Privacy Statement

1. AfterPay

The payment-after-delivery method is a service of Arvato Finance International B.V. which operates under the name AfterPay (hereinafter "AfterPay").

The protection of privacy is important to AfterPay, and the following Privacy Statement explains what personal data AfterPay collects and how AfterPay processes it. In addition, this Privacy Statement explains what rights you have in the context of data protection and how to exercise them. The protection of privacy is important to AfterPay when processing personal data. By visiting our website or by using our services you agree to our privacy policy, which you will find below. Please take note of this.

2. Responsible data party

AfterPay is (ultimately) responsible for processing the personal data we collect. We collect personal data when you use AfterPay, or register for My AfterPay or visit our website.

3. Data processing

AfterPay collects and processes information relating to consumers, online retailers and visitors to this website. The information we collect depends on the service you use.

3.1 Data you supply to us

You provide us with personal data when you:

This data includes:

3.2 Data we collect when you use the AfterPay payment method or the MyAfterPay system

When you use our payment method or the MyAfterPay system we may collect the following information from you:

Every time you visit the AfterPay environment data is automatically sent to our server, we collect the following data from you (hereinafter referred to as “other information”:

For this collection we use cookies.

The information that you share with us as well as the information about your order and your financial information is required to be able to use the payment method AfterPay. The other information is required for other purposes, which are explained below.

4. Purposes of data use ensured

AfterPay processes personal data for the purposes specified below. You can also see how long we save certain data.

4.1 Purposes

Segment Aim Legal basis Automatic Storage period
Identification, risk & fraud management To confirm your identity and verify your personal data. Execution of a payment agreement (Art. 8 b AVG) Yes 2 years
For risk analysis, risk management and fraud prevention. Legitimate interests (Art. 8 f AVG). Our legitimate interest is to protect AfterPay against non-solvency and fraud. Yes 2 years
To check your data with a credit agency. Fulfilment of a legal obligation (Art. 8 c AVG). Legitimate interests (Art. 8 f AVG).
Our legitimate interest in sharing your data with an external party is to have enough data for a creditworthiness assessment.
Yes 2 years
To prevent abuse of the payment method AfterPay and to improve the risk assessment. Execution of a payment agreement (Art. 8 b AVG)
Fulfilment of a legal obligation (Art. 8 c AVG).
Legitimate interest (Art 8 f AVG). Our legitimate interest is to protect AfterPay against non-solvency and fraud.
Yes 2 years
Administration of payment & relationship management To manage payments and customer data. Execution of a payment agreement (Art. 8 b AVG) Yes 7 years
To manage AfterPay's services and for internal processes. Execution of a payment agreement (Art. 8 b AVG) 7 years
General information To comply with applicable guidelines and legislation, such as the prevention of money laundering and terrorism financing. Fulfilment of a legal obligation (Art. 8 c AVG) No Depends on the applicable law

4.2 Automated decision

When you are not a known customer yet, we will use your data to perform an automated real time risk check to gather information about your credit worthiness. When you are a known customer to us, the decision to accept your request to pay after delivery with AfterPay is being made based on your history with AfterPay. Known users are classified as ‘known customer’, ‘well-known customer’ etcetera.

4.3 Improvement of the AfterPay website and my AfterPay portal

Your data can be used to identify users and to make the AfterPay website more personal, interactive and user-friendly. In addition, your data may be used to answer your questions, ensure data security and prevent misuse of the website.

4.4 Customer contact

data may be used for customer contact, such as sending notifications about our services and being able to contact you in the context of customer service. If you do not want to receive notifications in the AfterPay app, you can disable them via the app.

5. Data processing outside the EU

AfterPay does not process (or send) any personal data outside the EU by default. In the event that this may be necessary, AfterPay ensures that the right measures are taken to guarantee the same privacy as within the EU. An example of these measures is additional contractual agreements on the confidentiality and applicability of European legislation. You can request a copy of these additional agreements via privacy@afterpay.nl. This e-mail address is managed by AfterPay's two data protection officers.

6. What rights do you have?

Inspection: you have the right to inspect the personal data that AfterPay has about you.

Correction: we ensure that the information AfterPay has about you is correct and current. You can ask us to change or delete information if something in your data is not correct.

Deletion: you have the right to request deletion of your data. We do not always have the option to delete your data directly in connection with the statutory retention periods or the execution of the payment agreement.

Objection: You have the right to object to the processing of your personal data if you believe that this is done improperly or incorrectly. You can do this by sending an e-mail to privacy@afterpay.nl.

Withdrawing consent: when we process personal data on the basis of your consent, such as the newsletter, you have the right to withdraw your consent at any time. You can do this via our website, at the bottom of the newsletter or by sending an e-mail to klantenservice@afterpay.nl.

Data portability: if your personal data is processed automatically for the execution of a contract, you have the right to request a readable format for transfer to another party.

Complaints: you can file a complaint regarding privacy via privacy@afterpay.nl or to the authority via https://autoriteitpersoonsgegevens.nl/.

7. Who do we share your data with?

AfterPay uses professional market participants who facilitate AfterPay by, among other things, sending the payment overview, carrying out credit scoring in order to gain insight into the payment worthiness of the consumer who uses AfterPay and for the efficient organization of AfterPay's risk management. For the credit scoring AfterPay uses Bisnode. Questions about these professional market parties and their method of data processing can be directed to AfterPay via privacy@afterpay.nl.

AfterPay may also share your data within the Arvato Financial Solutions group so that we can offer you an optimum AfterPay service.

In addition, data may be shared with authorities as required by law. However, we will only do this if it is shown that this is an obligation.

When we share your data with third parties who issue invoices for us, for example, we take all legal, technical and organizational measures to ensure that your data is carefully protected when it is transferred to the parties in question.

AfterPay does not sell any personal data to third parties. In addition, we will not send your information to third parties for direct marketing, distance selling, market research unless you have given us permission to do so.

8. How does AfterPay protect your data?

AfterPay takes all necessary technical and organizational measures to protect your data against unauthorized access, transfer, destruction or other unauthorized processing. The security measures include firewalls, encryption, use of secure IT environments, access control, training for personnel working with your data, and the careful selection of third parties who will process personal data for us. In addition, access to your information is restricted to AfterPay personnel who need your information to perform their job.

9. Other websites

Our website can refer to other websites. AfterPay is not responsible for the privacy statements or contents of these websites. We advise you to read the privacy statements and general conditions of these websites before using them.

10. Use of cookies and similar tracking systems

Cookies are small files that are temporarily stored in the browser cache of users when a website is visited. Our website uses cookies to collect statistical data about the use of our website and to make our website more user-friendly.

If you do not want cookies on your computer, you can block their use via your browser settings. Please note that some features on the website will only work if you allow cookies.

You can also delete cookies from your browser history. By deleting cookies on a regular basis, you can change you user profile that has been established through this. However, the deletion of cookies does not stop the collection of data, it just deletes the profile based on the previous browsing history.

11. Changes to Privacy Statement

AfterPay is constantly making improvements to its website and her payment method. For this reason AfterPay retains the right to change its Privacy Statement by mentioning the changes on its website. Changes can also be made through changes to the General Data Protection Regulation, other legislation or case law on this subject. We advise you to check the contents of the Privacy Statement regularly.

12. Questions about data protection

Upon request, you can inspect your personal data, have it changed or removed.

AfterPay has two data protection officials who take action to protect your data every day. Do you have questions about the Privacy Statement or the protection of personal data within AfterPay? Then, get in contact with B.J.Beenen or S. Jansma via privacy@afterpay.nl.

The latest change to this Privacy Statement was made on 15 May 2018.



Download PDF