Fin'expresso ☕️ - Our free product demo, every month at 10am! Sign up here
Contact us
  • en
    • EN
    • ES
    • FR

    • Personal data

    Data protection policy (en)

    Version dated December 1, 2025

    INTRODUCTION

    The protection of personal data is a major concern for FINTECTURE. We are therefore committed to processing the Personal Data we process with the utmost transparency and in accordance with the applicable French and European regulations on the subject (hereinafter the " Applicable Regulations ") and in particular Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the " RGPD ") and Law No. 78-17 of 6 January 1978 as amended by the law of 20 June 2018 (hereinafter the " Data Protection Law ").

    The terms " Personal Data " (hereinafter " Data "), " Processing ", " Controller ", " Processor ", " Recipient " and " Data Subject " used in this Personal Data Protection Policy (hereinafter the " Policy ") refer to the terms defined inArticle 4 of the GDPR.

    This Policy sets out how FINTECTURE SAS, a payment institution authorized and supervised by the ACPR under number 17248, with its registered office at 14 avenue du général de gaulle 94160 Saint-Mandé, and registered with the Créteil Trade and Companies Register under number 834 500 548 (hereinafter " we "), processes your personal data in its capacity as data controller in accordance with the Applicable Regulations. The Policy will also enable you to understand how to exercise your rights under the Applicable Regulations.

    To ensure that FINTECTURE processes your personal information in accordance with the Applicable Regulations and this Policy and to answer any questions you may have regarding FINTECTURE's Processing of your Data, we have appointed a Data Protection Officer (hereinafter " DPO ") who can be contacted by email at dpo@fintecture.com.

    1. Who is affected by the Data Protection Policy?

    You are affected by the Policy if you are :

    • A user of FINTECTURE services (hereinafter " User "), i.e. a natural person or the representative of a legal entity (company, public body, etc.) using the FINTECTURE solution to make a payment to a merchant or to receive a payment or refund from a merchant;
    • A FINTECTURE customer (hereinafter " Customer "), i.e. a natural person or the representative of a legal entity who has concluded or is in the process of concluding a service contract with FINTECTURE to collect payments and/or make payments or refunds;
    • A FINTECTURE prospect (hereinafter " Prospect "), i.e. the representative of a legal entity likely to be interested in FINTECTURE's services;
    • A visitor to the FINTECTURE website (hereinafter " Visitor ").

    2. What data do we process?

    In the context of the Processing that we carry out, we may process the following categories of Data

    People involvedCategories of data processed
    User– Data collected and transmitted by the merchant: last name, first name, email address, postal address, phone number (optional), payment transaction amount, currency, payment transaction beneficiary, order reference (in the event of a refund); – Data transmitted by your bank: last name, first name, account number/ IBAN, information concerning the status of the payment transaction initiated by FINTECTURE (in the context of a payment). FINTECTURE does not have access to the strong authentication bank identifiers used by your bank. – Data collected from you or generated by FINTECTURE (for example, when you provide it to us via the payment module): name of your bank, account number/ IBAN, date of the payment transaction, payment transaction reference, internal User number, data related to your payment account when you authorize us to access it as part of our account information services, IP address, technical information about the device/browser used when you use our services; Where applicable, information about your correspondence with us, via our website or by email, telephone, or postal mail; Information relating to your interactions with the chat tool: browser location, browsing data in the tool, conversations with the tool; Information required by anti-money laundering and counter-terrorist financing regulations: first and last names, date and place of birth, data related to transactions carried out, and any data required by applicable regulations, taking into account the level of risk identified.
    Customer– Contact information: first and last name, email address, phone number, and postal address of the company, information about your business; – Identity verification information, such as your identity documents and residence; – Information about how you use our services and how a specific service is used; – Information about your correspondence with us, via our website or by email, telephone, or postal mail; – Technical information about the device/browser used when you use our services; – Information about your interactions with the chat tool: browser location, browsing data in the tool, conversations with the tool. – Information required by anti-money laundering and counter-terrorist financing regulations concerning natural persons and/or beneficial owners: full name, date and place of birth, data related to transactions carried out, and any data required by applicable regulations given the level of risk identified (nationality, profession, etc.).
    BrochureTelephone or e-mail contact details of the Prospect, information about the legal entity.
    Visitor- Connection data and technical information relating to the device used when you visit our website; - Where applicable, information concerning your correspondence with us, via our website or by e-mail, telephone or post.

