Politica di privacy

  1. Your privacy and CCV
  2. Your privacy and CCV – Your rights
  3. Your privacy and CCV – How we handle your data
  4. Your privacy and CCV – In the event of a data leak
  5. Your privacy and CCV – Terms and definitions
  6. Your privacy and CCV – Our cookie policy

 

Your privacy and CCV

You entrust CCV with your payment and personal data. We attach great importance to that trust. We would like to take this opportunity to explain how we protect your personal data.

We have been in the business of handling payment data – yours and those of millions of other people in Europe – for decades now. That is why we comply with the following legislation:

  • General Data Protection Regulation (GDPR) of the European Union

Our operational processes are set up in full conformity with the stringent requirements of each of these pieces of legislation. We have also put in place robust measures to protect data traffic. That is how we ensure your and your customers’ privacy.

Basic privacy principles

In a nutshell, our compliance with these laws means that we observe the following basic principles:

  • We will inform you of your rights and will not take action unless and until you give permission to process your data.
  • We will only use your personal data to perform our work.
  • We will only collect data that we need in order to perform our work.
  • We will ensure that your personal data are and remain correct.
  • We will not retain your personal data for longer than necessary.
  • We will protect your personal data against access by unauthorized parties, loss or destruction.
  • We can demonstrate our compliance with these principles.

Data manager and data processor

From a legal perspective, we fulfil a dual role when it comes to privacy. We record and manage personal data of our clients, your customers and our employees. Officially, we are a data manager in that capacity and, as such, accountable for the careful handling of data.

 

Contact

If you need any help, our customer service department will be happy to assist you.

T +41 (0)58 220 60 00 | E info@ch.ccv.eu

 

Your rights

We handle your data as carefully and as safely as possible. Should you want to verify this, it is good to know that you – as the owner of your personal data – have a number of rights.

 

Right to information

You have the right to be informed about our work processes that involve the handling and processing of your personal and payment data.

privacy@ccv.eu

 

Right to inspection

You have the right to access the personal data about you that we have on record. If you want to exercise this right, we must first verify your identity before we can start retrieving your data. You will be sent all the data about you that we have. We will also inform you of the details of our processing method, including the purpose, retention period, the parties that we share data with, and how data have been obtained. We aim to provide you with an overview of these data within one month. We will inform you if we expect it to take longer.

privacy@ccv.eu

Right to correction, restriction and deletion

You have the right to correct or supplement the personal data about you that we have on record. You also have the right to delete part of your data in order to restrict how much data we can use in the future. And you have what is known as the ‘right to be forgotten’, which means that all the data about you we have on record will be deleted. However, we are required by law to retain certain data, so these we cannot delete.

privacy@ccv.eu

Right to data transfer

You have the right to request the digital transfer to a different organization of data that CCV has on record about you. If you want to exercise this right, we will provide your data to you in a structured and generally accepted file format. We are only allowed to do this with personal data that you provided to us in person, or if you gave express permission to process such data, or with data we obtained as result of the fulfilment of our agreement. We aim to complete preparing the file for data transfer within one month. We will inform you if we expect it to take longer.

privacy@ccv.eu

Right of objection

If you think that we are wrongfully processing personal data about you, we encourage you to make this known to us. If your objection is justified, we will stop processing your personal data. You can also file an official complaint if you think your data are not being handled with due care. When we receive a complaint, we will carefully review our processes and work to eliminate any shortcomings we identify. We aim to address your complaint within five business days. We will inform you if we expect it to take longer. If we are unable to reach agreement, you have the option of submitting your complaint to the Dutch Data Protection Authority.

privacy@ccv.eu

The responsible authority for CCV Switzerland

Address:
Office of the Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1
3003 Berne

Contact

If you need any help, our customer service department will be happy to assist you.

T +41 (0)58 220 60 00 | E info@ch.ccv.eu

 

How we handle your data

 

We use a range of technological and organizational measures to protect your privacy as effectively as possible. With certifications from national and international quality and safety standards organizations, we demonstrate how serious we are about protecting your privacy. These certifications include compliance with the Payment Card Industry Data Security Standard (PCI DSS). We use the following methods to protect your privacy in our work processes.

