In3 Merchant Privacy Statement

Warning:  

This is an unofficial English translation of the Dutch language consumer privacy statement of in3 NL B.V. dated September 2024. In the event of discrepancies between this English translation and the original Dutch version, the Dutch version will prevail. 

iDEAL in3 Merchant Privacy Statement 

 

Table of contents 

  1. Introduction 
  2. Data controller 
  3. Which personal data do we process and for which purpose? 
  4. With whom do we share your personal data? 
  5. Purposes, legal basis and retention periods  
  6. Your rights 
  7. How do we keep your personal data secure? 
  8. Third party websites 
  9. Use of cookies and similar technology 
  10. Revisions to this Merchant Privacy Statement 
  11. Enquiries regarding data protection 

 

1. Introduction 

The iDEAL in3 payment method is a service provided by in3 NL B.V. under the name ‘iDEAL in3’ (hereinafter: iDEAL in3). Protecting your privacy and personal data is important to us. This Merchant Privacy Statement explains which personal data we collect from you and how we process such data. This statement also sets out your rights and explains how you can exercise them. 

 

This Merchant Privacy Statement applies to you because you either (i) work at a (web)shop or other company that offers iDEAL in3 to its customers (a Merchant), (ii) are the ultimate beneficial owner (UBO), board member, director or representative of the Merchant.  

2. Data controller 

We, iDEAL in3, are responsible for processing your personal data in accordance with this Merchant Privacy Statement.  

 

Contact details for iDEAL in3:  

Company name: in3 NL B.V. 

Address: Meerenakkerweg 1a, 5652 AR in Eindhoven 

Email address: privacy@in3.ideal.nl
Chamber of Commerce reg. No.:59234784 

3. Which personal data do we process and for which purpose? 

 

You work at a Merchant 

We process your data when entering a business relationship. This includes name of the Merchant, the name, job title, email address and phone number of the Merchant contact person. This data is used by us for communication about the iDEAL in3 payment method and the agreement with the Merchant, for internal administration and management of our organization. We receive this information from you or other contact persons of the Merchant. 

You are the UBO, board member, director or representative of the Merchant 

For the purposes of the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act and (sanction) regulations, we register your name, date of birth, country of birth, address, zip code and place of residence, as well as your direct or indirect interest in the Merchant’s business. Additionally, we process a copy of your passport or identity card to verify your identity. We may also record other information received to verify your identity. We receive this information from the relevant Payment Service Provider used by the Merchant.  

 

 

 

4. With whom do we share your personal data? 

 

Services 

We use services of third parties which allow us to provide the iDEAL in3 payment method. These third parties provide services to us, for example with regards to payment statements, providing collection services and providing fraud prevention services.  

Financing 

We may also share data with third parties to finance our services. In this regard, we assign claims against consumers and Merchants who use the iDEAL in3 payment method (the Claims), to our financiers. We may furthermore assign the Claims to third parties for collection purposes. These parties will obtain names and addresses of the Merchants to record the Claims, and to collect and process payments. We may also provide data to our financiers of the ultimate beneficial owners, directors and representatives of Merchants to comply with statutory (sanction) regulations.  

Marketing 

We may share personal data with third parties in connection with our marketing activities. More specific, we share personal data with the following third parties (Marketing parties): 

– Facebook (Meta Platforms Ireland Limited) 

– LinkedIn (LinkedIn Ireland Unlimited Company) 

– Google (Google Ireland Limited) 

Our main goal is to exclude existing Merchants from our marketing communications via the Marketing parties. Additionally, this allows the Marketing parties to focus the marketing communications on persons and companies who use Facebook, LinkedIn and Google, but are not yet Merchants of iDEAL in3. Specifically, our marketing can be aimed towards persons and companies which have similar profile characteristics as our existing Merchants. This is often referred to as ‘look-a-like audiences’. To this end (hash-codes of) email addresses and/or telephone numbers of our Merchants are compared with the email addresses and telephone numbers that are known at the Marketing parties. During this process specific security measures are taken to ensure that this happens in a safe and trustworthy way. The Marketing parties do not have access to your email address and telephone number if you do not also have an account with the same email address or telephone number at one of those Marketing parties. If you want to know how the Marketing parties handle your personal data, then you can find the privacy statements of Facebook, LinkedIn and Google here. 

