Last update 28/08/2018

1. Retention period of personal data

Whenever in your contract with an Ingenico e-Commerce Solutions legal entity or with Ingenico Financial Solutions SA/NV (hereinafter referred to as “Ingenico”), regarding the processing of personal data (hereinafter referred to as “Personal Data”), it is stated that you are the data controller and Ingenico is your data processor, the following data retention principles will apply.

Given that Ingenico offers a shared service, a default data retention period has been implemented for the processing that Ingenico does as your data processor. This means that if you don’t reduce this default data retention period, the Personal Data will be retained during the default data retention period and erased or anonymized at the expiration of the default data retention period. If you reduce the default data retention period via the settings in your Ingenico account, the reduced data retention period will only apply to the Personal Data related to the transactions that are processed after the modification of the settings in your Ingenico account. In this case, the Personal Data related to those transactions will be retained during the reduced data retention period and erased or anonymized at the expiration of the reduced data retention period.

There is one exception to the principle that Ingenico has implemented a default data retention period acting as your data processor: regarding the lists that may be created by you as part of the first level of Ingenico’s advanced fraud prevention solution or as part of the basic fraud prevention tool (white lists, black lists or grey lists - hereinafter referred to as “the Lists”), Ingenico did not implement a default data retention period and  Personal Data contained in the Lists shall be erased upon your instructions.

Personal Data processed as part of the transaction, Personal Data processed as part of the first level of Ingenico’s advanced fraud prevention solution (Checklist or Scoring module) and Personal Data processed as part of the basic fraud prevention tool (except regarding the Lists)

In its quality of data processor, as default data retention period, Ingenico will retain the Personal Data for a period of five hundred and forty (540) calendar days as from the date of the transaction. You can opt to reduce this default data retention period with a minimum of ninety (90) calendar days as from the date of the transaction, via de settings in your Ingenico account. You will be responsible for any period selected. After this period (the default or the reduced period), without prejudice to Ingenico’s back-up and subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Ingenico, the Personal Data will be erased or anonymized.

If, outside the default or the reduced data retention period, you request Ingenico to erase Personal Data related to a particular transaction before the expiration of ninety (90) calendar days as from the date of this transaction, those Personal Data will be erased once the period of ninety (90) calendar days as from the date of this transaction has expired. The reason why Ingenico retains those Personal Data during the period of ninety (90) calendar days as from the date of the transaction is for invoicing reasons (invoicing of the transaction and track in case of dispute of the invoice). If you request Ingenico to erase Personal Data related to a particular transaction after the expiration of ninety (90) calendar days as from the date of this transaction, those Personal Data will be erased immediately.

Personal Data processed as part of 3D Secure authentication

The 3D Secure authentication data are the PAN (Primary Account Number) and the content of the PARes (Payer Authentication Response), being, the identification of the acquirer, the identification of the merchant, the reference of the transaction, the date of the transaction, the amount of the transaction and the currency of the transaction, as well as the electronic commerce indicator, the signature status and the signature value (those 3 last fields are indications regarding the fact that the 3D secure was used, and what is the result of the process).

In its quality of data processor, as default data retention period, Ingenico will retain the 3D Secure authentication data for a period of five hundred and forty (540) calendar days as from the date of the transaction. You can opt to reduce this default data retention period of said 3D Secure authentication data via the settings in your Ingenico account but, with regard to the 3D Secure authentication data, the minimum period will be hundred and eighty (180) calendar days as from the date of the transaction, as required by the Scheme Rules. You will be responsible for any period selected. After this period (the default or the reduced period), without prejudice to Ingenico’s back-up and subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Ingenico, the 3D Secure authentication data will be erased or anonymized.

Personal Data processed as part of Alias – tokenization services

If you request Ingenico to store some Personal Data such as the brand of the card, the card number, the name of the card holder as well as the expiry date of the card (hereinafter referred to as “Card Data”) and to provide you with an alias or a token for such Card Data (hereinafter referred to as an “Alias”) , then Ingenico, in its quality of data processor, as default data retention period, will retain such Card Data and Alias for a period of sixty (60) months as from the date of the last usage of the Alias. You can opt to reduce the default data retention period of the Card Data and the Alias via the settings in your Ingenico account. You will be responsible for any period selected.

At the end of the data retention period (the default or the reduced period) or if you request Ingenico to erase a particular Alias, the Card Data and the Alias will be erased after a period of sixty (60) calendar days as from the expiration of the data retention period (the default or the reduced period) or as from the date of your request of erasure, subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Ingenico.  In some particular cases, only the Alias will be erased and the Card Data won’t be linked anymore to this Alias. The reason why Ingenico retains those Card Data and Alias still for sixty (60) calendar days is for invoicing reasons (invoicing of the Alias and track in case of dispute of the invoice).

This website uses cookies to be able to give you the best user experience. If you don't want to accept these cookies, we allow you to change the cookie settings. Click 'Accept' to allow all cookies from this website.

Cookie settings

Introduction

Functional

Functional cookies are required for the website to operate correctly. These cookies cannot be disabled.

Optimized

Optimization cookies allow us to analyze site usage so we can measure and improve our website.
This is the default level.

Personalized

Personalization cookies are used for social media and advanced personalization. They allow us to show you information related to your company.


Example functionality allowed

  • Store country preference
  • Store language preference

Example functionality not allowed

  • Saving personal data
  • Anonymous tracking via Google Analytics
  • Tracking for remarketing purposes

Example functionality allowed

  • Store country preference
  • Store language preference
  • Anonymous tracking via Google Analytics

Example functionality not allowed

  • Saving personal data
  • Tracking for remarketing purposes

Example functionality allowed

  • Store country preference
  • Store language preference
  • Anonymous tracking via Google Analytics
  • Serve content relevant to your interests
  • Serve ads relevant to your interests
  • Tracking for remarketing purposes

Example functionality not allowed

  • Saving personal data