INGENICO., its affiliates and subsidiaries, (together INGENICO or we/us/our) respect your privacy and are committed to safeguarding your right to privacy and your personal data. This Privacy Notice aims at informing you about how we treat your personal data when you use our products, services and platforms (collectively referred to as “Services”). This Privacy Notice applies to all INGENICO companies. Where applicable, this Privacy Notice may be complemented by the specific provisions described in the section “Country Specific Notices”.
This Privacy Notice does not apply to third-party websites, products, or services. INGENICO may use third-party websites or tools to collect your personal data (for instance, for registration to events or participating in the contest organized by INGENICO). In this case, INGENICO has no control on the treatment of your personal data by the third-party and shall not be responsible or liable for the processing by the third-party. You are advised to read and understand the privacy policies of the third-party.
This Privacy Notice is intended to explain our privacy practices and covers the following areas:
- Information we may collect about you;
- Uses of your personal data;
- Transmission, storage and security of your personal data;
- Your rights and how to contact us;
- Our Cookie Notice;
- Changes to this Privacy Notice and the Cookie Notice.
Annex A: Use justifications
Annex B: Country specific Notices
1. Information we may collect about you
We will collect and process all or some of the following personal data about you:
- Information you provide to us personal data that you provide to us such as when you complete a form on our Website, including but not limited to, your name, email address, phone number, country and company (and/or the industry your work in). We may also process information on your education and work experience in connection with a job opening at INGENICO for which you wish to be considered. You may also provide us with your contact details, address and bank details to enable us to perform a contract you have entered into with us or to make payments to you in relation to goods or services you provide to us;
- Correspondence and other communications if you contact us by telephone, letter or by email, we will typically keep a record of that correspondence or communication;
- Survey information and feedback we may also ask you to complete surveys that we use for research purposes or to provide feedback that we use to develop and improve our product and service offering. In such circumstances we shall collect the information provided in the completed survey/feedback request;
- Website and communication usage details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, browser language, access time, traffic data, location data, web logs, movements on the website, referring web site addresses and other communication data. We may also collect information about the pages you view within the Website and other actions you take while visiting us. In addition, we may also use such technologies to determine whether you’ve opened an e-mail or clicked on a link contained in an e-mail.
- Information from third parties we may also be provided with your information from other sources, for example from our affiliate companies or business partners in relation to business opportunities or from search engines, credit reference companies or government agencies, in relation to our due diligence processes.
- Information from the services we provide, for example from terminals services or Payment Platform as a Service.
2. Uses of your personal data
In this section, we set out the purposes for which we use personal data that we collect and hold and, in compliance with our obligations, identify the “legal grounds” on which we rely to process the information.
We use your Personal data only when we have a valid legal basis to do so. Depending on the circumstance, we may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your Personal data where we believe it is in our or others’ legitimate interests, taking into consideration your own interests, and rights.
To communicate effectively with you and conduct our business, including to fulfil your requests:
We might use your personal data in order to effectively respond to your contact request; your registration request to events organized by us; or to your appointment request with one of our experts; to respond to your request for proposal or offer if you are interested in doing business with us; or we may contact you if we are interested in doing business with you; to respond to your job application; to otherwise communicate with you; or with other internal and external parties concerning you; or to carry out our obligations arising from any agreements entered into between you and us.
When we use your information for these purposes, we often base such use on your prior and informed consent, or on contractual necessity (which means we will not be able to fulfil our part of an agreement without using your data to do so), or on our legitimate interests (which means we have legitimate business interests that we wish to protect and cannot do so without using your personal data).
To provide you with access to restricted Website areas:
In order to provide you with an online account and access to restricted areas, where you have filled in a form to create an account on our website.
When we use your information for these purposes, we base such use on contractual necessity (which means we will not be able to facilitate access to the restricted areas without using your data to do so), or on our legitimate interests (which means we have legitimate business interests that we wish to protect and cannot do so without using your personal data).
To provide you with marketing materials:
To provide you with email alerts, updates, offers and invitations to our events, where you have chosen to receive these. We may also use your information for marketing our own and our selected business partners’ products and services to you. Where required by law, we will ask for your prior and informed consent. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by Contacting us as set out in the “Contacting us” section below.