Triple data protection

  • First and foremost, responsibility for the careful handling of data rests with our colleagues whose day-to-day work involves the processing of personal data. They know how data are processed and have access to the content of applications. They also assess the proper functioning of all processes on a daily basis.
  • They are backed up by support and advice from the risk management department and the data protection officer, who draft policies, conduct risk analyses, and assess whether the processes comply with applicable laws and regulations.
  • Lastly, our independent internal audit department and the data protection officer will check if the aforementioned colleagues work together effectively, and whether we actually fulfil all our legal and business obligations.

 

Purpose of data usage

Personal data about employees will only be used to carry out our duties as an employer. Personal data about clients will only be used to provide our services, for instance to:

  • Conclude or amend agreements
  • Process and analyse payment transactions
  • Resolve disputes and disputed payment transactions
  • Prevent and address fraud and other unlawful activities
  • Analyse data in order to improve our services
  • Initiate, coordinate and outsource work processes
  • Perform specific marketing activities

Retention period

Personal data will not be retained for longer than is necessary for the intended purpose, and will not be retained beyond the statutory retention period. We ensure compliance with this retention period by keeping the retention period details and the corresponding personal data in the same location.

Anti-fraud measures

We work together with banks, credit card companies and other parties that combat fraud. To facilitate these efforts, it is sometimes necessary to share data with these parties. This always happens in compliance with legal requirements and only with the express permission of our data protection officer.

Staying up-to-date

Our employees are aware of the importance of privacy. They have been trained in protecting your privacy and keeping information secure. We make sure that this awareness and expertise stay up-to-date, for instance by offering an e-learning programme and through regular internal information sharing. Our data protection officer and the corporate information security officer monitor these activities.

Contact

If you need any help, our customer service department will be happy to assist you.

T +41 (0)58 220 60 00 | E info@ch.ccv.eu

In the event of a data leak

No matter how effectively we perform our work, the risk of a data breach always exists. This can be the result of human error or have an external cause. A data leak is defined as a situation in which personal data is lost or ends up in the wrong hands.

In the event of a data leak, immediate action is required. We will first examine which personal data have been affected. If the breach could potentially affect your rights and freedoms, the data leak will be reported to the Dutch Data Protection Authority within 72 hours. In case of a high risk, you will also be informed right away.

In addition, the leak will be thoroughly investigated. We will get to the bottom of what happened and determine which data were exposed to risk, who the culprits might be, and how we can prevent it from happening again. This approach enables us to tighten our security. Furthermore, we will carefully record any and all findings about the data leak to ensure we can learn from them even in the future.

Reporting a data leak

Do you think a data leak may have occurred? Please inform us as quickly as possible, stating the reasons or the signals that your suspicion is based on.

security@ccv.eu

Contact

If you need any help, our customer service department will be happy to assist you.

T +41 (0)58 220 60 00 | E info@ch.ccv.eu

Your privacy and CCV

Terms and definitions

Personal data

All information pertaining to an individual, for instance a name or e-mail address. It also includes data that indirectly relate to someone’s identity, i.e. personal details such as an IP address, a card number or transaction data. Combined with other data, these details can be traced to an individual.

General Data Protection Regulation (GDPR)

European legislation regulating the careful processing and free movement of personal data. This Regulation was adopted and became applicable in all EU member states on 27 April 2016, subject to a two-year transition period to enable organizations to make their administrative and operational processes compliant with the new law, which will become enforceable on 25 May 2018.

Data manager

A person or organization that – individually or in collaboration with third parties – registers or manages personal data. The data manager is also responsible for how its data processing activities are structured and function. We are the data manager of the personal data of our clients.

Data processor

A person or organization that processes personal data on behalf of the data manager. We are the data manager of payment data on behalf of a number of clients. A data processor and a data manager always conclude a contract setting out the terms and conditions that must be met to guarantee the security of personal data.

Client

A person that enters into a relationship with CCV, e.g. a visitor to our website, a person using our services or products, a supplier or a business partner.

