Why is Worldline updating its Terms and Conditions?

On the 25th of May 2018, the General Data Protection Regulation (GDPR) comes into force. Worldline updates its Terms and Conditions to comply with the new regulatory obligations and to help its Merchants comply with them, too.

What is GDPR?

The GDPR is a new EU Regulation that applies to all businesses, persons and organizations that process personal data.  It means new obligations for companies that process personal data and new and broader rights for the persons who those data belong to. The electronic payment industry processes personal data as well, which is why Worldline has updated its terms & conditions.  

For more information about GDPR, visit this EU-website.

What is personal data?

Any information that is (in)directly related to an individual person. Name, date of birth, gender, card number, amount of a transaction or IP address are all examples of personal data.  

Is there a difference between a data controller and data processor?

As merchant, it is important that you understand the difference between a data controller and data processor. It will allow you to better understand your responsibilities as merchant and the responsibilities of Worldline.            

A data controller decides what personal data is held and why it will be processed. He will remain the ultimate responsible for the processing of the personal data.

A data processor may be engaged by the data controller to deliver part of this processing on its behalf. He also has some obligations under GDPR, but most importantly, it may only process data according to the instructions of the data controller.

Is Worldline a data processor or a data controller

Depending on the situation Worldline can be either a data controller or a data processor.

For example, when Worldline processes payment transactions it acts as a data controller.

When you accept a payment on your Worldline payment terminal, you are the data controller and Worldline is the data processor who transfers this information on your behalf to the company you choose to process the payment transactions, the “commercial acquirer” (this can also be Worldline).

What is the Data Privacy notice about?

Worldline processes personal data about you, your staff and cardholders to be able to deliver its services and comply with the law. The privacy notice gives information about what Worldline does with this personal data as a data controller. 

What are the data processing terms?

When you accept electronic payments you might use a Worldline payment terminal or sips. In this case, Worldline will transfer personal data (e.g. card number, amount etc.) to the “commercial acquirer”. The Data Processing Terms include the obligations of Worldline, as a data processor, towards you for these activities.

What does Worldline expect me, the merchant, to do?  

  • You need to read our updated Data Processing Terms. These allow Worldline to process personal data on your behalf;
  • You need to read our Privacy Policy. This gives you more information on how Worldline processes personal data for its own purposes;
  • You have to mention Worldline among the third parties that you transfer personal data to in your privacy notice, if you have one.
  • When asked, you have to inform your customers that Worldline is responsible for the processing of your payment transactions.

What else is Worldline doing to comply with GDPR?

Processing of personal data is in the core of Worldline’s business activities. Our compliance effort started over a year ago and aims at ensuring that all personal data will continue being treated in a secure way and meet all new GDPR standards.

Our business can rely on a global expert network of more than 80 data protection professionals who this past year have analyzed all products and processes to assure Worldline’s continued commitment to protect your data.

Lastly policies, processes and training give all our employees the knowledge and tools to meet the new challenges of GDPR.

For more questions please contact us by filling in the form or contact your account manager.

GDPR documents


Disclaimer: the Frequently Ask Questions section does not constitute a legal advice or opinion from Worldline. For any legal advices, you should contact your legal counselor. Any binding contractual or legal terms are included in the Privacy Notice and Data Processing Terms which you should read and get familiar with. This Frequently Asked Questions section has as its sole intention to provide the reader with some addition information and context on Worldline’s GDPR compliance program and does not replace or supplement the Privacy Notice and Data Processing Terms in any way.