Sep 7, 2023
At Fung Payments B.V. (Fung) we take privacy seriously. We respect your privacy and we are committed to protecting your personal data.
What data do we process?
Our processing of personal data varies depending on whether you are acting as a website visitor, a merchant or a shopper. It may also depend on the services that you use. For example, if you are the sole owner of a company (i.e., sole proprietorship), we may collect personal data to onboard your business. You may also be a shopper who has purchased goods from a merchant using Fung's payment processing services, or you may be a merchant using Fung to process payments. In the paragraphs below we carefully describe when, why and how we process your personal data for each category.
When, why and how do we process your data?
When you browse our website, we process your IP address, Google Analytics ID, internet browser and device type, location data and information about your use of our website, including which pages you visited, how you got to our website and the time and length of your visit.
Through our website you can also contact us or ask us to contact you regarding questions, queries, (support) requests, comments or complaints, fill out an application to become a merchant or a partner or sign up for a test account. When you do this, we collect the information that you fill out, including your name, company, contact details, the reason you are contacting us, verification that you are not a robot and other information you decide to provide us. You can also contact us by calling us or e-mailing us using for example the contact details listed on our website. If you do so, we will collect your name, company and any other information we need to be of further assistance to you and/or communicate with you.
We use this data above to ensure proper functioning of the website, to answer your questions, comments or complaints and respond to your queries and (support) requests and to assess your application to become a customer or partner. As such, we use this data for our legitimate interests, which include ensuring the proper functioning of our website, including debugging, delivering relevant content to you and generally conducting business with you. Additionally, we use this information for DDoS mitigation to maintain the security and stability of our website. Furthermore, we use the data to enhance and optimise our website, as well as perform statistical analyses to improve its performance.
When we collect information about how you use our website, such as which landing pages you visit and which items you look at, we do so in order to make a determination about how we could best provide our services to you.
You may be our merchant or a sub-merchant (for instance by having an account on a marketplace). If you sign up to become one of our customers by entering into an agreement with Fung, we collect information we need to establish and perform a contract with you, including your contact information, address, ID documentation, tax information, creditworthiness and payment details. We use this information to provide our services to you. In addition, we use your information for our legitimate interest of managing our internal administration and for complying with our legal obligations, such as KYC and taxation obligations.
We also collect data about your use of our services and the Fung Dashboard including your login details, and the questions, queries, comments and complaints you send or share with us in relation to our business relationship. We process this data to be able to perform our contract with you by following up with you and providing you with support and for our legitimate interest of being able to optimise and improve our services.
We can also use your (company) e-mail address for: keeping you up-to-date with our products and services; making you offers tailored to your needs (meaning similar products and services you have already purchased from us); or inviting you to events.
We have an obligation to act in compliance with applicable laws and regulations and to prevent fraud, money laundering and financing terrorism. As we are a regulated payments service provider, we are not allowed to accept just any merchant without checking them and we have to determine and report when suspicious transactions take place. Therefore, if you are applying to become one of our merchants and during the performance of our agreement, we will need to collect up to date information and documents to:
Verify your identity;
Identify the ultimate beneficial owners of your business;
Identify the purpose and intended nature of your business;
Monitor your behaviour and transactions across our platform;
Check whether a natural person representing you is competent to do so (and verify the identity of this person); and
Check whether you act on behalf of yourself or on behalf of a third party.
To carry out the above checks, we process information (including personal data) that you have provided to us. Which may include your name, your contact information, a copy of your identification document, your tax identification number or BSN (if legally required), the address of your legal representative and shareholders, your bank account number, information contained in correspondence between us, bank statements, your signature and an extract of your company registration document. We may use third party identification, screening and verification services in order to assist us to verify your identity and the documents provided to us.
We use this data to ensure the safety and integrity of the financial sector by aiming to identify, prevent and counter illegal conduct and to comply with our legal know-your-customer and anti-money laundering obligations.
Fung processes your personal data for the following purposes:
To provide you with the services;
To improve our products and services;
To comply with applicable laws and regulations;
To conduct analysis for statistical, strategic and scientific purposes;
To protect our platform, systems and services from misuse, fraud, financial crimes or other unauthorised or illegal activity including the prevention, investigation and detection of (payment) fraud on the basis of legitimate interest; and
For reporting and training purposes.
