Privacy Policy
Worldline Group SA, its related companies and its subsidiaries (collectively WORLDLINE or we/us/ours) are committed to protecting your right to privacy and your personal data. This Privacy Policy (or Notice on Personal Data Processing – terms that are used interchangeably and have the same meaning) is intended to provide information in relation to the Personal Data we process; as well as how we process it; how we collect it; why we use it and for how long; whom we share it with; and what are your rights.
If you are one of our customers, vendors or suppliers, our contract with you will include additional information in relation to the ways we use your data.
If you are a consumer, we suggest you also review the Privacy Policy of the vendor you have worked with, to better understand how they process your personal data.
Our website may contain links to third-party websites (e.g. for registering for an event held by a third party). If you follow a link of any such third-party website, note that they have their own privacy policies and that we assume no responsibility or obligation in relation to their policies or the processing of your personal data. Please review these policies prior to submitting any personal data to those third-party websites.
This Privacy Policy is intended to explain our practices on personal data protection, and covers the following sections:
-
Information we collect about you
We will collect and process all or some of the following personal data about you:
Information you provide to us
Personal data you provide to us, such as when filling out a form on our website or subscribing to our newsletter or the Worldline Premium services, including but not limited to, your name, email address, phone number, country and company (and/or industry you work in). In some cases, we process information about your education and work experience in relation to a job opening at WORLDLINE in which you are interested. In the context of performing a contract or making payments to you for products or services, you may provide, for example, your contact information, address and bank details.
Correspondence and other communication
If you contact us by phone, post or email, we usually keep a record of this correspondence or communication.
Survey information and feedback
We may ask you to respond to surveys that we use for research purposes, or to provide feedback that we use to develop and improve our product and service offering. In such cases, we will collect the information contained in the filled out survey/feedback form.
Details about website and communication usage
These are details in relation to your visits to our websites and the information collected via cookies and other tracking technologies, including but not limited to, IP address and domain name; browser version and operating system; browser language; access time; traffic data; location data; website logs; web traffic; website forwarding addresses and other communication data. We also collect information in relation to the pages you view within the website, and any other actions you take when visiting our website. Moreover, we use relevant technologies to determine whether you have opened an email message or have clicked a link contained in an email message. You can find additional information on this type of processing in our Cookie Policy.
Third-party information
In some cases your information is given to us by other sources, for example, from our related companies or select business partners with regard to business opportunities, or from search engines, credit rating agencies or government services, or other public sources, such as the General Commercial Registry (GEMI), Government Gazette, or the TIRESIAS Credit Bureau, in relation to the audit procedures we follow.
Processing of biometric data
To prevent and/or identify cases of fraud or financial crime, and for the purposes of managing risk and better protecting our company and clients, we have the legal obligation to process your data. Provided you grant your explicit consent, we will process your dynamic selfies and videoconference, via third-party associates who facilitate the process. If you do not want us to process your dynamic selfie and videoconference, you can choose the ID verification by physical presence option. Review ourBiometric Data Protection Policy.
-
Purposes of processing
Worldline processes and uses the personal data it collects and/or you provide to us for the following lawful purposes:
(a) To communicate effectively with you and carry out our business activities, including addressing your requests. In this context, we use your personal data in order to effectively respond to your request for communication; or respond to your request to register for events that we organise or book an appointment with one of our special partners; or respond to your request for a proposal or quote, if you are interested in working with us; or contact you, if we are interested in working with you; or respond to your job application or get in touch with you or with other internal or external parties that concern you; or fulfil our obligations arising from any agreements signed between us.
(b) To provide to you access to restricted website sections, as in the case when you fill out a form to create an online account on our websites.
(c) For promotional purposes, such as, for example, to send email notifications, updates, offers and invitations to our events, provided you have agreed to receive them, and to promote our products and services, and the products and services of our select business partners.
