Last Updated: 7 November 2023
This Privacy Policy details the measures implemented by RuckPay to collect, store and process the Personal Data (“PD”) of individuals who visit or use its website.
In accordance with current legislation and regulations, in particular the General Data Protection Regulation (“GDPR”) of 27 April 2016 (EU 2016/679) which came into force on 25 May 2018, Personal Data (“PD”) is defined as any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more elements that are specific to that person.
The purpose of this Privacy Policy is to specify the terms and conditions under which your Personal Information may be collected, stored and processed when it is transmitted via our website www.RuckPay.com (hereinafter referred to as the “RuckPay Site”).
Our aim is to provide you with concise, clear and transparent information.
1. Who is the Privacy Policy for?
This Privacy Policy is intended for all individuals:
- Visitors/users of the RuckPay Site; and
- Prospects.
2. Who is responsbile for processing your Personal Data?
The company responsible for processing your Personal Data is RuckPay (SAS), registered in the Paris Trade and Companies Register under number 951 383 868, whose registered office is located at 60 Rue François 1er, 75008 Paris (hereinafter referred to as “RuckPay”).
RuckPay is solely responsible for the following processing operations:
- Fraud prevention;
- Customer relationship management;
- Customer development.
RuckPay is jointly responsible with acquirers for the following processing operations:
- Payment processing;
- Retention of payment card information to facilitate subsequent purchases; and
- Implementation of Smart 3D-Secure.
3. What is Personal Data (“PD”)?
Personal Data” is defined as any information that directly or indirectly identifies you or makes you identifiable, in particular by reference to your name or, for example, the identification number allocated to you, such as your customer ID, and any other data specific to you, in particular your contact details (email, telephone and/or postal address).
4. For what purpose, when and how is your PD processed?
Processing | Purpose of Processing | Legal Basis | Category of Data Subjects | Length of Storage |
---|---|---|---|---|
Browsing the RuckPay Website | RuckPay may collect PD (in particular when consulting the website or sending messages via the form provided for this purpose) to better inform the visitor/user and, where appropriate, send them the information they wish to receive. | Consent | Visitors/Users of the RuckPay Site www.RuckPay.com | Maximum three (3) years from data collection |
Payment Processing | We process PD in order to provide our payment transaction processing services and, where applicable, to confirm that these operations have been carried out correctly. | Contract Performance | Payer of a site using RuckPay services | Payer of a site using RuckPay services |
Retention of Cart Data | We store the payment card data of our merchants’ customers who have requested it in order to facilitate their subsequent purchases or for the processing of split payments, subscriptions or deferred payments. | Consent | Payer of a site using RuckPay services | Full credit card details of our Merchant’s clients are retained until consent is withdrawn or, where applicable, until full payment for the Merchant’s products/services has been made. |
Customer Relationship Management | RuckPay processes its customers’ PD in order to ensure the follow-up of its commercial relations, such as assisting its customers when necessary, managing complaints and offering them personalised solutions. RuckPay also supports merchants who have opened an account on the RuckPay site. | Contract Performance | RuckPay’s customers and their employees | Maximum five (5) years from data collection |
Development of RuckPay’s Customer Base | RuckPay contacts professionals who may be interested in its payment solution. These are professionals who (i) have provided their contact information on the RuckPay website; or (ii) have been introduced to RuckPay by a business partner; or (iii) have been identified by RuckPay as being potentially interested in our payment solutions. When customers are introduced to us by partners, RuckPay provides them with information to enable them to monitor the business referral relationship. This information allows them to monitor the progress of the contract with these customers and to verify the calculation of any commissions owed to them by RuckPay. | Legitimate Interest | Prospects and customers of RuckPay | Maximum three (3) years from data collection or date of last contact. |
Statistics | RuckPay processes PD for statistical purposes in order to improve its knowledge of its customers and the services it offers. RuckPay also conducts customer satisfaction surveys. | Legitimate Interest | RuckPay’s customers and their employees | Maximum five (5) years from data collection |
5. How long is your PD kept?
Your PD is only kept for as long as is necessary for the purposes for which it is processed, or for the period stipulated by the Law or any other applicable Regulation. For information purposes, said retention period is indicated for each type of processing in the table above.
6. Data Processing
Browsing the RuckPay Website may result in the installation of cookie(s) on your equipment (computers, smartphones, digital tablets, etc.).