Contact

If you need any help, our customer service department will be happy to assist you.

T +41 (0)58 220 60 00 | E info@ch.ccv.eu

 

Our cookie policy

We use cookies to ensure our website functions properly. Cookies are small text files we send to your computer, tablet or phone. Such a file will record certain data, such as the webpages you visit. This is an entirely anonymous process; your identity will not be revealed. However, cookies do reveal certain information about your behaviour. For that reason, we would like to inform you about cookies and the options available to you.

Purpose of our cookies

Cookies are useful both for us and for you. For instance, cookies ensure you do not need to enter the same information repeatedly, and that you are presented with information that is in line with your interests. We also use cookies to analyse how you use our website. The insights gained from this help us to make the site more user-friendly.

Cookies are used for a variety of purposes:

  • To enable communication across a digital network
  • To research how our website is used
  • To conclude or fulfil an agreement
  • To deliver a service requested by you
  • To identify what your interests are based on how you use our site
  • To enable third parties to identify what your interests are

If you prefer to disable cookies

You can decide which types of cookies you want to accept, if any. However, this choice may have certain consequences. If you disable our cookies, we cannot guarantee that our website will work flawlessly.

  • You can change settings to determine which cookies to accept and which to disable. For instance, you may want to accept statistical cookies but not the ones for personalised information. Set your preferences now >>
  • You can personalise the settings of your browser – Chrome, Safari, Internet Explorer – to have it display a warning when a website wants to send a cookie, or to have it refuse all cookies or only third-party cookies. You can also delete all received cookies. Make sure you change these settings on every device and in every browser you use.
  • You can disable tracking by Google Analytics for all websites. If you want to do this, you can unregister for all Google cookies on their website.
    Go to Google and unregister >> (linkto: https://myaccount.google.com/privacy#ads)

The cookies we use

 

Essential

Adobe

Who: https://apps.ghostery.com/nl/apps/typekit_by_adobe

Purpose: In order to offer the Typekit service, Adobe may collect data about fonts that are sent to your website. These data are used for the purpose of invoicing and compliance.

Cookies: -

Expiry period: Unlimited

Cookie opt-in: Non-optional

Google AJAX Search API

Who: https://apps.ghostery.com/nl/apps/google_ajax_search_api

Purpose: The Google AJAX Search API is a Javascript library that allows you to embed Google Search in your web pages and other web applications. Using API, developers can integrate Google Search, News Search and Blog Search into their website.

Cookies: -

Expiry period: Unlimited

Cookie opt-in: Non-optional

Google Tag Manager

Who: https://apps.ghostery.com/nl/apps/google_tag_manager

Purpose: Google Tag Manager allows CCV to quickly and easily update tags and code fragments on the website. Once the Tag Manager fragment has been added to the website, CCV can configure tags via a web interface without needing to change or implement additional code. This reduces the likelihood of errors and it will no longer be necessary to involve a developer when CCV needs to change something.

Cookies: -

Expiry period: Unlimited

Cookie opt-in: Non-optional

Website Analytics

GA Audiences

Who:
https://apps.ghostery.com/nl/apps/ga_audiences

Purpose: Obtain insight in visitors’ behaviour on the website in order to improve their user experience.

Cookies: -

Expiry period: After two years

Cookie opt-in: Optional

Google Analytics

Who: https://apps.ghostery.com/nl/apps/google_analytics

Purpose: Obtain insight in visitors’ behaviour on the website in order to improve their user experience.

Cookies: __utma, __utmb, __utmc, __utmv, __utmz, _ga

Expiry period: After two years

Cookie opt-in: Optional

Hotjar

Who: https://apps.ghostery.com/nl/apps/hotjar

Purpose: Conducting qualitative research among website visitors and obtaining a better insight in visitors’ clicking behaviour, enabling improvement of the user experience on the website.

Cookies: _hjIncludeInSample, _hjMinimizedPolls, _hjUserId

Expiry period: No more than 1 year

Cookie opt-in: Optional

Optimizely

Who: https://apps.ghostery.com/nl/apps/optimizely

Purpose: Obtaining a better insight in visitors’ clicking behaviour, enabling improvement of the user experience on the website.

