Legal pages
Global Acquirer
Local Acquirer
Oolio Platform
Privacy Policy
Effective: March 2023
Please read this privacy statement if you would like to know more about the way Adyen and its group companies around the world (hereinafter referred to as “Adyen” or “we”) collect and further process your personal data.
It is important to us that your personal data is treated with care and that you are well informed about the way we process your personal data. We have written this privacy statement to tell you which data we process, how, why and how long we do this for and to inform you about your rights.
When you visit the Adyen website hosted by Adyen, correspond with us, are (or are in the process of becoming) one of our customers or partners, and where we process your transaction as an acquirer, we process personal data about you as a data controller.
Version as of March 2023.
Who is Adyen?
Adyen is a payment technology company operating under a banking license. Which means that Adyen provides its customers with payments and financial services which include handling payments for its customers and platforms via credit card, bank transfer, and other payment methods, issuing cards, providing (merchant) bank account services, fraud detection services, and other services to its customers. Please note that Adyen N.V. is supervised by the Dutch Central Bank as a regulated bank under Dutch law. In addition, Adyen and its group companies are supervised by different regulators and authorities, where applicable, across the globe.
Overview of how we process your data
The chart below provides a summary of the categories of personal data that we collect and disclose to service providers and other third parties.
Category of personal data Adyen collects | Examples | When and why does Adyen collect this information? | What third parties we disclose to and for what business purposes |
---|---|---|---|
Know Your Customer (“KYC”) information. | Name, date of birth, contact information, and bank account number. | When you sign-up for Adyen services. Adyen collects this information for the purpose of satisfying our legal obligations. | Adyen discloses this information to identity and verification providers and screening partners including credit reference agencies, and may disclose this information to regulatory authorities upon request or for mandated reporting. |
Business information. | Your name, business email, phone number, company name, and website. | When you fill out our sales form and through our communications with you. Adyen collects this information for the purposes of marketing and providing our products and services. | Adyen discloses this information with our customer relationship management (“CRM”) systems for the purpose of outreach for a future relationship. |
Customer or user financial information. | Bank account numbers and credit card numbers. | When you sign up for Adyen services. Adyen collects this information for the purpose of satisfying our legal obligations and to provide our products and services. | Adyen discloses this information with card program providers in connection with our Issuing product and with law enforcement agencies pursuant to legal orders. |
Shopper transaction information. | Credit card details, debit card details, amount of transaction, date and time of transaction. | When you shop at an Adyen customer. Adyen collects this information for the purpose of providing our products and services. | Adyen discloses this information to our customers in our Customer Area, to authorities pursuant to legal orders, and to the payment schemes such as Visa and Mastercard upon request. |
Internet or similar network activity. | Cookies | When you visit Adyen’s website. Adyen collects this information for marketing purposes. | Adyen discloses this information to IT providers, CRM providers, and social media providers and advertising networks for its own advertising purposes. |
Sensitive personal information, as defined in United States privacy laws. | Social Security number, driver’s license or identification document, and passport. | When you sign-up for Adyen services. Adyen collects this information for the purpose of satisfying our legal obligations | Adyen discloses this information to identity and verification providers, including credit reference agencies, to tax authorities as legally required, and regulatory authorities upon request or for mandated reporting. |
Adyen does not use or disclose sensitive personal information for any other purpose.
As mentioned above, Adyen discloses your internet or similar network activity with third-party marketing agencies so they can facilitate advertising and marketing services, which may be considered “sales” or “sharing” under certain laws. You have the right to opt-out of Adyen’s sharing of your personal data. Click here to learn more and to exercise your right to opt-out.
Adyen does not knowingly “sell” or “share” the personal data of individuals under 16 years of age.
We reserve the right to use de-identified or aggregate data for any purpose without limitation, and we will not attempt to re-identify the information.
We will only keep your data for as long as we reasonably need it for the purposes listed above or as otherwise required by law.
When, why and how do we process your data?
When you visit and use our website
When you browse our website, we process your IP address, Google Analytics ID, internet browser and device type, location data and information about your use of our website and the app, including which pages you visited, how you got to our website, the time and length of your visit and your language preferences.
We use this data for our legitimate interests of making sure our website works properly, including debugging, to be able to deliver you content and for DDOS mitigation on our website, and improving our website and to perform statistical analyses for optimizing our website. We also use this information to provide you with personal offers tailored to your needs and tailoring what we show you to your preferences, with your prior consent.
We collect this data using cookies and similar techniques, including tags/beacons and javascripts. More information about these techniques can be found in our Cookies Policy.
