In3 Merchant Privacy Statement
Table of Contents
- Who is responsible for processing your personal data?
- What personal data does in3 process, and for what purpose?
- With whom does in3 share your personal data?
- Summary of personal data, legal basis, purposes and retention periods.
- How does in3 keep your personal data secure?
- Your rights
- Revisions to this statement
The in3 Garant payment method is a service of Capayable B.V. trading as in3 (hereinafter: in3). in3 processes your personal data as part of its activities because you are employed by a (web)shop or other company which offers or wants to offer our in3 Garant payment method to its customers (a Merchant). You may also be the ultimate beneficial owner (UBO), director or representative of a Merchant. In this Merchant privacy statement, in3 informs you about our use of your personal data.
2. Who is responsible for the processing of your data?
in3 is responsible for processing your personal data.
Contact details for in3:
|Company Name:||Capayable B.V.|
5652 AR Eindhoven
|Chamber of Commerce reg. no.:||59234784|
3. What data does in3 use and for what purpose?
If you are working on behalf of the Merchant:
When entering into a business relationship, from the moment of first contact, in3 collects and processes your data. This may include the following data: the name of the Merchant for whom you work, your name as a contact person, job title, e-mail address and (mobile) telephone number. We obtain this information from you when you contact us directly. If we have not received your data directly from you, the Merchant for whom you work has provided us with your data as a contact person for the Merchant. In3 uses the personal data for communication, for the purpose of executing its agreement with the Merchant, and for the internal administration and management of the organization.
If you are an UBO, board member, director or another representative of the Merchant:
For the purpose of complying with the Dutch Anti-Money Laundering Act and similar laws and (sanction) regulations, in3 processes your name, date of birth, country of birth, address, postal code and place of residence, as well as your direct or indirect interest in the Merchant. in3 also processes a copy of your passport, ID or other documentation to verify your identity. in3 receives this information from the relevant Payment Services Provider who is in contact with the Merchant.
4. With whom does in3 share your data?
in3 uses third party suppliers and partners that support in3 in its business activities. These third parties provide assistance to in3 e.g. by sending payment statements and providing collection services. In this context, these third parties may receive names from Merchants and other general Merchant information, such as your contact information.
in3 may also share data with third parties to finance its services. In connection with this, in3 may assign receivables resulting from customers who use the in3 Garant payment method and receivables against Merchants in relation to the fees for the use of in3 Garant (together the Receivables), to in3 Finance I B.V. (in3 Finance I). in3 Finance I may pledge the Receivables to third parties for the purpose of the financing. in3 Finance I may furthermore assign the Receivables to third parties for collection purposes. These parties will obtain names and addresses of the Merchants in order to record the Receivables, and to collect and process payments. In addition, in3 may provide data to in3 Finance I in relation to ultimate beneficial owners, directors and representatives of Merchants to comply with statutory (sanction) regulations. Information regarding the use of data by in3 Finance I, can be found in the in3 Finance I merchant privacy statement here: https://payin3.eu/en/in3-finance-merchant-privacystatement/.
in3 may share personal data with third parties in connection with our marketing activities. For example with:
- – Facebook (Meta Platforms Ireland Limited)
- – LinkedIn (LinkedIn Ireland Unlimited Company)
- – Google (Google Ireland Limited)
The main goal of in3 is to exclude existing Merchants and contact persons from our marketing communications on Facebook, LinkedIn and Google. This also allows these third parties to specifically target other companies and contact persons, who are not yet a customer of in3, with marketing communications. Specifically, the in3 marketing can be aimed towards persons and companies which have similar profile characteristics as our existing Merchants. This is often referred to as ‘look-a-like audiences’. To this end (hashcodes of) email addresses and/or telephone numbers of our Merchants are compared with the email addresses and telephone numbers that are known at the aforementioned platforms. During this process specific security measures are taken to ensure that this happens in a safe and trustworthy way, which does not allow for the relevant platforms to have access to Merchant email addresses and telephone numbers if these Merchants do not also have an account with the same email address or telephone number at one of those platforms.
in3 may also provide your personal data to third parties in the case of an acquisition of its company, such as a potential buyer or its advisors, or to establish, exercise or defend its legal position or rights.
Finally, in3 can share your data with authorities if in3 is required to do so by law.
