{"id":57346,"date":"2025-10-01T18:02:22","date_gmt":"2025-10-01T16:02:22","guid":{"rendered":"https:\/\/www.centralpay.com\/personal-data-protection-policy\/"},"modified":"2025-10-02T10:10:49","modified_gmt":"2025-10-02T08:10:49","slug":"personal-data-protection-policy","status":"publish","type":"page","link":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/personal-data-protection-policy\/","title":{"rendered":"Personal Data Protection Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"57346\" class=\"elementor elementor-57346 elementor-57307\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-99afa31 e-flex e-con-boxed e-con e-parent\" data-id=\"99afa31\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-8e1df62 e-flex e-con-boxed e-con e-child\" data-id=\"8e1df62\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7ca7152 elementor-widget__width-inherit elementor-widget-mobile__width-inherit elementor-widget elementor-widget-iteck-heading\" data-id=\"7ca7152\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"iteck-heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"iteck-heading iteck-additional-color\"><span>Personal Data<br>Protection Policy<\/span><\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e4c5f26 elementor-widget__width-initial elementor-widget-mobile__width-inherit elementor-widget-widescreen__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"e4c5f26\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Personal Data Protection Policy \u2013 CentralPay<\/strong><\/p><p>Last update: 15\/09\/2025<\/p><p>At CentralPay, the protection of personal data is at the heart of our commitments. As an Electronic Money Institution authorised by the ACPR (authorisation no. 17138), we process personal data in accordance with the General Data Protection Regulation (GDPR \u2013 EU 2016\/679) and applicable French legislation. <\/p><p>This policy clearly and transparently outlines how we process personal data.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2f44b38 e-flex e-con-boxed e-con e-parent\" data-id=\"2f44b38\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-36c2d1a e-con-full e-flex e-con e-child\" data-id=\"36c2d1a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d03f476 elementor-widget elementor-widget-heading\" data-id=\"d03f476\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">1. Who is responsible for processing?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f23a72 elementor-widget elementor-widget-text-editor\" data-id=\"1f23a72\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The data controller is:<br>CentralPay \u2013 19 rue Edouard VAILLANT \u2013 37000 TOURS<br>DPO contact: <a href=\"mailto:dp*@********ay.com\" data-original-string=\"PtwULMTQwEpxHCuya7W6pA==ec7lqVRBpNoWqK\/iMyaisyX6fZqmiZW4UEf2sy\/+NYAZyc=\" title=\"This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.\"><span \n                data-original-string='rffJ0YiKg\/L0MgLmIC7Frw==ec7HoqCxJu0P\/z0\/2lFEywWWhbbf51Vj0ILRpo9ZJ4QBVQ='\n                class='apbct-email-encoder'\n                title='This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.'>dp<span class=\"apbct-blur\">*<\/span>@<span class=\"apbct-blur\">********<\/span>ay.com<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a9128c4 e-flex e-con-boxed e-con e-parent\" data-id=\"a9128c4\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-859ed14 e-con-full e-flex e-con e-child\" data-id=\"859ed14\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b667599 elementor-widget elementor-widget-heading\" data-id=\"b667599\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">2. What data do we collect?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-90ca3a4 elementor-widget elementor-widget-text-editor\" data-id=\"90ca3a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>CentralPay only collects data that is strictly necessary for the provision of its payment services and to comply with its legal and regulatory obligations.<\/p><h6><strong>Identification details<\/strong><\/h6><ul><li>Surname, first name, title<\/li><li>Date and place of birth<\/li><li>Nationality<\/li><li>Function (director, legal representative, UBO)<\/li><\/ul><h6> <\/h6><h6><strong>Identification details<\/strong><\/h6><ul><li>E-mail<\/li><li>Telephone number (mobile or landline)<\/li><li>Business or personal postal address (as applicable)<\/li><\/ul><h6> <\/h6><h6><strong>Payment data<\/strong><\/h6><ul><li>Bank details: IBAN and BIC<\/li><li>Card details: card number (collected only in a PCI DSS secure environment and immediately tokenised), expiry date, scheme (Visa, Mastercard, etc.), issuing country, last 4 digits<\/li><li><strong>Important<\/strong>: CentralPay never discloses the full card number or security code to the merchant.