Logo Agorapay Logo Agorapay
Product Pricing Developer About

Client access

Contact

En
 | 
Fr
En
 | 
Fr
Product Pricing Developer About

Client access

Contact

CAPS Payment Institution Data Protection Policy

Why we have a Data Protection Policy and how it affects you

As the data controller, we, Crédit Agricole Payment Services, process your personal data. To comply with the current regulations, our Data Protection Policy aims to provide you with clear and detailed information about how we process your personal data.

This policy affects you because:

  • We process your data when you have a relationship with us through one of our clients. You might be one of our client's managers, legal representatives / directors, authorised signatories, shareholders or partners, beneficial owners or employees. You might also, more generally, be the person that our client has appointed to administrate or use one of our services on its behalf.
  • We might also process personal data about you when you are a prospect, but are not a client or connected with one of our clients.

This Data Protection Policy is intended to supplement the information we provide you in your contracts with us. In the event of any inconsistency between this Data Protection Policy and those contracts, the contracts will prevail. If we process your data through one of our clients, it is the client's or its representative's responsibility to inform you how we process it, including by means of this Data Protection Policy.

Certain specific processing activities or those that only affect a small number of clients are not mentioned in this Data Protection Policy. In these cases, clients will be informed of the specific processing activities applicable to them as appropriate.

How we collect your personal data

We collect your personal data through different communication channels (by phone, by email, on Credit Agricole Payment Services websites and applications):

  • directly from you when you sign a contract with us, use our services, fill in a form or reply coupon, or browse our websites, and when we record conversations by telephone or videocalls (to provide proof of transaction, for staff training or to improve the quality of our services), etc.;
  • or indirectly, through our clients when you have a relationship with them;
  • or indirectly through the applicable public or private external sources that allow us, pursuant to your rights and the regulations, to learn more about you (browsing on third-party sites, sponsorship activities, databases, publications made available by official authorities, etc.).

Why we process your personal data

Generally speaking, we process your personal data to promote or deliver our different products and services. We might have to collect certain data to comply with the law or to enter into or perform our contracts.

We process your personal data in the context of our relationship to:

  • conduct pre-contractual activities at your request or perform our contractual obligations relating to products and services that our client has subscribed to with us;
  • comply with our legal obligations;
  • pursue our legitimate interests or those of third parties, with due regard for your rights,

and your consent;

  • to protect the vital interests of the data subject.

We will use your personal data mainly for: managing our day-to-day relationship with clients and prospects; managing our products and services; managing receivables, monies owed, recoveries, complaints and disputes; prospecting and marketing; security; and risk assessment, prevention and management. We may also use your data, including payment transaction data, for targeting and profiling to comply with our legal and regulatory obligations, to guide our marketing activities, to develop new offers, to provide you with personalised advice and offers and a higher quality service, to provide you with everything you need to make the best decisions and to allow us to manage our risks.

How long we keep your personal data

We store and process your personal data for as long as is necessary to fulfil the purpose for which they were collected. After this, your personal data are stored in an intermediate archive (with restricted access) for the purpose of evidence management, for a maximum of the duration of the contractual or business relationship, plus the time required to settle any entitlements, the legally required periods of retention and prescription, and the exhaustion of legal remedies.

Below you can find detailed information about the retention periods for personal data associated with the different processing activities.

Your rights and how you can exercise them

You may at any time, subject to the conditions and limits laid down by law:

  • access your personal data: you can obtain information about how your personal data has been processed and disclosed;
  • correct your data: you can request that your personal data be corrected if it is inaccurate or incomplete;
  • object to:
    • your data being processed for reasons connected to your specific situation, where the legal basis for the processing is the legitimate interest of Credit Agricole Payment Services or of third parties;
    • at any time and without justification, to your data being used for prospecting by Credit Agricole Payment Services or by third parties;
  • request that your data be deleted: you can request that your data be deleted, in particular when the data are no longer required for the purposes for which they were collected, with the exception of any processing required to comply with a legal obligation or to establish, exercise or defend rights in court;
  • request that the processing of your data be limited: you can request that the processing of your data be suspended or restricted;
  • request your data in a portable format: where the processing is automated and based on consent or the performance of contractual or pre-contractual activities, you may request that your personal data be returned and/or transferred to a third party;
  • provide instructions on what we should do with your personal data in the event of your death: you may instruct us to keep, delete or share your personal data after your death.

Finally, when the legal basis for the processing is consent, you may withdraw this consent to stop your data being processed; the withdrawal of consent does not affect the lawfulness of processing that happened prior to withdrawal.

