This Privacy Notice explains how your personal data will be processed by Worldline SA/NV (Chaussée de Haecht 1442, 1130 Brussels – VAT 0418.547.872. hereby referred to as ‘Worldline’, ‘we’, ‘us’)  in the context of the Account Information Service (AIS). For the processing of personal data in the context of any other product or service of Worldline, please, consult the relevant privacy notice provided on our website or at the moment of collection of personal data.

Worldline will store and process your personal data - as payment service user - in accordance with applicable data privacy legislation. Such information includes:

• Identification data, such as the name and the country of the payment service user.
• Banking and financial data, such as  the bank, bank ID and your payment account(s), your balance and your transaction information of the last 90 days (such as date, time, amount, currency of the transaction).
• Information about your device and online activity, such as your IP address and device ID to the extent that it is necessary for us  to deliver our services and verify your identify in accordance with the applicable laws and our duty of care.

(hereinafter referred to as ‘Personal Data’)

We receive this information either directly by you (e.g. IBAN, IP address, device ID) or by your bank (e.g. balance, transaction information).

Worldline will process your Personal Data for the following purposes:

• If you have agreed with DEMO Account Information Service (AIS) terms and conditions of use, Worldline will process your data for the purposes described in these terms and conditions of use. Worldline will not process any of your personal data before you agree to these terms and conditions of use.
• For the purposes necessary for protecting of Worldline and third parties’ legitimate interests when these interests are not overridden by your interest, rights and freedoms. This includes processing your data for combatting and preventing abuse and fraud and promoting safety and security on the payments market and our IT systems.
• Worldline processes the Personal Data on the basis of its own legal and regulatory obligations in order to comply with various laws and regulations (e.g. PSD2, AML & KYC legislation, tax law) and when requested by any judicial authority or governmental authority having or claiming jurisdiction over Worldline.
• Worldline may also use the collected information in an anonymized and/or aggregate way (i.e., it is not personally identifiable in this state) for a variety of purposes, including but not limited to improving user experience, enhancing the Services and developing new services.

Worldline will share your Personal Data only if and to the extent required for providing the services, as described in the General Terms and Conditions, and as required by applicable laws.

Worldline will disclose Personal Data to public authorities, government agencies and judicial authorities (i) if it is required to do so by law or legal process, (ii) when it believes disclosure is necessary to prevent harm or financial loss, (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity, or (iv) when it is required for Worldline to defend itself against legal claims.

Worldline may transfer your Personal Data to third party providers (data processors) in order for them to process the Personal Data on Worldline’s behalf. We make sure that in these cases the provider has received specific instructions on how to process the personal data and is under the overview of Worldline to process the Personal Data in accordance with the terms and conditions of use and the agreed security standards.

Worldline may process Personal Data in countries other than the country where the personal data was collected, including countries outside the European Economic Area (EEA) (for example, when the payers bank or the payee are located outside the EEA). When the Personal Data is transferred to countries outside the EEA, Worldline will either rely on a derogation applicable to the specific situation or ensure that adequate safeguards have been put in place to ensure the protection of the Personal Data processed, in accordance with the applicable legislation for the transfer of Personal Data (e.g. Standard Data Protection Clauses under Article 46.2 of the GDPR).

Worldline will retain the Personal Data for as long as necessary to deliver the Products and Services requested, according to the industry standards and applicable laws (for example, transaction information is retained for a period up to 10 years according to the applicable standards and regulations, such as anti-money laundering legislation, tax law etc.).

You have, within the limitations of the applicable legislation, the right of information, access, rectification, erasure, restriction of processing, objection to processing and data portability. You can direct such a request to Worldline’s Merchant Services Data Protection Office at dpoms@worldline.com. For the protection of the privacy of data subjects, Worldline will be required to verify your identity before taking actions to address the request.

You also have the right to lodge a complaint with the competent supervisory authority, if according to your view one of the processing activities of Worldline is not in compliance with the legislation or Worldline failed to address your data subject requests adequately. You have the right to lodge the complaint with the competent supervisory authority in the Member State of your habitual residence, your place of work or the place where the alleged infringement of the legislation took place.