<\/li><\/ul><h6> <\/h6><h6><strong>Transactional data<\/strong><\/h6><ul><li>Transaction ID, date and time<\/li><li>Amount, currency, payment status<\/li><li>Order reference (orderId)<\/li><li>Transaction history (one-off, recurring, split payments, refunds)<\/li><\/ul><h6> <\/h6><h6><strong>Security and anti-fraud data<\/strong><\/h6><ul><li>Connection IP address<\/li><li>Technical fingerprint of the terminal (browser, language, screen resolution) during 3DS authentication<\/li><li>Internal anti-fraud results and scores<\/li><li>Possible monitoring status (technical blacklist)<\/li><\/ul><h6> <\/h6><h6><strong>KYC\/AML-CFT compliance data<\/strong><\/h6><ul><li>Identity documents (national identity card, passport, residence permit)<\/li><li>Proof of address (utility bill, receipt)<\/li><li>Company legal documents (Kbis, articles of association, register of beneficial owners)<\/li><li>Information on UBOs (names, ownership percentages)<\/li><\/ul><h6> <\/h6><h6><strong>Technical data (related to services)<\/strong><\/h6><ul><li>Application and technical logs (API logs)<\/li><li>Processing events (webhooks sent to merchants)<\/li><li>Technical tracking identifiers (transactionId, customerId, etc.)<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-080c9fb e-flex e-con-boxed e-con e-parent\" data-id=\"080c9fb\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-c07c609 e-con-full e-flex e-con e-child\" data-id=\"c07c609\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dc66181 elementor-widget elementor-widget-heading\" data-id=\"dc66181\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">3. For what purposes do we use your data?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9839e45 elementor-widget elementor-widget-text-editor\" data-id=\"9839e45\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>CentralPay processes your personal data solely for specific, explicit and legitimate purposes. Each processing operation is based on a legal basis that complies with the GDPR. <\/p><h6><strong><br>a) Payment execution and service management<\/strong><\/h6><ul><li>Purpose: to execute your payment transactions (SEPA, card, direct debit, transfer, recurring or split payments), to ensure invoicing and to manage financial flows<\/li><li>Data concerned: bank details (IBAN, BIC), card data (token, scheme, country, masked PAN), transaction identifiers, amounts, currencies, order references.<\/li><li>Legal basis: performance of the contract (Art. 6.1.b GDPR)<\/li><\/ul><h6><strong><br>b) Identity verification and regulatory obligations (KYC\/AML-CFT)<\/strong><\/h6><ul><li>Purpose: to comply with legal obligations to combat money laundering and terrorist financing (AML-CFT) and with the supervisory requirements of the ACPR<\/li><li>Data concerned: identification data (surname, first name, date of birth, nationality), identity documents, proof of address, legal documents relating to the company, information on UBOs<\/li><li>Legal basis: legal obligation (Art. 6.1.c GDPR, Monetary and Financial Code Art. L561-1 et seq.)<\/li><\/ul><h6><strong><br>c) Fraud prevention and detection<\/strong><\/h6><ul><li>Purpose: to secure transactions, prevent unauthorised or fraudulent payments, apply enhanced authentication rules (PSD2\/3DS)<\/li><li>Data concerned: IP address, browser\/device technical fingerprint, card issuer and country, anti-fraud check results, possible monitoring status<\/li><li>Legal basis: legal obligation (PSD2) and legitimate interest (payment security \u2013 Art. 6.1.f GDPR)<\/li><\/ul><h6><strong><br>d) Customer relationship management and support<\/strong><\/h6><ul><li>Purpose: to communicate with customers and users (confirmation of transactions, sending payment links, notifications), respond to support requests, follow up on complaints and disputes<\/li><li>Data concerned: email, telephone number, customer identifiers, associated transactional data<\/li><li>Legal basis: performance of a contract (Art. 6.1.b GDPR) and legitimate interest (customer relationship management)<\/li><\/ul><h6><g id=\"gid_0\">\n  <br>e) Compliance with accounting, tax and evidentiary obligations<br>\n<\/g><\/h6><ul><li>Purpose: to retain certain data in order to comply with legal retention obligations (Commercial Code, General Tax Code), and to produce accounting and evidentiary documents.<\/li><li>Data concerned: transactional data (amounts, currencies, dates, statuses, references), bank details related to transactions.