Skip to content
Contact sales

Privacy Policy

Last updated October 2025

1. Context 

As part of the performance of your contract with PPS EU SA (for the purpose of this privacy notice, “PayTech EU”), we process information about you (“personal data”). We do it to set up and manage our work collaboration and to carry out our operations and obligations.

We protect your personal data and privacy by taking all relevant measures per applicable legislation, including the EU (European Union) Regulation 2016/679 – known as General Data Protection Regulation (GDPR).

This privacy notice describes how PayTech EU uses your personal data, how we ensure its protection and which privacy rights are granted to you by law. For this notice, “we” and “our” refer to PayTech EU, acting as the data controller, and “you” and “your” refer to the Clients, as data subjects.

2. Why do we process your personal data?

To ensure the performance of the contract and the delivery of the services under the Agreement, we process your personal data.

These personal data are mostly provided by you when entering into a contractual relationship with PayTech EU. They are collected directly from you by PayTech EU or via an Agent in the performance of the contract concluded between PayTech EU and you or in case of your registration for services offered by PayTech EU that are not governed by the contract (such as subscribing to a newsletter, etc.).1 In the event of the exercise of your right to object to or restrict the processing of your personal data, certain services may no longer be accessible, without PayTech EU being held liable. Additional personal data may be generated and requested as part of our ongoing interactions with you always in relation to a specific and well-defined purpose.

We grouped bellow the main purposes for which we will process your personal data.

As a Client, PayTech EU process your personal data for the following purposes: 

  • enabling you the access and use of the services or solutions,
  • ensuring the deployment and operational management of services or solutions (e.g. configuration, validation, monitoring, and securing of orders, delivery, invoicing),
  • managing claims and after-sales services,
  • managing debt recovery, fraud, and disputes,
  • ensuring compliance with applicable regulations, particularly in relation to fraud and anti-money laundering,
  • conducting commercial offers,
  • conducting studies, analyses, satisfaction surveys, and polls by PayTech EU to optimize services offered to clients,
  • managing opposition lists and requests to exercise the rights.

1 An Agent provides payment services in its own name but on behalf of PPS EU. This means that an Agent has an own brand but ‘uses’ the platform and the license of PPS EU to provide the payment services. An Agent must be notified to the NBB.

3. On what legal grounds do we process your data?

When one of the above-mentioned purposes is pursued, we have a clearly defined legal basis to process your data. Therefore, for every processing operation, PayTech EU ensures that at least one of the following legal basses apply:

  • the performance of a contract between you and PayTech EU
  • compliance with a legal obligation to which PayTech EU is subject (we have a legitimate interest to use your data for the stated purpose, and this interest does not override yours),
  • the satisfaction of a legitimate interest pursued by PayTech EU or a third party,
  • where applicable, the consent of the data subject.

Concerning the legitimate interest as a legal basis, we consider PayTech EU’s legitimate interest to be:

  • Ensure an adequate level of security of our IT systems.
  • Exchange of information between the different Edenred group entities (intra-group transfers).
  • Fraud prevention and risk monitoring.
  • Transaction monitoring to detect unusual activity, which may indicate money laundering or financing of terrorism.
  • Complaint management.
  • Service improvement based on feedback.

Moreover, we will also have a valid legal basis when :

  • you gave us your consent to use your personal data for a specific purpose;
  • we require processing your data to protect your or another person’s vital interests;
  • we need to carry out a task in the public interest or in the exercise of official authority vested in us.

We will only use your data for the above interests as long as they are not overridden by your interests and fundamental rights. In this regard, each time this legal basis will be used, we will make a balancing test between this interest and your rights and liberties, in order not to limit disproportionately the latest.

