Fintecture, the bank transfer payment solution

Connection
Contact us
Menu
ico-menu@1x
Contact us
Menu
ico-menu@1x
ico-menu@1x
Log in
Try our solution
Menu
ico-menu@1x

PRIVACY POLICY

Last update: 17 February 2022

Fintecture SAS - 5 avenue de Général de Gaulle, 94160 Saint-Mandé, France.

Please use the address of our headquarters at 5 avenue de Général de Gaulle, 94160 Saint-Mandé, France for all correspondence. 

INTRODUCTION 

The protection of personal data is a major concern for FINTECTURE. We are therefore committed to processing the Personal Data we process with the utmost transparency and in accordance with the applicable French and European regulations on the subject (hereinafter the "Applicable Regulations") and in particular Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the "RGPD") and Law No. 78-17 of 6 January 1978 as amended by the law of 20 June 2018 (hereinafter the "Data Protection Law").

In this context, this personal data protection policy (hereinafter the "Policy") sets out how FINTECTURE, as data controller, processes your personal data in accordance with the Applicable Regulation. The Policy will also enable you to understand how to exercise your rights under the Applicable Regulation.

The terms "Personal Data" (hereinafter "Data"), "Processing", "Controller", "Subcontractor", "Recipient" and "Data Subject" used in this Policy refer to the terms defined in Article 4 of the GDPR.

As indicated in this Policy, "FINTECTURE", "we", "us" and "our" refer to FINTECTURE SAS, a payment institution, authorised and supervised by the ACPR under number 17248, having its registered office at 5 avenue du général de gaulle 94160 Saint-Mandé, and registered with the Créteil Trade and Companies Register under number 834 500 548.

To ensure that FINTECTURE processes your personal information in accordance with the Applicable Regulations and this Policy and to answer any questions you may have regarding FINTECTURE's Processing of your Data, we have appointed a Data Protection Officer (hereinafter "DPO") who can be contacted by email at contact@fintecture.com

PERSONAL DATA WE PROCESS

In the context of the Processing that we carry out, we may process the following categories of Data

People involved

Categories of data processed

If you are a customer or prospect of FINTECTURE (hereinafter " Customer "), i.e. a natural person or the representative of an organisation that has concluded or is in the process of concluding a service contract with FINTECTURE to collect payments and/or make refunds

Data collected from you :

- Contact information: last name, first name, email, telephone number and postal address of the company;

- Identity verification information, such as your identity documents and residence;

- Information about how you use our services and how a specific service is used;

- Information about your correspondence with us, via our website or by email, telephone or post;

- Technical information about the device/browser used when you use our services.

- In the particular case of the Qonto direct access bank, personalised security data may be collected in order for Fintecture to execute the payer's payment order. This data is encrypted and its retention is limited to a maximum of 24 working hours.

If you are a user of the FINTECTURE services (hereinafter " User "), i.e. a natural person or the representative of a legal entity using the FINTECTURE solution to make a payment to a merchant or receive a refund from a merchant.

- Data collected directly from the merchant: surname, first name, email, postal address, telephone number (optional), payment or refund amount and order reference;

- Data collected from you (e.g. when you provide it to us via the payment module): name of your bank, IP address and technical information about the device/browser used when you use our services;

- Data transmitted by your bank: account number / IBAN, information concerning the payment transaction initiated by FINTECTURE (in the case of a payment);

- Where applicable, information about your correspondence with us via our website or by email, telephone or post.

If you are a visitor to the FINTECTURE website (hereinafter " Visitor ").

- Connection data and technical information about the device used when you visit our website;

- Where applicable, information about your correspondence with us via our website or by email, telephone or post.

PURPOSES OF THE PROCESSING AND LEGAL BASES

We process your Data for the following purposes and in accordance with the following legal bases:

Goals

Legal basis 

(Article 6.1 of the GDPR)

Creation and management of your FINTECTURE customer account (including the associated accounting).

Processing necessary for the performance of our contract with you

Provision of our payment collection and refund services (these services use the payment initiation and account information services provided by FINTECTURE as a payment institution).

Management of your possible requests to the customer service.

Compliance with our obligations to combat money laundering and terrorist financing, monitoring of politically exposed persons and sanctions lists.

Processing necessary to meet our legal obligations

Compliance with other laws or regulations applicable to the financial sector, including the implementation of the internal control system.

When you choose to use our payment service provider partner to open a payment account in your name in the partner's books, we act as a non-exclusive intermediary in banking and payment services (IOBSP) mandated by the partner, by collecting and transmitting to the partner the information and documents that you provide to us for the opening of the account and facilitate the subscription of the payment services offered by the partner. This information and documents requested by the partner are necessary to comply with the obligations of vigilance and reporting of suspicious transactions to the competent authorities applicable to the fight against money laundering and the financing of terrorism as defined in Articles L561-1 et seq. of the Monetary and Financial Code.

Prevention and fight against fraud, in order to secure payments and limit the risks of unauthorised and/or badly executed transactions.

Processing carried out in accordance with a legitimate interest of FINTECTURE

Understanding the use of our services in order to improve them.

Management of possible claims and disputes, in order to defend our rights.

Sending marketing communications to our Customers by email or other agreed form of communication, to ensure that you are always up to date with our services. We will respect your right to object and your stored marketing preferences.