    However, unless required by law, we do not process " sensitive " Data, i.e. Data revealing racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data for the purpose of uniquely identifying a natural person, personal data concerning health or personal data concerning the sex life or sexual orientation of a natural person

    3. Why do we process your data?

    We process your Data for the following purposes and in accordance with the following legal bases:

    GoalsLegal basis (article 6.1 of the RGPD)
    Creation and management of your FINTECTURE customer account (including the associated accounting).Processing necessary for the performance of our contract with you
    Provision of our payment services as a payment institution (payment initiation and account information services) to our Customers and Users.
    Management of your possible requests to the customer service.
    Facilitation of subsequent payments by our Users.Processing carried out on the basis of your consent
    Compliance with obligations relating to anti-money laundering and counter-terrorist financing, monitoring of politically exposed persons, and sanctions lists to which we are subject. When, as a Customer, you choose to use our payment service provider partner to open a payment account in your name in the partner's books, we act as a non-exclusive intermediary in banking operations and payment services (IOBSP) mandated by the partner, collecting and transmitting to the partner the information and documents you provide to us for the opening of the account and facilitating the subscription to the payment services offered by the partner. This information and these documents requested by the partner are necessary to comply with the obligations of vigilance and reporting of suspicious transactions to the competent authorities applicable in the fight against money laundering and terrorist financing, as defined in Articles L561-1 et seq. of the Monetary and Financial Code.Processing necessary to meet our legal obligations
    Compliance with other laws or regulations applicable to the financial sector, including the implementation of the internal control system.
    Informing Users and Clients of the status of initiated payments.
    Prevention, investigation and detection of payment fraud, in order to secure payments and limit the risk of unauthorised transactions.Processing carried out in accordance with a legitimate interest of FINTECTURE
    Provision of a conversational tool between Fintecture's support department and Clients to provide you with relevant, accurate and personalised information.
    Understanding how our services are used in order to improve their functioning and user experience, including through feedback or evaluation forms.
    Management of possible claims and disputes, in order to defend our rights.
    Sending marketing communications to our Customers by email or other agreed form of communication, to ensure that you are always up to date with our services. We will respect your right to object and your stored marketing preferences.
    Commercial prospecting to develop our business.

    However, we do not process any Data that leads to an automated decision that has legal effect, concerns you or significantly affects you.

    4. How long are your data stored?

    We retain your Data for the period necessary for the purpose of the Processing. In particular, Data processed by FINTECTURE is retained for the following periods:

    Data concernedShelf life
    Data related to the management of your FINTECTURE customer account as well as those related to the processing of your possible requests to the customer service.Duration of the contract with you.
    Data concerning the contractual relationship between Fintecture and its Clients.10 years from the settlement of the invoice (for settlement and billing data) and at the end of the contract (for contract data).
    Data related to a payment transaction (payment or refund).Thirteen (13) months from the confirmation of the execution of the payment transaction
    Data required to comply with our obligations to combat money laundering and terrorist financing and to monitor politically exposed persons and sanctions lists.Documents and information relating to the business relationship are kept for five (5) years after the end of the business relationship. Data relating to a payment transaction is kept for five (5) years after execution.
    Data used for payment fraud prevention.Maximum twenty-four (24) months from the date of collection. In the event of proven fraud, the data relating to the fraud is kept for a maximum of five (5) years
    Data necessary for the management of a dispute or a claim.Applicable statutory limitation/forclosure periods.
    Data relating to the personalisation of our services and the use of our services.Duration of the contract with you.
    Data about your use of the conversational tool.Duration of the contract with you.
    Data relating to the sending of marketing communications to our Customers and Prospects.Three (3) years maximum from the end of the commercial relationship with the Client or the last contact with the Prospect.

    5. Who has access to your data?

    As a payment institution, we are bound by professional secrecy and may only share your Data under strict conditions or with your consent.

    In this respect, only duly authorised FINTECTURE staff members are likely to access the Data. These persons are subject to strict security and confidentiality obligations.

    In addition, we only share your Data with the following External Recipients:

    • To entities involved in the payment transaction you initiate or of which you are the beneficiary. The data required to initiate a payment or refund a transaction by FINTECTURE is communicated securely to your bank. In the context of a payment or refund request for a transaction made via FINTECTURE's services, your IBAN may be accessible to the merchant from whom you placed the order and to their bank. For operational reasons, your name and email address may be securely communicated to the merchant from whom you placed the order. This allows for reconciliation between your payment and your order and more efficient processing of your purchase order.
    • To our external service providers and suppliers acting on our behalf as Subcontractors, in accordance with our documented instructions and for the sole purpose of carrying out the Processing for which they were initially collected. These service providers are not authorized to sell or disclose your Data to third parties. Examples include the host of your Data (Google Cloud Platform), the email service provider used in connection with our services, the chat tool provider, the form tool provider, as well as providers used for cybersecurity and to comply with our obligations in relation to anti-money laundering and counter-terrorist financing.
    • Certain regulated professions such as lawyers, notaries or auditors.
    • To law enforcement or any administrative or judicial control authority or authorised third party in order to comply with our legal and regulatory obligations (for example, to report illegal activity) or in the context of litigation to protect us against any infringement of our rights.

