March 20, 2023 version
The protection of personal data is a major concern for FINTECTURE. We are therefore committed to handle the Personal Data we process with the utmost transparency and in accordance with the applicable French and European regulations (hereinafter the " Applicable Regulation ") and in particular the Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the " RGPD ") and the Law n° 78-17 of January 6, 1978 as amended by the law of June 20, 2018 (hereinafter the " Data Protection Act ").
The Policy presents the way in which FINTECTURE SAS, a payment institution, authorized and supervised by the ACPR under number 17248, having its registered office at 5 avenue du général de gaulle 94160 Saint-Mandé, and registered with the Créteil Trade and Companies Register under number 834 500 548 (hereinafter " us "), processes your personal data in its capacity as data controller in accordance with the Applicable Regulations. The Policy will also enable you to understand how to exercise your rights under the Applicable Regulations.
To ensure that FINTECTURE processes your personal information in accordance with the Applicable Regulation and this Policy and to answer any questions you may have regarding FINTECTURE's Processing of your Data, we have appointed a Data Protection Officer (hereinafter "DPO") to assist us in the processing of your personal information. DPO ") who can be contacted by email at firstname.lastname@example.org.
1. WHO IS AFFECTED BY THE DATA PROTECTION POLICY?
You are affected by the Policy if you are :
- A user of FINTECTURE services (hereinafter referred to as "User User A User of FINTECTURE services (hereinafter "User"), i.e. a natural person or the representative of a legal entity (company, public authority...) using the FINTECTURE solution to make a payment to a merchant or to benefit from a payment or refund from a merchant;
- A FINTECTURE customer (hereinafter referred to as "FINTECTURE Customer A FINTECTURE Customer (hereinafter "Customer"), i.e. a natural person or the representative of a legal entity who has entered into or is in the process of entering into a service contract with FINTECTURE to collect payments and/or make payments or refunds;
- A FINTECTURE prospect (hereinafter referred to as a " Prospect A FINTECTURE prospect (hereinafter "Prospect"), i.e. the representative of a legal entity likely to be interested in FINTECTURE's services;
- A visitor to the FINTECTURE website (hereinafter referred to as "the Visitor ").
2. WHAT DATA DO WE PROCESS?
In the context of the Processing that we carry out, we may process the following categories of Data
However, unless required by law, we do not process "sensitive" Data. sensitive We do not process "sensitive" Data, i.e. Data that reveal racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data for the purpose of uniquely identifying a natural person, personal data concerning health, or personal data concerning a natural person's sex life or sexual orientation.
3. WHY DO WE PROCESS YOUR DATA?
We process your Data for the following purposes and in accordance with the following legal bases:
However, we do not process any Data that leads to an automated decision that has legal effect, concerns you or significantly affects you.
4. HOW LONG WILL YOUR DATA BE KEPT?
We keep your Data for the period of time necessary for the purpose of the Processing. In particular, the Data processed by FINTECTURE are kept for the following periods:
5. WHO HAS ACCESS TO YOUR DATA?
As a payment institution, we are bound by professional secrecy and may only share your Data under strict conditions or with your consent.
As such, only members of the staff FINTECTURE staff members duly authorized are likely to access the Data. These persons are subject to strict obligations of security and confidentiality.
In addition, we only share your Data with External Recipients to the following recipients:
- To entities involved in the payment transaction you initiated or for which you are the beneficiary. The Data necessary for the initiation of a payment or the reimbursement of a transaction by FINTECTURE are communicated in a secure manner to your bank. Within the framework of a request for payment or refund of a transaction carried out via the services of FINTECTURE, your IBAN is likely to be accessible by the merchant with whom you placed the order as well as by his bank. For operational reasons, your name and email address may be communicated in a secure manner to the merchant with whom you place the order. This allows for the reconciliation of your payment with your order and the more efficient processing of your purchase order.
- To our external service providers and suppliers acting on our behalf as Subcontractors, in accordance with our documented instructions and for the sole purpose of carrying out the Processing for which it was originally collected. These contractors are not permitted to sell or disclose your Data to third parties. Examples include the host of your Data (Google Cloud Platform) or the provider of email delivery in connection with the use of our services.
- To certain regulated professions such as lawyers, notaries or auditors.
- to law enforcement or any administrative or judicial control authority or authorized third party in order to comply with the legal and regulatory obligations to which we are subject (for example to report illegal activity) or in the context of litigation to protect us against any infringement of our rights.
6. WHERE IS YOUR DATA STORED?
We store and process your Data in data centers located in the European Economic Area (EEA). In addition, Data related to payment transactions is not transferred outside the EEA or a country covered by Article 45 of the GDPR.
