Data Privacy Policy - Dalenys
xYou are currently visiting Dalenys website in englishGo to french version

New security and privacy regulations are set to change the way economic operators provide efficient and strict protection to natural persons with regard to the processing of their personal data. Data security always has been at the core of the Dalenys business because we love Payment and we value the privacy and security of all customers. Dalenys is an acquirer, a Payment Service Provider (PSP) and a business expert all under one roof. As your single partner for all of your business challenges, we use, as your data processor, your data and your customers’ data carefully and respectfully while assisting you from implementation to daily optimisation of your payments’ performances.

Please take a moment to read this Privacy statement carefully.

Important information

Our Dalenys Payment SAS (“Dalenys”, “we”, “us”, “our”) privacy policy contains information about Dalenys privacy practices to ensure transparency and explain how we may collect, store, process, share and transfer personal data for a visit to our websites as a visitor, access to our products and services as a merchant registered user and access to our services as the customer of our merchant registered users.

Changes to our privacy policy

We keep our privacy policy under regular review and may produce update for legal or regulatory reasons. We will accordingly give you notice of such changes by posting the revised policy on this website or, where appropriate, by any other mean.

This privacy policy was last updated on 22nd of May 2018.

What information do we collect about you?

Information we collect for our legitimate interest is a key for providing our merchant registered users and their customers with secure products and services to increase the overall safety of the payments ecosystem thus reducing risks of fraud, money laundering, risks of any security and privacy harmful activity.

Personal data is any information related to a natural person who can be identified directly or indirectly when a merchant registers for one of our products and services or when a customer of our merchant registered users makes payments:

  • Identity data and contact details: Name, surname(s), address(es), telephone number(s), email address(es)
  • Payment transaction data: Cardholder’s data and bank account information, payment method, date, amount and characteristics of purchases (eg: billing, shipping, type of products/services)
  • Browser and device data: IP address and device type and technical characteristics
  • Cookies and tracking technologies: language preference settings and other anonymous traffic data

Personal data also is any information we receive from authorized sources such as our banking and financial partners, payment services providers, anti money laundering and fraud screening verification services and publicly available sources to comply with all applicable laws and regulations.

Why do we use this information?

Providing and improving our products and services to merchants

☑ Fulfilling contract
☑ Our legitimate interest
☑ Our legal obligation

Payment processing such as accepting a payment on behalf of our merchants registered users and providing our registered users with legal, regulatory and quality control information regarding the processed or attempted payments

☑ Fulfilling contract
☑ Our legitimate interest
☑ Our legal obligation

Compliance with legal and regulatory purposes such as know your customer, anti money laundering or network and information systems’ security requirements

☐ Fulfilling contract
☐ Our legitimate interest
☑ Our legal obligation

Fraud manual or systematic monitoring to prevent, investigate and take reasonable action regarding potentially prohibited or illegal activities, suspected fraud, violations of our terms and conditions of service or any other agreement related to our service or as otherwise required by law and regulation or payment schemes in order to increase the overall safety of the payment ecosystem

☑ Fulfilling contract
☑ Our legitimate interest
☑ Our legal obligation

Marketing communication and client side experience for visitors of our corporate websites and customers of or merchants’ registered users such as providing opt-in visitors and merchants with information about our products and services if you have consented to receive marketing communications

☐ Fulfilling contract
☑ Our legitimate interest
☐ Our legal obligation

What do we mean when we say:

  • Fulfilling contract: processing your data where necessary for a contract to which you are a party or taking any step at your request before entering into such a contract
  • Our legitimate interest: our interest as a business in managing our products and services to provide our clients with the most safe and secure payment experience. We always balance any potential impact on you and your rights before we process your data for our legitimate interest
  • Our legal obligation: this means processing your data where necessary for compliance with third parties under applicable laws, regulations or payment schemes rules and standards

Dalenys will not use personal data for other purpose without permission so we may, from time to time, request your permission to allow us to process and share your personal information with third parties.

Who are the third parties we share information with?

Dalenys only shares your personal data with trusted third parties including:

  • Other members of the Dalenys corporate family such as our affiliated companies located in the European Economic Area (“EEA”), or Natixis’ affiliated companies, Dalenys Group’s main shareholder, on a need-to-know basis
  • Our merchant registered users as necessary for payment processing
  • Our service providers such as banking and financial partners or payment method providers in order to provide our payment processing services in the EEA and elsewhere in the world and to screen out the payments for fraud and money laundering identification
  • Any safety, legal purpose and law enforcement third party under applicable laws and regulations or payment schemes rules and standards to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public/judicial authorities
  • Otherwise with your consent

How long do we retain the information?

