Fintecture, solution de paiement par virement


FINTECTURE Privacy Policy

Version of 20 March 2023



The protection of personal data is a major concern for FINTECTURE. We therefore undertake to process Personal Data with the greatest transparency and in accordance with the French and European regulations applicable in this area (hereinafter the “Applicable Regulations“) and in particular Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the “GDPR“) and French Law No. 78-17 of 6 January 1978 as amended by the Law of 20 June 2018 (hereinafter the “Data Protection Act“).


The terms “Personal Data” (hereinafter “Data“), “Processing“, “Data Controller“, “Processor“, “Recipient” and “Data Subject” used in this Personal Data Protection Policy (hereinafter the “Policy“) refer to the terms defined in Article 4 of the GDPR.


The Policy presents the manner in which FINTECTURE SAS, a payment institution authorised and supervised by the ACPR (French Prudential Supervision and Resolution Authority) under number 17248, with its registered office at 5 Avenue du Général de Gaulle 94160 Saint-Mandé, and registered with the Créteil Trade and Companies Register under number 834 500 548 (hereinafter “we“), processes your personal data as data controller in accordance with the Applicable Regulations. The Policy will also enable you to understand how to exercise your rights under the Applicable Regulations.


To ensure that FINTECTURE processes your personal information in accordance with the Applicable Regulations and this Policy and to answer any questions you may have regarding FINTECTURE’s Processing of your Data, we have appointed a Personal Data Protection Officer (hereinafter “DPO“) who can be contacted by email at



You are affected by the Policy if you are:

·       A user of FINTECTURE’s services (hereinafter “User“), i.e. a natural person or the representative of a legal entity (company, public authority, etc.) using FINTECTURE’s solution to make a payment to a merchant or benefit from a payment or refund from a merchant;

·       A FINTECTURE customer (hereinafter “Customer“), i.e. a natural person or the representative of a legal entity who has entered into or is in the process of entering into a service contract with FINTECTURE to collect payments and/or make payments or refunds;

·       A FINTECTURE prospect (hereinafter “Prospect“), i.e. the representative of a legal entity likely to be interested in FINTECTURE’s services;

·       A visitor to FINTECTURE’s website (hereinafter “Visitor“).



As part of the Processing we carry out, we are required to process the following categories of Data:

Data Subjects

Categories of Data processed


– Data collected and transmitted by the merchant: surname, first name, email, postal address, telephone number (optional), amount of the payment transaction, currency, beneficiary of the payment transaction, order reference (in the case of a refund);

– Data collected from you or generated by FINTECTURE (e.g. when you communicate them to us via the payment module): name of your bank, account number/IBAN, payment transaction date, payment transaction reference, internal number of the User, data related to your payment account when you authorise us to access it as part of our account information services, IP address, technical information relating to the device/browser used when you use our services;

– Data transmitted by your bank: account number/IBAN, information concerning the status of the payment transaction initiated by FINTECTURE (in the context of a payment);

– Where applicable, information concerning your correspondence with us, via our website or by email, telephone or post;

– Information relating to your interactions with the conversational tool: browser location, navigation data in the tool, conversations with the tool.


– Contact information: surname, first name, email, telephone number and postal address of the company, information about your company;

– Identity verification information, such as your identity documents and residence;

– Information about how you use our services and how a specific service is used;

– Information concerning your correspondence with us, via our website or by email, telephone or post;

– Technical information relating to the device/browser used when you use our services;

– Information relating to your interactions with the conversational tool: browser location, navigation data in the tool, conversations with the tool.


Telephone or electronic contact details of the Prospect, information concerning the legal entity.


– Connection data and technical information relating to the device used when you visit our website;

– Where applicable, information concerning your correspondence with us, via our website or by email, telephone or post.


On the other hand, unless required by law, we do not process “sensitive” Data, i.e. Data that reveal racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data for the purpose of uniquely identifying a natural person, personal data concerning health, or personal data concerning the sex life or sexual orientation of a natural person.



We process your Data for the following purposes and in accordance with the following legal bases:



Legal bases

(Article 6(1) of the GDPR)

Creating and managing your FINTECTURE Customer account (including associated accounting).

Processing necessary to execute our contract with you

Providing our payment services as a payment institution (payment initiation and account information services) to our Customers and Users.

Managing any requests from you to Customer Service.

Facilitating subsequent payments by our Users.