(d) To serve and protect our legitimate interests. In this context, we conduct surveys and analyse your personal data, in order to keep you informed about changes to our services and products and to better understand you, so as to continue to develop and improve our products and services. Moreover, we keep track of your questions, transactions and other activities to ensure the quality and reliability of our services, the solvency of our counterparties and the proper performance and effective organisation of our website, as well as the relevance of their contents. In case we sell our company or part of our company, or undergo restructuring, your personal data will be disclosed to the relevant third party (or their consultants), as part of any audit process, for the purposes of analysing any proposed transfer or restructuring. Your personal data, will be transferred to said restructured entity or third party after the sale or restructuring, as applicable, to be used for the same purposes defined in this policy.
(e) In order to comply with specific obligations mandated by law, such as, for example, regulatory compliance imposed for tax purposes or from payment systems including our obligations as arising from labour and tax laws, Law 2190/1920, as amended by Law 4548/2018, the provisions of the Code of Civil Procedures, as well as the laws on the prevention and suppression of money laundering and terrorist financing, as further specialised by Law 4557/2018.
-
Legal basis for processing your personal data
We process the personal data you provide to us only when we have established the necessary legal basis for the purposes of processing. More specifically, the legal basis for processing your personal data shall be one of the following, as applicable:
(a) Processing of your data is necessary for the performance of a contract to which you are a party (article 6(1)(b) of the GDPR).
(b) Processing is necessary for the purposes of our legitimate interests (article 6(1)(f) of the GDPR)
(c) Processing is necessary for compliance with a legal obligation of ours (article 6(1)(c) of the GDPR).
(d) You have given consent to the processing under the conditions defined by the legal framework (article 6(1)(a) of the GDPR). When your consent is given in the context of processing for promotional purposes, in some cases you are given the option to consent by selecting certain fields (check boxes) in the form we use to collect your personal data.
-
Transfer, storage and security of your personal data
Recipients
When deemed necessary in order to address your requests, we share or otherwise transfer your personal data within our group of companies, such as to a company that provides common services that is located in a different area or jurisdiction from you. Moreover, as required, we disclose your personal data to external third parties, such as service provides, contractors, representatives, consultants, group companies, associates, subsidiaries, supervisory authorities and International Card Organisations, as well as to external event organisers or partner companies, which are better suited to address your request. Specifically, to respond to your request for communication or information on our products, we transfer your data to a selected partner, assuming their assistance is necessary to communicate or process your request.
Your personal data is also disclosed to the court and/or regulatory authorities or law enforcement agencies as regards audits, procedures or investigations carried out by these parties anywhere in the world or when the relevant obligation for such investigations exists. When permissible and possible, we shall address any such request to you or notify you before we respond, unless doing so jeopardises the prevention or detection of crime.
Data specifically related to acquiring contract terminations by companies, as detailed in the tiresias.gr website, may be transferred to TIRESIAS SA for the aforementioned processing purposes and for the purposes of the Tiresias Risk Checking System file.
We contractually require from all our service providers and associates to use or disclose personal data only to the extent necessary for us to offer our services.
Internet security
As you know, transmitting information through the internet is never 100% secure. We maintain commercially reasonable practices, electronic and procedural assurances to protect your personal data, in accordance with the regulatory requirements on data protection.
Any information you provide to us is stored in our secure servers or the secure servers of our subcontractors, and accessing or using it is subject to our policies and security standards. In case we have given you (or you have selected) a password granting you access to certain sections of our websites, you are responsible for keeping this password confidential and complying with any other security procedures for which we inform you. We ask that you do not share your password with anyone.
International data transfer
When transferring personal data from the European Economic Area (EEA) to a country outside of the EEA (or a country that is NOT considered to ensure an adequate level of protection as approved by the European Commission pursuant to article 45 of Regulation (EU) 2016/679 [GDPR]), it may be necessary to adopt specific additional safeguards to protect the relevant personal data, and such transfer will be based on legal grounds and mechanisms that will ensure an adequate level of protection, such as the relevant standard contractual clauses approved by the European Commission, as presented here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en, and/or any other similar agreement approved and accepted as an appropriate agreement by the European Commission.
Some countries outside of the EEA have been approved by the European Commission as countries essentially providing equivalent protection with the data protection laws in the EEA and, therefore, no further safeguards are required to export personal data to these countries.
This international data transfer may, for example, occur when your personal data is transferred, or stored, or accessed by our personnel or suppliers in a destination outside the country you are in. Transfer of data to third countries is carried out in the context of application support by Worldline India. Despite any differences between regional or national laws, we will ensure, in any event, the level of personal data protection as defined in this Privacy Policy.