RETENTION OF PERSONAL DATA

We keep your Data for the period of time necessary for the purpose of the Processing. In particular, the Data processed by FINTECTURE are kept for the following periods:

Data concerned

Shelf life

Data related to the management of your FINTECTURE customer account as well as those related to the processing of your possible requests to the customer service

Duration of the contract with you

Data related to a payment transaction (payment or refund)

Thirteen (13) months from the confirmation of the execution of the payment transaction

Data necessary to comply with our obligations to combat money laundering and terrorist financing and to monitor politically exposed persons and sanctions lists (your account, transaction and other related data)

Five (5) years after the end of the business relationship

Data used for fraud prevention

Maximum twenty-four (24) months from the date of collection. In the event of proven fraud, the data relating to the fraud is kept for a maximum of five (5) years

Data necessary for the management of a dispute or a complaint

Applicable statutory limitation/forclosure periods

Data relating to the personalisation of our services and the use of our services

Duration of the contract with you

Data relating to the sending of marketing communications to our Customers and prospects

Three (3) years from the end of the business relationship or the last contact with you


RECIPIENTS OF YOUR DATA 

In the context of the processing of your Data, only duly authorised FINTECTURE staff members are likely to access the Data. These persons are subject to strict security and confidentiality obligations.

In addition, we will only share your Data with the following External Recipients:

  • We may pass your Data to our external service providers and suppliers acting on our behalf as subcontractors and only in accordance with our documented instructions. Whenever we use external service providers and suppliers, we ensure that they have an appropriate level of data protection. In particular, the Data is hosted by Google Cloud Platform.
  • For operational reasons, your name and email address may be securely communicated to the merchant from whom you are placing the order. This allows your payment to be reconciled with your order and your purchase order to be processed more efficiently.
  • The Data necessary for the initiation of a payment or the reimbursement of a transaction by FINTECTURE is communicated in a secure manner to your bank.
  • Within the framework of a request for refund of a transaction carried out via the services of FINTECTURE, your IBAN is likely to be accessible by the merchant with whom you placed the order as well as by his bank.
  • We may be required to share your Data with law enforcement, administrative or judicial authorities, either to comply with a legal, regulatory, judicial or administrative obligation (e.g. to report illegal activity), or in the context of legal proceedings to protect against any infringement of our rights.

TRANSFERS OF YOUR DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

We store and process your Data in data centres located in the European Economic Area (EEA).

FINTECTURE may extend its activities outside the EEA and offer services or address customers in countries outside the EEA. If you are concerned by the services or become a Customer and you reside in a country outside the EEA, FINTECTURE will ensure that the transfer of your Data to your country of residence is subject to adequate safeguards or one of the exceptions provided for by the Applicable Regulation and in particular the principles set out in Chapter V of the GDPR.

SECURITY OF YOUR DATA

We implement all appropriate technical and organisational measures to protect our information systems and your Data against unauthorised access, modification, disclosure or destruction of the Data under our responsibility. In particular, we implement and use encryption mechanisms for this purpose, especially for the transmission of Data.

WE NEVER ASK FOR YOUR CREDIT CARD DETAILS OR PASSWORDS TO ACCESS YOUR BANK ACCOUNT. 

You are responsible for the security of your account access code. Do not share it with anyone.

Please always check that the site on which you are asked for financial or payment information in connection with our services is operated either by FINTECTURE or by your bank. If you receive a suspicious request, do not provide your information and report it by contacting our customer service immediately.

MANAGING YOUR RIGHTS AND DATA

As a Data Subject, you may at any time request to exercise the following rights under the conditions set forth in the Applicable Regulation in relation to the Data concerning you processed by FINTECTURE: 

  • Right of access: you may ask FINTECTURE to confirm whether or not your Data are being processed and, if so, you may request access to your Data;
  • Right of rectification: you can ask FINTECTURE to rectify incorrect Data about you. This means that you can also ask FINTECTURE to update or complete your Data;
  • Right to erasure: in certain cases provided for inArticle 17 of the GDPR, you may request FINTECTURE to delete your Data;
  • Right to object: where processing is carried out in accordance with a legitimate interest of FINTECURE and subject to the absence of compelling legitimate reasons on our part, you may object to FINTECTURE processing your Data;
  • Right to limitation: in certain cases provided for inArticle 18 of the GDPR, you may request FINTECTURE to limit the processing of your Data to certain purposes and under several conditions;
  • Right to portability: where the Data is necessary for the performance of a contract with you or is processed on the basis of your consent, you may request FINTECTURE to communicate your Data to you in a structured, commonly used and machine-readable format; and/or to transmit it to another Controller;
  • Withdrawal of your consent: where your Data is processed on the basis of your consent, you may withdraw this consent at any time, in particular to unsubscribe from our newsletter or to stop receiving marketing communications;
  • Right to define post-mortem directives: under the conditions provided for in articles 84 to 86 of the Data Protection Act, you may define directives concerning the fate of your Data after your death and send us your instructions.

You can exercise your rights by sending an e-mail to our Data Protection Officer at the following address: contact@fintecture.com. You may be asked to provide a means of identification if there is any doubt about your identity.

If you feel, after contacting us, that your rights have not been respected, you have the right to lodge a complaint with a supervisory authority, in particular with the Commission Nationale de l'Informatique et des Libertés (CNIL).

COOKIE MANAGEMENT

When you use our products and services, we may use the standard practice of placing tiny data files called cookies, flash cookies, web beacons or other tracers and tracking tools on your computer or other devices you use when you interact with us (" Cookies ").

The conditions of use of these Cookies are detailed in our Cookie Management Policy.