If you would like to exercise any of your rights, simply write to us, indicating the right you want to exercise together with any information that will allow us to identify you (identity documents, contract number, etc.).

In writing, by signed letter, at the following address:

Crédit Agricole Payment Services

FAO Délégué à la Protection des données [Data Protection Officer], 38 Boulevard des Chênes - Bâtiment Alsace– BP 48 78042 Guyancourt CEDEX

Postage costs will be reimbursed upon request.

Or by email to the Data Protection Officer: dpo.caps@ca-ps.com.

Please note that if you choose to exercise some of these rights, Crédit Agricole Payment Services may be prevented from providing certain products or services.

You may also, in the event of a dispute, file a complaint with the CNIL. Website: http://www.cnil.fr; postal address: 3 Place de Fontenoy, 75007 Paris.

You can find detailed information on how we process your personal data below:

  • Processing purposes
  • Legal basis for processing
  • How long we keep your data
  • Who receives your data
  • Where we get your data and what category it falls under, when the data has not been collected directly from you
  • If applicable, whether we transfer your data to a non-European Union country and how we ensure they are protected in these countries (adequacy decision by the European Commission or appropriate safeguards).

Processing activities

Building a Know Your Customer (KYC) file

Purpose

Building a Know Your Customer (KYC) file

Legal basis

Legal obligation

How long we keep your data

5 years from the end of the business relationship (closure of payment account)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

CAPS was able to obtain data from:

  • Regional branches
  • National or regional subsidiaries of the Crédit Agricole Group

Screening third-party lists

Purpose

Comparing the people on the third-party list to the two reference lists: International Sanctions and Politically Exposed Persons

Legal basis

Legal obligation

How long we keep your data

5 years from the end of the business relationship

Who receives your data

CAPS, CA-GIP

Data transfers to non-EU countries

No

Data obtained from third parties

CAPS was able to obtain data from:

  • Regional branches
  • National or regional subsidiaries of the Crédit Agricole Group
  • Government bodies, market regulators, judicial or administrative authorities (including the Banque de France)

Scoring

Purpose

Calculating a prospect/client's risk score and categorizing them to meet CAPS' obligations in respect of understanding clients' financial position

Legal basis

Legal obligation

How long we keep your data

5 years from the end of the business relationship (closure of payment account)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Opening a payment account

Purpose

Opening a payment account based on the data provided by the client to allow access to the payment services offered by CAPS

Legal basis

Required for contract performance

How long we keep your data

5 years from the end of the business relationship

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Payment by SEPA Direct Debit (SDD) (mandate)

Purpose

  • Receiving payer data for SEPA Direct Debit payments
  • Making a payment by direct debit (mandate)

Legal basis

Required for contract performance

How long we keep your data

5 years from the payment

Who receives your data

CAPS, CA-GIP, Progica

Data transfers to non-EU countries

No

Data obtained from third parties

No

Payment by SEPA Credit Transfer (SCT) (standard or instant) or SWIFT (on receipt)

Purpose

  • Providing a virtual IBAN to the payer for a transfer
  • Accepting a payment by SCT (standard or instant) or SWIFT

Legal basis

Required for contract performance

How long we keep your data

5 years from the payment

Who receives your data

CAPS, CA-GIP

Data transfers to non-EU countries

No

Data obtained from third parties

No

Collecting card payments

Purpose

Accepting a payment made with a bank card

Legal basis

Required for contract performance

How long we keep your data

For the duration of the contract plus 13 months from the termination or expiry of the contract

Who receives your data

CAPS

Data transfers to non-EU countries

Yes

Data obtained from third parties

No

Card payment (acquisition by a CA Group bank)

Purpose

Settling a bank card payment transaction via acquisition by the seller's bank, a CA Group entity

Legal basis

Required for contract performance

How long we keep your data

5 years from the payment

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Data category

Identification, civil status

Accepting payments

Purpose

Accepting payments from the customers of our clients

Legal basis

Required for contract performance

How long we keep your data

5 years (for audit and tax purposes)

Who receives your data

CAPS, CA-GIP

Data transfers to non-EU countries

No

Data obtained from third parties

No

Transfers between payment accounts

Purpose

Transferring funds between payment accounts at the client's request

Legal basis

Required for contract performance

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS, CA-GIP

Data transfers to non-EU countries

No

Data obtained from third parties

No

Pay-out

Purpose

  • Enabling clients to send a SCT or SWIFT pay-out order (via an API)
  • Processing pay-outs by the Client