When we use your information for these purposes, we base such use on your prior and informed consent, or on our legitimate interests (which means we have legitimate business interests to keep you updated with news about our products and services and cannot do so without using your personal data).
For research and development purposes:
To analyze your personal data in order to better understand you so that we can continue to develop and improve our products and services.
When we use your information for these purposes, we base such use on our legitimate interests (which means we have legitimate business interests to improve our products and services and cannot do so without using your personal data).
To ensure proper functionality of our websites and to ensure relevance of content:
Depending on the types of cookies we place, which can range from strictly necessary to marketing cookies, we base such use on our legitimate interests to ensure proper functionality of our website or on your prior and informed consent. When using your data for content relevance, we typically base this on our legitimate interests (which means we have a legitimate interest to keep our website content current and updated and fit for your use. We will be unable to do this without using your personal data).
To monitor certain activities:
We collect information about you to monitor queries and transactions to ensure service quality or to comply with our legal obligations to combat fraud.
When we use your information for these purposes, we base such use on our legal duty (which means that there are different laws that compel us to monitor for certain behaviors and activities) or on our legitimate interests (which means we have legitimate business interests to monitor for fraudulent transactions and cannot do so without using your personal data).
To inform you of changes:
To notify you about changes to our Services
When we use your information for these purposes, we base such use on our legitimate interests (which means we cannot communicate changes to you without using your personal data).
To reorganize or make changes to our business:
Should we ever sell our business or a part thereof; or undergo re-organization, we might be obligated to disclose your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your personal data to that re-organized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this notice.
When we use your information for these purposes, we base such use on our legitimate interests (which means we cannot do so without using your personal data).
In connection with contractual, legal or regulatory obligations:
We may disclose your personal data to external third parties such as service providers, contractors, agents, advisors, group companies, affiliates, subsidiaries, supervisory authorities in order to comply with our contractual duties, legal obligations or to protect your interests.
We may also use your personal data to comply with our regulatory requirements or dialogue with regulators as applicable, which may include disclosing your personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted and feasible, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
When we use your information for these purposes, we base such use on contractual necessity (which means we will not be able to fulfil our part of an agreement without using your data to do so), our legal obligations (which means we are legally required to comply with certain laws), or on our legitimate interests (which means we have legitimate business interests in cooperating with law enforcement and regulatory authorities in compliance with applicable laws and cannot do so without using your personal data).
3. Transmission, storage and security of your personal data
In order to fulfil your requests, we may need to share or otherwise transfer your personal data within our group of companies such as to a shared services company located in a different region or jurisdiction to you. Where appropriate we may also transfer your personal data to third parties, for example external event organizers or partner companies who may be in a better position to satisfy your request.
We may also share your personal data with our service providers who perform services on our behalf. We contractually require these service providers to use or disclose the personal data only as necessary to perform services on our behalf.
Security over the internet
As you will know, the transmission of information via the internet is not completely secure. We maintain commercially reasonable physical, electronic, and procedural safeguards to protect your personal data in accordance with data protection legislative requirements.
All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
International data transfer
Where we transfer personal data from the European Economic Area (the “EEA”) to a country outside the EEA (or a country that is NOT considered as offering an adequate level of protection as adopted by the European Commission on the basis of Article 45 of the General Data Protection Regulation 2016/679 (GDPR), we may be required to take specific additional measures to safeguard the relevant personal data and such transfer will
be based on legal grounds and mechanisms justifying such transfer, such as EU Commission-approved standard contractual clauses, or other legal grounds permitted by applicable law.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal data to these jurisdictions (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm).
This international data transfer can for example occur when your personal data may be transferred to, or stored in, or accessed by our staff or suppliers in a destination outside the country in which you are located. Despite any differences in the regional or national laws, we will, in all circumstances, safeguard personal data as set out in this Privacy Notice.
The same applies to transfer requirements from all globally privacy regulations. All international transfers will be in full compliance of the exporting country as well as the importing country
Our retention periods for Personal data are based on business needs and local legal requirements. We retain Personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain the information you provided to us as long as necessary to provide you with the services you requested through our website and until the time limit for claims which may arise from those services has expired, or to comply with regulatory requirements regarding the retention of such data. So, if we use your personal data for more than one purpose, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose(s) with a shorter period once that period expires.
