Capayable B.V. Consumer Privacy Statement
This is an unofficial English translation of the Dutch language consumer privacy statement of Capayable B.V. dated May 2022. In the event of discrepancies between this English translation and the original Dutch version, the Dutch version will prevail.
Table of Contents
- 1. Introduction
- 2. Who is responsible for processing your personal data?
- 3. What personal data does in3 process, and for what purpose?
- 4. Automated credit check
- 5. With whom does in3 share your personal data?
- 6. Summary of personal data, legal basis, purposes and retention periods.
- 7. Your rights
- 8. How does in3 keep your personal data secure?
- 9. Links to third-party websites
- 11. Revisions to this statement
The in3 Garant payment method is a service provided by Capayable B.V. trading as in3 (hereinafter: in3).
Protecting privacy is important to in3. This Consumer Privacy Statement describes which personal data in3 collects, and how in3 treats these data. This Consumer Privacy Statement also sets out your rights and explains how you can exercise them. This Consumer Privacy Statement applies whenever you visit our website or make use of our services.
2. Data Controller
in3 is responsible for processing your personal data in accordance with this Consumer Privacy Statement and the applicable privacy laws and regulations.
Contact details for in3
5652 AR Eindhoven
Chamber of Commerce reg. no.: 59234784
3. What personal data does in3 process, and for what purpose?
in3 processes your personal data whenever you use our services.
- 3.1 Information you provide
in3 processes the personal data you provide to us when you:
- – place an order online and choose in3 Garant as your payment method;
- – set up an account with us;
- – contact customer services.
- These personal data include:
- – personal details: name, email address, postal address, date of birth, telephone number
- – order details: data relating to your orders
- – payment details: account number and data relating to your payments to in3
- – communications information: information relating to communication with our customer service
- This information is necessary to deliver our services and for customer services purposes. in3 also uses your email address to send newsletters where you have registered for this on our website.
- 3.2 Personal data which in3 collects when you apply for in3 Garant
- When you apply for our payment method, in3 also processes your credit score and the criteria on which it is based (this is explained in more detail in paragraph 4 below). in3 needs this information to assess whether your application to use our services can be approved to make sure the credit offered and delivered to our customers is responsible and sustainable.
4. Automated credit check
in which cases will an automated credit check be carried out?
If you choose the in3 Garant payment method, in3 must first determine whether this is possible in a responsible and sustainable way. If you are unknown to in3 as a customer, this will be done through an automated real-time risk assessment. If you already are a customer at in3, then in3 will use your payment history with in3 to decide whether to accept your application.
What does the credit check involve and what are its implications?
As part of the credit check, in3 checks your name, address, date of birth, email address and telephone number with the credit reference agency, Experian. Experian then gives in3 a credit score. Based on this, in3 decides automatically whether you can use in3 Garant. This works as follows:
in3 verifies your name and address, so it can be sure this information is correct. in3 also checks the bankruptcy and insolvency register, registers of arrangements with creditors and of legal capacity, to determine whether you can meet your payment obligations. For this reason, in3 also checks whether there are any debts outstanding at the same address. in3 also checks to see if you have negative credit registrations. You may get negative credit registrations if you are in default with regards to other services, such as your telephone service subscription or energy provider. Finally, in3 checks to see if you have made more than 2 applications for credit in the past 30 days. in3 checks this to protect you against taking on too much debt.
How long is the credit check stored?
in3 stores the personal data on which the credit score is based, so we can explain the score to you should you ask for this. Furthermore, in3 stores your data to monitor and improve its systems for credit checks and fraud prevention. See paragraph 6 for specific retention periods. Experian will retain your application for 30 days and may reuse it for new credit applications in the same period.
Why are credit checks needed?
in3 carries out automated credit checks in order to set up and perform the agreement with you for the delivery of in3 Garant. in3 also has a legitimate interest to perform credit checks. Without this check, in3 cannot assess if it can collect payments and if you can meet the payment obligations. Specifically, it is important for in3 to know whether payment in instalments is justified in your circumstances. in3 handles a lot of applications, so it has to do this automatically. The methods used by in3 are tested regularly to verify that they remain fair, appropriate and unbiased. However, you can always ask in3 for a human review of your individual circumstances.
