Javascript is required
logo-dastralogo-dastra

GDPR Data processing modelUse of a payment card number in connection with the sale of goods or the provision of services at a distance

By: Ludwig Karneth
PrivateOrders and Payments
This processing model relates to the use of payment card numbers in the sale of goods or the provision of remote services, including subscriptions taken out online or goods reservations

Purposes (6)

A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable

1
Completion of a transaction for the delivery of a good or the provision of a service in return for payment
Contract
2
Reservation of a good or service
Contract
3
Settlement of subscriptions taken out online involving defined and regular payments
Contract
4
Simplification of any subsequent purchases on the merchant's site
Consent
5
Offer of payment solutions dedicated to distance selling by payment service providers
Legitimate interest
6
Fight against fraud
Legal obligation

Data categories (1)

Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)

Data required to carry out a remote payment card transaction

Data details

Cardholder identityoptional
Visual cryptogramrequired
expiration daterequired
Credit card numberrequired

Data conservation rules

Active base:

Data must be kept for no longer than is necessary for the purposes for which they are processed. The retention of the cryptogram after the first transaction is prohibited in all cases, including for subscriptions requiring different payments. In the case of one-off payments (one-off purchases or subscriptions with no tacit renewal, paid in a single instalment), the period for which card details are kept must correspond to the time required to complete the transaction, i.e. the actual payment, which may be deferred until receipt of the goods or performance of the service, plus, where applicable, the withdrawal period stipulated for distance sales of goods and provision of services (article L.121 -20-12 of the French Consumer Code); With regard to subscriptions involving staggered payments, the retention of bank details is justified: - until the last payment due date, if the subscription does not provide for tacit renewal; - until termination of the subscription in the event of tacit renewal, subject to applicable provisions and in particular the information of the persons concerned prior to renewal.

Data subject (1)

A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process

  • Other
Author:
Ludwig Karneth
Ludwig Karneth
Created at:07/08/2023
Updated on:00/01/1970
License: © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale
Nb using:0

Access the full processing template

Try Dastra now to access all of our data processing templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Add to my data processings record
Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.