When you use the conversational tool provided to you, the Data related to the use of this tool is transferred to the United States by our provider on the basis of the European Commission's standard contractual clauses.
FINTECTURE may extend its activities outside the EEA and offer services or address customers in countries outside the EEA. If you are concerned by the services or become a Customer and you reside in a country outside the EEA, FINTECTURE will ensure that the transfer of your Data to your country of residence is subject to adequate safeguards or one of the exceptions provided for by the Applicable Regulation and in particular the principles set out in Chapter V of the GDPR.
7. HOW DO WE ENSURE THE SECURITY OF YOUR DATA?
Respect for privacy, banking secrecy and the security and confidentiality of your Data is our priority. In this respect, we implement, with regard to the nature of the Data and the risks presented by the Processing, all appropriate technical and organisational measures to protect our information systems as well as the Data concerning you against any unauthorised access, modification, disclosure or destruction of the Data under our responsibility. In particular, we implement and use encryption mechanisms for this purpose, especially for the transmission of Data.
In accordance with our commitments, we choose our subcontractors and service providers with care and make every effort to use only subcontractors with sufficient guarantees to ensure the protection of your Data. We undertake to enter into contracts with our subcontractors, in accordance with legal and regulatory obligations, which precisely define the terms and conditions of the processing of personal data, as well as our obligations and rights as data controller.
As the security and confidentiality of the Data depends on the good practices of each individual, we remind you that you are responsible for the security of your account access identifiers. Do not share it with anyone. WE NEVER ASK FOR YOUR CREDIT CARD DETAILS OR PASSWORDS TO ACCESS YOUR BANK ACCOUNT.
Please always verify that the site on which you are asked for financial or payment information in connection with our services is operated by either FINTECTURE or your bank. If you receive a suspicious request, do not provide your information and report it by contacting our customer service.
8. WHAT ARE YOUR RIGHTS TO YOUR DATA?
As a Data Subject, you may at any time, within the limits provided for by the Applicable Regulations, request to exercise the following rights in relation to your Data processed by FINTECTURE:
- Right of access Right of access: you can ask FINTECTURE to confirm whether or not your Data are processed and, if so, you can ask to receive a copy of all your Data;
- Right of rectification Right of rectification: You may ask FINTECTURE to rectify or update incorrect or incomplete Data about you. In this case, we may ask you to verify the new Data provided;
- Right to erasure in certain cases provided for inArticle 17 of the RGPDyou may request FINTECTURE to delete your Data. The Applicable Regulation provides for exceptions to the exercise of this right, in particular when processing is necessary to comply with a legal obligation that requires the Processing of your Data, such as the fight against money laundering and terrorist financing.
- Right to object In accordance with Article 21 of the GDPR, you may object at any time on grounds relating to your particular situation to the Processing of your Data based on our legitimate interest, including for profiling purposes, unless compelling legitimate grounds prevail or for the establishment, exercise or defence of legal claims. Where your Data is processed for the purpose of canvassing, you have the right to object at any time to such Processing, including to profiling related to such canvassing;
- Right to limitation in certain cases provided for inArticle 18 of the GDPRyou can ask FINTECTURE to limit the processing of your Data to certain purposes and under several conditions;
- Right to portability Right to portability: Where Data is required for the performance of a contract with you or is processed on the basis of your consent, you may request FINTECTURE to provide you with your Data in a structured, commonly used and machine-readable format. Where technically possible, you also have the right to have your Data transmitted directly to a third party;
- Withdrawal of your consent When your Data is processed on the basis of your consent, you can withdraw this consent at any time, in particular to unsubscribe from our newsletter or to stop receiving marketing communications;
- Right to make post-mortem directives under the conditions provided for in articles 84 to 86 of the Data Protection ActYou can define and transmit to us directives relating to the conservation, the erasure and the communication of your Data after your death. These directives are general or particular.
You can exercise your rights by sending an email to our Data Protection Officer at the following address email@example.com .. A means of identification may be requested in case of doubt concerning your identity and we may ask you for additional information or documents depending on the rights exercised.
If you believe, after having contacted us that your rights have not been respected, you have the right to file a complaint with a supervisory authority, in particular with the Commission Nationale de l'Informatique et des Libertés (CNIL).
9. COOKIE MANAGEMENT
When you use our products and services, we may use the standard practice of placing tiny data files called cookies or other tracers and tracking tools on your computer or other devices that you use when you interact with us ( Cookies ").
The conditions of use of these cookies are detailed in our Cookie Management Policy.