Privacy Statement
Please read this privacy statement if you would like to know more about the way Adyen and its group companies around the world (hereinafter referred to as “Adyen” or “we”) collect and process your personal data. This privacy statement applies to the processing activities in which Adyen acts as a data controller.
It is important to us that your personal data is handled carefully, and that you are well informed about the way we process your personal data. This privacy statement tells you what data we process – including how, why and how long we process it for – and informs you of your data privacy rights.
Adyen reserves the right to update its privacy statement at any time. Such updates will be made and posted on our publicly available website https://www.adyen.com/privacy-policy.
Version as of June 4, 2024.
Hi there,
We have updated our Privacy Statement as of the June 4, 2024. To read the previous (March 2023) version, please click here.
General information
Adyen is a financial technology company operating under a banking license. This means that Adyen provides its customers with payments and other financial products, including payments processing for its customers and platforms via credit card, bank transfer, and other payment methods, card issuing, (merchant) bank accounts, fraud detection, and other financial services. It is also important to note that Adyen N.V. is supervised by the Dutch Central Bank as a regulated bank under Dutch law. In addition, Adyen and its group companies are supervised by various regulators and authorities, as applicable, around the globe.
You may have seen Adyen on your bank statements if you have bought something, automatically renewed a subscription, or received a payout from one of Adyen’s customers. If you would like more information about any of these charges, you can use Adyen’s Look Up Charge Tool.
If you would like to exercise your data subject rights (outlined below) under data privacy law, please use Adyen’s Privacy Form.
You may have the following rights regarding your personal data, subject to to certain exceptions:
Right to access: You may have the right to ask us for the specific personal data that we have collected from you in a portable and (where technically possible) usable format.
Right to know: You may have the right to verify that we have collected personal data about you, as well as know what personal data we have collected about you. This includes, as applicable, the categories of personal data we have collected, the sources from which we collected that personal data, the business or commercial purposes for which we collected, “sold”, and “shared” that personal data, the categories of personal data that we “sold”, “shared”, or disclosed to third parties for business purposes and the categories of third parties to whom we “sold”, “shared”, or disclosed personal data. You can also contact us if you want to know more about the data we process for our legitimate interests.
Right to deletion: You may be entitled to request that we delete the personal data that we have collected from you. We will use all commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need or be required to keep such information, such as for our legitimate business purposes, or to comply with applicable laws.
Right to opt-out of sales and sharing of personal data to third parties for cross-context behavioral advertising: You are entitled to opt-out of sales of your personal data to third parties and to opt-out of the sharing of your personal data to third parties for cross-context behavioral advertising, if applicable. You can opt-out of sales and sharing of your personal data by visiting our Cookies Policy and disabling the ‘Sale or Share of Personal Data’ toggle in the Cookies Preference Center, or by contacting us using one of the methods below. If you have enabled the Global Privacy Control mechanism on your browser, device, or platform, you will automatically be opted out of any “sharing” when you use our website. Adyen seamlessly processes the Global Privacy Control (GPC) signal if enabled on your browser, device, or platform. Please visit this page to learn more about enabling the GPC.
Right to object to the processing of your personal data: You are entitled to object to us processing your personal data. In addition, where you have given your consent for us to process personal data, you can withdraw this consent at any time. Please note that Adyen maintains a record of withdrawals of consent to ensure that we do not contact you in the future.
Right to opt-out of profiling: As defined under privacy laws, Adyen may profile customers to determine their eligibility for certain financial products, or to offer them certain financial services. Please note that opting-out of profiling will mean that you are no longer eligible for these financial products or services.
Right to correct your personal data: You may have the right to update inaccurate information that we process about you.
Right to exercise rights without discrimination: You have the right not to receive discriminatory treatment if you exercise the rights conferred to you by applicable privacy laws.
These rights may be limited under applicable laws, and are also subject to technical feasibility. For example, if we collect your personal data in our role as a service provider to one of our customers, you will need to contact that customer directly to exercise your rights.
Please note that we may require additional information from you to verify your identity and process your request. Alternatively, you can submit a request through an authorized representative using the contact methods described below. If you use an authorized representative, we may require a copy of their signed permission to act on your behalf. We may also need to verify your identity directly and ask you to confirm the representative’s authority.
To exercise your rights, your information will be disclosed to our privacy management third-party service provider. Please be informed that Adyen has implemented the appropriate safeguards to ensure your information is adequately protected.