Processing carried out on the basis of your consent

Compliance with obligations to combat money laundering and terrorist financing, to monitor politically exposed persons and the sanctions lists to which we are subject.

When, as a Customer, you choose to use our payment service provider partner in connection with opening a payment account opened in your name in the partner’s books, we act as a non-exclusive banking transactions and payment services intermediary mandated by the partner: we collect and send the partner the information and documents you provide to us for opening the account and we facilitate the subscription of payment services offered by the partner. The information and documents requested by the partner are necessary to comply with the obligations to monitor and report suspicious transactions to the competent authorities applicable in the fight against money laundering and terrorist financing, as defined in Articles L561-1 et seq. of the French Monetary and Financial Code.

Processing necessary to comply with our legal obligations

Compliance with other laws or regulations applicable to the financial sector and in particular the implementation of the internal control system.

Informing Users and Customers of the status of initiated payments.

Preventing, investigating and detecting payment fraud, in order to secure payments and limit the risks of unauthorised transactions.

Processing carried out in accordance with a legitimate interest of FINTECTURE

Providing a conversational tool between Fintecture’s support service and Customers to provide you with relevant, accurate and personalised information.

Understanding the use of our services in order to improve them.

Managing any complaints and disputes, in order to defend our rights.

Sending marketing communications to our Customers by email or any other agreed form of communication, to ensure that you are always up to date with news on our services. We will respect your right to object and your recorded marketing preferences.

Commercial prospecting with a Prospect, in order to develop our business.

On the other hand, we do not conduct any Data processing leading to automated decision-making that produces legal effects concerning you or significantly affecting you.


We keep your Data for the period necessary for the Processing purpose pursued. In particular, the Data processed by FINTECTURE are kept for the following periods:


Data concerned

Retention period

Data related to the management of your FINTECTURE Customer account and to processing any requests from you to Customer Service.

Duration of the contract with you.

Data concerning the contractual relationship between Fintecture and its Customers.

10 years from payment of the invoice (for data related to payment and invoicing) and at the end of the contract (for data related to the contract).

Data related to a payment transaction (payment or refund).

Thirteen (13) months from confirmation of execution of the payment transaction

Data necessary to comply with our obligations to combat money laundering and terrorist financing and to monitor politically exposed persons and sanctions lists.

Documents and information relating to the business relationship are kept for five (5) years after the end of the business relationship.

Data relating to a payment transaction are kept for five (5) years from their execution.

Data used in the context of preventing payment fraud.

Maximum twenty-four (24) months from their collection. In the event of proven fraud, data relating to the fraud are kept for a maximum of five (5) years

Data necessary to manage a dispute or complaint.

Applicable statutory limitation/time-barring periods.

Data relating to the personalisation and use of our services.

Duration of the contract with you.

Data relating to your use of the conversational tool.

Duration of the contract with you.

Data relating to sending marketing communications to our Customers and Prospects.

Three (3) years maximum from the end of the commercial relationship with the Customer or the last contact with the Prospect.



As a payment institution, we are bound by professional secrecy and can only share your Data under strict conditions or with your consent.


As such, only duly authorised FINTECTURE staff members are likely to access the Data. These individuals are subject to strict security and confidentiality obligations.


In addition, we communicate your Data only to the following external Recipients:

·       To the entities involved in the payment transaction you initiate or of which you are the beneficiary. The Data necessary for FINTECTURE to initiate a payment or refund a transaction are securely communicated to your bank. As part of a request for payment or refund of a transaction made via FINTECTURE’s services, your IBAN is likely to be accessible by the merchant with which you placed the order and by its bank. For operational reasons, your name and email may be securely communicated to the merchant with which you place the order. This allows reconciliation between your payment and your order and more efficient processing of your purchase order.

·       To our service providers and external suppliers acting on our behalf as Processors, in accordance with our documented instructions and for the sole purpose of carrying out the Processing for which the Data were originally collected. These service providers are not authorised to sell or disclose your Data to third parties. These include, for example, the host of your Data (Google Cloud Platform) or the service provider for sending emails as part of the use of our services.

·       To certain regulated professions such as lawyers, notaries or auditors.

·       To law enforcement or any administrative or judicial control authority or commissioned and authorised third party in order to comply with legal and regulatory obligations to which we are subject (e.g. to report illegal activity) or in the context of litigation to protect us against any infringement of our rights.



We store and process your Data in data centres located in the European Economic Area (EEA). In addition, Data related to payment transactions are not transferred outside the EEA or a country referred to in Article 45 of the GDPR.