When we collect information about how you use our website, such as which landing pages you visit and which items you look at, we do so in order to make a determination about how we could best provide our services to you. For example, if you read about our products and services on our website, we might classify you as a user or a website visitor who is interested in our products and services and therefore as a potential merchant. Based on the audience we expect you belong to, we may act, for example by contacting you with offers about our products and services, if we have your consent for this and subject to limitations under the laws of your home jurisdiction.
In order to make the most accurate assessment about which audience you likely belong to, and as you can also read in our Cookies Policy, we also use tracking cookies. These cookies track information about how you use our website and which other websites you visit, for example to show you advertisements if we suspect that you might be interested in our products and services. We only place these tracking/targeting cookies with your prior consent. For more information about these tracking cookies, please view our Cookies Policy.
How long do we keep this data?
We will only keep your data for as long as we reasonably need it for the purposes listed above.
For example, data about your visits to our website will be retained until your use or browsing session ends, except where it concerns data collected for the analytical and marketing purposes specified above. In those cases, we will keep your information for 1 year after collection.
When you are an Adyen customer
You may be an Adyen merchant, platform, sub-merchant (for instance by having an account on a platform), card holder, bank account holder or card program provider. If you sign up to become one of our customers by entering into an agreement with Adyen, we collect information we need to establish and perform a contract with you, including your contact information, address, ID documentation, tax information, creditworthiness and payment details. We use this information to set up our products and services for you, including to provide you with support, onboarding, integration to our platform, helping you with settings in the Adyen Customer Area, POS terminal field services, installation of POS terminals in stores and to pick up old/damaged POS terminals, and other actions which need to be taken to establish or perform our contract with you. In addition, we use your information for our legitimate interest of managing our internal administration and for complying with our legal obligations, such as KYC and taxation obligations.
We also collect data about your use of our products and services and your Customer Area account, including your login details, and the questions, queries, comments and complaints you send or share with us in relation to our business relationship. We process this data to be able to perform our contract with you by following up with you and providing you with support and for our legitimate interest of being able to optimize and improve our products and services. We may also process your personal information to check whether you are eligible for additional ancillary services such as financial products and to provide a corresponding offer.
We can also use your (company) e-mail address for: keeping you up-to-date with our products and services; making you offers tailored to your needs (meaning similar products and services you have already purchased from us); or inviting you to events.
We have an obligation to act in compliance with applicable laws and regulations and to prevent fraud, money laundering and financing terrorism. As we are active in the financial sector, we are not allowed to accept just any customer without checking them and we have to determine and report when suspicious transactions take place. Therefore, if you are applying to become one of our customers and during the performance of our agreement, we will need to collect up to date information and documents to:
- Verify your identity;
- Identify the ultimate beneficial owners of your business;
- Identify the purpose and intended nature of your future business relationship with us;
- Monitor your behaviour and transactions across the Adyen platform using automated systems which detect risks and verify the origins of your capital/assets;
- Check whether a natural person representing you is competent to do so (and verify the identity of this person); and
- Check whether you act on behalf of yourself or on behalf of a third party.
- Check whether you are eligible for additional ancillary services and provide a corresponding offer.
To carry out the above checks, we process information (including personal data) that you have provided to us and other information created by your use of the Adyen services. Which may include your name, your contact information, a copy of your identification document, your tax identification number or BSN (if legally required), the address of your legal representative and shareholders, your bank account number, information contained in correspondence between us, bank statements, your signature and an extract of your company registration document. We may use third party identification, screening and verification services (including credit reporting agencies) in order to assist us to verify your identity and the documents provided to Adyen.
We use this data to ensure the safety and integrity of the financial sector by aiming to identify, prevent and counter illegal conduct and to comply with our legal know-your-customer and anti-money laundering obligations, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing Prevention Act (Wwft).
Adyen may use automated decision-making, including profiling, when we enter into, or for the performance of, a contract with you, where allowed by applicable laws or if based on your consent. If this decision would produce legal effects or otherwise similarly significantly affect you, you have the right to obtain human intervention, express your point of view or to contest the decision based solely on automated processing, including profiling.
Adyen processes your personal information for the following purposes:
- To provide you with the services pursuant to any agreement between Adyen and yourself;
- To improve our products and services;
- To comply with applicable laws and regulations;
- To conduct analysis for statistical, strategic and scientific purposes;
- To protect our platform, systems and services from misuse, fraud, financial crimes or other unauthorised or illegal activity including the prevention, investigation and detection of (payment) fraud on the basis of legitimate interest; and
- For reporting and training purposes.
How long do we keep this data?