4. What categories of your personal data do we use?

As mentioned above, when carrying out our objectives we process several categories of personal data. To give you an exhaustive and clear picture of what data we have and use, we differentiated it as follows:

  • General information: Name, surname, additional name(s), address, date of birth, place of birth, nationality, gender, title.
  • Contact Information: Residential address, postal code, city, country, private phone numbers, professional phone numbers, private email addresses, professional email addresses, emergency contact details, IP address.
  • Financial Information: Bank account number, bank account details, IBAN, compensation data (salary, bonuses, benefits), expense claims, reimbursement claims, account balances, transaction records, transaction IDs, payment details, claims-related financial records, financial statements, securitized assets.

  • Employment Information: Job application details, previous work history, salary/wage expectation, hours of work, start date, end date, reason for termination, notice period, office location, personnel number, reporting line, job title/role, division, business unit, appraisal information (self-appraisal, manager comments), grievances and complaints, benefits and entitlements data, record of absence/time tracking/annual leave, workers’ compensation claims, performance rating, training needs, development goals, audit-related records.

  • Personal Identification: Full name, additional name(s), national identification number, national registry number, identification document or passport details (number, country of issuance, expiration date, photo), company name, title, dependent information, proof of authority for legal representatives, ID documentation (e.g., for KYC/KYB purposes).

  • Education & Skills: Education and training history, educational degrees, languages.

  • Customer Data: Name, surname, phone number, email, home address, transactional information (account details, transaction amounts, patterns, dates), fraud investigation data.
  • Agent Representative Data: Full name, additional name(s), date of birth, place of birth, address, national identification numbers, role or position in the agency, ID documentation for legal representatives, directors, UBOs, and proxy rights holders.
  • KYC/KYB Data: Name, surname, address, nationality, date of birth, transaction history, transaction patterns, verification and assessment data.
  • Information System Data: Access logs, IT systems reports, security audit logs.

 

4.1 Special categories of personal data

Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

In the context of your relationship with PayTech EU, no special categories of personal data are processed.

5. Storage, retention, and erasure of personal data

PayTech EU ensures that your data is stored in a centralized and organized manner, namely in our internal IT systems managed directly by PayTech EU or Edenred group of companies. Your information may also be stored on secure corporate email accounts, because of intra-group data transfers. Moreover, we also store relevant documents (e.g., contracts) in paper-based form in adequate physical storage spaces.

We ensure its security by implementing a thorough access rights system, which ensure that only the authorized and relevant personnel can access it uniquely for lawful and clearly defined purposes.

Our retention periods are based on several well-defined criteria. Therefore, in first instance the data will be stored for as long as we are actively pursuing one of the purposes enumerated above and while we have a valid legal basis to do so. Moreover, data will also be stored to comply with legally mandated retention periods, which are specifically defined per data category and processing purpose.

After your account / cards closure, your data might be stored for an additional ten (10) years in accordance with applicable legislations on anti-money laundering and counter-terrorism financing. These retention periods are extended by the applicable statutory limitation periods in the event of disputes or litigation.

6. Transfers of personal data

During our activities, your personal data may be transferred between the different entities from our group of companies (intra-group transfers) but also shared with external partners (extra-group transfers).

In general, the personal data of the data subject processed by PayTech EU will only be communicated to third parties with the consent of the data subject concerned, or

  • in order to allow PayTech EU to comply with its legal obligations,
  • to respond to audits of the authorities to which PayTech EU and/or its service providers are subject,
  • to exercise or defend a right.

Access to the personal data of the Client is limited to the cases foreseen above or only if authorized by the law.

 

6.1 Intra-group transfers of personal data 

PayTech EU is part of the larger Edenred group of companies. To pursue our activity and for the purposes mentioned above, PayTech EU may communicate your personal data to:

  • its internal services that need to know this information; and
  • other entities of the Edenred group of companies.

The Edenred group of companies develops an integrated approach in protecting the personal data of its employees, therefore ensuring that you will benefit from the same guarantees and rights for the whole group.

