Appendix 2 - Data Protection Provisions required by Payment Platform

Please be informed that in connection with your order, your personal data relating in particular to your identity, domicile, personal status, phone number, email address, bank card and bank account numbers, or to the transactions you enter into or payments you make, are processed by Ingenico Financial Solutions SA/NV (“Ingenico FS”)

i)     with the purpose of allowing us to be able to perform our agreement with GS1,

ii)    with the purposes of fraud monitoring and fraud management (determining the risk levels associated with transactions, detecting and managing any resulting alerts), and

iii)   with the purpose of compliance with Ingenico FS’ legal obligations under the applicable legislation relating to the fight against money laundering and the financing of terrorism and

iv)   with the purpose of compiling market analysis, statistics, analysis of transaction data, improvement of the service provided by Ingenico FS.

The collection of your personal data is a mandatory requirement for these purposes. Without this personal data your transaction could be delayed or rendered impossible and your order cancelled.

Please be informed that Ingenico FS, with registered seat at Boulevard de la Woluwe 102, in 1200 Brussels and with company number 886.476.763 is the data controller for such data processing.

Ingenico FS will not communicate your personal data to third parties, except in the following two cases:

i)     Communication by Ingenico FS of personal data to its, affiliates, subcontractors or other parties with whom Ingenico FS has a contractual relationship and that provide services for / assistance to Ingenico FS in the framework of

(1)  the performance of the agreement between us and Ingenico FS,

(2)  fraud prevention and management and

(3)  with the purpose of compliance by Ingenico FS with its legal obligations under the applicable legislation relating to the fight against money laundering and the financing of terrorism and

(4)  communication to third parties of anonymous or aggregated data. The third parties that are providing service/assistance to Ingenico FS with regard to fraud monitoring and fraud management can insert your personal data into their own specific database(s) that is (are) used by them to provide services for a multitude of merchants to prevent and manage fraud.

ii)    If Ingenico FS is required by law to communicate certain information or documents to the National Bank of Belgium, to the Financial Intelligence Processing Unit (CTIF-CFI), to similar Belgian or foreign authorities, or generally speaking to any judicial or administrative authority, law enforcement authorities or any legal or administrative authorities. Communication of personal data to those entities will be limited to the extent necessary or required under the applicable regulations.

Furthermore, a fraud may give rise to the recording of certain personal data relating to you in a dedicated file managed by Ingenico FS. The purpose of such file is to retain a trace of previous frauds, in particular to provide information for criteria used to evaluate transaction risks and the scoring templates used for this purpose. The recording of your data in this file may also lead to you being assigned a higher risk level in the event of any subsequent order placed with a merchant that is customer of Ingenico FS, and consequently could potentially lead to the rejection of this order. You are entitled to have access to your personal data and have the right to query, access and correct your data, as well as the right to object, for a legitimate reason, to the processing of your personal data.

For the exercise of these rights, please address a written request (by registered mail), dated and signed, to the registered office of Ingenico FS (see above) or send an e-mail to and mention in this letter or e-mail your name, address and telephone, the number where you can be reached during office hours, and enclose a copy of both sides of your identity card or passport. You may hide the data that you are not required to provide according to your local legislation.