Please read this privacy statement if you would like to know more about the way Adyen and its group companies around the world (hereinafter referred to as “Adyen” or “we”) collect and further process your personal data.
It is important to us that your personal data is treated with care and that you are well informed about the way we process your personal data. We have written this privacy statement to tell you which data we process, how, why and how long we do this for and to inform you about your rights.
When you visit the Adyen website hosted by Adyen, correspond with us, are (or are in the process of becoming) one of our customers or partners, and where we process your transaction as an acquirer, we process personal data about you as a data controller.
Version as of April 2022.
We have updated our Privacy Statement as of the 8th April 2022! We have made a few changes to include new Adyen products and services, and to comply with privacy obligations from outside of the EEA (in line with global privacy requirements).
To see the older (January 2021) version, please click here.
Who is Adyen?
Adyen is a payment technology company operating under a banking license. Which means that Adyen provides its customers with payments and financial services which include handling payments for its customers and platforms via credit card, bank transfer, and other payment methods, issuing cards, providing (merchant) bank account services, fraud detection services, and other services to its customers. Please note that Adyen N.V. is supervised by the Dutch Central Bank as a regulated bank under Dutch law.
When, why and how do we process your data?
How long do we keep your information?
We will always only keep your data for as long as we reasonably need it for the purposes listed above.
The retention terms above can be longer if we are required to keep data longer on the basis of applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
Social media buttons
We use plugins on our website from social media networks such as Facebook, LinkedIn and Twitter. You can recognize these plugins by their logos. We also use plugins for the embedded video players which can be found on our website. Our plugins will not collect personal data about you, unless you click on these logos or videos. If you click on them, these plugins are activated and automatically transmit data to the plugin provider.
We do not have any influence over which data these providers collect from you and we are also not aware of the extent of their data processing. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.
With whom do we share this information?
We need the help of third parties to be able to offer you our website and our products and services. Where necessary we will share your information with our service providers and professional advisers (e.g. IT providers, KYC partners, CRM providers, marketing support providers (such as agencies which manage our social media accounts), social media providers such as LinkedIn, analysts, customer service providers, business development providers and legal service providers). We have concluded agreements with our service providers to protect your personal data.
If our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s advisers and will be passed to the new owners of the business.
Otherwise we will not share your information with any third party, unless we have your permission (for example if we wish to share your details with another group company for their recruitment purposes), where this is necessary in connection with the purposes above or with legal claims or when we have a legal obligation to do so.
How do we protect your data?
We are committed securing your personal data and have taken steps in this regard. In order to prevent unauthorized people or parties from being able to access your data, we have put in place a range of technical and organizational measures to safeguard and secure the information we process from you.
Where do we transfer this information?
Some of the information you send us may be shared with other Adyen group companies outside of the European Economic Area ("EEA"), when this is necessary for the purposes mentioned above. These countries include the countries in which we have operations (you can find a list here). It also includes the countries in which some of our service providers are located, such as the United States.
To protect your data when these are transferred to countries outside of the EEA, we have implemented appropriate safeguards. When we transfer data to our Adyen group companies, these transfers are protected by an intragroup agreement containing Standard Contractual Clauses (read more here). For United States service providers and other service providers located outside of the EEA, we rely on Standard Contractual Clauses. If you want to receive more information about these safeguards, you can contact us using the details below under (“Contacting us”).
You are entitled to object to us processing your personal data, including profiling. You may also ask us for an overview of your information or ask for a copy. You may also request us to correct or delete certain data, restrict processing of your data, or ask us to transfer some of this information to other organisations. In some cases you may object to the processing of your data and, where we have asked for your consent to process personal data, you can withdraw this consent at any time. Please note that Adyen maintains a record of withdrawals of consent to ensure that we do not contact you in the future.
Where we process your data for our legitimate interests, you can contact us if you want more information about these.
There are some exceptions to these rights, however. For example, it will not be possible for us to delete your data if we are required by law to keep it or if we hold it in connection with a contract with you. Similarly, access to your data may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information.
If you wish to exercise any of these rights, please contact us using the details below.
Contacting us, questions and complaints
You can submit a data access or deletion request here.
Additionally, questions, comments or complaints concerning this privacy notice and the way we process your personal data are welcomed and can be addressed to our DPO at firstname.lastname@example.org, or Simon Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands.
If you have a complaint about the way we handle your personal data, you also have the right to address this with the data protection authority of the country in which you live or work or the country in which we are located.
Residents located outside of the EEA
Please note that Adyen will process personal data of users located outside of the EEA in accordance with the GDPR and the applicable local privacy laws.
For example, the Lei Geral de Proteção de Dados Pessoais (the “LGPD”) applies to the processing of personal data of users located in Brazil, and the Californian Consumer Privacy Act (the “CCPA”) applies to the processing of personal information of users located in California.
Please note that Adyen does not disclose your personal information for others’ direct marketing purposes and we do not sell your personal information. If we did, Adyen would provide you with the right to opt out of such sales, as in accordance with the CCPA.
Please click here in order to request the information set out above or to request that we delete the personal information we have collected from you; these actions will be subject to limitations under applicable local privacy laws and technical feasibility.
If you would also like to know the contact details of third parties with which your personal data is shared, the purpose of their data processing, and the manner in which data is processed, and how you can communicate with such third party to exercise your data privacy rights please contact email@example.com or firstname.lastname@example.org (if you are located in Brazil).