Privacy policy

1. Introduction

Automated Payments B.V. ("we", "us" or "Automated Payments") respects your privacy and is committed to protecting your personal data. This privacy statement informs you about how we handle personal data when you use our services.

This privacy statement applies to all processing of personal data by:

2. What Data Do We Process?

2.1 Customer Data (merchants)

For customers using our software application, we process:

Business Data:

• Company name and Chamber of Commerce number
• Business address
• VAT number

Contact Data:

• First and last name of contact persons
• Email address
• Phone number
• Position within the company

Technical Data:

• API keys (stored encrypted)
• E-commerce platform identification numbers
• IP addresses for security and logging

Transaction Data:

• Transaction IDs
• Transaction amounts
• Transaction timestamps
• Transaction status

2.2 Data We Do NOT Process

We explicitly do NOT process:

• Personal data of end customers of our merchants
• Credit card or payment data of end customers
• Order data or product information
• Customer profiles or behavioral data

3. Purposes of Data Processing

We process personal data for the following purposes:

3.1 Performance of the Agreement

• Providing our synchronization service between payment providers and e-commerce platforms
• Automatically processing and recording transaction data
• Providing technical support

3.2 Business Operations

• Communication about our services
• Invoicing and administration (where applicable)
• Analyzing system performance and uptime

3.3 Legal Obligations

• Meeting fiscal and accounting obligations
• Complying with legal retention periods

3.4 Legitimate Interest

• Securing our systems
• Preventing fraud and abuse
• Improving our services

4. Legal Bases for Processing

We process personal data based on the following legal bases from the General Data Protection Regulation (GDPR):

• Performance of agreement (Article 6(1)(b) GDPR): For providing our services
• Legal obligation (Article 6(1)(c) GDPR): For compliance with tax legislation
• Legitimate interest (Article 6(1)(f) GDPR): For security and service improvement

5. Sharing Data with Third Parties

5.1 Payment Service Providers

We exchange transaction data with Mollie B.V. as part of our core functionality. This exchange is necessary for the operation of our service.

5.2 Service Providers

We may share data with carefully selected service providers that support us, such as:

• Hosting providers (servers in Frankfurt, Germany - EU)
• Technical support services
• Accounting software

We have concluded data processing agreements with all service providers that contain strict agreements on data protection.

5.3 Legal Obligations

We may provide personal data to competent authorities if we are legally required to do so.

5.4 No Sale of Data

We never sell your personal data to third parties.

6. International Transfers

All personal data is stored on servers within the European Union (Frankfurt, Germany).

7. Security

We take the protection of your data seriously and have taken appropriate technical and organizational measures, including:

• Encryption: All sensitive data such as API keys are stored encrypted
• Access control: Strict access rights based on function and necessity
• SSL/TLS: All data traffic is secured with modern encryption standards
• Monitoring: Continuous monitoring for unauthorized access
• Backups: Regular backups with encryption
• Incident response: Procedures for handling security incidents

8. Retention Periods

We do not retain personal data longer than necessary:

• Customer data: During the term of the agreement
• Transaction data: Maximum 3 months for operational purposes
• Fiscal data: 7 years in accordance with legal retention requirements
• Log files: Maximum 6 months for security purposes

After termination of the agreement, all data will be deleted, except for data we are legally required to retain.

9. Your Rights

Under the GDPR, you have the following rights:

9.1 Right of Access

You have the right to access the personal data we process about you.

9.2 Right to Rectification

You have the right to have incorrect or incomplete personal data corrected.

9.3 Right to Erasure

In certain cases, you have the right to have your personal data deleted.

9.4 Right to Restriction

You have the right to restrict the processing of your personal data.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

9.6 Right to Object

You have the right to object to the processing of your personal data.

9.7 Exercising Your Rights

You can exercise your rights by contacting us at privacy@automatedpayments.nl. We will respond to your request within one month. We may ask for additional information to verify your identity.

10. Cookies and Tracking

10.1 Functional Cookies

Our application uses only strictly necessary functional cookies for:

• Session management
• Security (CSRF tokens)

10.2 No Tracking Cookies

We do not use tracking cookies or analytical services that track your behavior.

11. Automated Decision Making

We do not use automated decision making or profiling that has legal effects or otherwise significantly affects you.

12. Children's Privacy

Our services are aimed at business users. We do not knowingly process personal data of persons under 16 years of age.

13. Changes to This Privacy Policy

We may update this privacy statement from time to time. We will announce significant changes via email to our customers. The most current version can always be found on our website.

14. Complaints

14.1 Contact Us

If you have questions or complaints about the processing of your personal data, please contact us first:

14.2 Data Protection Authority

You also have the right to file a complaint with the Dutch Data Protection Authority:

15. Data Protection Officer (DPO)

Given the nature and scope of our data processing, we are not required to appoint a Data Protection Officer. For all privacy-related questions, you can contact our privacy officer at privacy@automatedpayments.nl.

16. Data Processing Agreements

For business customers using our services where we act as a processor, we have a separate data processing agreement available. You can request this via privacy@automatedpayments.nl.