When Adyen has processed your transaction
Adyen is a payment service provider and as such provides acquiring services to its customers. This means that Adyen accepts payments on behalf of the relevant merchant and transfers the funds paid by the shopper (“you”) to the merchant. Adyen’s role is to request the relevant payment scheme, such as Mastercard, Visa or iDeal, to authorize the transaction and send this authorization to the shopper’s bank for approval. If the bank gives approval, Adyen is notified by the relevant payment scheme and makes the payment to the merchant’s bank.
When we provide such acquiring services to our customers, we process your personal data as a data controller. It is important to us that your personal data is handled carefully and that you are well informed about the way we process your personal data.
We process the data we need for our legitimate interest of providing acquiring services to our merchants, which in this context are usually web shops and brick-and-mortar stores that sell you goods and services. This means that we receive your payment on behalf of the merchant and handle matters relating to these financial transactions. In addition, when a merchant wishes to charge your card for a recurring payment and your card has expired, Adyen may request the relevant payment scheme or look up your up-to-date card information on the Adyen platform, to facilitate your payment.
In addition, we process your data to comply with our legal obligations as a financial institution, such as to monitor financial transactions to help prevent fraud, money laundering and terrorist financing. For these reasons, we may collect your debit or credit card number (which we encrypt in accordance with PCI DSS standards), the expiry date (month and year) of your card, your bank account details, including IBAN and SWIFT/BIC, the transaction amount and the currency in which the transaction is initiated, the date, time, and location of the transaction, and the category and ID of the merchant you are shopping with.
If necessary, we can also process any of the information outlined above for our legitimate interest of protecting our legal rights – for example, in connection with legal claims, and when we have a legal obligation to process your information.
In addition, Adyen processes your personal information for the following purposes:
To provide the service in accordance with the agreements we have with our customers and the specific payment method or bank;
To optimize payment performance and improve our products and services;
To comply with applicable laws and regulations;
To conduct analysis for statistical, strategic, and scientific purposes; and
To protect our platform, systems, and services from misuse, fraud, financial crimes, or other unauthorized or illegal activity.
To transfer payment funds, Adyen may process your personal information when necessary to either pay the funds out to you, or collect the funds from our account.
How long do we keep this data?
We only keep your data for as long as we reasonably need to for the purposes listed above.
We keep the data we collect to perform the transaction in accordance with applicable laws. For most jurisdictions, this is a period of 7 years after conclusion of the relevant transaction, in order to meet our fiscal, corporate, and other statutory obligations.
The retention terms above can be longer than stated, if we are required to keep this data for any other applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
Who do we disclose this information to?
In some jurisdictions, we may partner with third parties to be able to offer you our acquiring services. It will depend on your location, the payment method you use, and the third party issuing bank. Additionally, we disclose your information to the merchant you are shopping with, and if relevant, used by the platform. We may also disclose some of your information to competent authorities and/or regulators, in case this is required to comply with our obligations as a financial institution – for example, to prevent money laundering or terrorist financing.
Otherwise, we will not disclose your information to any third party, unless we have your permission, and where it is necessary in connection with the purposes above, or with legal claims, or when we have a legal obligation to do so.