If you are or becoming one of our customers, we will keep information relating to our business relationship until 7 years after the end of your contract with us or until our rejection of your application. Data we have collected in relation to our legal obligation to verify our customers will be kept by us for as long as we are legally obligated to. We may also disclose some of your information to competent authorities and/or regulators in case this is required to comply with our obligations as a financial institution, for example for the purpose of preventing money laundering and terrorist financing.
When you have an Adyen issued card
If you sign up for our Issuing services, we may provide you with a debit card and an associated e-money account (“Card Services”) in connection with a Card Services agreement. Currently Adyen offers Card Services to its customers, please have a look at “When you are one of our customers”.
If you are issued a card directly from one of Adyen’s bank sponsors, we collect additional personal information to complete KYC obligations. We process your personal data such as name and address to provide you with the card. We may use card printing providers to assist us with providing you these services.
How long do we keep this data?
We only keep your data for as long as we reasonably need it for the purposes listed above.
We keep the data we collect in order to perform the transaction in accordance with applicable laws, for most jurisdictions this is a period of 7 years after conclusion of the relevant transaction, to meet our fiscal, corporate and other statutory obligations.
The retention terms above can be longer if we are required to keep data longer because of applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
When Adyen has processed your transaction
Adyen is a payment service provider and as such Adyen provides acquiring services to its customers. Being an acquirer means that Adyen accepts payment on behalf of the relevant merchant and then transfers the funds paid by the shopper (“you”) to the merchant. Adyen’s role is to request the relevant payment scheme, such as Mastercard, Visa or iDeal to authorize the transaction and send this to the shopper’s bank for approval. If this bank gives approval, Adyen is notified of this by the relevant payment scheme and makes the payment to the merchant’s bank.
When we provide such acquiring service to our customer, we process your personal data as a data controller. It is important to us that your personal data is treated with care and that you are well informed about the way we process your personal data.
We process the data we need for our legitimate interest of providing so-called acquiring services to our merchants which are typically web shops and brick-and-mortar stores selling you goods and services. This means that we receive your payment on behalf of the merchant and handle related matters around these financial transactions. In addition, when a merchant wishes to charge your card for a recurring payment and your card has expired, Adyen may request the relevant payment scheme or lookup up your up-to-date card information on the Adyen platform, to facilitate your payment.
In addition, we process your data to comply with our legal obligations as a financial institution, such as to monitor financial transactions for the purpose of preventing money laundering and terrorist financing. For these purposes we may collect your card number (which we encrypt in accordance with PCI DSS standards), the expiry date (month and year) of your credit card, your bank account details (typically excluding your name), including IBAN and SWIFT/BIC, the amount of the transaction and the currency in which the transaction is done, the date, time and location of the transaction and the category and ID of the merchant with whom you are shopping.
If necessary, we can also process any of your information above for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process your information.
In addition, Adyen processes your personal information for the following purposes:
- To provide the service pursuant to the agreements with our customers and the specific payment schemes;
- To comply with applicable laws and regulations;
- To conduct analysis for statistical, strategic and scientific purposes; and
- To protect our platform, systems and services from misuse, fraud, financial crimes or other unauthorised or illegal activity.
In the context of transferring payment funds, Adyen may process your personal information when necessary to either pay out to you or collect funds from your account.
How long do we keep this data?
We only keep your data for as long as we reasonably need it for the purposes listed above.
We keep the data we collect in order to perform the transaction in accordance with applicable laws, for most jurisdictions this is a period of 7 years after conclusion of the relevant transaction, to meet our fiscal, corporate and other statutory obligations.
The retention terms above can be longer if we are required to keep data longer because of applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
With whom do we share this information?
In some jurisdictions, we may partner with third parties to be able to offer you our acquiring or issuing services. It will depend on your location, payment method and issuing bank which third party we partner with . Additionally, we disclose your information to the merchant with whom you are shopping. We may also disclose some of your information to competent authorities and/or regulators in case this is required to comply with our obligations as a financial institution, for example for the purpose of preventing money laundering and terrorist financing.
Otherwise we will not disclose your information to any third party, unless we have your permission, where this is necessary in connection with the purposes above or with legal claims or when we have a legal obligation to do so.
When merchants use our fraud detection services
Adyen offers its customers different kinds of fraud detection services. For some of our fraud services, Adyen acts as a data processor on behalf of, and under the instructions of, its merchants. Please have a look at merchants’ privacy policies for more information regarding this processing of your personal data.
This statement applies to the processing activities of fraud detection, prevention and monitoring where Adyen acts as a data controller.
The following information may be used (including, without limitation): transaction data (such as card number and cardholder name); email address; location data; IP address; information on disputed transactions; information on confirmed fraud; merchant details; mobile device; and unique identifier(s).