-
Data retention
Personal data retention periods are based on business needs and local legal requirements. We retain personal data as long as necessary for the purpose or purposes of the processing for which the information was collected, as well as for any other permissible, relevant purpose. For example, we retain the information you give to us for as long as necessary to provide to you the services you requested via our website and for as long as necessary to establish and defend any claims related to such services, or for as long as required to comply with regulatory requirements. In the cases when you have granted your consent for the processing of your data, the data will be retained until the purpose for their collection is served, or else until the relevant consent is revoked, whichever is sooner. Therefore, if we use your personal data for multiple purposes, we will retain it until the purpose with the longest period expires, but we will stop using them for the purpose or purposes with the shorter period, as soon as this shorter period expires.
When your personal data is no longer necessary, we either irrevocably anonymise it or we safely destroy it.
-
Your rights
Your rights when we process your personal data for marketing purposes
You have the right to decide whether we can process your personal data for general marketing purposes. We will request your consent in advance if we intend to use your personal data for marketing purposes or if we intend to disclose your personal data to any third party for such purposes. You can withdraw your consent for the processing of your personal data for marketing purposes at any time.
Moreover, we may use your personal data for direct marketing purposes (e.g. to inform you about our products or services that are similar to those you have purchased from us) based on our legitimate interests. You may request that we stop using your personal data for direct marketing purposes at any time.
Your other rights
When we process your personal data in the context of this Privacy Policy, you have the right to request:
(a) That we provide additional details about the use of your information.
(b) That we provide a copy of your personal data we retain.
(c) That we update any inaccuracies in the personal data we retain.
(d) That we erase any personal data that we no longer have legal grounds for processing.
(e) When processing is based on consent, you may withdraw it, so we stop the specific processing.
(f) To object to processing based on legitimate interests, unless the reasons for undertaking this processing override any prejudice to your data protection rights.
(g) That we limit the ways we use your information during a complaint investigation.
(h) That your data is not used for profiling based on automated decisions that could have negative consequences.
(i) That you transfer your data to a lawful location of your choosing, if possible in an easy-to-use format.
You must take into account that certain exceptions apply to exercising these rights, and, therefore, you will not be able to exercise them is some cases. Moreover, these may differ slightly from country to country, due to national particularities. For example, in France, aside from the rights referenced above, you also have the right to provide instructions about the way you wish your personal data to be used after your death.
If you wish to exercise any of these rights, we will review your request and respond to you within the applicable deadline.
If you are not satisfied with our use of your personal data or our response to you exercising these rights, you are entitled to lodge a complaint with the competent supervisory authority in the place of your usual residence or the place where the suspected breach has occurred. In our communication with you, we will provide the necessary contact information to enable you to exercise your rights effectively.
For EU member states, choose: ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm to view the list and contact details of the Data Protection Authorities in the EU. For the UK, contact the Information Commissioner’s Office here: ico.org.uk/global/privacy-notice/how-you-can-contact-us/.
Additional special provisions by country
Where WORLDLINE is subject to certain confidentiality requirements in the US State of California, the following also apply: In line with disclosure requirements pursuant to the California Consumer Privacy Act (CCPA), Worldline does not and will not sell your personal data.
Moreover, you have the right:
- To request from us access to the personal data that Worldline collects, uses or discloses about you.
- To request that we delete your personal data.
- To non-discrimination when exercising any of your data protection rights.
- In case we request to access your personal data, the information must be portable, if possible, in an easy-to-use format, enabling the unimpeded transfer of information to another recipient.
-
Contact us
If you wish to exercise any of your rights referenced in this Privacy Policy, or if you have other questions related to our processing of your personal data, contact the relevant Data Protection Officers by country, according to the information given in the Annex.
If you are not satisfied with our use of your personal data or our response to you exercising these rights, you are entitled to lodge a complaint via the special dpa.gr web portal of the Hellenic Data Protection Authority (1-3 Kifisias Avenue, 11523 Athens | tel.: +30 2106475600) | email: complaints@dpa.gr).