We are a payment service provider and we process payments for our merchants. That means that Fung accepts payment on behalf of merchants and then processes the funds paid by the buyer (“you”) to the merchant. When we process such payments, we process your personal data. It is important to us that your personal data is treated with care and that you are well informed about the way we process your personal data.
We process the personal data we need for our legitimate interest of providing payments processing services to our merchants which are typically web shops selling you goods and services. This means that we receive your payment on behalf of the merchant.
Also, we process your personal data to comply with our legal obligations as a financial institution, such as to monitor financial transactions for the purpose of preventing money laundering and terrorist financing. For these purposes we may collect your card number (which we encrypt in accordance with PCI DSS standards), the expiry date (month and year) of your credit card, your bank account details (typically excluding your name), including IBAN, the amount of the transaction and the currency used, the date, time and location of the transaction and the category and ID of the merchant with whom you are shopping.
If necessary, we can also process any of your information above for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process your information.
Furthermore, we may process your personal data for the following purposes:
To provide our services pursuant to the agreements with our merchants and related third party providers;
To comply with applicable laws and regulations;
To conduct analysis for statistical, strategic and scientific purposes; and
To protect our platform, systems and services from misuse, fraud, financial crimes or other unauthorised or illegal activity.
We will only retain your personal information for as long as it is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes.
We will maintain your personal data for the duration of your agreement with Fung, unless otherwise agreed, and we will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
Disclosing personal data to third parties
In order to provide you with access to our website and deliver our services effectively, we may rely on the assistance of third-party service providers. When necessary, we may disclose your information to these trusted partners and professional advisors, such as IT providers, KYC partners, CRM providers, customer service providers, business development providers, and legal service providers. We have established agreements with these third-party providers to ensure the protection of your personal data.
There may be circumstances where we are required to disclose information to third parties due to legal claims or obligations. Additionally, we may disclose information with your explicit permission, as necessary.
How do we protect your data?
Ensuring the security of your personal data is our top priority. We have implemented various technical and organisational measures to protect your information from unauthorised access, ensuring that only authorised individuals or entities have access to it. These measures are designed to safeguard and secure the data we collect from you, minimising the risk of unauthorised disclosure or misuse.
International Data Transfers
Fung’s servers are hosted in the European Union and therefore, do not transfer your personal data outside the EU. However, if required, either directly or through one or more of Fung’s sub-processors, to transfer all or part of your personal data to one or more countries outside of the European Economic Area, United Kingdom and/or Switzerland that do not offer an adequate level of data protection according to the applicable data protection laws, then before any such transfer, Fung will ensure that appropriate data protection safeguards are in place, which may include:
Adequacy Decision: Fung will only transfer your personal data to non-EU countries which have been determined as having an adequate level of data protection. For further details, please visit: European Commission - Adequacy Decision.
Contractual Safeguards: Fung will enter into Data Processing Agreements and/or Standard Contractual Clauses, as previously approved by the European Commission and/or other standard contractual clauses that may be prescribed by the applicable data protection laws. For further details, please see: European Commission - Standard Contractual Clauses.
You may have the following rights with respect to your personal data, subject to applicable exceptions:
Right to access:
you may be entitled to request that we disclose your personal data that we have collected about you.
Right to object to processing of your personal data:
you are entitled to object to us processing your personal data. In some cases, you may object to the processing of your data and, where we have asked for your consent to process personal data, you can withdraw this consent at any time. Please note that Fung maintains a record of withdrawals of consent to ensure that we do not contact you in the future.
Right to correct:
you may be entitled to request that we correct any inaccuracies in your personal data.
Right to deletion:
you may be entitled to request that we delete the personal data that we have collected from you.
Please note that these rights may be limited under applicable laws and are subject to technical feasibility. We may also require additional information from you to verify your identity to process your request.
If you want to submit a data access or deletion request, please contact us via email@example.com.
If you are a resident of the European Economic Area, United Kingdom or Switzerland and feel that your personal data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with your local data protection authority about our collection and use of your personal data.
As a Merchant
Contacting us, questions and complaints