    6. Where is your data stored?

    We store and process your Data in data centers located in the European Economic Area (EEA). In addition, Data related to payment transactions is not transferred outside the EEA or a country covered by Article 45 of the GDPR.

    When you use the conversational tool provided to you, the Data related to the use of this tool is transferred to the United States by our provider on the basis of the European Commission's standard contractual clauses.

    When transfers are made on the basis of standard contractual clauses, we implement additional measures to ensure a level of protection substantially equivalent to that of the EU.

    FINTECTURE may extend its activities outside the EEA and offer services or address customers in countries outside the EEA. If you are concerned by the services or become a Customer and you reside in a country outside the EEA, FINTECTURE will ensure that the transfer of your Data to your country of residence is subject to adequate safeguards or one of the exceptions provided for by the Applicable Regulation and in particular the principles set out in Chapter V of the GDPR.

    7. How do we ensure the security of your data?

    Respect for privacy, banking secrecy, security, and confidentiality of your Data is our priority. As such, we implement, in view of the nature of the Data and the risks presented by Processing, all appropriate technical and organizational measures to protect our information systems and your Data against any unauthorized access, modification, disclosure, or destruction of the Data under our responsibility. In particular, we implement and use encryption mechanisms for this purpose, especially for the transmission of Data.

    In accordance with our commitments, we choose our subcontractors and service providers with care and make every effort to use only subcontractors with sufficient guarantees to ensure the protection of your Data. We undertake to enter into contracts with our subcontractors, in accordance with legal and regulatory obligations, which precisely define the terms and conditions of the processing of personal data, as well as our obligations and rights as data controller.

    As the security and confidentiality of the Data depends on the good practices of each individual, we remind you that you are responsible for the security of your account access identifiers. Do not share it with anyone. WE NEVER ASK FOR YOUR CREDIT CARD DETAILS OR PASSWORDS TO ACCESS YOUR BANK ACCOUNT.

    Please always check that the site on which you are asked for financial or payment information in connection with our services is operated either by FINTECTURE or by your bank. If you receive a suspicious request, do not provide your information and report it by contacting our customer service immediately.

    8. What are your rights regarding your data?

    As a Data Subject, you may at any time, within the limits provided for by the Applicable Regulation, request to exercise the following rights in relation to your Data processed by FINTECTURE:

    • Right of access: you may ask FINTECTURE to confirm whether or not your Data are processed and, if so, you may ask to receive a copy of all your Data;
    • Right of rectification: you may ask FINTECTURE to rectify or update incorrect or incomplete Data about you. In this case, we may ask you to verify the new Data provided;
    • Right to erasure: in certain cases provided for inArticle 17 of the GDPR, you may request FINTECTURE to delete your Data. The Applicable Regulation provides for exceptions to the exercise of this right, in particular where processing is necessary to comply with a legal obligation that requires the Processing of your Data, such as the fight against money laundering and terrorist financing.
    • Right to object: in accordance with Article 21 of the GDPR, you may object at any time on grounds relating to your particular situation to the Processing of your Data based on our legitimate interest, including for profiling purposes, unless compelling legitimate grounds prevail or for the establishment, exercise or defence of legal claims. Where your Data is processed for canvassing purposes, you have the right to object at any time to such Processing, including profiling in connection with such canvassing;
    • Right to limitation: in certain cases provided for inArticle 18 of the GDPR, you may request FINTECTURE to limit the processing of your Data to certain purposes and under several conditions;
    • Right to portability: Where Data is necessary for the performance of a contract with you or is processed on the basis of your consent, you may request FINTECTURE to provide you with your Data in a structured, commonly used and machine-readable format. Where technically possible, you also have the right to have your Data transmitted directly to a third party;
    • Withdrawal of your consent: where your Data is processed on the basis of your consent, you may withdraw this consent at any time, in particular to unsubscribe from our newsletter or to stop receiving marketing communications;
    • Right to define post-mortem directives: under the conditions provided for in articles 84 to 86 of the Data Protection Act, you may define and send us directives relating to the conservation, deletion and communication of your Data after your death. These directives may be general or specific.

    You can exercise your rights by sending an e-mail to our Data Protection Officer at the following address: contact@fintecture.com. You may be asked to provide identification if there is any doubt about your identity and we may ask you for additional information or documents depending on the rights being exercised.

    If you feel, after contacting us, that your rights have not been respected, you have the right to lodge a complaint with a supervisory authority, in particular with the Commission Nationale de l'Informatique et des Libertés (CNIL).

    9. Cookie management

    When you use our products and services, we may use the standard practice of placing small data files called cookies or other trackers and tracking tools on your computer or other devices you use when interacting with us (hereinafter "Cookies").

    The conditions of use of these cookies are detailed in our Cookie Management Policy.