Privacy Statement

As a financial institution, Mollie processes large amounts of data from our customers, who are using the services provided by Mollie, and our customers’ customers (consumers). Both the customer and the consumer are invaluable to Mollie. Therefore it is extremely important to Mollie to ensure careful and secure processing of our customers’ and consumers’ data, in particular their personal data.

Through this Privacy Statement, Mollie (“Mollie”, “we”, “our”, “us”) informs you about the way in which Mollie processes personal data of (potential) customers, business partners, consumers and website users. At Mollie, we value your privacy. If you have any questions regarding our use of your personal data, you can reach out to us via the contact details provided at the bottom of this Privacy Statement.

If you are a job applicant, please read our Recruitment Privacy Statement to understand how we process your personal data.

1. Who is Mollie?
2. Mollie’s responsibilities
3. What personal data does Mollie process?
4. Does Mollie process sensitive personal data?
5. Where does Mollie collect and use your personal data for?
6. How long does Mollie keep your personal data?
7. How does Mollie secure your personal data?
8. Does Mollie share your personal data with third parties?
9. Does Mollie use cookies?
10. What rights do you have?
11. How can you contact Mollie?
12. Data Protection Officer

1. Who is Mollie?

Mollie is a payment service provider that offers her customers (for instance webshops) the possibility to accept online payments from their consumers (payers). Mollie B.V. is supervised by the Dutch Central Bank (DNB) as a regulated payment service provider under Dutch law. Via Mollie, a customer can give its consumers the choice between different payment methods, such as bank transfer, credit card, afterpay and other payment methods. You could come into contact with Mollie if you have a webshop or want to use Mollie’s services for other reasons, if you have paid via a webshop or website that uses Mollie’s services or as a user of Mollie’s website(s).

More information about Mollie can be found on the About Mollie page.

2. Mollie’s responsibilities

For all activities and purposes mentioned in this Privacy Statement, Mollie acts as the controller as referred to in the EU General Data Protection Regulation 2016/679 (GDPR). Mollie acts in this position because as a licensed financial institution Mollie:

  • Determines which personal data must be processed for the correct execution of a payment;
  • Determines for which other purposes the personal data may be processed as long as these purposes are in accordance with the purpose for which the personal data were obtained by Mollie;
  • Has to comply with legal obligations, for example under the Dutch Financial Supervision Act (Wft), the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft) and the Dutch Civil Code (BW); and
  • Has drawn up its own general terms and conditions that are directly applicable to the customer and the consumer.

3. What personal data does Mollie process?

Mollie processes your personal data because you use Mollie’s services and/or because you provide personal data to Mollie yourself. An overview of the personal data processed by Mollie, depending on the product or service you use and in what capacity, is provided below.

Customer
Please note that in principle, we process data about your business. Business information is not considered personal data. However, if you act as a sole trader, (some of) your business information may be qualified as personal data. Therefore, the data listed below is personal data we will process from you (especially information about the legal representatives of your company). If you use Mollie’s services as a customer, the following personal data are processed:

  • Your first and last name;
  • Your date of birth;
  • Your place of birth;
  • Your address details;
  • Your telephone number;
  • Your email address;
  • Your IP address;
  • Your internet browser and device type;
  • Your ID document details (if you are the legal representative);
  • Other personal data that you actively provide, for example by creating a personal environment on our website, in written correspondence and via telephone.

Consumer
If you use Mollie’s services as a consumer, the following personal data are processed:

  • Your payment details (e.g. bank account number or credit card number);
  • Your IP address;
  • Your internet browser and device type;
  • In some cases, your first and last name;
  • In some cases, your address details;
  • In some cases, your e-mail address and/or telephone number;
  • In some cases, information about the product or service that you have purchased from our customer;
  • Other personal data that you actively provide, for example in written correspondence or via telephone when you contact our customer service.

The cases in which we might process your personal data but don’t always necessarily do so, might depend on for example the payment method you use, the API's our customers use and whether you as consumer contact our customer service.

Business Partner
If you are our business partner, the following personal data are processed:

  • Your first and last name;
  • Your telephone number;
  • Your email address;
  • In some cases and depending on the relationship, your ID document details;
  • Other personal data that you actively provide, for example in correspondence via e-mail and telephone.

Website user
If you use Mollie’s websites, the following personal data may be processed (also depending on your acceptance of cookies);

  • Your location data;
  • Your details about your activities on our websites;
  • Your IP address;
  • Your internet browser and device type.