Legal basis

Required for contract performance

How long we keep your data

5 years from the transaction (tax reasons)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Event notifications

Purpose

Sending notifications to the client to keep them informed of the status of a transaction

Legal basis

Legitimate interest

How long we keep your data

2 months

Who receives your data

CAPS Client

Data transfers to non-EU countries

No

Data obtained from third parties

No

Activity monitoring

Purpose

Monitoring and detecting suspicious or risky behaviour

Legal basis

Legal obligation

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Amending the IBAN for pay-out

Purpose

Amending the IBAN provided by the merchant via the marketplace for pay-out

Legal basis

Required for contract performance

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Cancelling a payment transaction

Purpose

Cancelling a payment transaction made by the payer and not yet cleared

Legal basis

Required for contract performance

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS, CA-GIP

Data transfers to non-EU countries

No

Data obtained from third parties

No

Refunding payments

Purpose

Refunding transactions undertaken using different payment methods that have already been collected, on the instructions of the client

Legal basis

Required for contract performance

How long we keep your data

For the duration of the contract plus 13 months from the termination or expiry of the contract

Who receives your data

CAPS and VERIFONE

Data transfers to non-EU countries

Yes

Data obtained from third parties

No

Refunding payments to payers

Purpose

Refunding payment transactions to payers on the instructions of the client

Legal basis

Required for contract performance

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS, CA-GIP

Data transfers to non-EU countries

No

Data obtained from third parties

No

Outstanding card payments (acquisition via a bank in the Crédit Agricole group)

Purpose

Processing outstanding payments following payment by bank card and reporting this information to the client

Legal basis

Required for contract performance

How long we keep your data

5 years from the payment

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

CAPS was able to obtain data from:

  • Regional branches
  • National or regional subsidiaries of the Crédit Agricole Group

Reporting

Purpose

Generating a list of all transactions undertaken and recorded and sending it to the client

Legal basis

Required for contract performance

How long we keep your data

2 months

Who receives your data

CAPS Client

Data transfers to non-EU countries

No

Data obtained from third parties

No

Invoicing CAPS Payment Institution to the client or vendor

Purpose

Generating invoices to be paid by the client or vendor

Legal basis

Legal obligation

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Monthly FICOBA [bank and similar account registry] declaration to the DGFIP [French Treasury Department]

Purpose

Sending a declaration of accounts opened, amended and closed in the past month

Legal basis

Legal obligation

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Customer service

Purpose

Providing customer service and responding to customer requests

Legal basis

Required for contract performance

How long we keep your data

1 month

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Initiating payments

Purpose

Offering end customers a transfer form with the necessary information already filled in

Legal basis

Required for contract performance

How long we keep your data

5 years from the payment

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

No

Client portal

Purpose

Allowing authorised users to access all management and administration services provided to the client

Legal basis

Required for contract performance

How long we keep your data

5 years

Who receives your data

CAPS Client

Data transfers to non-EU countries

No

Data obtained from third parties

No

Further information

*Data relating to strong authentication are kept for 6 months.

Balancing bank accounts provided as part of the AgoraPay service

Purpose

Balancing bank accounts provided as part of the AgoraPay service, to credit the funds to the client's payment accounts

Legal basis

Required for contract performance

How long we keep your data

5 years (tax reasons)

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

CAPS was able to obtain data from:

  • Regional branches
  • National or regional subsidiaries of the Crédit Agricole Group

Data category
Identification, civil status

Commercial prospection

Purpose

Subscription, commercial communication, offer and services proposals and CRM database update.

Legal basis

Client or prospect consent for electronic means (email, text, call center) or legitimate interest, in particular for communications by mail or telephone, or communications by electronic means relating to products and services similar to those already subscribed. Construction of a CRM database.

How long we keep your data

3 years starting from :

  • End of commercial relationship for the clients
  • Last communication for the prospects

Who receives your data

CAPS

Data transfers to non-EU countries

No

Data obtained from third parties

CAPS was able to obtain data from:

  • Regional branches
  • National or regional subsidiaries of the Crédit Agricole Group
  • State, market organizations, judicial or administrative authority (including the "Banque de France")

Data category

Identification, civil status

A solution designed by Crédit Agricole Group

Logo Credit Agricole Logo LCL Logo CA CIB
AGORAPAY
About Legal notice Data Protection Policy Personal data and cookies Cookies settings
SERVICES
Product Payment initiation Pricing FAQ Developer API
CONTACT
Sales team Client access
En
 | 
Fr