When in3 shares data as stated here, it uses its best efforts to take legal, technical and organizational measures to ensure the data is and remains carefully secured.
in3 does not sell personal data to third parties.
5. Overview of Purposes, Principles and Retention Periods
|Business operations.||Name and address Merchant, name of contact person, job title, email address and telephone number.||To provide and manage the in3 services and for internal processes, including sending payment statements and debt collection services.||Legitimate interest (Article 6 paragraph 1 subsection f of the GDPR).||2 years after the last contact, unless a longer retention period is necessary to comply with legislation.|
|in3 has a legitimate interest in being able to execute its services.|
|Legal (retention) obligation (Article 6 paragraph 1 subsection c of the GDPR).|
|Fraud prevention, anti-money laundering and compliance with (sanction) regulations.||Name, address, email address, telephone number, ownership / interest in the Merchant and data to verify identity.||To comply with applicable guidelines and legislation, such as the laws regarding prevention of money laundering and the financing of terrorism.||Legal obligation (Article 6 paragraph 1 subsection c of the GDPR).||5 years after the moment of termination of the business relationship.|
|Internal management and financing.||Name and address of Merchant, name of contact person, job title, email address and telephone number.||To finance in3’s services and in the event of a full or partial acquisition of in3 by a third party.||Legitimate interest (Article 6 paragraph 1 subsection f of the GDPR).||2 years after termination of the last contract.|
|in3 has a legitimate interest in financing its services and in being able to transfer its business. Third party financiers and acquirers have an interest in obtaining the data to exercise their rights.|
|Defending/ establishing rights.||Name, address, email address, telephone number, name contact person, job title, ownership in the Merchant and data to verify identity.||To establish, exercise or defend in3’s legal position or rights.||Legitimate interest (Article 6 paragraph 1 subsection f of the GDPR).||During a dispute and for 5 years thereafter.|
|in3 has a legitimate interest in establishing, exercising and defending its legal position.|
|Marketing and website.||IP-address and other technical data.||To offer a proper functioning website.||Legitimate interest of in3 (Article 6 paragraph 1 subsection f of the GDPR) to offer a proper functioning website.||Up to 30 days after visiting the website.|
|Email address and telephone number.||To deliver targeted marketing on the platforms of Facebook, LinkedIn and Google.||Legitimate interest of in3 (Article 6 paragraph 1 subsection f of the GDPR) to pursue effective and efficient marketing on third party platforms.||Up to 2 years after the end of the customer relationship.|
|Email address.||Newsletters.||Consent (Article 6 paragraph 1 subsection a of the GDPR).||As long as the given consent has not been revoked.|
6. How in3 protects your data
in3 takes appropriate security measures to protect your personal data. in3 pays special attention to ensure that your data does not end up with unauthorized persons and that access to our systems is adequately protected.
7. What are your rights?
Access: you have the right to access your personal data which in3 us processing.
Rectification: in3 uses its best efforts to make sure that the information that in3 has about you is correct and up to date. You may always ask in3 to change or erase certain information if certain data is no longer correct.
Erasure: you have the right to request your data to be deleted if those data are incorrect or irrelevant. It is not always possible for in3 to delete all data immediately due to statutory retention periods or performance of the payment agreement.
Objection: you can also object to any processing based on in3’s legitimate interest in line with the table in paragraph 5, in connection with your specific circumstances.
Data portability: where your personal data are processed automatically in the performance of an agreement, you have the right to request a machine-readable format of this data for transfer to another party.
Requests to exercise aforementioned rights can be sent to firstname.lastname@example.org. in3 may ask questions to verify your identity before processing your request.
Complaints: in3 will use its best efforts to properly and timely handle your request. Should you have any questions or concerns, please contact us via email@example.com. You also are always entitled to lodge a formal complaint with the Dutch Personal Data Protection Authority via https://autoriteitpersoonsgegevens.nl/.
8. Changes to this Merchant privacy statement
in3 can adjust this Merchant privacy statement if it changes its processing of personal data. It is also possible that this statement changes as a result of changes in legislation. You can request the most current version of this Merchant privacy statement via firstname.lastname@example.org. This Merchantprivacy statement can also be found on the in3 website.
This Merchant Privacy Statement was last amended in September 2022.