4. Does Mollie process sensitive personal data?

Mollie’s websites, services and products are not aimed at activities that require special categories of personal data to be processed. Mollie therefore requests that you do not provide any of such information. Furthermore, Mollie has no intentions at all of collecting personal data about website users who are minors, even if they have permission from their parents or guardians. Unfortunately, Mollie cannot check whether a website user is a minor and therefore Mollie advises parents or guardians to be involved in their children’s online activities in order to prevent minors’ data from being processed by Mollie.

5. Where does Mollie collect and use your personal data for?

If you (apply to) use Mollie’s services as a customer, your personal data are processed for the following purposes:

  • To assess your application;
  • To draft and perform the agreement;
  • To process payments;
  • To send information about your product or service and updates and/or changes to it;
  • To contact you in relation to your experience with our products and services and to inform you of other new or relevant Mollie products or services;
  • To perform analyses for statistical and scientific purposes;
  • To train and assess Mollie employees;
  • To record evidence (if necessary);
  • To provide support (such as via e-mail and phone);
  • To ensure the safety and integrity of the financial sector, for example by identifying, investigating, preventing and actively countering (attempted) criminal/illegal conduct;
  • To comply with legal obligations as a financial institution, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

If you use are a business partner of Mollie, your personal data are processed for the following purposes:

  • To draft and perform the partnership agreement;
  • To contact you in relation to your experience with our products and services and to inform you of other new or relevant Mollie products or services;
  • To perform analyses for analytical and statistical purposes;
  • To train and assess Mollie employees;
  • To record evidence (if necessary);
  • To provide support (such as via e-mail and phone);
  • To ensure the safety and integrity of the financial sector, for example by identifying, investigating, preventing and actively countering (attempted) criminal/illegal conduct;
  • To comply with legal obligations as a financial institution, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

If you use Mollie’s services as a consumer (payer), your personal data are processed for the following purposes:

  • To process payments;
  • To perform analyses for statistical and scientific purposes;
  • To train and assess Mollie employees;
  • To record evidence (if necessary);
  • To provide support (such as via e-mail and phone);
  • To ensure the safety and integrity of the financial sector, for example by identifying, investigating, preventing and actively countering (attempted) criminal/illegal conduct;
  • To comply with legal obligations as a financial institution, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

If you use Mollie’s websites, your personal data may be processed for the following purposes (depending on where you use our websites for):

  • To create a personal environment (dashboard) on Mollie’s websites;
  • To provide access to your personal environment;
  • To enable you to download and use resources and whitepapers;
  • To analyze your behavior on Mollie's websites in order to improve the websites and to tailor the range of products and services to your preferences and needs;
  • To perform analyses for statistical and scientific purposes.

Mollie processes personal data for the purposes listed above based on your consent, for the performance of a contract, based on legal obligations, performance of tasks in the public interest and to pursue legitimate business interests. If Mollie wants to process your personal data for other purposes than described above, Mollie will only do so when we obtain your consent or when we have legitimate interests, if legally required. You can withdraw your consent at any time without giving reasons, or object to the processing of your personal data when we do so based on legitimate interest. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent. You can withdraw your consent via the unsubscribe link in our e-mails, if applicable. Otherwise you can send your request to withdraw your consent to privacy@mollie.com. If, as our customer, you withdraw your consent for marketing related purposes, we may still contact you regarding product functionality or updates, security updates, responses to customer support requests or other transactional, non-marketing/administrative related purposes.

6. How long does Mollie keep your personal data?

Mollie will not retain your personal data longer than the mandatory statutory period or, if such a mandatory statutory period does not apply, no longer than is strictly necessary for the realisation of the purposes for which your personal data were obtained. For example, the personal data that Mollie receives relating to the assessment of your application as a customer, the preparation and performance of the agreement and the processing of payments, will not be kept longer than five years after rejection of your application or the termination of the agreement. This period has been determined in the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

7. How does Mollie secure your personal data?

The protection of your personal data is very important to Mollie. Mollie has therefore taken various technical and organisational security measures to protect your data and to comply with applicable laws and regulations. Mollie uses, for example, network segmentation, techniques such as firewalls, anti-DDoS systems and file integrity monitoring, strong authentication, encrypted transfer of information, monitoring and alerting, and industry best practices for adequate encryption and system configuration.

