services, installation of POS terminals in stores, to pick up old/damaged POS terminals, and with other actions that need to be taken to establish or perform our contract with you. In addition, we use your information for our legitimate interest of managing our internal administration and to comply with our legal obligations, such as the prevention and detection of fraud, our Know-Your-Customer processes, and taxation obligations.
We have an obligation to comply with applicable laws and regulations, and to prevent fraud, money laundering, and terrorist financing. Since we are active in the financial sector, we cannot accept any customer without performing thorough checks, or without determining, investigating, and reporting suspicious transactions that take place. Therefore, if you are applying to become one of our customers, we will need to collect up-to-date information and documents during the performance of our agreement to:
Verify your identity;
Identify the ultimate beneficial owners of your business;
Identify the purpose and intended nature of your future business relationship with us;
Monitor your behavior and transactions across the Adyen platform, including by using automated systems such as machine learning models that detect risks, fraud metrics and patterns, and verify the origins of your capital/assets;
Check whether a natural person representing you is competent to do so (and verify the identity of this person);
Check whether you are acting on behalf of yourself or on behalf of a third party; and
Check whether you are eligible for additional ancillary services and provide a corresponding offer.
To carry out the above checks, we process information (including personal data) that you have provided to us, as well as other information created by your use of the Adyen services. This may include your name, your contact information, a copy of your identification document, your tax identification number or BSN (if legally required), biometric data (including a facial scan, voice recording and/or video), the address of your legal representative and shareholders, your bank account number, information contained in correspondence between us, bank statements, your signature, and an extract of your company registration document. We may use third-party identification, screening, and verification services (including credit reporting agencies or open banking providers) in order to assist us in verifying your identity and the documents provided to Adyen. Depending on the services you use, we may share your data with payment schemes, local payment methods, and other third-party service providers.
We use this data to ensure the safety and integrity of the financial sector by aiming to identify, prevent, and counter illegal conduct, and to comply with our Know-Your-Customer and anti-money laundering obligations, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing Prevention Act (Wwft). In accordance with local laws, Adyen may be required to process the above mentioned personal data to investigate and report unusual transaction behavior.
Adyen may use automated decision-making, including profiling, during the initiation or execution of a contract with you, where permitted by applicable laws, or with your consent. If this decision would have legal implications or otherwise significantly affect you, you have the right to opt-out of such profiling, obtain human intervention, express your point of view, or contest the decision based solely on automated processing, including profiling.
Adyen processes your personal information for the following purposes:
To provide you with the services pursuant to any agreement between you and Adyen;
To optimize payment performance and prevention and detection of fraud;
To improve our products and services;
To comply with applicable laws and regulations;
To train and use automated systems, including machine learning models;
To conduct analysis for statistical, strategic, and scientific purposes;
To protect our platform, systems and services from misuse, fraud, financial crime, or other unauthorized or illegal activity including the prevention, investigation, and detection of (payment) fraud on the basis of legitimate interest and/or compliance with legal obligations; and
For reporting and training purposes.
How long do we keep this data?
If you are currently, or become, one of our customers, we will keep information relating to our business relationship for a period of 7 years following the end of your contract with us, or until the rejection of your application. Documents used to verify your identity, including biometric identifiers, are stored for 5 years, in accordance with our obligations to prevent fraud,money laundering, as well as in accordance with counter terrorism financing regulations. Data that we have collected in relation to our legal obligation to verify our customers will be kept for as long as it is required by law – in most cases, 5 years. We may also disclose some of your information to competent authorities and/or regulators, in case this is required to comply with our obligations as a financial institution, for example, for the purpose of preventing money laundering and terrorist financing.