Last updated on: 27 November 2023
Please read this privacy statement if you would like to know more about the way Online Payment Platform B.V and its group companies in the EU and UK (hereinafter referred to as “OPP”, “we”, “us, or “our”) collect and further process your personal data.
Simple structure and language
We summarized our privacy statement for you on this page with clear language.
- Personal info
- What you control
- How it’s used
- How it’s stored
It is important to us that your personal data is treated with care and that you are well informed about the way we process your personal data. We have written this privacy statement to tell you which data we process, how, why and how long we do this for and to inform you about your rights.
We process your transaction as a Financial Institution and collect and process your personal data (“Services”).
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your information changes during your relationship with us.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statement of every website you visit.
Who we are
We are a Financial Institution and for the EEA states operating under a license issued by De Nederlandsche Bank (“DNB”). We facilitate payment services for Beneficiaries on platforms and marketplaces (“Platform-partners”) that have integrated with our software.
Online Payment Platform B.V. (including the Online Payment Stichting (Foundation)) is supervised by DNB and has a licence for its payment services to other EEA members states. Online Payment Platform Ltd. is providing payment services in the UK under supervision of the Financial Conduct Authority (FCA).
Information we collect about you
Personal data, or personal information, means any information about an individual and information from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Contact data includes billing address, email address and telephone number.
- Identity data includes first name, last name, username, a copy of your identification document, tax identification number or BSN (if legally required).
- KYC data. KYC is the abbreviation of Know Your Customer. We need to collect the KYC data to follow our legal obligations around Customer Due Dilligence (CDD). The KYC data includes (apart from the identity data also needed for KYC purposed) your address and contact information, your bank account number, you legal representative and shareholders, the Ultimate Beneficial Owner(s) information, bank statements, your signature and an extract of your company registration document, and / or other additional information required to identify you as an individual and/or company and to fully understand our business relationship with you.
- Transaction data includes details about the payment transactions via OPP’s systems between the Beneficiary and the Payer.
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage data includes information about how you use our website or our Services.
- Applicant data means the information you have provided to us in your curriculum vitae and covering letter, the information you have provided through our online recruitment portal including name, title, address, telephone number, personal email address, date of birth, gender, qualifications, experience, information relating to your employment history, skills experience that you provide to us, any information you provide to us during an interview
- Marketing and Communications data includes your preferences in receiving marketing content from us, e.g.newsletters.
- Special category data includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, or trade union membership and information about your health and including sensitive information about criminal allegations, proceedings or convictions.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
The table below provides a summary of the categories of personal data that we collect and disclose to service providers and other third parties.
If you fail to provide personal information
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
How we collect your personal information
We may use different methods to collect data from and about you including through:
- Direct interactions via our Website, our portal for payment services, our payment systems, our support system, post, e-mail or phone. You may give us information about your Identity, Contact and Financial Data by using our Services, filling in forms, by engaging in transactions or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Use our Services;
- Request to create an account;
- Request marketing information to be sent to you;
- Request help solving technical or payment related issues.
- Give us feedback or contact us;
- Apply for a job.
- Automated technologies or interactions. As you interact with our Website and software, we will automatically collect Technical Data about your, equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Statement for further details.
How we use your personal information
We will only use your personal data to the extent permittable by law. Most commonly, we will use your personal data in the following circumstances:
Where you have requested us to perform our Services pursuant to a contract.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We may use consent as a legal basis, for example for retaining application data longer than one or six months, depending on the country in which you apply. You have the right to withdraw consent at any time by contacting us.
OPP doesn’t use automated decision-making.
Purposes for which we will use your personal data
We have set out below, an overview of the ways we plan to use your data, and which of the lawful basis we rely upon to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for different purposes and, hence, more than one lawful ground. Please contact us if you need details about the specific lawful ground we are relying on to process your personal data, where more than one ground is listed in the table below.
|Purpose/activity||Type of data||Lawful basis for processing|
When you visit our website
||Necessary for our legitimate interests|
When you sign up as a new Platform-partner or Beneficiary
When you user our Services
As part of a transaction between the the Payer and the Beneficiary
Security and fraud protection
To administer and protect our business and the website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data)
Information that we collect incidentally from other sources or public sources, including information presented on our social media or wider social media platforms including Facebook, X and Instagram. We use this information, including to:
Necessary for our legitimate interests
When you apply for a job we use this data:
Application data that you have provided us
Who we share your information with
We need the support of third-party service providers to be able to offer you our website and Services. Where necessary we will disclose your information to our service providers and professional advisers (including IT providers, KYC partners, CRM providers, marketing support providers, social media providers such as LinkedIn, analysts, customer service providers, business development providers and legal service providers, database providers, backup and disaster recovery specialists, and email providers.
We have concluded agreements with our service providers to protect your personal data. Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this privacy statement.
Your data may be shared with third parties, when required by law.
For more information about with which parties we share your personal data, please send us an e-mail: firstname.lastname@example.org.
How long do we keep your information?
We will only keep your data for as long as we reasonably need it for the purposes listed above.
The retention terms above can be longer if we are required to keep data longer as required by law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.
If you are a job applicant and your application was unsuccessful, we will retain your personal information for a period of one month (Netherlands) or six months (other European countries) after we have communicated to you our decision, unless you have consented to let us retain your information for longer for possible future opportunities. This will never be longer than 1 year.
How do we protect your data?
We are committed securing your personal data and have taken steps in this regard. In order to prevent unauthorized people or parties from being able to access your data, we have put in place a range of technical and organisational measures to safeguard and secure the information we process from you.
Where do we transfer this information?
Some of the information you send us may be disclosed to other OPP group companies in other EU member states or the United Kingdom (“UK”), when this is necessary for the purposes mentioned above. We may also transfer data to countries outside the European Economic Area (“EEA”) or the UK in which some of our service providers are located, such as the United States.
To protect your data when these are transferred to countries outside of the EEA or the UK, we have implemented appropriate safeguards. When we transfer data to our OPP group companies, these transfers are protected by an intragroup agreement containing Standard Contractual Clauses. For United States service providers and other service providers located outside of the EEA and the UK, we rely on Standard Contractual Clauses. If you want to receive more information about these safeguards, please send us an e-mail: email@example.com.
Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where the impact on you is overridden by our interests (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of a contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
Consent means processing your data where you have freely given, specific, informed and unambiguous indication of your wishes.
Your rights in detail
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
How to contact us or to make a complaint
For more information you can contact us:
- Our address: Kanaalweg 1, 2628 EB, Delft
- Email: firstname.lastname@example.org
OPP is a Financial Institution that requires that we have a Data Protection Officer (DPO). You can contact the DPO officer at the same email address: email@example.com.
You also have the right to make a complaint to the Autoriteit Persoonsgegevens at www.autoriteitpersoonsgegevens.nl for the Netherlands or any other competent Supervisory Authority in the EEA or the Information Commissioner’s Office at www.ico.org.uk for the UK
Changes to this Privacy Statement
This version was last updated on 27 November 2023 and historic versions can be obtained by contacting us.
We may need to change this notice from time to time to reflect changes in the way we use personal information or because of changes to the law. We reserve the right to make those changes as necessary and we recommend you revisit the website from time to time to check for any changes. If appropriate we will also notify you by email.
Manage and delete data
You can view your personal data at any time by logging into your account. If you wish to completely delete your data, please contact us through our support page. Please note that we may be required to keep some data for legal reasons.