- Where do your personal data come from?
The personal data what we process are mainly obtained from you, but it depends on the facts or the specific circumstances.
Generally, Nets will not use your personal data for other purposes, which are not compatible with the original purpose for which the personal information was collected, without your explicit consent. Compilation for statistical purposes is considered compatible with the original purpose.
- Who is engaged when Nets is processing your personal data?
Nets will keep your data confidential, but we may be disclosed it to the following recipient categories:
- Other entities of Nexi S.p.A Group if the legislations require us to share such information. We might also share your data to provide you with better products and services.
- External data processors acting on Nets' behalf to whom the personal data can be disclosed while utilising their services, e.g. IT operation(s) or operational support, cloud solution. This includes the following suppliers:
- Microsoft Ireland Operations Limited
- ServiceNow Denmark ApS
- SAP Danmark A/S
- Salesforce
- Relevant supervisory authorities as required by law, court orders or a request from the police or other authorities.
- External consultants/lawyers to establish, exercise or defend legal claims. Nets will ensure that the amount of personal data disclosed is limited to the extent necessary for the particular case.
In the event such recipients have access to personal data collected or processed by us, the recipient acts as data processor and acts in accordance with a written agreement and under the instructions from us.
- Transfers to countries outside EU/EEA
In some cases, we will transfer personal data to countries outside the EU/EEA. Such transfers will only take place subject to appropriate safeguards are in place for the transfer including:
- The country has been deemed by the Commission of the European Union to have an adequate level of protection of personal data. Personal data can without further measures be transferred to such third countries
- The country has not been deemed by the Commission of the European Union to have an adequate level of protection of personal data, but we provide appropriate safeguards for the transfer through the use of
Standard Contractual Clauses
, as published by the Commission of the European Union, EU-US Data Privacy Framework or any other contractual agreement approved by the competent authorities or any other legal basis, including the use of supplementary measures if deemed necessary.
Where no appropriate safeguards are provided, such as the above mentioned, transfer of personal data tounsafe
third countries can take place based on specific legal basis for the transfer.
For instance, the transfer can take place based (i) if you have consented hereto, (ii) for the performance of a contract with a company established in such third country and (iii) if necessary in relation to legal claims. The specific legal bases are stated in Article 49(1) of the GDPR.
You can always obtain a copy of the relevant legal basis for the transfer, or information about where it can be accessed by contacting Nets' Data Protection Officer. You will find the contact details under Section 8.
- Security
Nets is dedicated to protecting your personal data.
As part of this dedication, we have adopted internal security policies and instructed our employees accordingly to comply with applicable legislation, e.g., the GDPR.
We have implemented appropriate procedures and security measures to protect your personal data from being destroyed, lost or altered, publicized unlawfully and against being disclosed to unauthorized persons or otherwise processed contrary to applicable data protection legislation.
- Your rights as a data subject
As a data subject you have several rights available to you, which you may exercise by contacting Nets. You can exercise your rights by submitting your request here:
Data Subject Request
According to the data protection regulations, you have the following rights:
- The right to request information about what personal data we process about you.
- The right to have rectified your personal data.
- The right to erase your personal data. Please note that exercising this right might be limited according to national law, i.e., we might not be able to delete and/or modify all personal data.
- The right to object to the processing of your personal data and have the processing of your personal data restricted.
- The right to object to the processing of your personal data and have the processing of your personal data restricted.
- An unconditional right to object to the processing of your personal data for direct marketing purposes.
- If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent for a specific service by following the instructions for the specific service, please refer to the website for the specific service offered by Nets.
- The right to receive your personal information in a structured, commonly used and machine-readable format (known as data portability), subject to fulfilment of specific conditions set by data protection law.
Please note, Nets may decline disclosure to you if you are in possession of the information already or if disclosing them to you is impossible or would involve a disproportionate effort or would impair the achievement of the objectives of the processing.
If you have any concerns about the manner in which we process your personal data, you can lodge a complaint with the Danish Data Protection Agency (in Danish: Datatilsynet
): www.datatilsynet.dk (website in Danish and English).
You can also lodge a complaint with a data protection supervisory authority in the EU/EEA member state of your habitual residence, place of work or where the alleged infringement has taken place.
Please find links to the Nordic, German and Baltic authorities below:
- Contact us
You are welcome to contact Nets' Nordic Data Protection Officer if you have any questions, complaints or other concerns related to data protection and privacy on the following email address: dpo.nets@nexigroup.com
For questions of a more general character, you can write to us here.
Nets Denmark A/S (including all branches)
Company number: 20016175
Klausdalsbrovej 601
DK-2750 Ballerup
Denmark
Nets Cards Processing A/S
Company number: 30504461
Klausdalsbrovej 601
DK-2750 Ballerup
Denmark
Nets Sweden AB
Company number: 556761-4960
Hammarbybacken 27
SE-120 30 Stockholm
Sweden
- Nexi S.p.A. Group of Companies
Nexi Austria GmbH
|
PforCards GmbH
|
SIA Croatia d.o.o.
|
Nexi Croatia d.o.o.
|
Nexi Czech Republic s.r.o.
|
Nets Denmark A/S
|
Nets Estonia
|
Nexi Digital Finland Oy
|
Paytrail Technology Oy
|
Nexi Germany GmbH
|
Nexi Germany Sales GmbH
|
Ratepay GmbH
|
Orderbird GmbH
|
Computop Paygate GmbH
|
Nexi Payments Greece S.A.
|
Nexi Greece Processing Signel Member SA
|
Nexi Hungary Zrt.
|
Nexi Payments S.p.A.
|
Orbital Cultura S.r.l
|
SIApay S.r.l
|
Service HUB S.p.A.
|
Mercury Payments S.p.A.
|
Help Line S.p.A.
|
Numera Sistemi e Informatica S.p.A.
|
Polskie ePłatności Sp. z o.o.
|
Centrum Rozliczeń Elektronicznych Polskie ePłatności S.A.
|
Billbird S.A.
|
Team4U Sp. z o.o.
|
PayPro S.A.
|
Nexi RS d.o.o.
|
Nexi Central Europe AS
|
Nexi Slovenia d.o.o.
|
Nets Sweden AB
|
Nexi Schweiz AG
|
Computop Ltd.
|
Computop Inc.
|
|
Austria
|
Austria
|
Croatia
|
Croatia
|
Czech Republic
|
Denmark
|
Estonia
|
Finland
|
Finland
|
Germany
|
Germany
|
Germany
|
Germany
|
Germany
|
Greece
|
Greece
|
Hungary
|
Italy
|
Italy
|
Italy
|
Italy
|
Italy
|
Italy
|
Italy
|
Poland
|
Poland
|
Poland
|
Poland
|
Poland
|
Serbia
|
Slovakia
|
Slovenia
|
Sweden
|
Switzerland
|
United Kingdom
|
United States
|
|