Fintecture, the bank transfer payment solution


Fintecture's privacy policy

Version of 12 July 2022


The protection of personal data is a major concern for FINTECTURE. We are therefore committed to processing the Personal Data we process with the utmost transparency and in accordance with the applicable French and European regulations on the subject (hereinafter the " Applicable Regulations ") and in particular Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the " RGPD ") and Law No. 78-17 of 6 January 1978 as amended by the law of 20 June 2018 (hereinafter the " Data Protection Law ").

The terms " Personal Data " (hereinafter " Data "), " Processing ", " Controller ", " Processor ", " Recipient " and " Data Subject " used in this Personal Data Protection Policy (hereinafter the " Policy ") refer to the terms defined inArticle 4 of the GDPR.

The Policy sets out how FINTECTURE SAS, a payment institution, authorised and supervised by the ACPR under number 17248, having its registered office at 5 avenue du général de gaulle 94160 Saint-Mandé, and registered with the Créteil Trade and Companies Register under number 834 500 548 (hereinafter " we "), processes your personal data in its capacity as data controller in accordance with the Applicable Regulations. The Policy will also enable you to understand how to exercise your rights under the Applicable Regulations.

To ensure that FINTECTURE processes your personal information in accordance with the Applicable Regulations and this Policy and to answer any questions you may have regarding FINTECTURE's Processing of your Data, we have appointed a Data Protection Officer (hereinafter " DPO ") who can be contacted by email at


You are affected by the Policy if you are :

  • A user of FINTECTURE services (hereinafter " User "), i.e. a natural person or the representative of a legal entity (company, public body, etc.) using the FINTECTURE solution to make a payment to a merchant or to receive a payment or refund from a merchant;
  • A FINTECTURE customer (hereinafter " Customer "), i.e. a natural person or the representative of a legal entity who has concluded or is in the process of concluding a service contract with FINTECTURE to collect payments and/or make payments or refunds;
  • A FINTECTURE prospect (hereinafter " Prospect "), i.e. the representative of a legal entity likely to be interested in FINTECTURE's services;
  • A visitor to the FINTECTURE website (hereinafter " Visitor ").


In the context of the Processing that we carry out, we may process the following categories of Data

People involved

Categories of data processed


- Data collected by the merchant: surname, first name, email, postal address, telephone number (optional), amount of the payment transaction, currency, beneficiary of the payment transaction, order reference (in case of refund);

- Data collected from you or generated by FINTECTURE(e.g. when you communicate them to us via the payment module): name of your bank, date of the payment transaction, reference of the payment transaction, internal number of the User, data related to your payment account when you authorise us to access it within the framework of our account information services, IP address, technical information related to the device/browser used when you use our services and to the follow-up of emails sent by Fintecture within the framework of the services;

- Additional data collected from you if you are a Qonto customer: login and password for your Quonto account.

- Data transmitted by your bank: account number / IBAN, information concerning the status of the payment transaction initiated by FINTECTURE (in the case of a payment);

- Where applicable, information about your correspondence with us, via our website or by email, telephone or post;

- Information about your interactions with the conversational tool: browser location, tool navigation data, conversations with the tool.


- Contact information: last name, first name, email, telephone number and postal address of the company, information about your company;

- Identity verification information, such as your identity documents and residence;

- Information about how you use our services and how a specific service is used;

- Information about your correspondence with us, via our website or by email, telephone or post;

- Technical information relating to the device/browser used when you use our services and to the tracking of emails sent by Fintecture as part of the services;

- Information about your interactions with the conversational tool: browser location, tool navigation data, conversations with the tool.


Telephone or e-mail contact details of the Prospect, information about the legal entity.


- Connection data and technical information about the device used when you visit our website;

- Where applicable, information about your correspondence with us via our website or by email, telephone or post.

However, unless required by law, we do not process " sensitive " Data, i.e. Data revealing racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data for the purpose of uniquely identifying a natural person, personal data concerning health or personal data concerning the sex life or sexual orientation of a natural person



We process your Data for the following purposes and in accordance with the following legal bases:


Legal basis

(Article 6.1 of the GDPR)

Creation and management of your FINTECTURE customer account (including the associated accounting).

Processing necessary for the performance of our contract with you

Provision of our payment services as a payment institution (payment initiation and account information services).

Management of your possible requests to the customer service.