Some of the information you send us may be disclosed to other Adyen group companies outside of the European Economic Area ("EEA"). These countries encompass the countries in which we have operations (you can find a full list here).
If you are a resident in Quebec, some of the information you send us may be disclosed to Adyen group companies outside of Quebec.
To protect your data when it is transferred to countries outside of the EEA, we have implemented appropriate safeguards. When we transfer data to our Adyen group companies, the transfers are protected by an intragroup agreement containing Standard Contractual Clauses. For transfers to our services providers located outside of the EEA, we rely on Standard Contractual Clauses. If you would like to know more about these safeguards, you can contact us using the details below, under “Contact us”.
We use third parties to offer you our website, as well as our products and services. Where necessary, we will disclose your information to our service providers and professional advisers (e.g. IT providers, KYC partners, CRM providers, marketing support providers (such as agencies that manage our social media accounts), social media providers such as LinkedIn, analysts, customer service providers, business development providers and legal service providers). We have established agreements with our service providers to protect your personal data.
If our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s advisers, and will be passed to the new owners of the business.
We may disclose information to third parties in connection with legal claims, or when we have a legal obligation to do so. We may also disclose information with your permission (such as if we wish to disclose your details with another group company for their recruitment purposes).
The table below provides a summary of the categories of personal data that we collect and disclose to service providers and other third parties.
Category of personal data Adyen collects Examples of personal data Adyen collects When and why does Adyen collect this information? What kind of third parties we disclose to, and for what business purpose(s)Name, date of birth, contact information, bank account number, tax identification number, nationality and national identification number, and job title, including biometric data. Birth certificates for parents or guardians of minors (children ages 13-17).
When you sign up for Adyen services. We are legally obliged to collect this information.
Adyen discloses this information to identity and verify providers and screening partners, including credit reference agencies, and may disclose this information to regulatory authorities upon request or for mandated reporting. Adyen may disclose this information to payment schemes, local payment providers, debt collecting agencies, and other third-party service providers, depending on the services acquired. Adyen may also make such information available to Platform customers you have signed up with.
Your name, business email, phone number, company name, and website.
When you fill out our sales form and when we communicate with you. Adyen collects this information for marketing purposes, and for providing our products and services.
Adyen discloses this information with our customer relationship management (“CRM”) service providers so they can reach out and further build a relationship.
Name, bank account numbers and credit card numbers.
When you sign up for Adyen services. Adyen is legally obliged to collect this information, and it also helps us to provide our products and services.
Adyen discloses this information with customers for our embedded financial products, card printing partners for our Issuing product, and with law enforcement agencies in compliance with legal orders.
Credit card details, debit card details, transaction amount, date and time of transaction.
When you purchase a good or a service from an Adyen customer. Adyen collects this information for the purpose of providing our products and services.
Adyen discloses this information to our customers in our Customer Area, to authorities pursuant to legal orders, and to the selected payment schemes, such as Visa and Mastercard, and local payment methods upon request. Adyen may disclose this information to regulatory authorities upon request or for mandated reporting.
Cookies
When you visit Adyen’s website. Adyen collects this information for marketing purposes.
Adyen discloses this information to IT providers, CRM providers, social media providers, and advertising networks for its own advertising purposes.
Sensitive personal information, as defined in United States privacy laws
Social Security number, driver’s license, or identification document, and passport.
When you sign up for Adyen services. Adyen is legally obliged to collect this information.
Adyen discloses this information to identity verification providers, including credit reference agencies, to tax authorities as legally required, and regulatory authorities upon request or for mandated reporting.
Adyen does not use or disclose this sensitive personal information for any other purpose.
Adyen does not knowingly “sell” or “share” the personal data of individuals under 16 years of age.
We reserve the right to use de-identified or aggregated data for any purpose without limitation, and we will not attempt to re-identify the information.
We will only keep your data for as long as we reasonably need to for the purposes listed above, or as otherwise required by law.
Questions, comments, requests, or complaints concerning this privacy statement or the way we process your personal data are welcomed and can be addressed to our Data Protection Officer at dpo@adyen.com or Simon Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands, or to lgpd@adyen.com if you are located in Brazil.
If you would like further details on any of the third parties your personal data is “sold” to or “shared” with, would like to know the purpose of their data processing, the manner in which data is processed, or how you can communicate with such third party to exercise your data privacy rights, please contact dpo@adyen.com, or lgpd@adyen.com if you are located in Brazil.
If you have a complaint about the way we handle your personal data, you also have the right to address this to the data protection authority of the country in which you live or work, or the country in which we are located.