Access, appeal and human review
If in3 turns down your application to use in3 Garant, you can request access to the personal data which in3 Garant has based its decision on, and the reasoning behind the decision. If the personal data are incorrect, you can request it be rectified or deleted. If you believe that turning down the application is not justified in view of the data, you can object against in3’s decision. You can also ask us to review your credit rating manually. Such requests can be sent to us via email to email@example.com. in3 may ask security questions to verify your identity before processing your request.
5.With whom does in3 share your personal data?
in3 uses third parties who facilitate in3 Garant. These third parties provide assistance to in3 e.g. by sending payment statements, providing collection services, fraud prevention and checking creditworthiness. Enquiries relating to these third parties and their data processing methods can be directed to in3 at firstname.lastname@example.org.
Furthermore, in3 may share data with the authorities if required to do so by law. However, in3 will only agree to do this where the authorities can demonstrate that in3 is legally required to cooperate.
in3 may also share data with third parties to finance its services. In connection with this, it assigns receivables against consumers who use the in3 Garant payment method (the Receivables), to in3 Finance I B.V. (in3 Finance). in3 finance may also pledge the Receivables to third parties. in3 Finance may furthermore assign the Receivables for collection purposes, or reassign them to the (online) store where you placed the order. These parties will get your data in order to collect the Receivables, manage payment obligations and process payments. The in3 Finance consumer privacy statement can be found here https://payin3.eu/en/consumerprivacystatement-in3-finance/.
in3 may furthermore provide your personal data to third parties as part of a company takeover, such as to a potential buyer or its advisors, or to establish, exercise or defend its legal position or rights.
When in3 shares your personal data as stated here, it takes all legal, technical and organisational measures to ensure that your data remain secure.
in3 does not sell personal data to third parties. Neither will it transfer your personal data to third parties for direct marketing purposes, except where you have given consent.
in3 does not process (or transfer) personal data to countries outside the EU
6. Purposes, legal basis and retention periods
in3 processes personal data based for the purposes and on the bases specified below. The table below also shows how long in3 stores certain data.
|Department||Personal data||Purpose (why does in3 process your personal data?)||Legal basis (why is in3 permitted to process your data)||Automated||Retention period|
|Identification, risk and fraud management||Name, date of birth||In order to confirm your identity and verify your personal data||Setting up and executing a credit agreement (Art. 6 (b) GDPR)||Yes||2 years after the end of the customer relationship|
|Name, address, date of birth, email address, telephone number,|
bankruptcy, arrangement with creditors, receivership y/n, number of credit applications in last month, known payment history, debts at the same address
|To check your details with a credit reference agency (automated credit check) and afterwards for customer service purposes||Setting up and executing a credit agreement (Art. 6 (a) and 22 (2 a) of the GDPR)|
Legitimate interests (Art. 6 (f) GDPR) as in3 has a legitimate interest in only entering into contracts with customers who can meet their payment obligations. It is also in the customer’s interest to be protected against too much credit.
|Yes||1 year following the application|
|Payments & Customer Service Administration||Name, address, account number, email address, telephone number, amount owing||To manage payments and customer data, review future applications and for customer service purposes,||Setting up and executing a credit agreement (Art. 6 (a) of the GDPR)|
Legitimate interests in only entering into contracts with customers who can meet their payment obligations. It is also in the customer’s interest to be protected against too much credit (art. 6 (f) of the GDPR)
Statutory retention periods (art 6 (c) GDPR
|2 years following the end of the customer relationship, unless statutory retention periods apply|
|Account management||Name, address, account number, email address, telephone number, amount owing, order history, payment history||To grant the customer access to account information and order history, to check future applications||Performance of the account and credit agreements (Art. 6 (a) of the GDPR.|
Based on our legitimate interest for the purposes of customer service and so as not to enter into credit agreements with customers who have failed to meet their payment obligations in the past (Art. 6 (f) of the GDPR.
