Privacy Statement

As a financial institution Mollie processes a large amount of data from our customers, who are using the services provided by Mollie, and our customers’ customers (consumers). Both the customer and the consumer are invaluable to Mollie. Therefore it is extremely important to Mollie to ensure careful and secure processing of the customer’s and the consumer’s data, in particular personal data.

  1. What is Mollie?
  2. How can I reach Mollie?
  3. Personal data processed by Mollie
  4. Does Mollie process special and/or sensitive personal data?
  5. Why are your personal data processed?
  6. How long does Mollie keep your personal data?
  7. Does Mollie share your personal data with third parties?
  8. How does Mollie analyse your website visit?
  9. Your rights
  10. Security of your personal data
  11. Mollie's responsibilities
  12. Data Protection Officer

1. What is Mollie?

Mollie is a payment service provider that offers her customers (for instance webshops) the possibility to accept online payment from their consumers (payers). Via Mollie a customer can give her consumers the choice between different payment methods. You could come into contact with Mollie if you have a webshop or want to use Mollie’s services for other reasons, if you have paid via a website that uses Mollie’s services or as a visitor of Mollie’s website(s).

More information about Mollie can be found on the About Mollie page.

2. How can I reach Mollie?

You can find the various ways to contact Mollie on our contact page.

3. Personal data processed by Mollie

Mollie processes your personal data because you use Mollie’s services and/or because you provide this information to Mollie yourself. An overview of the personal data processed by Mollie, depending on the service you use, is shown here below.

If you use Mollie’s services as a customer the following personal data are processed:

  • Your first and last name;
  • Your date of birth;
  • Your place of birth;
  • Your nationality;
  • Your address details;
  • Your telephone number;
  • Your email address;
  • Your IP address;
  • Your internet browser and device type;
  • Other personal data that you actively provide, for example by creating a profile on this website, in correspondence and by telephone.

If you use Mollie’s services as a consumer the following personal data are processed:

  • Your payment details (e.g. bank account number or credit card number);
  • Your IP address;
  • Your internet browser and device type;
  • In some cases, your first and last name;
  • In some cases, your address details;
  • In some cases, information about the product or service that you have purchased from our customer;
  • Other personal data that you actively provide, for example in correspondence and by telephone.

If you use Mollie’s websites, the following personal data are processed;

  • Your location data;
  • Your details about your activities on the websites;
  • Your IP address;
  • Your internet browser and device type;

4. Does Mollie process special and/or sensitive personal data?

Unlike the processing of payments, Mollie’s websites and services are not aimed at activities that require special and/or sensitive personal data to be processed. Mollie therefore requests that you do not provide this information. Furthermore, Mollie has no intentions at all of collecting information about website visitors who are minors, even if they have permission from their parents or guardians. Unfortunately, Mollie cannot check whether a visitor is a minor and therefore Mollie advises parents or guardians to be involved in their children’s online activities in order to prevent minors’ data from being processed by Mollie.

Should you, in spite of the above, be convinced that Mollie unlawfully processed special or sensitive data, Mollie requests you to contact us at info@mollie.com or +31 20 820 20 70. Mollie will then delete this information as soon as possible.

5. Why are your personal data processed?

Mollie processes data for the performance of a contract and based on legal obligations.

If you use Mollie’s services as a customer, your personal data are processed for the following purposes:

  • To assess your application;
  • To draft and perform the agreement;
  • To process payments;
  • To send information about your product or service and changes to it;
  • To ensure the safety and integrity of the financial sector, for example by identifying, investigating, preventing and actively countering (attempted) criminal/illegal conduct;
  • To perform analyses for statistical and scientific purposes;
  • To train and assess Mollie employees;
  • To record evidence;
  • In order to establish that Mollie actually does have contact with you as a customer or one of your (duly authorized) representatives, for example by telephone or in written correspondence;
  • In order to comply with legal obligations as a financial institution, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

If you use Mollie’s services as a consumer (payer), the following personal data are processed:

  • To process payments;
  • To ensure the safety and integrity of the financial sector, for example by identifying, investigating, preventing and actively countering (attempted) criminal/illegal conduct;
  • To perform analyses for statistical and scientific purposes;
  • To train and assess Mollie employees;
  • To record evidence;
  • In order to establish that Mollie actually does have contact with you as a consumer, for example by telephone or in written correspondence;
  • In order to comply with legal obligations as a financial institution, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

If you use Mollie’s websites, your personal data are processed:

  • To create a personal environment (dashboard) on Mollie’s websites;
  • To provide access to your personal environment;
  • To analyze your behavior on Mollie's websites in order to improve the websites and to tailor the range of products and services to your preferences;
  • To analyze your browsing behavior on Mollie’s websites based on which Mollie tailors products and services to your needs;
  • To perform analyses for statistical and scientific purposes;
  • To ensure the safety and integrity of the financial sector, for example by identifying, investigating, preventing and actively countering (attempted) criminal/illegal conduct;
  • In order to comply with legal obligations as a financial institution, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

If Mollie wants to process your personal data for other purposes than described above, for example for commercial purposes, Mollie will only do so based on legitimate interests or after your explicit permission has been requested and obtained. You can withdraw this permission at any time without giving reasons.

