Data retention of personal data
1. Introduction
Whenever in your contract with an Worldline e-Commerce Solutions legal entity or with Worldline Financial Solutions SA/NV (hereinafter referred to as “Worldline”), regarding the processing of personal data (hereinafter referred to as “Personal Data”), it is stated that you are the data controller and Worldline is your data processor, the following data retention principles will apply.
Given that Worldline offers a shared service, a default data retention period has been implemented for the processing that Worldline does as your data processor. This means that if you don’t reduce this default data retention period, the Personal Data will be retained during the default data retention period and erased or anonymized at the expiration of the default data retention period. If you reduce the default data retention period via the settings in your Worldline account, the reduced data retention period will only apply to the Personal Data related to the transactions that are processed after the modification of the settings in your Worldline account. In this case, the Personal Data related to those transactions will be retained during the reduced data retention period and erased or anonymized at the expiration of the reduced data retention period.
There is one exception to the principle that Worldline has implemented a default data retention period acting as your data processor: regarding the lists that may be created by you as part of the first level of Worldline's advanced fraud prevention solution or as part of the basic fraud prevention tool (white lists, black lists or grey lists - hereinafter referred to as “the Lists”), Worldline did not implement a default data retention period and Personal Data contained in the Lists shall be erased upon your instructions.
Personal Data processed as part of the transaction, Personal Data processed as part of the first level of Worldline’s advanced fraud prevention solution (Checklist or Scoring module) and Personal Data processed as part of the basic fraud prevention tool (except regarding the Lists)
In its quality of data processor, as default data retention period, Worldline will retain the Personal Data for a period of five hundred and forty (540) calendar days as from the date of the transaction. You can opt to reduce this default data retention period with a minimum of ninety (90) calendar days as from the date of the transaction, via de settings in your Worldline account. You will be responsible for any period selected. After this period (the default or the reduced period), without prejudice to Worldline's back-up and subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Worldline, the Personal Data will be erased or anonymized.
If, outside the default or the reduced data retention period, you request Worldline to erase Personal Data related to a particular transaction before the expiration of ninety (90) calendar days as from the date of this transaction, those Personal Data will be erased once the period of ninety (90) calendar days as from the date of this transaction has expired. The reason why Worldline retains those Personal Data during the period of ninety (90) calendar days as from the date of the transaction is for invoicing reasons (invoicing of the transaction and track in case of dispute of the invoice). If you request Worldline to erase Personal Data related to a particular transaction after the expiration of ninety (90) calendar days as from the date of this transaction, those Personal Data will be erased immediately.
Personal Data processed as part of 3D Secure authentication
The 3D Secure authentication data are the PAN (Primary Account Number) and the content of the PARes (Payer Authentication Response), being, the identification of the acquirer, the identification of the merchant, the reference of the transaction, the date of the transaction, the amount of the transaction and the currency of the transaction, as well as the electronic commerce indicator, the signature status and the signature value (those 3 last fields are indications regarding the fact that the 3D secure was used, and what is the result of the process).
In its quality of data processor, as default data retention period, Worldline will retain the 3D Secure authentication data for a period of five hundred and forty (540) calendar days as from the date of the transaction. You can opt to reduce this default data retention period of said 3D Secure authentication data via the settings in your Worldline account but, with regard to the 3D Secure authentication data, the minimum period will be hundred and eighty (180) calendar days as from the date of the transaction, as required by the Scheme Rules. You will be responsible for any period selected. After this period (the default or the reduced period), without prejudice to Worldline's back-up and subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Worldline, the 3D Secure authentication data will be erased or anonymized.
Personal Data processed as part of Alias – tokenization services
If you request Worldline to store some Personal Data such as the brand of the card, the card number, the name of the card holder as well as the expiry date of the card (hereinafter referred to as “Card Data”) and to provide you with an alias or a token for such Card Data (hereinafter referred to as an “Alias”) , then Worldline, in its quality of data processor, as default data retention period, will retain such Card Data and Alias for a period of sixty (60) months as from the date of the last usage of the Alias. You can opt to reduce the default data retention period of the Card Data and the Alias via the settings in your Worldline account. You will be responsible for any period selected.
At the end of the data retention period (the default or the reduced period) or if you request Worldline to erase a particular Alias, the Card Data and the Alias will be erased after a period of sixty (60) calendar days as from the expiration of the data retention period (the default or the reduced period) or as from the date of your request of erasure, subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Worldline . In some particular cases, only the Alias will be erased and the Card Data won’t be linked anymore to this Alias. The reason why Worldline retains those Card Data and Alias still for sixty (60) calendar days is for invoicing reasons (invoicing of the Alias and track in case of dispute of the invoice).
FAQs
Worldline delivers payments services that are compliant with state of the art data security standards in the payment industry: PCI DSS.
PCI DSS includes a large set of security requirements and controls which are implemented and run on a regular basis.
These security controls aim to keep a constant high security level on the payment platform, which leads to optimal protection for transactions and data.
Worldline offers right, secure, smart and seamless payment solutions whatever the channel: in-store, online and mobile.Worldline provides merchants with a comprehensive and innovative range of services and solutions that eliminate payment complexity and make purchasing quick, seamless and secure for various sales channels and payment methods.
Worldline Group comprises of three divisions: Worldline Smart Terminals, Worldline Payment Services and Worldline ePayments. Through our comprehensive range of smart terminals, payment services and mobile solutions, we facilitate merchants’ in-store and online payments acceptance.
Now known as Ingenico ePayments, Ogone was a leading pan-European online payment services provider, which was acquired by Ingenico Group in 2013 and merged with GlobalCollect in 2015 to become Ingenico ePayments.
To honor Ogone’s significant legacy and its name, the term Ogone is now used to describe Ingenico ePayments platform, which includes Ingenico Collect, a one-stop payment solution that enables merchants to offer preferred payment methods in many different countries, without the hassle of having to open multiple bank accounts or form new legal entities.
With its Ogone platform and other offerings, Ingenico ePayments goes beyond payments by offering global consultancy services on topics including local regulations, regional payment customs and preferences, and fraud and compliancy.
In the past and prior to taking on the name Worldline, Ogone was temporarily named Ingenico Payment Services. However, once Ogone joined forces with GlobalCollect, the two came together under a new unified name: Ingenico ePayments.
Today, Ingenico Payment Services is a separate division of Ingenico Group that provides merchants with a comprehensive range of centralized and secure in-store transaction management services. Ingenico Payment Services ensures end-to-end security, control and monitoring of merchants transactions thanks to a centralized payment solution dedicated to organized retailers.
In addition, Ingenico Payment Services has a full range of customer loyalty solutions to increase merchant revenue, including: loyalty card programs and loyalty program management, prepaid cards and gift card management, customer data analysis and marketing campaign management.