|Until such time as the customer terminates the account and for one year following that|
|Administration of payments & customer service for overdue customers||Name, address, email address, telephone number, amount owing in respect of unpaid debts||To check future applications||Based on in3’s legitimate interest in not entering into credit agreements with customers who have failed to meet their payment obligations in the past (Art. 6 (f) of the GDPR)||5 years after the end of the customer relationship|
|Name, address, amount owing||To finance in3’s service provision and in the event of a full or partial acquisition of in3 by a third party||in3’s legitimate interest in financing its services and in being able to transfer its business, and the legitimate interests of third parties who provide the financing or acquire the business (Article 6(f) GDPR)||2 years after the end of the customer relationship|
|email address||newsletters||Consent (Article 6 (1)(a) of the GDPR)||Provided you have given consent for this and have not withdrawn it|
|Defending/establishing rights||Name, address, email address, telephone number, amount owing||To establish, exercise or defend in3’s legal position or rights||Legitimate interest (Article 6 (f) of the GDPR) in3 has a legitimate interest in being able to establish, exercise and defend its legal position and rights.||During any dispute and for 5 years following.|
7. Your rights
Access: you have the right to access your personal data which in3 is processing.
Rectification: in3 ensures that the personal data in3 holds relating to you are accurate and up-to-date. You can ask in3 to rectify or delete information if anything is incorrect in your data.
Erasure: You have the right to request your data to be deleted if those data are incorrect or irrelevant. You can also request in3 to delete your account at any time. It is not always possible for in3 to delete all data immediately due to statutory retention periods or performance of the payment agreement.
Objection and human review: You have the right to object to your personal data being processed, and to request a human review where the automated credit check is concerned. See paragraph 4 above.
Objection: You can also object to any processing based on in3’s legitimate interest in line with the table in paragraph 6, where you believe this is being done incorrectly or unjustly or in connection with your specific circumstances.
Requests to exercise the above rights can be sent to email@example.com. in3 may ask security questions to verify your identity before processing your request.
Revoke consent: Where in3 processes personal data based on your consent, such as the newsletter, you have the right to withdraw your consent at any time. You can do this via the in3 website, via the link at the bottom of the newsletter or by sending an email to firstname.lastname@example.org.
Data portability: Where your personal data are processed automatically in performing an agreement, you have the right to request a machine-readable format for transfer to another party.
8. How does in3 keep your personal data secure?
in3 takes appropriate technical and organisational measures to protect your data against unauthorised access, transfer, destruction or other unauthorised processing. These security measures include firewalls, encryption, use of secure IT environments, access control, training for staff who process your data and the careful selection of any third parties who process personal data on behalf of in3. Access to your information is also limited to just those in3 staff who need your data as part of doing their job.
9. Third-party websites
Our website might include links to third-party websites. in3 is not responsible for the privacy policies or content of those websites. We advise you to read the privacy policies and terms and conditions for these websites before visiting.
Each visit to the in3 environment is recorded automatically. This involves collecting the following information:
- – date and time of your visit to the in3 website;
- – website from which you were directed to the in3 environment.
If you object to analytical data being collected, you can adjust your settings here. If this is the case, we only use necessary cookies.
A list of the cookies we use, what they do, how long before they expire and who has access to them can be found here https://payin3.eu/en/cookiepolicy/.
If you do not want cookies stored on your computer, you can block their use using your browser settings. Please note that some features on the website only work when you allow cookies.
You can also delete cookies from your browser history. By deleting cookies regularly, you can modify the user profile being built up. However, deleting cookies does not stop personal data being collected, it simply deletes the profile based on the previous browsing history.
11. Revisions to this Consumer Privacy Statement
in3 is constantly working to improve its website and payment service. For this reason, in3 reserves the right to revise its Consumer Privacy Statement by posting any changes on its website. Revisions might also be made owing to changes in the General Data Protection Regulation, other regulations or relevant case law. We recommend you check the content of the Consumer Privacy Statement regularly.
12. Enquiries regarding data protection
in3 has a data protection officer, who works constantly to protect your data. If you have any questions regarding the Consumer Privacy Statement or the protection of personal data at in3, then contact them on email@example.com.
This Consumer Privacy Statement was last updated May 2022.