Terms of ServiceTerms of ServicePrivacy policyEU Model Contract ClausesOur use of cookiesSecurity
Dropdown arrow iconTerms of ServicePrivacy policyEU Model Contract ClausesOur use of cookiesSecurity

Privacy Notice

This notice was last updated on 22 November 2024.

This notice is designed to provide clear information about how we use personal data when we deliver our products and provide our services. It applies to ProcessOut Customers and the individuals whose data we process including Site users of the https://processout.com website ("Site"). It sets out what personal data we collect, how we use it, and how we keep it safe.

This is a global notice which applies to the activities of ProcessOut SAS and ProcessOut Inc. (“ProcessOut”, “we”, “our”, or “us”).

Personal data means information which can identify an individual either directly (e.g. via your name) or indirectly (e.g. via your IP address).

We use the following terms to describe relevant parties:

  • A Customer: a business or prospective business that we support.
  • A Customer representative: an individual who represents the businesses or prospective businesses that we support.
  • An End-user: an individual who purchases goods or services from our Customers.
  • A Site user: a visitor to our website.

We typically process personal data on behalf of our Customers as a data processor, which means that we handle personal data strictly according to our Customer’s instructions and their purposes.   If you are an End-user of our Customer, you should also consult the privacy notice of the Customer business to fully understand how they process and share your personal data.

In limited circumstances, we act as a data controller for personal data. Data controllers have responsibility for the personal data that they process. We are a data controller in circumstances including, but not limited to, where our processing is necessary to fulfill certain legal and regulatory obligations.

If you have any questions about how we use personal data, you can contact us using the details set out in the ‘Contacting us’ section at the end of the notice.


The personal data we Collect


We may collect personal data in the following ways:

  1. From Our Customers About End-users:

    We collect information about End-users who make purchases through Customer websites or applications.
  2. Customer representatives:

    We collect information provided to us directly from Customer representatives in the course of registering a Customer for our services, or when facilitating agreements for our services. We may obtain information from certain trusted third parties, for example those with whom the Customer representative may have shared their data, and companies which aggregate business contact information from publicly available sources.
  3. From Users Interacting With Our Site:

    Personal data may also be collected when users interact with our Site in various ways, such as registering, placing an order, subscribing to our newsletter, responding to surveys, filling out forms, or using other features, services or resources that we offer.


Types of Information We Collect:

  • End-users: This may include names, email addresses, phone numbers, shipping and billing addresses, locations, IP addresses, transactional and financial information (e.g., card details), unique identifiers, and any other personal data shared by our Customers about their End-user.
  • Customer representatives: Relevant contact information such as name, job title, email address, phone number, personal or business postal address.
  • Site users: Site users may be asked to provide details such as their name, email address and credit card information when engaging with specific Site features. However, users can browse our Site anonymously if they choose. We collect this personal data only when it is voluntarily provided to us by Site users or transmitted to us by our Customers. We may also collect cookies from Site users, see the section ‘Web browser cookies’ below for more information.
Non-personal identification information

We may collect non-personal data about Site users when they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about a Site user's means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.


Web browser cookies

Our Site may use "cookies" to perform data analytics to improve and optimize our website, products, services, marketing, customer relationships and enhance experiences. We use your technical information to administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

A Site user's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about the user. Site users may choose to set their web browser to refuse cookies, or to alert when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

Lawful basis: We process Site user information where it is in our legitimate interests to do so to securely and effectively maintain and develop our website and protect and secure our website. Where we use certain types of cookies, we will ask for Site user consent.

You can find more information about our use of cookies in our Use of Cookies policy.

How we use collected information


ProcessOut may collect and use personal data for the following purposes:

  • To accommodate instructions from our Customers (data controllers). Data controllers are required to ensure that their instructions to us are lawful and that End-users are provided with appropriate information regarding the processing of their personal data.

In addition:

Purposes for which we process data Our lawful basis
To process payments. We may use personal data about:
  • Customer representatives when placing an order to provide services to that order, or
  • End-users who make purchases on Customer websites or applications when providing our services.
 We process this information where it is in our legitimate interests to do so to securely and effectively to deliver our services.
If we have a contract for services with the Customer, we process this information to the extent necessary for the performance of that contract.
To process payments. We may use the personal data of End-users to comply with the rules and requirements of payment organisations (such as payment schemes, acquirers or issuers, if applicable). We process this information where it is in our legitimate interests to do so to securely and effectively deliver our services. In some circumstances, it is necessary to process this data to comply with a legal or regulatory obligation.
We may use Customer or End-user contact information and (if necessary) verification information to comply with our legal and regulatory obligations. We process this information where it is necessary to comply with a legal or regulatory obligation.
To administer and provide access to our services, we may process the personal data of Customer representatives. We process this information based on our legitimate interest in contacting the Customer in the course of offering, facilitating and providing relevant products and services.