-
Cookie Policy
We use cookies and tracking technologies on our websites. To find out more about our use of cookies, review ourCookie Policy.
-
Changes to Privacy Policy
We may makes changes to the contents of our websites. The Privacy Policy may be modified some time in the future.
If we make changes to this Privacy Policy, we will update the date of last update below. If these changes are substantive, we will clearly mention it on our website.
This Privacy Policy was last updated on 28 April 2023.
Annex
|
Country |
Legal entity acting as the data controller |
Data Protection Officer / Contact for data protection |
|
|
All equensWorldline entities |
equensWorldline SE |
dataprotection-WLFS@worldline.com
|
|
|
Argentina |
Worldline Argentina SA |
||
|
Australia |
ANZ Worldline Payment Solutions |
||
|
Austria |
PAYONE GmbH Austrian branch |
||
|
Worldline Austria GmbH
|
|||
|
Worldline Financial Services (Europe) SA, Austrian Branch |
|||
|
Belgium |
Worldline e-Commerce Solutions BV /SRL |
dataprotectionbe@worldline.com
|
|
|
Worldline e-Commerce Solutions Ltd |
dataprotectionbe@worldline.com
|
||
|
Worldline Financial Solutions NV /SA |
|||
|
Worldline SA/NV |
|||
|
Brazil |
Worldline Brazil Serviços Ltda |
||
|
Canada |
Bambora Inc |
|
|
|
Czech Republic |
Worldline Czech Republic s.r.o. |
|
|
|
Denmark |
Bambora Online AS |
|
|
|
Bambora Danmark AS |
|
||
|
Estonia |
Worldline Payment Estonia Oü |
dataprotection-WLFS@worldline.com
|
|
|
France |
Retail International Holding SAS |
dpo-worldline-france@worldline.com
|
|
|
Santeos SA |
|||
|
Similo SAS |
|||
|
Worldline France SAS |
|||
|
Worldline SA |
|||
|
Worldline MS France SA |
|||
|
Worldline e-commerce Solutions SAS |
|||
|
Worldline IGSA SA |
|||
|
Worldline Business Support SASU |
|||
|
Worldline Prepaid Service France SAS |
|||
|
Consoprotec SAS |
|||
|
Germany |
Credit & Collections Service GmbH |
|
|
|
Worldline Healthcare GmbH |
|||
|
Worldline PAYONE Holding GmbH |
|||
|
PAYONE GmbH |
|||
|
Worldline Germany GmbH |
|
||
|
DZ Service GmbH |
|||
|
Greece |
Worldline Merchant Acquiring Greece SA |
|
|
|
Société Anonyme for the Management & Operation of Networks for Electronic Transactions Cardlink |
|||
|
India |
Worldline Global Services Pvt. Limited |
|
|
|
Worldline e-payments India Pvt Limited |
|
||
|
Italy |
Worldline Merchant Services Italia |
dataprotectionofficer.italia@worldline.com
|
|
|
Japan |
Worldline Japan Limited |
||
|
Latvia |
Worldline Latvia SIA |
||
|
Lithuania |
Worldline Lietuva UAB |
dataprotection-WLFS@worldline.com
|
|
|
Luxembourg |
Worldline Financial Services (Europe) SA |
||
|
Worldline Luxemburg SA |
|||
|
Netherlands |
equens Worldline NV |
dataprotection-WLFS@worldline.com | |
| Global Collect Services B.V.(Worldline Digital Commerce) | |||
|
Worldline BV |
|||
|
Singapore |
Global Collect Services Asia Pacific Pte Ltd | ||
|
Spain |
Worldline Iberia SA |
||
|
Sweden |
Bambora AB |
||
|
Bambora Device AB |
|||
|
Bambora Group AB |
|||
|
Bambora Telesales AB |
|||
|
DevCode AB |
|||
|
All Bambora entities |
|||
|
Worldline Sweden AB |
|||
|
Switzerland |
Worldline Switzerland |
||
|
United Kingdom & Ireland |
Worldline IT Services UK Ltd., and other Worldline based UK businesses |
||
|
USA |
MRL Pay. Inc |
||
|
Worldline Holdings US. LLC |
|||
|
Worldline US Inc. |
|||