Compliance with anti-money laundering and terrorist financing obligations, monitoring of politically exposed persons and sanctions lists to which we are subject.

Processing necessary to meet our legal obligations

Compliance with other laws or regulations applicable to the financial sector, including the implementation of the internal control system.

When, as a Customer, you choose to use our payment service provider partner to open a payment account in your name in the partner's books, we act as a non-exclusive intermediary in banking and payment services (IOBSP) mandated by the partner, by collecting and transmitting to the partner the information and documents you provide to us for the opening of the account and facilitate the subscription of the payment services offered by the partner. This information and documents requested by the partner are necessary to comply with the obligations of vigilance and reporting of suspicious transactions to the competent authorities applicable to the fight against money laundering and the financing of terrorism as defined in Articles L561-1 et seq. of the Monetary and Financial Code.

Prevention, investigation and detection of payment fraud, in order to secure payments and limit the risk of unauthorised transactions.

Processing carried out in accordance with a legitimate interest of FINTECTURE

Provision of a conversational tool between Fintecture's support department and Clients to provide you with relevant, accurate and personalised information.

Understanding the use of our services in order to improve them.

Management of possible claims and disputes, in order to defend our rights.

Sending marketing communications to our Customers by email or other agreed form of communication, to ensure that you are always up to date with our services. We will respect your right to object and your stored marketing preferences.

Commercial prospecting to develop our business.


However, we do not process any Data that leads to an automated decision that has legal effect, concerns you or significantly affects you.



We keep your Data for the period of time necessary for the purpose of the Processing. In particular, the Data processed by FINTECTURE are kept for the following periods:

Data concerned

Shelf life

Data related to the management of your FINTECTURE customer account as well as those related to the processing of your possible requests to the customer service.

Duration of the contract with you.

Data concerning the contractual relationship between Fintecture and its Clients.

10 years from the settlement of the invoice (for settlement and billing data) and at the end of the contract (for contract data).

Data related to a payment transaction (payment or refund).

Thirteen (13) months from the confirmation of the execution of the payment transaction.

Access data to your Qonto account

24 hours from the time of collection.

Data required to comply with our obligations to combat money laundering and terrorist financing and to monitor politically exposed persons and sanctions lists.

Documents and information relating to the business relationship shall be kept for five (5) years after the end of the business relationship.

Data relating to a payment transaction is kept for five (5) years from the date of execution.

Data used for payment fraud prevention.

Maximum twenty-four (24) months from the date of collection. In the event of proven fraud, the data relating to the fraud is kept for a maximum of five (5) years

Data necessary for the management of a dispute or a claim.

Applicable statutory limitation/forclosure periods.

Data relating to the personalisation of our services and the use of our services

Duration of the contract with you.

Data about your use of the conversational tool.

Duration of the contract with you.

Data relating to the sending of marketing communications to our Customers and Prospects.

Three (3) years maximum from the end of the commercial relationship with the Client or the last contact with the Prospect.



As a payment institution, we are bound by professional secrecy and may only share your Data under strict conditions or with your consent.

In this respect, only duly authorised FINTECTURE staff members are likely to access the Data. These persons are subject to strict security and confidentiality obligations.

In addition, we only share your Data with the following External Recipients:

  • To entities involved in the payment transaction you initiated or for which you are the beneficiary.The Data necessary for the initiation of a payment or the reimbursement of a transaction by FINTECTURE are communicated in a secure manner to your bank. Within the framework of a request for payment or refund of a transaction carried out via the services of FINTECTURE, your IBAN is likely to be accessible by the merchant with whom you placed the order as well as by his bank. For operational reasons, your name and email address may be communicated securely to the merchant from whom you place the order. This allows your payment to be reconciled with your order and your purchase order to be processed more efficiently.
  • To our external service providers and suppliers acting on our behalf as Subcontractors, in accordance with our documented instructions and for the sole purpose of carrying out the Processing for which it was originally collected. These contractors are not permitted to sell or disclose your Data to third parties. Examples include the host of your Data (Google Cloud Platform) or the provider of email delivery in connection with the use of our services.
  • Certain regulated professions such as lawyers, notaries or auditors.
  • To law enforcement or any administrative or judicial control authority or authorised third party in order to comply with our legal and regulatory obligations (for example, to report illegal activity) or in the context of litigation to protect us against any infringement of our rights.