Where required by law, we rely on consent in order to send direct marketing.
To improve customer service. The personal data that Customers and Site users provide helps us respond to customer service requests and support needs more efficiently. We process this information based on our legitimate interest of facilitating a good service.
To improve our products or services. We may process anonymized or aggregated personal data to enhance the security, stability, performance, and development of our products or services. We process this information based on our legitimate interest of seeking to ensure effective, high quality services and products and to improve and develop these products and services.
To improve our Site and personalize user experience. We may use aggregated information to analyze how Site users as a group use our Site and the resources provided on our Site. We may use feedback you provide to improve our products and services. We process this information where it is in our legitimate interests to protect and secure our website and securely and effectively maintain and develop our website.
Marketing
To run a promotion, contest, survey or other Site feature.

To send Site users information they agreed to receive about topics we think will be of interest to them. 		We process this information based on our legitimate interest in contacting you to in the course of offering or providing relevant products and services to you.

Where required by law we rely on consent in order to send direct marketing.
To send periodic emails. We may use the email address provided by Customers or Site users to send information and updates pertaining to our products, services or their order. It may also be used to respond to their inquiries, questions, and/or other requests.

If a customer or Site user decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product, service information or other similar information. If at any time the customer or Site user would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email. 		We process this information based on our legitimate interest in contacting Customers to in the course of offering or providing relevant products and services.

Where required by law we rely on consent in order to send direct marketing.

How we protect personal data


We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of personal data, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Please see the Security section of our website for further detailed information around ProcessOut security.


Retaining personal data

When deciding how long to keep your personal data, we think about how much and what kind of personal data we have, how sensitive it is, the risk of unauthorized use or disclosure, why we are using the personal data, and if there is another way to achieve these purposes, as well as what the laws and regulations tell us. We will only retain personal data for as long as reasonably necessary to fulfil the following purposes:

  • to comply with any legal, accounting, tax and reporting requirements
  • to deliver and develop our products and services securely and effectively
  • to perform analysis and undertake internal research

Once the personal data is no longer required for these purposes, we securely erase it.


Your choices and rights

If we are processing your personal data, you have choices and rights over the way your information is used by us:

  • Right to opt-out of direct marketing communications: This enables you to opt-out of receiving marketing communications from us. You can do this at any time by clicking on the ‘unsubscribe’ link included in any email marketing material we send to you, or by informing us using the contact details at the bottom of this notice.
  • Right to request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In some cases, you have a right to receive a copy of this information in a reusable format and have it transmitted to another organization.
  • Right to request correction of the personal data we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected
  • Right to request erasure of your personal data: This enables you to ask us to delete or remove your personal data. Please note that in some cases, for example if we need to retain your data to comply with legal obligations, we may be unable to comply with such requests
  • Right to object to processing of your personal data: In addition to your right to object to direct marketing communications, in certain circumstances you can object to our processing of your personal data for example when we rely on legitimate interests to process your personal data
  • Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in certain scenarios
  • Withdrawal of consent: You can withdraw consent at any time where we are relying on consent to process your personal data  
  • Right to object to automated individual decision-making and profiling: This includes the right to request human intervention where we have relied on automated decision making or profiling.

If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, this could mean that we cannot provide certain products or services to you or we cannot perform certain actions necessary to achieve the purposes described earlier in this notice.

Sharing your personal data

In order to provide our services we may share personal data with the following parties:

  • ProcessOut: To provide our services, we may share personal data between ProcessOut SAS and ProcessOut Inc., depending on the specific service and the Customer's location.
  • Third party service providers: We may use third-party service providers acting on our behalf. These service providers help us with services such as data and cloud services, website hosting, data analysis, background and screening, application and application development services, advertising networks, information technology and related infrastructure, customer service, communications, legal consultation, advisory and auditing.
  • Payment partners: We may share information with third parties across the payments ecosystem as necessary to securely and effectively process payments. This includes banks, card schemes, alternative payment method providers and issuers.
  • Law enforcement and regulators: We may share information in response to a law enforcement, government agency or regulator request where permitted to or required by law. We may also share information when we or a third party is investigating potential fraud.

We may also share personal data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition or any other transaction affecting all or any portion of our business, assets or stock.

We do not sell, trade, or rent personal data to others.

International data transfers

ProcessOut is a global business and in the provision of our services personal data may be transferred to a different country than your home country.  We implement appropriate measures to ensure that personal data remains protected and secure when it is transferred, and we will only transfer your personal data in accordance with applicable laws and regulations. Where data is transferred from the EEA or UK to a third country that is not deemed by the EU Commission or UK Secretary of State to have adequate protections in place, we rely on the EU Standard Contractual Clauses (SCCs) (or if applicable, the contractual clauses approved by the UK ICO such as the UK Addendum to the EU SCCs), to transfer personal data to a third country and to ensure it remains secure.  Where necessary, we carry out transfer impact assessments before transferring personal data, to assess the level of risk to an individual’s personal data and their rights and protections in that third country.

Please Contact us if you would like to know more about how we transfer your personal data overseas.

Third party websites

Site users may find advertising or other content on our Site that links to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.


Changes to this notice

ProcessOut has the discretion to update this notice at any time. The date of this notice is the date it was last updated.

Contacting us

If you have any questions about this notice, including any requests to exercise your legal rights, please contact us using the details set out below.

ProcessOut

https://www.processout.com/contact-us

business@processout.com