Adyen may use your personal data for the purposes of protecting you against fraud or unauthorized transactions and preventing and monitoring fraud across the Adyen platform. This includes the identification of fraud with the payment details provided by our merchants or information about fraud from other third parties such as issuing banks, acquirers or scheme owners. Additionally, Adyen may use and aggregate your personal data to create and run models or other methods to accurately identify, predict, prevent and mitigate fraud across the Adyen platform. These models or other methods may be leveraged to offer fraud-related products and services to our merchants.
Within the remits of what is legally permitted regarding automated decision-making, the use of these fraud models and/or other methods may result in merchants making decisions as to whether or not to grant you access to a product or service and/or whether or not to authorize a transaction.
How long do we keep this data?
We will only keep the data for as long as we reasonably need it for the purposes listed above.
How we process data for our newsletter and marketing purposes
You can sign up for our newsletter or receive invitations to events using your name and e-mail address via the sign-up form on our website. When you fill out this form, you indicate your consent to receive our newsletter and invitations. You can at any time unsubscribe from receiving these e-mails by following the instructions provided in the newsletters.
If you are one of our merchants, we may contact you in relation to relevant products or services, for our legitimate interest of developing our business. We can do this via e-mail or, we connect to you on LinkedIn and/or to send you messages on LinkedIn. If you are not yet one of our merchants, we will only contact you, for example via e-mail or LinkedIn, with offers or about our products or services. When we contact you in this context via e-mail, you have an opportunity to opt-out at any moment by following the instructions in the e-mail or by contacting us using the contact details below under ("Contacting us"). Our action will be subject to applicable limitations of the laws of your home jurisdiction.
You can also download content, for example white papers and research reports, from our website using the forms designed for this purpose. We collect the data you fill out on the form, including your name, company, country and e-mail address. We process the data you fill out on this form for our legitimate interest of keeping track of who downloads our content.
How long do we keep this data?
We store the information that we process as a result of you describing to our newsletters or because you have consented to receive information about our products and services or about offers until you decide you would no longer like to receive these mailings.
When you contact us or request us to contact you
Via our website, you can contact us or ask us to contact you regarding questions, queries, (support) requests, comments or complaints, fill out an application to become a merchant or a partner or sign up for a test account. When you do this, we collect the information that you fill out, including your name, company, contact details, the reason you are contacting us, verification that you are not a robot and other information you decide to provide us. You can also contact us by calling us or e-mailing us using for example the contact details listed on our website. If you do so, we will collect your name, company and any other information we need to be of further assistance to you and/or communicate with you.
We use this data above to answer your question, comment or complaint and respond to your queries and (support) requests and to assess your application to become a customer or partner. As such, this data is used by us to establish or perform our (future) contract with you and for our legitimate interests in following up with you. We also use the data above for our legitimate interest of conducting business with you and managing our internal administration, for training purposes, for establishing and performing our contract with you, for our legitimate interest of conducting marketing research so we can improve our products and services and to be able to offer our (future) customers tailored products and services.
How long do we keep this data?
Data about any questions, comments or (support) requests you have made to us, we will only keep your data for as long as we reasonably need it for the purposes listed above or our data retention obligations.
Other purposes
If necessary, we can also process any of your information above for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process your information. We may also transfer your data in the event of a company reorganization, business transactions, such as in the event of sale or bankruptcy.
How long do we keep your information?
We will only keep your data for as long as we reasonably need it for the purposes listed above.
The retention terms above can be longer if we are required to keep data longer on the basis of applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
Social Media Buttons
We use plugins on our website from social media networks such as Facebook, LinkedIn and Twitter. You can recognize these plugins by their logos. We also use plugins for the embedded video players which can be found on our website. Our plugins will not collect personal data about you, unless you click on these logos or videos. If you click on them, these plugins are activated and automatically transmit data to the plugin provider.
We do not have any influence over which data these providers collect from you and we are also not aware of the extent of their data processing. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.
Cookies
We use cookies and similar techniques, such as tags/beacons and javascripts, which are small text files stored on your device. Using cookies is a way for us to make sure that our website is continuously improved, meets your needs and can be used as a tool to optimize our marketing strategy. In order for us to do this, we place functional cookies to make the website function as well as marketing cookies which help us target the right people and show them advertisements. Some of these cookies track your use of our website and visits to other websites and allow us to show you advertisements when you browse other websites.
Please view our Cookies Policy for more information on our use of cookies.
With whom do we share this information?
We need the help of third parties to be able to offer you our website and our products and services. Where necessary we will disclose your information to our service providers and professional advisers (e.g. IT providers, KYC partners, CRM providers, marketing support providers (such as agencies which manage our social media accounts), social media providers such as LinkedIn, analysts, customer service providers, business development providers and legal service providers). We have concluded agreements with our service providers to protect your personal data.
