Privacy Policy

Preamble

This Privacy Policy (hereinafter “the Policy”) aims to inform data subjects about the processing carried out in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and the amended Act of 6 January 1978 (“Data Protection Act”).
The data controller is SlimPay, a limited company with a capital of €857,344.00, whose registered office is located at 12 rue Godot de Mauroy 75009 Paris, registered with the Paris Trade and Companies Register under number 518 991 336. SlimPay is authorised and supervised by the Autorité de Contrôle Prudentiel et de Résolution (ACPR) as a payment institution.

Section 1: Definitions

The terms used in this Policy have the following meaning: 

Personal Data: means all personal data as defined by the General Data Protection Regulation (EU) 2016/679 (GDPR).
Merchant: means a business customer of SlimPay.
Prospect: means a business potentially interested in SlimPay’s services.
Controller: in accordance with the Regulation (EU) 2016/679 means the legal or natural person who determines the purposes and means of processing Personal Data.
Processor: in accordance with Regulation (EU) 2016/679 means the natural or legal person who processes data on behalf of another organisation (“the Controller”), as part of a service or provision.
Processing of personal data: in accordance with Regulation (EU) 2016/679 means any operation, or set of operations, relating to personal data, whatever the process used (collection, recording, organisation, storage, adaptation, modification, retrieval, consultation, use, etc.).
User: refers to the Merchant’s end customer who wishes to purchase goods or services offered by the Merchant. 
Visitor: means the user of the SlimPay website.

Section 2: Collection and use of personal data


2.1 Merchant data

This paragraph applies to you if you are a direct customer of SlimPay (hereinafter referred to as “Merchant”). In the course of providing payment services, SlimPay will collect and process personal data about the Merchant, and in particular about their employees and contacts, signatories and beneficial owners.

The data collected is as follows:
– Identity data: surname, first name, identity document
– Contact data: email address, business telephone number
– Data relating to professional life: position held

As an ACPR-approved payment institution, SlimPay is subject to legal obligations regarding the Fight against Money Laundering and Terrorist Financing.
SlimPay processes the Merchant’s data in order to carry out the checks imposed by the regulations. In the context of the performance of the contract, SlimPay also processes your employees’ personal data in order to manage the business relationship and to respond to your requests.

2.2 User data

This paragraph applies to you if you are a customer of a Merchant who uses SlimPay’s services (hereinafter referred to as “User”). Your personal data is transferred to us through the Merchant who provides you with the goods and services you require.

The personal data collected from Users are as follows:
– Identification data: surname, first name
– Contact data
– Financial data

Your data is used for the purpose of the performance of the contract with our Merchants and for the legitimate interest of managing your SEPA mandates, processing and collecting SEPA direct debits, and carrying out card payments initiated by you, as well as performing data analysis for anti-fraud purposes in accordance with SlimPay’s legal obligations.

2.3 Prospects’ Data

This paragraph applies to you if you are a potential future customer of SlimPay (hereinafter referred to as a “Prospect”). SlimPay has collected your data through forms on our website, through a lawfully obtained business contact list, or directly online through an email address verification service or from your company’s email domain name.

The personal data collected is as follows:
Identification data: surname, first name
Contact data: business email address, business telephone number
Work-related data: name of the company you work for and the position you hold

This data is collected on the basis of SlimPay’s legitimate interest to carry out commercial prospection and will be used to send you emails about our services and marketing campaigns. If you no longer wish to be contacted by SlimPay, you can unsubscribe at any time by clicking on the “unsubscribe” link at the bottom of our emails.

2.4 Visitor Data

This paragraph applies to you if you are a visitor to our website (hereinafter “Visitor”). When you visit the SlimPay website, you may choose to fill in forms to receive additional information, guides or to be contacted by our staff.

The data collected is as follows:
Identity data: surname, first name
Contact data: business email address, business telephone number
Work-related data: name of the company in which you work

This data will be used on the basis of your consent to provide you with content about our services or to send you marketing campaigns if we feel that our services may be of interest to you. If you no longer wish to be contacted by SlimPay, you can unsubscribe at any time by clicking on the “unsubscribe” link at the bottom of our emails.

During your visit to our website SlimPay also collects cookies and other tracking data only if you have given your prior consent.
For more information on cookies, you can read our dedicated policy.

Section 3: Recipients of personal data

Your personal data is only available internally at SlimPay to specially authorised teams. SlimPay also ensures that all persons involved in the processing of Personal Data at SlimPay are bound by an appropriate duty of confidentiality and have undergone appropriate training in the processing, protection and handling of Personal Data.

SlimPay also uses subcontractors for the sole purpose of carrying out processing activities in connection with the provision of services offered by SlimPay.
SlimPay warrants that it has selected its subcontractors, in particular, on the basis of the sufficient guarantees they offer in terms of security and data protection. SlimPay undertakes to enter into a subcontract with each of its Subcontractors and ensures that each Subcontractor complies with all obligations imposed by the GDPR.

In certain situations, your personal data may be communicated to the competent public authorities and anti-money laundering and anti-terrorist financing bodies under legal or regulatory provisions.

Section 4: Location of personal data

SlimPay’s servers are located entirely within the European Union by our hosting provider Amazon Web Services.

As stated in Section 3 of this Policy, SlimPay will transfer your personal data to its subcontractors in the course of providing its services. Some of our subcontractors may be located in a country outside the European Union.

In such cases SlimPay will ensure that such transfers outside the EU are covered by:
– By an adequacy decision by the European Commission recognising the third country as having an adequate level of protection of Personal Data, in accordance with Article 45 of the GDPR; or
– By appropriate safeguards, in accordance with Article 46 of the GDPR, such as the Standard Contractual Clauses (SCC) adopted by the European Commission.

Section 5: Retention of personal data

SlimPay retains your personal data for as long as is necessary to provide our payment services. SlimPay may also need to retain your personal data in order to comply with legal and statutory requirements, such as anti-money laundering and anti-terrorist financing requirements, and to comply with retention periods for evidential or accounting purposes. Once these retention periods have expired, SlimPay will delete or anonymise your personal data.

Section 6: Security and confidentiality

While your personal data is being stored, SlimPay will take all reasonable steps to ensure that your personal data is kept confidential and secure so that it cannot be damaged, deleted or accessed by unauthorised parties.

Taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of the processing as well as the risk to and extent of the rights and freedoms of natural persons, SlimPay undertakes to implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk in accordance with Article 32 of the GDPR.

Section 7: Exercising of rights

In accordance with Article 13 of the GDPR, you have the right to request SlimPay to access, rectify, delete or restrict the processing of your personal data. You also have the right to object to the processing of your personal data, the right to withdraw your consent at any time in accordance with Article 13 (2) (c) of the GDPR, as well as the right to portability of your data. To exercise these rights and for any request relating to personal data, you can contact our Data Protection Officer at the following address: dpo@slimpay.com.

If you consider that the processing of your personal data constitutes a breach of the GDPR, we invite you to contact us. SlimPay will always remain at your disposal. We also remind you that in accordance with Article 77 of the GDPR you can lodge a complaint with the CNIL.

Section 8: Modification of the Privacy Policy

SlimPay may modify this Privacy Policy at any time, especially in case of new recommendations from the CNIL, changes in the processing of Personal Data or changes in the applicable law. SlimPay will publish its Privacy Policy on its website in the latest available version and will provide you with the date of the last update.

This post is also available in: Français Deutsch Español Italiano