6. How long does Mollie keep your personal data?

Mollie will not keep your personal data longer than the mandatory statutory period or, if such a mandatory statutory period does not apply, no longer than is strictly necessary for the realization of the objectives for which your personal data were obtained. The personal data that Mollie receives relating to the assessment of your application, the preparation and performance of the agreement and the processing of payments, will not be kept longer than five years after rejection of your application or the termination of the agreement. This period has been determined in the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).

This retention period is also applicable to payments made by consumers (payers) and processed as part of the agreement between the customer and Mollie.

7. Does Mollie share your personal data with third parties?

Mollie will share your personal data with third parties if this is necessary for the performance of the contract or if it is based on legal obligations or legitimate interests. Mollie concludes a processors’ agreement with third parties, that process your personal data under instructions of Mollie. This way Mollie ensures that your personal data are always protected to at least the same level of security and that the confidentiality of your personal data is guaranteed. Mollie nevertheless remains fully responsible for these processing operations and will therefore take all reasonable administrative, technical and physical measures to protect your personal data against unauthorized access, unintentional loss or alteration.

Mollie may also share your data with third parties that are also data controller. In those cases Mollie has also concluded agreements in order to guarantee a thorough protection of your personal data.

Your personal data may also be shared with third parties for purposes other than those described above. In that case, Mollie will only do so after requesting and obtaining your explicit consent.

An overview of controllers and processors that Mollie shares data with, can be found here. We recommend to review this overview regularly, since parties can be added or removed from the overview.

8. How does Mollie analyze your website visit?

Mollie uses functional, analytical and tracking cookies. A cookie is a small text file that is stored in the browser of your device such as a computer, tablet or smartphone when you first visit Mollie’s websites. On the one hand, Mollie uses cookies with a purely technical functionality. These cookies ensure that the website works properly and, for example, remembers your preferred settings, so that Mollie is able to optimize the websites. On the other hand, Mollie uses cookies that keep track of your browsing behavior so that Mollie can offer you tailor-made content and advertisements. Mollie already informed you about these cookies on your first visit to the website.

Opt out of cookies

You can opt out of cookies by setting your internet browser so that it does not store cookies anymore. In addition, you can delete all information previously saved via the settings of your browser.

Cookies are also placed on Mollie’s websites by third parties, for example advertisers and/or social media companies. More information about Mollie’s use of cookies can be found here: Cookies.

9. Your rights

You have the right to view, correct, object, limit, transfer or delete the personal data that Mollie processes, unless Mollie cannot grant these rights based on a legal obligation. For example, Mollie is required to save processed personal and payment data based on legal obligations, as stated under point 6.

You can send your objection or request for access, correction, limitation, transfer or deletion to info@mollie.com. However, Mollie prefers to establish that this request originates from you. Mollie therefore asks you to send a copy of your identification (i.e. a passport or identity card) with the request. Please make sure that in this copy your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) have been redacted to protect your privacy. Mollie will then respond to your request as soon as possible, but in any case within thirty days.

Complaints

If you believe that Mollie has used your personal data unlawfully or if you are not satisfied with Mollie’s response to your request, you have the right to file a complaint with the Dutch Data Protection Authority or to take it to court. More information about this can be found on https://www.autoriteitpersoonsgegevens.nl/.

10. Security of your personal data

The protection of your personal data is very important to Mollie. Mollie has therefore taken various technical and organisational security measures to protect your data and to comply with applicable laws and regulations. Mollie uses, for example, network segmentation, techniques such as firewalls, anti-DDoS systems and file integrity monitoring, strong authentication for users, encrypted transfer of information, monitoring and alerting, and industry best practices for adequate encryption and system configuration.

Furthermore, organisational measures include role separation, least-privilege principles, personnel screening, strict procedures for managing adjustments, incidents, vulnerabilities and suppliers, and continuous training of our staff. The functionality of our security measures is tested periodically.

To report possible problems with the security of Mollie's systems, a Responsible Disclosure Policy has been made available.

11. Mollie’s responsibilities

Mollie acts as the controller as referred to in the General Data Protection Regulation, (EU) 2016/679. Mollie acts in this position because as a licensed financial institution Mollie:

  • determines which personal data must be processed for the correct execution of a payment;
  • determines for which other purposes the personal data may be processed as long as these purposes are in accordance with the purpose for which the personal data were obtained by Mollie;
  • has to comply with its own legal obligations, for example under the Dutch Financial Supervision Act (Wft), the Dutch Money Laundering and Terrorist Financing (Prevention) Act and the Dutch Civil Code;
  • has drawn up its own general terms and conditions that are directly applicable to the customer and the consumer.

The data processing has been reported by Mollie to the Dutch Data Protection Authority under number 1449126.

12. Data Protection Officer

Mollie has appointed a Data Protection Officer (DPO). Among other things, the DPO is responsible for supervising the processing of personal data by Mollie, taking stock of data processing and advising on technology and security. The DPO is registered at the Dutch Data Protection Authority under registration number FG000763.

If, in spite of the above, you suspect that your data is not properly secured, has been misused or if you believe that Mollie does not adequately guarantee the correct processing of personal data, please send an email to: dpo@mollie.com.

Amsterdam, November 30th 2018