Other 

We may share your personal data with third parties in other circumstances if we have good reasons for this. For example, in relation to a company merger or acquisition, sharing data with a potential buyer or its advisors. Or to establish, exercise, or defend our legal position or rights. 

 

When we share your personal data as stated here, we take all reasonable legal, technical, and organizational measures to ensure that your data remains secure. In addition, we do not send your personal data to third parties for remote sale or market surveys, unless you have given your consent.  

 

We process your data within the European Union as much as possible. Certain activities may involve the processing of personal data outside of the European Union. For example, the processing of data by the Marketing parties. These are global organizations; hence data may be processed outside the borders of the European Union. If this situation occurs, appropriate measures to comply with the privacy laws are ensured. For example, by concluding the necessary standard contractual clauses (so-called Standard Contractual Clauses) which have been approved by the European Commission. Any questions about the transfer of data or the safeguards in place can be directed to privacy@in3.ideal.nl. 

 

5. Purposes, legal basis and retention periods  

We process personal data based on the purposes and legal grounds as specified below. In the paragraphs below, you can also read how long we store certain data. 

 

Purpose: to provide our service 

  • Data: Name and address of the Merchant, name, job title, email address and telephone number of the contact person. 
  • Legal basis: the performance of the contract between the Merchant and iDEAL in3 (article 6 paragraph 1 subsection b of the GDPR). 
  • Retention period: we retain this data up to two years after the relationship between the Merchant and iDEAL in3 has ended, unless we are required by law to keep certain data for a longer period. 

 

Purpose: fraud prevention and anti-money laundering 

  • Data: Name and address of the Merchant, name, job title, email address and telephone number of the contact person. 
  • Legal basis: legal obligation (article 6 paragraph 1 subsection c of the GDPR).  
  • Retention period: we retain this data up to two years after termination of the last contract. 

 

Purpose: internal management and financing 

  • Data: Name and address of the Merchant, name, job title, email address and telephone number of the contact person. 
  • Legal basis: the legitimate interest of iDEAL in3 (article 6. Paragraph 1 subsection f of the GDPR). We have a legitimate interest in financing our services and in being able to transfer our business. Third party financiers and acquirers have an interest in obtaining the data to exercise their rights. 
  • Retention period: we retain this data up to two years after termination of the last contract. 

 

Purpose: to provide a well-functioning website 

  • Data: your IP address and other technical data of your device.  
  • Legal basis: our legitimate interest to provide a well-functioning website(article 6 paragraph 1 subsection f of the GDPR). 
  • Retention period: 30 days after visiting our website. 

 

Purpose: marketing 

  • Data: email address and telephone number.  
  • Legal basis: our legitimate interest to advertise our services (article 6 paragraph 1 subsection f of the GDPR). 
  • Retention period: we retain this data up to two years after the relationship between the Merchant and iDEAL in3 has ended, unless we are required by law to keep certain data for a longer period. 

 

Purpose: to send newsletters 

  • Data: email address.  
  • Legal basis: consent(article 6 paragraph 1 subsection a of the GDPR). 
  • Retention period: as long as you have given your consent and have not withdrawn the consent. 

 

Purpose: defending/establishing rights 

  • Data: Name and address of the Merchant, name and job title of the contact person, ownership in the Merchant and data to verify identity.  
  • Legal basis: the legitimate interest of iDEAL in3 (article 6. Paragraph 1 subsection f of the GDPR). We have a legitimate interest in establishing, exercising and defending our legal position. 
  • Retention period: we retain this data during the dispute and for 5 years thereafter.  

 

 

6. Your rights 

Requests to exercise the rights stated below can be sent to privacy@in3.ideal.nl. We may ask security questions to verify your identity before processing your request.  