When personal data is no longer needed, we either irreversibly anonymize the data (and we may further retain and use the anonymized information) or securely destroy the data.
4. Your rights & how to contact us
You have the right to ask us not to process your personal data for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not checking certain boxes in the forms we use to collect your personal data. You can also exercise the right at any time by Contacting us as set out in the “Contacting us” section below.
We will use reasonable endeavors to ensure that your personal data is accurate. In order to assist us with this, you should notify us of any changes to the personal data that you have provided to us by Contacting us as set out in the “Contacting us” section below.
You have the right to information. We strive to provide you with transparent information through notices such as this.
If you have any questions in relation to our use of your personal data, you should first fill in the Data Subject Request webform designed for that purpose. You can access it here. If you have other questions, please contact our Data privacy team [email protected]
Please Note that Ingenico has divested from worldline on 1 October 2022. All former Ingenico businesses that processed personal data for consumer acquiring (purchases from retailers) are no longer processed by the divested Ingenico. If you have had an interaction with Ingenico prior to the divestment date and you are a consumer and not a former employee, merchant, client, or supplier we will no longer process your data and it is no longer stored by Ingenico.
Under certain conditions, if you reside in the EU, California or other jurisdiction that provides you rights as a matter of law, you may have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of your personal data that we hold;
(c) update any inaccuracies in the personal data we hold (please see the “Contacting us” section);
(d) delete any personal data that we no longer have a lawful ground to use;
(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;
(f) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
(g) restrict how we use your information whilst a complaint is being investigated.
(h) not be subject to profiling or decisions based on automated decisions that could result in adverse effects.
Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise them in all situations. In addition, these might vary slightly between countries due to national specificities. For instance, in France, in addition to the rights listed above, you also have the right to define directives as to how you wish your Personal data to be used after your death.
If you wish to exercise any of these rights, we will check your entitlement and respond within the applicable timescale.
If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to lodge a complaint with the relevant Supervisory Authority of your usual place of residence or place where the alleged breach to the law occurred. In our communications with you, we will provide you with the contact details to enable you to effectively exercise your rights. For EU Member States, please click here to see the list and contact information of the EU Supervisory Authorities.
Depending on where you are located, the “data controller” of your personal data processed by us under this Privacy Notice will be different.
If you have any questions in relation to this notice or want to exercise any of your subject rights described above, request, please fill in the Data Subject Request webform designed for that purpose. You can access it here
Please note we cannot respond directly to data subject requests via email because it is not a secure method to prove identity of the requestor. Your email data request will be acknowledged, and you will be directed to the Data Subject Request form where verification of identity is required. If further communications are not received via the Data Subject Request form, the said request will be closed after 30 days. We will endeavor to respond to a verifiable request within 30 days. Should we require more time, we will inform you in writing. If we have not heard back from you by receiving the proof of identity within a 30-day window period from date of such request made, we are unable to fulfil the request and will proceed to close the request due to unverifiable request. Should you wish to reach out to the Privacy team for queries relating to your personal data (other than your request in exercising your rights, please write in to [email protected]. At a minimal, do include (i) name of INGENICO entity that you wish to correspond with, (ii) country that you are located in, and (iii) the nature of your enquiry.
5. Cookie Notice
6. Changes to our Privacy Notice and Cookie Notice
This Privacy Notice was last updated on October 2022.
Annex A: Use Justifications
Use of personal data under EU data protection laws and other privacy regulations must be justified under one of several legal “grounds” and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found here. We note the grounds we use to justify each use of your information next to the use in the “Uses of your personal data” section of this notice.
These are the principal legal grounds that justify our use of your information*:
- Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent by using the “unsubscribe” option in the email you have received or by using the Contact Us form).
- Contract performance: where your information is necessary to enter into or perform our contract with you.
- Legal obligation: where we need to use your information to comply with our legal obligations.
- Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
- Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
*Not all privacy regulations have all the legal grounds above and those not applicable to your jurisdiction will not be applied
Annex B: Country specific Notices
NOTICE RELATING TO OUR OPERATIONS IN AUSTRALIA
INGENICO is providing the following supplemental information for individuals whose personal data (referred to as ‘personal information’ in Australia) is collected or held by our INGENICO company in Australia. We are committed to treating all personal data in accordance with applicable privacy laws and the Australian Privacy Principles.