<\/li><li>Legal basis: legal obligation (Art. 6.1.c GDPR)<\/li><\/ul><h6> <\/h6><h6><strong>f) Improvement of our services and technical security<\/strong><\/h6><ul><li>Purpose: analysing the use of our services, optimising performance, ensuring resilience and cybersecurity, in accordance with the DORA regulation<\/li><\/ul><ul><li>Data concerned: technical logs, events (webhooks), technical identifiers, anonymised usage statistics<\/li><li>Legal basis: legitimate interest (Art. 6.1.f GDPR)<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-bc38cb4 e-flex e-con-boxed e-con e-parent\" data-id=\"bc38cb4\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-d97b723 e-con-full e-flex e-con e-child\" data-id=\"d97b723\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f69f9d2 elementor-widget elementor-widget-heading\" data-id=\"f69f9d2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">4. What is the legal basis for this processing?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-35d7578 elementor-widget elementor-widget-text-editor\" data-id=\"35d7578\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Each processing operation has a clearly defined legal basis:<\/p><ul><li><strong>Performance of a contract (Art. 6.1.b GDPR)<\/strong>: payment processing, account management, customer relations, support<\/li><li><strong>Legal obligation (Art. 6.1.c GDPR)<\/strong>: AML\/CFT compliance (Art. L561 CMF), accounting and tax obligations (Commercial Code, CGI), regulatory obligations (DSP2, ACPR)<\/li><li><strong>Legitimate interest (Art. 6.1.f GDPR)<\/strong>: fraud prevention, system security, dispute management, service improvement<\/li><li>Consent (Art. 6.1.a GDPR): only for certain optional marketing communications or if required by law<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-571a25e e-flex e-con-boxed e-con e-parent\" data-id=\"571a25e\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-15d9a04 e-con-full e-flex e-con e-child\" data-id=\"15d9a04\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ad6d075 elementor-widget elementor-widget-heading\" data-id=\"ad6d075\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">5. How long do we keep your data?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5d06b0 elementor-widget elementor-widget-text-editor\" data-id=\"b5d06b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>CentralPay applies a strict retention schedule in accordance with the requirements of the GDPR, the Monetary and Financial Code and the Commercial Code.<\/p><p>We distinguish between:<\/p><h6><strong>a) Financial transactions (accounting and probative entries)<\/strong><\/h6><ul><li>Retained for 10 years in accordance with accounting and probative obligations (Art. L123-22 of the Commercial Code)<\/li><li>Data concerned: transaction identifiers (transactionId), date, amount, currency, status, order reference (orderId)<\/li><li>This information is necessary for contractual proof and accounting purposes and is not anonymised.<\/li><\/ul><h6> <\/h6><h6><strong>b) Personal data associated with transactions<\/strong><\/h6><ul><li>Kept for a maximum of 24 months and then irreversibly anonymised.<\/li><li>Data concerned:<ul><li>Payer details (email, telephone number)<\/li><li>IP address, browser\/device fingerprint (3DS)<\/li><li>Card details (token, masked PAN, expiry date, scheme, issuing country)<\/li><li>Anti-fraud results (score, blacklist status)<\/li><\/ul><\/li><li>This information is no longer retained beyond 24 months as it is no longer necessary either legally or contractually.<\/li><\/ul><h6> <\/h6><h6><strong>c) Payment card data<\/strong><\/h6><ul><li>Stored for up to 24 months after the card expiry date, then deleted\/anonymised<\/li><li>CentralPay never exposes the full PAN or CVC outside its PCI DSS zone<\/li><\/ul><h6> <\/h6><h6><strong>d) Data relating to bank accounts (IBAN\/BIC) and SEPA mandates<\/strong><\/h6><ul><li>Retained for the duration of the mandate + 10 years (contractual evidence), then deleted\/anonymised<\/li><\/ul><h6> <\/h6><h6><strong>e) KYC\/LCB-FT data<\/strong><\/h6><ul><li>Kept for 5 years after the end of the business relationship (Art. L561-12 CMF), then deleted\/anonymised<\/li><li>Data concerned: identity documents, proof of address, legal documents relating to the company, information on UBOs<\/li><\/ul><h6> <\/h6><h6><strong>f) Subscriptions and instalment payments<\/strong><\/h6><ul><li>Kept for the duration of the subscription + 5 years (evidential requirements), then anonymised.<\/li><li>Data concerned: subscription ID, payment schedule, link to payment method.<\/li><\/ul><h6> <\/h6><h6><strong>g) Technical logs and webhooks<\/strong><\/h6><ul><li>Kept for a maximum of 24 months, then anonymised.<\/li><li>Data concerned: API logs, processing events, technical identifiers (customerId, eventId), statuses, timestamps.<\/li><\/ul><p>You can exercise these rights by sending an email to <a href=\"mailto:dp*@********ay.eu\" data-original-string=\"hkhZIgd5fG2lXNKPHD8Jqg==ec7hUP\/tG0Gq+bRm5jrT2d1kav\/4HjPAnez\/TlTNfAK76c=\" title=\"This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.