Furthermore, organisational measures include role separation, least-privilege principles, personnel screening, strict procedures for managing adjustments, incidents, vulnerabilities and suppliers, and continuous training of our staff. The functionality of our security measures is tested periodically.

To report possible problems with the security of Mollie's systems, please go to our Responsible Disclosure Policy.

8. Does Mollie share your personal data with third parties?

Processors
Mollie shares your personal data with third parties if this is necessary to provide our products and services. When third parties will process your personal data on our behalf and under our strict instructions, those third parties act as so-called processors. Mollie concludes a data processing agreement with processors. This way, Mollie ensures that your personal data are always processed in a careful manner, protected with at least the same level of security we maintain and that the confidentiality of your personal data is guaranteed. Mollie nevertheless remains fully responsible for these processing operations and will therefore take all reasonable administrative, technical and physical measures to protect your personal data against unauthorised access, unintentional loss or alteration.

(Joint) Controllers
Mollie may also receive data from third parties or share your personal data with third parties that are also controllers. In those cases Mollie has concluded agreements in order to guarantee a thorough protection of your personal data where this is desirable or where required (namely where both parties acties as joint controllers).

An overview of processors and controllers that process data for which Mollie is controller, can be found here. We recommend reviewing this overview regularly, since parties can be added or removed from the overview.

If your personal data will be shared with third parties for purposes other than those described above, Mollie will only do so when legally permitted or after we have obtained your consent.

Cross-border data transfers
When providing our services, your personal data may in some cases be processed by third parties (as processor, as joint or independent controller) outside the European Economic Area (EEA). If your personal data is processed outside the EEA in a third country (a country without an adequate level of protection as indicated by the European Commission), Mollie ensures that i) the correct contract is concluded with regard to data processing (processor agreement, joint controller agreement or controller-controller provisions if desired), and ii) an appropriate transfer mechanism is in place, such as EU Standard Contract Clauses. In this way Mollie ensures that your personal data is always secured at at least the same level and that the confidentiality of your personal data is guaranteed.

9. Does Mollie use cookies?

Mollie uses functional, analytical and marketing cookies. A cookie is a small text file that is stored in the browser of your device such as a computer, tablet or smartphone when you first visit Mollie’s websites. On the one hand, Mollie uses cookies with a purely technical functionality. These cookies ensure that the website works properly and, for example, remembers your preferred settings, so that Mollie is able to optimize the websites. On the other hand, Mollie uses cookies that keep track of your browsing behavior so that Mollie can offer you tailor-made content and advertisements. Some cookies on Mollie’s websites are placed by third parties, for example advertisers and/or social media companies. More information about Mollie’s use of cookies can be found in our Cookie Statement.

10. What rights do you have?

You have the right to access, correct, erase, restrict, transfer, or object to the personal data that Mollie processes, unless Mollie cannot execute these rights based on a legal obligation or whenever exceptions apply. For example, Mollie is required to keep certain personal and payment data based on legal obligations (as stated under point 6), which means that we cannot always delete all of your personal data when you request so.

You can send your request to exercise your privacy right(s) to privacy@mollie.com. Mollie prefers to establish that this request originates from you and that you are who you say you are. If we are not capable of verifying it is you directly, Mollie may ask you to send a copy of your identification (i.e. a passport or identity card). Please make sure that in this copy your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) have been redacted to protect your privacy. Mollie will then respond to your request as soon as possible, but in any case within one month after receipt, unless the request is of such excessive nature that we may extend that period with another 2 months.

11. How can you contact Mollie?

If you have any questions regarding our use of your personal data, you can contact us via privacy@mollie.com.

If you believe that Mollie has used your personal data unlawfully or if you are not satisfied with Mollie’s response to your question or request, you have the right to file a complaint with the relevant Data Protection Authority (in the Netherlands, this is the Autoriteit Persoonsgegevens). More information about your complaint possibilities can be found here. For contact details of all EU Data Protection Authorities, click here.

12. Data Protection Officer

Mollie has appointed a Data Protection Officer (DPO). Among other things, the DPO is responsible for supervising the processing of personal data by Mollie, taking stock of data processing and advising and training our employees on the responsible use of personal data. The DPO is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

If, in spite of the above, you suspect that your data is not properly handled, secured, has been misused or if you believe that Mollie does not adequately process your personal data, please reach out to our DPO via dpo@mollie.com.

Amsterdam, June 30th 2021.