If our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s advisers and will be passed to the new owners of the business.
We may disclose information to third parties in connection with legal claims or when we have a legal obligation to do so. We may also disclose information with your permission (for example if we wish to disclose your details with another group company for their recruitment purposes).
How do we protect your data?
We are committed securing your personal data and have taken steps in this regard. In order to prevent unauthorized people or parties from being able to access your data, we have put in place a range of technical and organizational measures to safeguard and secure the information we process from you.
Where do we transfer this information?
Some of the information you send us may be disclosed to other Adyen group companies outside of the European Economic Area ("EEA"), when this is necessary for the purposes mentioned above. These countries include the countries in which we have operations (you can find a list here). It also includes the countries in which some of our service providers are located, such as the United States.
To protect your data when these are transferred to countries outside of the EEA, we have implemented appropriate safeguards. When we transfer data to our Adyen group companies, these transfers are protected by an intragroup agreement containing Standard Contractual Clauses (read more here). For United States service providers and other service providers located outside of the EEA, we rely on Standard Contractual Clauses. If you want to receive more information about these safeguards, you can contact us using the details below under (“Contacting us”).
Your Rights
You may have the following rights with respect to your personal data, subject to applicable exceptions:
-
Right to access. You may be entitled to request that we disclose to you the specific pieces of your personal data that we have collected about you in a portable and, to the extent technically feasible, readily usable format.
-
Right to know. You may have the right to confirm that we have collected personal data about you and know what personal data we have collected about you, including, as applicable, the categories of personal data we have collected, the sources from which we collected that personal data, the business or commercial purposes for which we collected, sold, and shared that personal data, the categories of personal data that we sold, shared, or disclosed to third parties for business purposes and the categories of third parties to whom we sold, shared or disclosed personal data. Where we process your data for our legitimate interests, you can contact us if you want more information about these.
-
Right to deletion. You may be entitled to request that we delete the personal data that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need or be required to keep such information, such as for our legitimate business purposes or to comply with applicable law.
-
Right to opt-out of sales and sharing of personal data to third parties for cross-context behavioral advertising. You are entitled to opt out of sales of your personal data to third parties and to opt out of the sharing of your personal data to third parties for cross-context behavioral advertising, if applicable. You can opt out of sales and sharing of your personal data by visiting our Cookies Policy and disabling advertising, marketing and social media cookies, or by contacting us using one of the methods below. If you have enabled the Global Privacy Control mechanism on your browser, device, or platform, you will automatically be opted out of any “sharing” when you interact with our website. Adyen processes the Global Privacy Control (GPC) signal in a frictionless manner if enabled in your browser, device, or platform. Please go here to learn more about enabling the GPC.
-
Right to object to processing of your personal data. You are entitled to object to us processing your personal data, including profiling. In some cases, you may object to the processing of your data and, where we have asked for your consent to process personal data, you can withdraw this consent at any time. Please note that Adyen maintains a record of withdrawals of consent to ensure that we do not contact you in the future.
-
Right to correct your personal data. You may also have the right to update inaccurate information that we process about you.
-
Right to exercise rights without discrimination. You have the right not to receive discriminatory treatment if you exercise the rights conferred to you by applicable privacy law.
Please note that these rights may be limited under applicable laws and are subject to technical feasibility. For example, if we collect your personal data in our role as a service provider to a customer, you will need to contact that customer directly to exercise your rights.
If you wish to exercise any of these rights, please contact us using the details below.
Please note that we may require additional information from you to verify your identity and process your request. You can also submit a request via an authorized representative using the contact methods described below. If you use an authorized representative, we may request a copy of the representative’s signed permission to act, verify your identity directly, and ask that you confirm the representative’s authority.
Contacting us, questions and complaints
You can submit a data access or deletion request here.
Questions, comments, requests or complaints concerning this privacy notice and the way we process your personal data are welcomed and can be addressed to our Data Protection Officer at dpo@adyen.com or lgpd@adyen.com (if you are located in Brazil) or Simon Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands. Adyen employees responsible for privacy issues will review and assess such complaints received in adherence with Adyen’s policies and procedures.
If you would also like to know the contact details of third parties with which your personal data is sold or shared, the purpose of their data processing, and the manner in which data is processed, and how you can communicate with such third party to exercise your data privacy rights please contact dpo@adyen.com or lgpd@adyen.com (if you are located in Brazil).
If you have a complaint about the way we handle your personal data, you also have the right to address this with the data protection authority of the country in which you live or work or the country in which we are located.