\"><span \n                data-original-string='l\/ehRl5+ZIRGm04erqyZpQ==ec7pIEqUxR0aLIUKSU2f8zyseDirKmQJ0rbQs0TJKi\/SUM='\n                class='apbct-email-encoder'\n                title='This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.'>dp<span class=\"apbct-blur\">*<\/span>@<span class=\"apbct-blur\">********<\/span>ay.eu<\/span><\/a> or by post to the following address: CentralPay &#8211; 19 rue Edouard vaillant &#8211; 37000 Tours.<\/p><p>You may also, at any time and free of charge, without having to justify your request, object to your data being used for commercial prospecting purposes.<\/p><p>If, for any reason whatsoever, you consider that our response is not satisfactory, you may lodge a complaint with the Commission Nationale de l&#8217;Informatique et des Libert\u00e9s (CNIL); website: cnil.fr.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7d6fb11 e-flex e-con-boxed e-con e-parent\" data-id=\"7d6fb11\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-8372779 e-con-full e-flex e-con e-child\" data-id=\"8372779\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7aeebf0 elementor-widget elementor-widget-heading\" data-id=\"7aeebf0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">6. Who are the recipients of your data?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2a15ee4 elementor-widget elementor-widget-text-editor\" data-id=\"2a15ee4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Your data may only be transmitted to:<\/p><ul><li>CentralPay internal departments (operations, compliance, support, security)<\/li><li>Payment partners and banking institutions (acquirers, SEPA payment systems, card schemes)<\/li><li>Technical service providers (cloud hosting, KYC provider, SMS\/email delivery), subject to contractual clauses compliant with the GDPR<\/li><li>Competent authorities (ACPR, TRACFIN, Banque de France, judicial authorities)<\/li><\/ul><p>We never resell your data to third parties.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-81146a2 e-flex e-con-boxed e-con e-parent\" data-id=\"81146a2\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-b4f94f1 e-con-full e-flex e-con e-child\" data-id=\"b4f94f1\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-406f458 elementor-widget elementor-widget-heading\" data-id=\"406f458\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">7. Where is your data processed?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f948578 elementor-widget elementor-widget-text-editor\" data-id=\"f948578\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li>The data is hosted in the European Union, mainly in France.<\/li><li>In the event of transfer outside the EU (e.g. SMS or email service providers), standard contractual clauses (SCCs) and additional measures are put in place to ensure an equivalent level of protection.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3e49e00 e-flex e-con-boxed e-con e-parent\" data-id=\"3e49e00\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-28885a1 e-con-full e-flex e-con e-child\" data-id=\"28885a1\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e785660 elementor-widget elementor-widget-heading\" data-id=\"e785660\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">8. What are your rights?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c44c141 elementor-widget elementor-widget-text-editor\" data-id=\"c44c141\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In accordance with Articles 15 to 22 of the GDPR, you have the following rights:<\/p><ul><li>Right of access, rectification, erasure<\/li><li>Right to restriction, objection, portability<\/li><li>Right to withdraw consent (where applicable)<\/li><li>Right to lodge a complaint with the CNIL<\/li><\/ul><p>You may exercise your rights by writing to: <span \n                data-original-string='iOsR7O1a+R7sUjXP7aK7JA==ec7ccpAUEYakbu3NlZxR05Ucv1iK1j6GXEC8KoPTyJw5+w='\n                class='apbct-email-encoder'\n                title='This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.'>dp<span class=\"apbct-blur\">*<\/span>@<span class=\"apbct-blur\">********<\/span>ay.com<\/span> (response within 30 days).