 

6.2 Extra-group transfers of personal data 

In the context of its operations and for the purposes mentioned above, PayTech EU may share your personal data with entities outside our affiliated group companies, namely, its business partners, service providers and subcontractors involved in the provision of the solution.

6.3 Transfers outside of the EEA (European Economic Area)

Due to the international dimension of PayTech EU and of the Edenred group, we may transfer your personal data to countries within and outside the EEA;

These transfers are made (i) within the EU, (ii) or to countries whose legislation has been recognized by the European Commission as providing an adequate level of protection, (iii) or, in the absence thereof, under appropriate contractual safeguards as provided by data protection legislation.

To mitigate and ensure an EU-level of data protection, PayTech EU uses Standard contractual clauses approved by the European Commission for all our trans-border transfers, which constitute a GDPR-compliant adequate safeguard for such operations.

7. Your data protection right 

7.1 Right to access your personal data 

You can request and you are entitled to obtain from us insight into the personal data we process, where it comes from and what we use it for. You can obtain information about how long we store your data and about who receives data about you. Your right of access may, however, be restricted by legislation, protection of other persons’ privacy and considerations for our business and practices. Our know-how, business secrets as well as internal assessments and material may also as such be exempt from the right of insight.

7.2 Right to rectification and erasure of data

If you have discovered that the personal information we have about you is incorrect, incomplete or irrelevant, you are entitled to have the data corrected or erased with the restrictions that follow from existing legislation and rights to process data.

7.3 Right to restriction of processing

If you believe that the data, we have processed about you is incorrect or incomplete, or if you have objected to the use of the data, you may demand that we restrict the use of these data to storage. Use will only be restricted to storage until the correctness of the data can be established, or it can be checked whether our legitimate interests outweigh your interests.

7.4 Right to object

You have the right to object against PayTech EU processing your personal data when such operations are grounded on legitimate interest or for direct marketing purposes.

7.5 Right to data portability

You have the right to receive the personal data about you that you have provided to PayTech EU, in a structured, commonly used and machine-readable format and have the right to request it being transmitted to another controller without hindrance from PayTech EU.

7.6 Automated individual decision-making

You also shall have the right to object against a decision based solely on automated processing, including profiling. In these situations, PayTech EU will guarantee suitable measures to safeguard your rights, mainly the right to human intervention when reviewing such cases.

7.7 Withdrawal of consent

If we process personal data based on your consent, you can withdraw your consent to disclose data at any given time. Please also note that we will continue to use your personal data if we must fulfil a legal or contractual obligation.

7.8 Accuracy and updating your personal data

We will update your personal data continuously during the period it is stored in our database. This is done for internal organization purposes and to ensure that our services and client-related policies are adapted to your situation. In this regard, it is possible for you to update your data by notifying through an email the Data Protection representative at privacyeu@edenred.com.

We may revise this privacy statement from time to time by posting an updated version on our website https://paytech.edenred.com]. If substantial changes are made, that may significantly influence your rights or increase your responsibilities, we will let you know by email. We may provide notice of changes in other circumstances as well. We encourage you to periodically review this page for the latest information on our privacy practices.

8. Contact details and complaint lodging

You are always welcome to contact us if you have questions about your privacy rights and how we register and use personal data. Our offices in Belgium are located at Avenue Herrmann Debroux 40-42, 1160 Brussels, Belgium, and we also have a branch in France located at 14 -16 BD Garibaldi 92130 Issy-les-Moulineaux, France. You can contact the responsible person for privacy matters by email at privacyeu@edenred.com.

If you are dissatisfied with how we process your personal data and you were not satisfied with your interaction with the responsible person, you can lodge a complaint with the Belgian Data Protection Authority, Rue de la Presse 35, 1000 Brussels, via this link following the described procedure.

Alternatively, if your concern relates to the branch in France, you may also contact the French Data Protection Authority (CNIL) at 3 Place de Fontenoy, 75007 Paris, France, or via their website using the procedure described there.