A cookie is a small file that records information about your browsing on the RuckPay website. The data collected in this way is intended to optimise your subsequent browsing on the site and is also intended to make it possible to carry out various traffic measurements.
Visitors/Users may configure their browser to refuse the installation of cookies. However, the refusal to install a cookie may make it impossible for the visitor/user to access certain services.
Our cookies policy is available at the following link: Cookies Policy
7. What DP do we collect?
RuckPay collects the following data for the purposes set out in section 4 above:
Data Categories | List of Data |
PD relating to the identity of our customers (e-commerce merchants) and, where applicable, of the directors and beneficial owners (natural persons who control the activity of customer companies)(in particular for the purposes of controls as part of the mandatory KYC procedure): | First name, last name, postal address, phone number, birthdate, nationality, banking details, credentials and/or proof of residency etc. |
PD relating to our clients (e-commerce merchants whose activity requires the use of RuckPay’s services): | Website, registration number, turnover, average shopping cart, product types on sale etc. |
Payment data and customer’s PD (natural persons purchasing goods) from our e-commerce marchants: | Card details (PAN, CVV, expiration date), identity data (email, first name, last name), date, amounts, browsing data, payment data (e.g. shipping information), and shopping cart data etc. |
Browsing data and Cookies: | IP Address, language preferences and other data related to the visits on our websites, etc. |
8. From whom do we collect PD?
As part of our risk prevention policy, we collect identity and contact data from our customers and their directors or beneficial owners, as well as data relating to their business:
- Either directly from them when they fill in forms or respond to our requests for further information; or
- Indirectly via public or private databases (e.g. infogreffe.fr), on the Internet (e.g. our customers’ websites and user reviews); and from our customers’ customers (whom we occasionally ask to confirm that their purchases have been completed correctly).
9. Who can access your PD?
RuckPay takes all necessary measures to guarantee professional secrecy and to ensure the security and confidentiality of the PD collected, i.e. to ensure that only authorised persons can access it.
Only those persons who are authorised by virtue of their position within the relevant departments in charge of the corresponding processing have access to your PD within the limits of their authorisation.
We also pass on your PD to third parties such as:
- Service providers or subcontractors to whom RuckPay may entrust operational functions (in particular our payment partner) or any other service (hosting, messaging); and
- Partners such as web agencies or e-commerce software publishers.
10. Can your Data be transferred outside the European Union?
Some of the service providers to whom we transfer your PD may process it outside the European Union. In all cases, we take care to implement appropriate safeguards, including choosing only service providers who have implemented a data protection policy approved by the European Commission (more specifically the Privacy Data Framework for US service providers) or who have signed agreements for the international transfer of PD under certain conditions as defined by the GDPR and under the supervision of the European Commission.
11. What Rights do your have over your PD?
If you wish to consult, correct, block or delete your stored PD, please send us a brief request in writing, by post or by e-mail (see below).
On request, we will tell you whether we have your PD. If, despite our efforts to maintain correct and up-to-date data, incorrect information has been stored, we will amend it at your request. You will usually receive a response from us within thirty (30) days of receiving your request.
If you would like to know more about the storage of your PD and the nature of that data or other data privacy issues, please contact our Data Privacy Officer in writing at:
RuckPay SAS Data Privacy Officer, 60 Rue François 1er, 75008 Paris, France.
To communicate by email, you may write to the following email address: [email protected]
You may, at any time, refer the matter to the competent supervisory authority, i.e. the supervisory authority of the country of the European Economic Area in which your habitual residence or your place of work is located, or the place where the alleged breach of the regulations was committed. For example, the CNIL if you are a French resident.
12. Links to Other Websites
Our Site may contain links to other websites that are not owned or controlled by RuckPay. The provision of these links is for information purposes only and does not constitute an endorsement of those websites, their location or their content. We do not control, review and are not responsible for the privacy policies or content posted on these other websites. This Privacy Policy does not apply to the websites of third-party companies.
13. Protection of Minors’ PD
In principle, persons under the age of eighteen (18) must not transfer any PD to us for marketing purposes. We do not intentionally request, collect or transfer PD from minors. Except for the specific case where a minor makes an online purchase from a bank account in his or her name, for which PD is collected solely for the purposes of proof of purchase.
14. Changes to this Privacy Policy
You have a right to the portability of the personal data that you have entrusted to us, understood as the data that you have actively and deliberately declared when accessing and using our Services. It is recalled that the right to portability does not apply to data that has been processed on any basis other than consent or the performance of a contract between us.