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-16c77c9 e-flex e-con-boxed e-con e-parent\" data-id=\"16c77c9\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-e612119 e-con-full e-flex e-con e-child\" data-id=\"e612119\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-079f05f elementor-widget elementor-widget-heading\" data-id=\"079f05f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">9. Security<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33272c2 elementor-widget elementor-widget-text-editor\" data-id=\"33272c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>CentralPay implements a security policy aligned with PCI DSS, ISO 27001\/27005 standards and the European DORA (Digital Operational Resilience Act) regulation. Our measures cover the entire lifecycle of data and payment services to ensure their confidentiality, integrity and availability. <\/p><p>Security is primarily ensured through clear governance and proactive risk management. We have a risk management framework approved by senior management, which includes a risk appetite policy, mapping aligned with ISO and DORA standards, and risk indicators that are monitored regularly. This framework is implemented through a three lines of defence organisation and steered by a security and compliance committee.  <\/p><p>Data protection is based on systematic encryption, both in transit (TLS 1.2\/1.3) and at rest (AES-256), with centralised key management. Payment data is processed exclusively in a PCI DSS Level 1 certified environment and undergoes irreversible tokenisation, which prevents the exposure of full card numbers or cryptograms. In addition, we apply strict policies for the automatic purging and anonymisation of personal data at the end of the retention periods specified by the GDPR.  <\/p><p>Access to systems is strictly controlled through centralised identity management based on the principle of least privilege. Each employee is subject to strong two-factor authentication (MFA), and authorisations are reviewed regularly to ensure they remain relevant. <\/p><p>Our infrastructure is monitored continuously. Sensitive operations are logged comprehensively and time-stamped, and a real-time monitoring system, coupled with a SIEM, enables security incidents to be detected quickly. <\/p><p>Operational resilience is ensured by a continuity plan aligned with DORA. CentralPay has implemented a Contingency and Business Continuity Plan (PUPA) including BCP and PRI components, which are regularly tested. Penetration tests and crisis management exercises are organised each year, while a strict ICT outsourcing policy ensures the continuous assessment of critical service providers and the maintenance of a regulatory information register.  <\/p><p>Incident management follows a formalised procedure for detection, classification and handling. In the event of a major incident, we comply with the regulatory notification deadlines set by the ACPR and the CNIL, and systematic feedback is organised in order to continuously improve the security system. <\/p><p>Finally, CentralPay is committed to continuous improvement. Internal and external audits, including independent PCI DSS and cybersecurity audits, are conducted regularly. Our ongoing monitoring and periodic audit procedures are reviewed annually to ensure their effectiveness and compliance with international standards and regulatory requirements.  <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-231f0c1 e-flex e-con-boxed e-con e-parent\" data-id=\"231f0c1\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-ad577be e-con-full e-flex e-con e-child\" data-id=\"ad577be\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a171c23 elementor-widget elementor-widget-heading\" data-id=\"a171c23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">10. Policy update<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c1c8763 elementor-widget elementor-widget-text-editor\" data-id=\"c1c8763\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This policy may be amended to reflect changes in processing and legal obligations. Any updates will be published on our website and, where necessary, communicated to affected customers. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Personal DataProtection Policy Personal Data Protection Policy \u2013 CentralPay Last update: 15\/09\/2025 At CentralPay, the protection of personal data is at the heart of our commitments. As an Electronic Money Institution authorised by the ACPR (authorisation no. 17138), we process personal data in accordance with the General Data Protection Regulation (GDPR \u2013 EU 2016\/679) and applicable French legislation. This policy &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":21,"comment_status":"closed","ping_status":"open","template":"elementor_header_footer","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-57346","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/wp-json\/wp\/v2\/pages\/57346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/wp-json\/wp\/v2\/comments?post=57346"}],"version-history":[{"count":0,"href":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/wp-json\/wp\/v2\/pages\/57346\/revisions"}],"wp:attachment":[{"href":"https:\/\/centralpay.dev.innovest.fr\/fr\/en\/wp-json\/wp\/v2\/media?parent=57346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}