1. Collection of Personal Information
We may obtain and hold personal data as necessary to enable us to provide our Services to our customers and to their customers. Depending on the services offered by us, we may collect personal data such as:
- First and Last Name
- Date of Birth
- Home/Work/Mobile phone numbers
- Email address
- Residential address
- Business address
- Bank details such as branch BSB, account name, account number
- Driver’s license number & expiry date
- Passport number and expiry date
We may retain copies of information provided to us for verification. If you choose not to provide this information, we may be restricted in our ability to provide services to you.
Generally, we collect personal data directly from you, for example when you complete an online form or request services. However, we may also receive your personal data from third parties in the course of providing services to our customers, for example information provided by a merchant’s acquiring bank.
We do not collect sensitive personal data in the normal course of business.
- Measure website usage and effectiveness
- Assist you to more easily navigate the website
- Personalize your website experience though association with your profile information or user preferences
You can turn off cookies in your browser, but this may impact on your ability to take full advantage of the website’s features.
3. Use and Disclosure
We only use your personal data for the purpose for which it was provided and in accordance with law. We typically collect personal data to identify our customers, potential customers, suppliers or their representatives. We do not use your personal data for direct marketing purposes, nor disclose it to other organizations except where necessary to provide our Services or if required by law.
We may disclose the personal data we collect to our related entities, service providers and contractors, who help us supply our Services. These organizations may be located in Australia, New Zealand or in other countries. If we provide your personal data to other organizations with whom we work, we expect them to apply at least the same level of protection to your personal data.
We may also check some information provided by you with applicable databases administered by responsible officials from the Australian or New Zealand Governments.
4. Security and Access
We are committed to keeping personal data secure at all times while it is in our control.
We will take all reasonable precautions to protect your personal data from loss, misuse and interference, as well as unauthorized access, modification or disclosure. We encrypt personal data where required by law or regulation, including payment card details.
Our payment processing environment is protected by a variety of security measures, which may include:
- Intrusion Prevention System (IPS)
- Security Information & Event Management (SIEM)
- Penetration Tests
- Vulnerability Scans
- Role-based Access Controls
We only allow access to personal data to our personnel who need access to that information for a specific purpose.
5. Accuracy and Correction
We endeavor to ensure that all your personal data we use to provide Services is accurate. If you are aware that any personal data that we hold about you is incorrect or out of date, let us know and if possible, we will update the information.
You can request to access or correct your personal data held by us by submitting the Data Subject Request Form as set out under “Your rights and how to contact us”.
We may require you to complete an application form verifying your identity and specifying what information you require or wish to correct. In some circumstances, where permitted by law, a request for access or correction may be refused.
Whilst making a request to access personal data is without charge, you may be charged a fee that will reflect our reasonable administrative, postage and handling costs of responding to your request. If the information is extensive, we will advise the likely cost in advance and can help to refine your request if required. We will not charge to correct factual errors in personal data.
6. Making an enquiry / complaint
If you have an enquiry about this Privacy Notice or the personal data held by us, or believe we have breached your privacy, you may address your enquiry or complaint to [email protected].
We will consider the enquiry or complaint and endeavor to provide:
- An acknowledgment of your enquiry or complaint by return email.
- Details of any investigation undertaken and resolution of your enquiry or complaint within 30 days.
NOTICE RELATING TO OUR OPERATIONS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)
INGENICO is providing supplemental information for individuals whose personal data (referred to as ‘personal information’ under CCPA) is collected or held by INGENICO in the State of California as defined in the CCPA.
1. Your California Privacy Rights
- Right to access the personal data we hold about you. You may request, no more than twice in 12-month period, a copy of the personal data that we have collected about you.
- Right to request the deletion of your personal data. Unless otherwise stated under the applicable law, you may request that we delete the personal data we have collected from you.
- Non-discrimination. You have the right not to be discriminated against for exercising your rights under CCPA.
2. How to exercise your California Privacy Rights
You can request to access or delete your personal data held by us by submitting the Data Subject Request Form as set out under “Your rights and how to contact us”.