Data retention of personal data
1. Introduction
Whenever in your contract with an Worldline e-Commerce Solutions legal entity or with Worldline Financial Solutions SA/NV (hereinafter referred to as “Worldline”), regarding the processing of personal data (hereinafter referred to as “Personal Data”), it is stated that you are the data controller and Worldline is your data processor, the following data retention principles will apply.
Given that Worldline offers a shared service, a default data retention period has been implemented for the processing that Worldline does as your data processor. This means that if you don’t reduce this default data retention period, the Personal Data will be retained during the default data retention period and erased or anonymized at the expiration of the default data retention period. If you reduce the default data retention period via the settings in your Worldline account, the reduced data retention period will only apply to the Personal Data related to the transactions that are processed after the modification of the settings in your Worldline account. In this case, the Personal Data related to those transactions will be retained during the reduced data retention period and erased or anonymized at the expiration of the reduced data retention period.
There is one exception to the principle that Worldline has implemented a default data retention period acting as your data processor: regarding the lists that may be created by you as part of the first level of Worldline's advanced fraud prevention solution or as part of the basic fraud prevention tool (white lists, black lists or grey lists - hereinafter referred to as “the Lists”), Worldline did not implement a default data retention period and Personal Data contained in the Lists shall be erased upon your instructions.
Personal Data processed as part of the transaction, Personal Data processed as part of the first level of Worldline’s advanced fraud prevention solution (Checklist or Scoring module) and Personal Data processed as part of the basic fraud prevention tool (except regarding the Lists)
In its quality of data processor, as default data retention period, Worldline will retain the Personal Data for a period of five hundred and forty (540) calendar days as from the date of the transaction. You can opt to reduce this default data retention period with a minimum of ninety (90) calendar days as from the date of the transaction, via de settings in your Worldline account. You will be responsible for any period selected. After this period (the default or the reduced period), without prejudice to Worldline's back-up and subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Worldline, the Personal Data will be erased or anonymized.
If, outside the default or the reduced data retention period, you request Worldline to erase Personal Data related to a particular transaction before the expiration of ninety (90) calendar days as from the date of this transaction, those Personal Data will be erased once the period of ninety (90) calendar days as from the date of this transaction has expired. The reason why Worldline retains those Personal Data during the period of ninety (90) calendar days as from the date of the transaction is for invoicing reasons (invoicing of the transaction and track in case of dispute of the invoice). If you request Worldline to erase Personal Data related to a particular transaction after the expiration of ninety (90) calendar days as from the date of this transaction, those Personal Data will be erased immediately.
Personal Data processed as part of 3D Secure authentication
The 3D Secure authentication data are the PAN (Primary Account Number) and the content of the PARes (Payer Authentication Response), being, the identification of the acquirer, the identification of the merchant, the reference of the transaction, the date of the transaction, the amount of the transaction and the currency of the transaction, as well as the electronic commerce indicator, the signature status and the signature value (those 3 last fields are indications regarding the fact that the 3D secure was used, and what is the result of the process).
In its quality of data processor, as default data retention period, Worldline will retain the 3D Secure authentication data for a period of five hundred and forty (540) calendar days as from the date of the transaction. You can opt to reduce this default data retention period of said 3D Secure authentication data via the settings in your Worldline account but, with regard to the 3D Secure authentication data, the minimum period will be hundred and eighty (180) calendar days as from the date of the transaction, as required by the Scheme Rules. You will be responsible for any period selected. After this period (the default or the reduced period), without prejudice to Worldline's back-up and subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Worldline, the 3D Secure authentication data will be erased or anonymized.
Personal Data processed as part of Alias – tokenization services
If you request Worldline to store some Personal Data such as the brand of the card, the card number, the name of the card holder as well as the expiry date of the card (hereinafter referred to as “Card Data”) and to provide you with an alias or a token for such Card Data (hereinafter referred to as an “Alias”) , then Worldline, in its quality of data processor, as default data retention period, will retain such Card Data and Alias for a period of sixty (60) months as from the date of the last usage of the Alias. You can opt to reduce the default data retention period of the Card Data and the Alias via the settings in your Worldline account. You will be responsible for any period selected.
At the end of the data retention period (the default or the reduced period) or if you request Worldline to erase a particular Alias, the Card Data and the Alias will be erased after a period of sixty (60) calendar days as from the expiration of the data retention period (the default or the reduced period) or as from the date of your request of erasure, subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Worldline . In some particular cases, only the Alias will be erased and the Card Data won’t be linked anymore to this Alias. The reason why Worldline retains those Card Data and Alias still for sixty (60) calendar days is for invoicing reasons (invoicing of the Alias and track in case of dispute of the invoice).
Domande frequenti
PCI DSS include un'ampia serie di controlli e requisiti di sicurezza che sono implementati ed effettuati regolarmente.
I controlli di sicurezza servono a mantenere costantemente elevato il livello di sicurezza sulla piattaforma di pagamento, offrendo la massima protezione di transazioni e dati.
Worldline offre soluzioni di pagamento adatte, sicure, intelligenti e semplici per tutti i canali: in negozio, online e da dispositivi mobili. Worldline offre ai commercianti una serie completa e innovativa di servizi e soluzioni che eliminano la complessità dei pagamenti e rendono rapidi, semplici e sicuri gli acquisti per vari canali di vendita e metodi di pagamento.
Worldline è composto da tre divisioni: Worldline Smart Terminals, Worldline Payment Services e Worldline . Grazie alla nostra linea completa di terminali intelligenti, servizi di pagamento e soluzioni mobili, agevoliamo l'accettazione dei pagamenti in negozio e online dei commercianti.
Per rispetto del passato e del nome di Ogone, il termine Ogone è stato mantenuto in riferimento alla piattaforma Ingenico ePayments, comprensiva di Ingenico Collect, una soluzione unica di pagamento che permette ai commercianti di offrire i loro metodi di pagamento preferiti in molti paesi diversi senza il fastidio di aprire vari conti bancari o costituire nuove entità giuridiche.
Con la piattaforma Ogone e altre offerte, Ingenico ePayments non si limita ai pagamenti ma offre servizi di consulenza globali per argomenti come le norme locali, le abitudini regionali di pagamento, truffe e conformità.
Oggi Ingenico Payment Services è una divisione distinta dell'Ingenico Group che offre ai commercianti una linea completa di servizi per la gestione centralizzata e sicura delle transazioni in negozio. Ingenico Payment Services garantisce la protezione completa, il controllo e il monitoraggio delle transazioni dei commercianti grazie a una soluzione di pagamento centralizzata, dedicata ai commercianti organizzati.
Ingenico Payment Services propone inoltre una gamma completa di soluzioni per la fidelizzazione dei clienti, volte ad aumentare i ricavi dei commercianti, tra cui: programmi di carte fedeltà e gestione dei programmi di fedeltà, carte prepagate e gestione delle carte regalo, analisi dei dati di clienti e gestione delle campagne di marketing.