English
EN
Book appointment

Privacy Policy

Last update: February 2024

Preamble

This Privacy Policy (hereinafter “the Policy”) aims to inform data subjects about the processing carried out in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and the amended Act of 6 January 1978 (“Data Protection Act”).

The data controller is SlimPay, a limited company whose registered office is located at 12 rue Godot de Mauroy 75009 Paris, registered with the Paris Trade and Companies Register under number 518 991 336. SlimPay is authorised and supervised by the Autorité de Contrôle Prudentiel et de Résolution (ACPR) as a payment institution.

Section 1: Definitions

The terms used in this Policy have the following meaning: 

Affiliates: means any company which, directly or indirectly, controls SlimPay, is controlled by SlimPay or is under the same control as SlimPay, the concept of control being that defined in Article L. 233-3 of the French Commercial Code.

Personal Data: means all personal data as defined by the General Data Protection Regulation (EU) 2016/679 (GDPR).

Merchant: means a business customer of SlimPay.

Prospect: means a business potentially interested in SlimPay’s services.

Controller: in accordance with the Regulation (EU) 2016/679 means the legal or natural person who determines the purposes and means of processing Personal Data.

Processor: in accordance with Regulation (EU) 2016/679 means the natural or legal person who processes data on behalf of another organisation (“the Controller”), as part of a service or provision.

Processing of personal data: in accordance with Regulation (EU) 2016/679 means any operation, or set of operations, relating to personal data, whatever the process used (collection, recording, organisation, storage, adaptation, modification, retrieval, consultation, use, etc.).

User: refers to the Merchant’s end customer who wishes to purchase goods or services offered by the Merchant. 

Visitor: means the user of the SlimPay website.

Section 2: Collection and use of personal data

Here you will find details of the personal data that may be collected and processed by SlimPay. This processing of personal data is carried out for explicit, legitimate and determined purposes and is based on the appropriate lawful grounds.

2.1 MERCHANT DATA

This paragraph applies to you if you are a direct customer of SlimPay (hereinafter referred to as “Merchant”). In the course of providing payment services, SlimPay will collect and process personal data about the Merchant, and in particular about their employees and contacts, signatories and beneficial owners.

The data collected is as follows:

– Identity data: surname, first name, identity document

– Contact data: professional email address, professional telephone number

– Data relating to professional life: position held

As an ACPR-approved payment institution, SlimPay is subject to legal obligations regarding Anti- Money Laundering and Combating the Financing of Terrorism (AML/CFT). SlimPay processes the Merchant’s data in order to carry out the checks imposed by the regulations. In the context of the performance of the contract, SlimPay also processes your employees’ personal data in order to manage the business relationship and to respond to your requests.

Finally, SlimPay may also process your personal data on the basis of legitimate interest in order to carry out surveys and polls on our products and services and on your customer satisfaction

2.2 USER DATA

This paragraph applies to you if you are a customer of a Merchant who uses SlimPay’s services (hereinafter referred to as “User”). Your personal data is transferred to us through the Merchant who provides you with the goods and services you require.

The personal data collected from Users are as follows:

– Identification data: surname, first name

– Contact data: email address, phone number

– Financial data: IBAN, transaction details

Your data is processed by SlimPay on the basis of the legal obligations to which SlimPay is subject in order to carry out data analysis in the context of the fight against fraud and Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT).

2.3 PROSPECTS’ DATA

This paragraph applies to you if you are a potential future customer of SlimPay (hereinafter referred to as a “Prospect”). SlimPay has collected your data through forms on our website, through a lawfully obtained business contact list, or directly online through an email address verification service or from your company’s email domain name.

The personal data collected is as follows:

– Identification data: surname, first name

– Contact data: business email address, business telephone number

– Work-related data: name of the company you work for and the position you hold

This data is collected on the basis of SlimPay’s legitimate interest to carry out B2B commercial prospection and will be used to send you emails about our services and marketing campaigns. In order to comply with the regulations on B2B commercial prospection, we undertake to contact only professional email addresses with solicitations related to the profession of the person being prospected, as well as to inform the persons of the processing carried out and of the possibility of objecting to it.

If you no longer wish to be contacted by SlimPay, you can unsubscribe at any time by clicking on the “Unsubscribe” link at the bottom of our emails.