Because Dalenys is committed to various distinct legal/regulatory mandatory requirements to retain information (including fraud fighting requirements, anti money laundering compliance, payment transactions acquiring for debit/credit cards and other regulated payment methods), we will securely retain personal data for the purposes outlined by our privacy policy unless applicable laws/regulations and payment schemes rules and standards require a longest retention period:

  • Providing our payment processing products and services to merchants after registration: 5 years after the termination of the business relationship
  • Compliance with legal and regulatory purposes: 5 years after a transaction for anti-money laundering
  • Fraud manual or systematic monitoring: 5 years after a case for fraud prevention
  • Marketing communication and client side experience: 13 months for cookies and similar technologies and 3 years for direct marketing purposes including opt-out lists

How do we provide your information with the proper level of security?

While no information system can be guaranteed to be 100% secure, we use reasonable organizational, technical, physical and administrative safeguards to secure your information against loss, misuse, unauthorized access, disclosure and alteration. If you have any reason to believe that your information or the personal data that we process on behalf of our merchants registered users has been or is compromised, please contact us immediately:

  • We follow industry standards on information security management to protect security and confidentiality of the data entrusted to Dalenys and we are a PCI DSS Level 1 compliant service provider
  • Our security measures are implemented into business-as-usual activities as part of an overall security strategy: monitoring the security controls (such as firewalls, physical and logical intrusion detection, data encryption and integrity monitoring, need-to-know access control systems), ensuring that any security control failure is detected and responded in a timely manner, assessing with a formal review the privacy, safety and security impacts prior to any change to our technical environments and proceeding with security periodic reviews by qualified internal and external experts
  • We adopt internal policies and implement measures which meet in particular the principles of “data protection by design” and “data protection by default”:
    o We collect personal data only if we have a compelling business and user value
    o We collect the least sensitive form and the smallest amount of data for the shortest period of time
    o We prevent unauthorized access to personal data
    o We provide natural persons with an access to their personal data and promptly respond to questions about privacy

Marketing and communications purposes

We would like to send you information about our products and services: if you have consented to receive marketing communications and as long as you don’t opt out at a later date. You have a right at any time to object of our use of your personal information for direct marketing purposes. If you no longer wish to be contacted for marketing purposes, please opt-out via the unsubscribe link included in our email.

For marketing and communications purposes, our Cookies policy contains more information about the cookies that may be served through this website and our services and how you can control our use of these cookies.

Access to your information

You always have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the following address.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct, update, remove, port and limit the use of information you think is inaccurate.

If you are a customer of one our merchants’ registered users and wish to exercise these rights, please contact your merchant as we serve as a data processor on their behalf and only are able to forward your request to the contact details they rightfully provide in their own privacy policies.

About cookies and similar technologies

Cookies and other tracking or similar technologies (collectively, “Cookies”) are data placed on your device to provide our visitors with a personalized experience, measure the effectiveness of promotions, mitigate risks, prevent fraud and compile statistical reports.

Please refer to our Cookies policy that describes in detail how we use cookies and similar technologies and visit https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser for further information. (available only in French).

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may be limited or not possible.

Other websites

While our corporate websites may contain links to other websites this privacy policy only applies to the Dalenys websites. Moreover, this policy does not apply to third-party websites, products, or services even if they link to our products and services, and you should thus consider the privacy practices of those third parties carefully.

Dalenys as a data processor

Dalenys, as a data processor for merchant registered users may collect, retain, use and disclose personal data about our merchant registered users’ customers to our merchant registered users in accordance with the terms and conditions of our agreements with the merchant and the merchant’s lawful instructions. Our merchant registered users, as data controllers, shall make sure to comply with personal data applicable laws and regulations.

How to contact us

Dalenys Payment is a French limited company (“société par actions simplifiée“) incorporated at the French companies house of the city of Nanterre with the company number: 443 222 682 and whose registered office is 110 avenue de France, 75013 PARIS (France). Dalenys Payment is a payment institution approved by the ACPR (“Autorité de Contrôle Prudentiel et de Résolution”), the French regulator, and registered under number 16378.

You can complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In France, the relevant data protection authority is the “Commission Nationale de l’Informatique et des Libertés” (CNIL):

Commission Nationale de l’Informatique et des Libertés – CNIL
8 rue Vivienne, CS 30223
F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: http://www.cnil.fr/

Please contact us if you have any questions about our privacy policy and information we hold or process about you:

  • by email : privacy@dalenys.com
  • or write us at: Dalenys Payment, Données Personnelles, 110 avenue de France, 75013 Paris, France.