worldline
Global Online Pay (Direct)
Other Worldline developer portals
Sign up

Data retention of personal data

Data retention

Given that Worldline offers a shared service, standardized data retention periods have been implemented for the GoPay Service. The Merchant is responsible for any period selected:

  • Default data retention period: Worldline will retain the Personal Data for a period of five hundred and forty (540) calendar days as from the date of the transaction.
  • Reduced data retention period: the Merchant can opt to reduce the default data retention period with a minimum of ninety (90) calendar days as from the date of the transaction, via de settings in the Worldline Account.

After this period (the default or the reduced period), without prejudice to Worldline's back-up and subject to any contrary statutory, regulatory or contractual retention obligations which must be observed by Worldline, the Personal Data will be erased or anonymized.

If, outside the default or reduced retention period, you request Worldline to erase the Personal Data related to a specific transaction before the end of the chosen standard retention period, the Personal Data will be erased after a period of ninety (90) calendar days from the date of that transaction.

Worldline retains this Personal Data for ninety (90) calendar days from the transaction date for billing purposes (transaction invoicing and follow-up in the event of invoice disputes).

Additional Services / Options

Fraud Management

When an optional fraud-management solution is activated by the Merchant, the following additional rules apply:

List Management

Under the first level of Worldline’s advanced fraud-prevention solution, or under the basic fraud-prevention tool, the Merchant has the option of creating lists (e.g. whitelists, blacklists or greylists – hereinafter “the Lists”). The creation of these Lists, as well as their deletion, is the Merchant’s responsibility. Worldline does not stipulate any default retention period for such Lists; the Merchant is responsible for updating them and deleting them when they are no longer applicable. Worldline will assist the Merchant in deleting the said Lists in accordance with the Merchant’s instructions and the Processing Terms.

3-D Secure authentication

When the “3-D Secure Authentication” service is activated, the same retention period chosen for the “GoPay” service will apply to the processed transaction data (i.e. 540 or 90 days from the date of the transaction).

Authentication data generated in the context of 3-D Secure will be retained for a minimum period of one hundred and eighty (180) calendar days from the date of the transaction, as required and defined by the rules of the payment scheme / payment method used to carry out the transaction.

At the end of this period, without prejudice to Worldline’s backups and subject to any statutory, regulatory or contractual retention obligations applicable to Worldline, the Personal Data will be deleted and/or anonymized.

Tokenisation / Alias

When the Merchant activates the “Tokenisation / Alias” service, Worldline will generate tokens — commonly referred to as “aliases” — to replace payment-card data (i.e. card brand, cardholder name, expiry date and card number).

These aliases will be retained by Worldline in accordance with the following standard rule:

  • By default, aliases are retained for a period of sixty (60) months from the date of the last use of the alias. The Merchant may choose to reduce the retention period for the alias via its Worldline account settings. The Merchant is responsible for any period selected.

Was this page helpful?

Do you have any comments?

Thank you for your response.
New Feature

Try out our new chatbot and find answers to all your questions.