 

Access: you have the right to access your personal data which we are processing. 

 

Rectification: we take measures to keep your data accurate and up to date in our systems. You can ask us to rectify or delete information if anything is incorrect in your data. 

 

Erasure: you have the right to request that your data be deleted if that data is incorrect or irrelevant. You can also request us to delete your account at any time. It is not always possible for us to delete all data immediately due to statutory retention periods or performance of the credit agreement. 

 

Objection: you may object to any processing based on our legitimate interest as stated in paragraph 5 above, where you believe this is being done incorrectly or unjustly or in connection with your specific circumstances. 

 

Data portability: where your personal data is processed automatically in the performance of our agreement with you, you have the right to request a machine-readable format of such data for transfer to another party. 

 

Revoke consent: where we process personal data based on your consent, such as the newsletter, you have the right to withdraw your consent at any time. You can do this via our website, via the link at the bottom of the newsletter, or by sending an email to support@in3.ideal.nl. 

 

Questions or complaints: your privacy and customer satisfaction are of great importance to us. If you have any requests or complaints regarding the processing of your personal data, please feel free to contact us via privacy@in3.ideal.nl. We will use our best efforts to help you with your request and/or to resolve your complaint. You also always have the right to submit a complaint with the local Data Protection Authority via https://autoriteitpersoonsgegevens.nl/. 

 

7. How do we keep your personal data secure? 

We take appropriate technical and organizational measures to protect your data against unauthorized access, transfer, destruction, or other unauthorized processing. These security measures include firewalls, encryption, use of secure IT environments, access control, training for staff who process your data and the careful selection of any third parties who process personal data on our behalf. Access to your information is also limited to just those employees of iDEAL in3 who need this access as part of doing their job. 

 

8. Third-party websites 

 

Our website might include links to third-party websites. We are not responsible for the privacy policies or content of those third-party websites. We advise you to carefully read the privacy policies and terms and conditions for those websites before using such websites.  

 

9. Use of cookies and similar technology 

 

When you visit one of our websites, we automatically receive and store certain information. For example, the date and time of your visit to our website, as well as how you landed on our homepage (for example via a search engine such as Google). Your information is recorded by means of cookies and similar techniques. Which information we are able to register depends on your browser settings and on which cookies you have chosen to accept.  

 

Cookies are small text files stored temporarily in the user’s browser cache whenever they visit a website. Our website uses cookies needed for the site to function properly and to enable us to interact with you. We also use analytical cookies from Google Analytics and Hotjar to collect statistical data relating to usage of our website and to make our website more user-friendly. We have set up Google Analytics in a way that respects privacy, in accordance with the guidelines of the Dutch Data Protection Authority. We also gather your IP address, device ID and other device information such as the type of browser and operating system. We gather this information for anti-fraud purposes and to update our policies accordingly. 

 

A list of the cookies we use, what they do, how long before they expire and who has access to them can be found here https://payin3.eu/en/cookiepolicy/. If you object to analytical data being collected, you can adjust your settings here.  

 

If you don’t want cookies on your computer, you can block the cookies through your browser settings. Please note that some features on the website will only work if you allow cookies. You can also delete cookies from your browser history. By deleting cookies on a regular basis, you can change the user profile built up with them. However, deleting cookies does not stop the data collection. It only removes the profile based on the previous browsing history. 

 

10. Revisions to this Merchant Privacy Statement 

We are constantly working to improve our website and payment service. For this reason, we reserve the right to revise this Merchant Privacy Statement by posting a changed version on our website. Revisions might also be made due to changes in the GDPR or other applicable (privacy) regulations or case-law. We recommend you check the content of the latest version of our Merchant Privacy Statement regularly on our website www.payin3.eu. 

 

11. Enquiries regarding data protection 

iDEAL in3 has a data protection officer, who works constantly to protect your data. If you have any questions regarding this Merchant Privacy Statement or the protection of personal data at iDEAL in3, then please contact us on privacy@in3.ideal.nl. 

 

This Merchant Privacy Statement was last updated in July 2023.