We store and process your Data in data centres located in the European Economic Area (EEA). In addition, Payment Transaction Data is not transferred outside the EEA.

When you use the conversational tool provided to you, the Data related to the use of this tool is transferred to the United States by our provider on the basis of the European Commission's standard contractual clauses.

FINTECTURE may extend its activities outside the EEA and offer services or address customers in countries outside the EEA. If you are concerned by the services or become a Customer and you reside in a country outside the EEA, FINTECTURE will ensure that the transfer of your Data to your country of residence is subject to adequate safeguards or one of the exceptions provided for by the Applicable Regulation and in particular the principles set out in Chapter V of the GDPR.


Respect for privacy, banking secrecy and the security and confidentiality of your Data is our priority. In this respect, we implement, with regard to the nature of the Data and the risks presented by the Processing, all appropriate technical and organisational measures to protect our information systems as well as the Data concerning you against any unauthorised access, modification, disclosure or destruction of the Data under our responsibility. In particular, we implement and use encryption mechanisms for this purpose, especially for the transmission of Data.

In accordance with our commitments, we choose our subcontractors and service providers with care and make every effort to use only subcontractors with sufficient guarantees to ensure the protection of your Data. We undertake to enter into contracts with our subcontractors, in accordance with legal and regulatory obligations, which precisely define the terms and conditions of the processing of personal data, as well as our obligations and rights as data controller.

As security and confidentiality of Data depends on the good practices of each individual, we remind you that you are responsible for the security of your account access credentials. Do not share it with anyone. Please always verify that the site on which you are asked for financial or payment information in connection with our services is operated either by FINTECTURE or by your bank. If you receive a suspicious request, do not provide your information and report it by contacting our customer service immediately.


As a Data Subject, you may at any time, within the limits provided for by the Applicable Regulation, request to exercise the following rights in relation to your Data processed by FINTECTURE:

  • Right of access: you may ask FINTECTURE to confirm whether or not your Data are processed and, if so, you may ask to receive a copy of all your Data;
  • Right of rectification: you may ask FINTECTURE to rectify or update incorrect or incomplete Data about you. In this case, we may ask you to verify the new Data provided;
  • Right to erasure: in certain cases provided for inArticle 17 of the GDPR, you may request FINTECTURE to delete your Data. The Applicable Regulation provides for exceptions to the exercise of this right, in particular where processing is necessary to comply with a legal obligation that requires the Processing of your Data, such as the fight against money laundering and terrorist financing.
  • Right to object: in accordance with Article 21 of the GDPR, you may object at any time on grounds relating to your particular situation to the Processing of your Data based on our legitimate interest, including for profiling purposes, unless compelling legitimate grounds prevail or for the establishment, exercise or defence of legal claims. Where your Data is processed for canvassing purposes, you have the right to object at any time to such Processing, including profiling in connection with such canvassing;
  • Right to limitation: in certain cases provided for inArticle 18 of the GDPR, you may request FINTECTURE to limit the processing of your Data to certain purposes and under several conditions;
  • Right to portability: Where Data is necessary for the performance of a contract with you or is processed on the basis of your consent, you may request FINTECTURE to provide you with your Data in a structured, commonly used and machine-readable format. Where technically possible, you also have the right to have your Data transmitted directly to a third party;
  • Withdrawal of your consent: where your Data is processed on the basis of your consent, you may withdraw this consent at any time, in particular to unsubscribe from our newsletter or to stop receiving marketing communications;
  • Right to define post-mortem directives: under the conditions provided for in articles 84 to 86 of the Data Protection Act, you may define and send us directives relating to the conservation, deletion and communication of your Data after your death. These directives may be general or specific.

You can exercise your rights by sending an e-mail to our Data Protection Officer at the following address: You may be asked to provide identification if there is any doubt about your identity and we may ask you for additional information or documents depending on the rights being exercised.

If you feel, after contacting us, that your rights have not been respected, you have the right to lodge a complaint with a supervisory authority, in particular with the Commission Nationale de l'Informatique et des Libertés (CNIL).


When you use our products and services, we may use the standard practice of placing tiny data files called cookies, flash cookies, web beacons or other tracers and tracking tools on your computer or other devices you use when you interact with us (" Cookies ").

The conditions of use of these cookies are detailed in our Cookie Management Policy.