When you use the conversational tool made available to you, Data relating to the use of this tool is transferred to the United States by our service provider on the basis of standard contractual clauses of the European Commission.

FINTECTURE may expand its activities outside the EEA and offer services or address customers in countries outside the EEA. If you are concerned by the services or become a Customer and reside in a country outside the EEA, FINTECTURE will ensure that the transfer of your Data to your country of residence is governed by an adequate guarantee or one of the exceptions provided for by the Applicable Regulations, in particular the principles provided for in Chapter 5 of the GDPR.



Respect for privacy, banking secrecy and the security and confidentiality of your Data is our priority. As such, with regard to the nature of the Data and the risks posed by the Processing, we implement all appropriate technical and organisational measures to protect our information systems and the Data concerning you against any unauthorised access, modification, disclosure or destruction of the Data under our responsibility. In particular, we set up and use encryption mechanisms for this purpose, especially for Data transmission.


In accordance with our commitments, we choose our subcontractors and service providers carefully and make every effort to only use subcontractors with sufficient guarantees to ensure the protection of your Data. In accordance with legal and regulatory obligations, we undertake to enter into contracts with our subcontractors that precisely define the terms and conditions of processing personal data, our obligations and our rights as data controller.


As the security and confidentiality of the Data is based on everyone’s best practices, we remind you that you are responsible for the security of your account access credentials. Don’t share them with anyone. WE NEVER ASK FOR YOUR BANK CARD DETAILS OR PASSWORDS TO ACCESS YOUR BANK ACCOUNT.


Please always check that the site asking you for financial or payment information in connection with our services is operated either by FINTECTURE or by your bank. If you receive a suspicious request, do not provide your information but report the request immediately by contacting our customer service.



As a Data Subject, you may at any time, within the limits provided for by the Applicable Regulations, request to exercise the following rights in relation to the Data concerning you that are processed by FINTECTURE:

·       Right of access: you can ask FINTECTURE to confirm whether or not Data concerning you are being processed and, if so, you can request to receive a copy of all Data concerning you;

·       Right to rectification: you can ask FINTECTURE to rectify or update incorrect or incomplete Data concerning you. In this case, we may ask you to verify the new Data provided;

·       Right to erasure: in certain cases provided for in Article 17 of the GDPR, you can ask FINTECTURE to delete your Data. The Applicable Regulations provide exceptions to exercising this right, in particular when processing is necessary to comply with a legal obligation that requires the Processing of your Data, such as the fight against money laundering and terrorist financing.

·       Right to object: in accordance with Article 21 of the GDPR you can object at any time, for reasons relating to your particular situation, to the Processing of your Data based on our legitimate interest, including for profiling purposes, unless legitimate and compelling reasons prevail or for establishing, exercising or defending legal rights. When your Data are processed for prospecting purposes, you have the right to object at any time to such Processing, including profiling related to such prospecting;

·       Right to limitation: in certain cases provided for in Article 18 of the GDPR, you can ask FINTECTURE to limit the processing of your Data to certain purposes and under several conditions;

·       Right to portability: where the Data are necessary to execute a contract with you or are processed on the basis of your consent, you can ask FINTECTURE to provide you with your Data in a structured, commonly used and machine-readable format. Where technically possible, you also have the right to have Data concerning you transmitted directly to a third party;

·       Withdrawal of your consent: where your Data are processed on the basis of your consent, you can withdraw this consent at any time, in particular to unsubscribe from our newsletter or to no longer receive marketing communications;

·       Right to define post-mortem instructions: under the conditions provided for in Articles 84 to 86 of the French Data Protection Act, you can define and send us instructions relating to the retention, erasure and disclosure of your Data after your death. These instructions can be general or specific.


You can exercise your rights by contacting our Data Protection Officer by email at the following address: You may be asked for a means of identification in case of doubt about your identity and we may ask you for additional information or documents depending on the rights exercised.


If after contacting us you feel that your rights have not been respected, you have the right to lodge a complaint with a supervisory authority, in particular with the French Data Protection Authority (CNIL, Commission Nationale de l’Informatique et des Libertés).



When you use our products and services, we may use the standard practice of placing tiny data files called cookies or other trackers and tracking tools on your computer or other devices you use when interacting with us (hereinafter “Cookies“).


The conditions of use of these Cookies are detailed in our Cookie Management Policy.