2.4 VISITOR DATA

This paragraph applies to you if you are a visitor to our website (hereinafter “Visitor”). When you visit the SlimPay website, you may choose to fill in forms to receive additional information, guides or to be contacted by our staff.

The data collected is as follows:

– Identity data: surname, first name

– Contact data: business email address, business telephone number

– Work-related data: name of the company in which you work

This data will be used on the basis of legitimate interest to provide you with content about our services or to send you marketing campaigns if we feel that our services may be of interest to you. If you no longer wish to be contacted by SlimPay, you can unsubscribe at any time by clicking on the “unsubscribe” link at the bottom of our emails.

During your visit to our website SlimPay also collects cookies and other tracking data only if you have given your prior consent. For more information on cookies, you can read our dedicated policy.

Section 3: Recipients of personal data

Your personal data is only available internally at SlimPay to specially authorised teams. SlimPay also ensures that all persons involved in the processing of Personal Data at SlimPay are bound by an appropriate duty of confidentiality and have undergone appropriate training in the processing, protection and handling of Personal Data.

SlimPay also uses processors for the sole purpose of carrying out processing activities in connection with the provision of services offered by SlimPay.

SlimPay warrants that it has selected its processors, in particular, on the basis of the sufficient guarantees they offer in terms of security and data protection. SlimPay undertakes to enter into a processor agreement with each of its processors and ensures that each processor complies with all obligations imposed by the GDPR. For a list of SlimPay’s processors, click here.

If you are a Prospect of SlimPay, your personal data may be shared with SlimPay’s Affiliates for commercial prospection purposes.

In providing our payment services, SlimPay also uses another partner, BNP Paribas, who acts as a separate Data Controller. To find out more about the processing of your personal data by BNP Paribas, you can consult this notice.

In certain situations, your personal data may be communicated to the competent public authorities, upon judicial requisition, and to anti-money laundering and anti-terrorist financing bodies under legal or regulatory provisions.

Section 4: Location of personal data

SlimPay’s servers are located entirely within the European Union by our hosting provider Amazon Web Services.

As stated in Section 3 of this Policy, SlimPay will transfer your personal data to its subcontractors in the course of providing its services. Some of our subcontractors may be located in a country outside the European Union.

In such cases SlimPay will ensure that such transfers outside the EU are covered by:

– By an adequacy decision by the European Commission recognising the third country as having an adequate level of protection of Personal Data, in accordance with Article 45 of the GDPR; or

– By appropriate safeguards, in accordance with Article 46 of the GDPR, such as the Standard Contractual Clauses (SCC) adopted by the European Commission.

Section 5: Retention of personal data

SlimPay retains your personal data for as long as is necessary to provide our payment services. SlimPay may also need to retain your personal data in order to comply with legal and statutory requirements, such as anti-money laundering and anti-terrorist financing requirements, and to comply with retention periods for evidential or accounting purposes. To find the retention periods applicable to SlimPay as a data controller, click here. Once these retention periods have expired, SlimPay will delete or anonymise your personal data.

Section 6: Security and confidentiality

While your personal data is being stored, SlimPay will take all reasonable steps to ensure that your personal data is kept confidential and secure so that it cannot be damaged, deleted or accessed by unauthorised parties.

Taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of the processing as well as the risk to and extent of the rights and freedoms of natural persons, SlimPay undertakes to implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk in accordance with Article 32 of the GDPR.

Section 7: Exercising of rights

In accordance with Article 13 of the GDPR, you have the right to request SlimPay to access, rectify, delete or restrict the processing of your personal data. You also have the right to object to the processing of your personal data, the right to withdraw your consent at any time in accordance with Article 13 (2) (c) of the GDPR, as well as the right to portability of your data. Finally, you have the right to set up directives regarding the retention, deletion and communication of your personal data after your death. To exercise these rights and for any request relating to personal data, you can contact our Data Protection Officer at the following address: dpo@slimpay.com.

If you consider that the processing of your personal data constitutes a breach of the GDPR, we invite you to contact us. SlimPay will always remain at your disposal. We also remind you that in accordance with Article 77 of the GDPR you can lodge a complaint with the CNIL.

Section 8: Modification of the Privacy Policy

SlimPay may modify this Privacy Policy at any time, especially in case of new recommendations from the CNIL, changes in the processing of Personal Data or changes in the applicable law. 

SlimPay will publish its Privacy Policy on its website in the latest available version and will provide you with the date of the last update.