Cookies: Source, CID

Expiry period: No more than 10 years

Cookie opt-in: Optional

Twitter Analytics

Who: https://apps.ghostery.com/nl/apps/twitter_analytics

Purpose: Measuring conversions and making targeted offers on third-party websites. The anonymous conversion information is used to determine the value of various advertising partners on a central ad server, and this anonymous information is used to display targeted offers on third-party websites via this central ad server.

Cookies: _twitter_sess, personalization_id, guest_id, tfw_exp, eu_cn, syndication_guest_id

Expiry period: No more than 2 years

Cookie opt-in: Optional

Convertize

Who: https://www.convertize.com

Purpose: Obtaining a better insight in visitors’ clicking behaviour, enabling improvement of the user experience on the website.

Cookies: _ga

Expiry period: No more than 1 year

Cookie opt-in: Optional

 

Advertising

Doubleclick

Who: Doubleclick.net

Purpose: Measuring the conversion. This anonymous information is used to determine the value of an advertising partner and to enable billing of advertising partners. This anonymous information is also used to build anonymous visitor segments, if an opt-in for this was given.

Cookies: id, test_cookie,_drt_, p

Expiry period: No more than 90 days

Cookie opt-in: Not required

Bing Ads

Who: https://apps.ghostery.com/nl/apps/bing_ads

Purpose: Measuring the conversion. This anonymous information is used to determine the value of an advertising partner and to enable billing of advertising partners. This anonymous information is also used to build anonymous visitor segments, if an opt-in for this was given.

Cookies: ipv6, SRCHHPGUSR, _SS, SRCHUSR, _EDGE_S, SRCHUID, SRCHD, MUID. MUIDB

Expiry period: No more than 2 years

Cookie opt-in: Optional

Facebook Custom Audience

Who: https://apps.ghostery.com/nl/apps/facebook_custom_audience

Purpose: Measuring the conversion. This anonymous information is used to determine the value of an advertising partner and to enable billing of advertising partners. This anonymous information is also used to build anonymous visitor segments, if an opt-in for this was given.

Cookies: ocale, c_user, csm, datr, fr, lu, xs, pk, s, p, act, x-src, presence

Expiry period: No more than 1 year

Cookie opt-in: Optional

Facebook Impressions

Who: https://apps.ghostery.com/nl/apps/facebook_impressions

Purpose: Measuring the conversion. This anonymous information is used to determine the value of an advertising partner and to enable billing of advertising partners. This anonymous information is also used to build anonymous visitor segments, if an opt-in for this was given.

Cookies: ocale, c_user, csm, datr, fr, lu, xs, pk, s, p, act, x-src, presence

Expiry period: No more than 1 year

Cookie opt-in: Optional

SalesFeed

Who: https://www.salesfeed.com

Purpose: This anonymous information is also used to build anonymous visitor segments, if an opt-in for this was given.

Cookies: __zlcmid, _ga

Expiry period: No more than 1 year

Cookie opt-in: Optional

Twitter Advertising

Who: https://apps.ghostery.com/nl/apps/twitter_advertising

Purpose: Measuring conversions and making targeted offers on third-party websites. The anonymous conversion information is used to determine the value of various advertising partners on a central ad server, and this anonymous information is used to display targeted offers on third-party websites via this central ad server.

Cookies: _twitter_sess, personalization_id, guest_id, tfw_exp, eu_cn, syndication_guest_id

Expiry period: No more than 2 years

Cookie opt-in: Optional

 

Twitter Conversion Tracking

Who: https://apps.ghostery.com/nl/apps/twitter_advertising

Purpose: Measuring conversions and making targeted offers on third-party websites. The anonymous conversion information is used to determine the value of various advertising partners on a central ad server, and this anonymous information is used to display targeted offers on third-party websites via this central ad server.

Cookies: _twitter_sess, personalization_id, guest_id, tfw_exp, eu_cn, syndication_guest_id

Expiry period: No more than 2 years

Cookie opt-in: Optional

Google Dynamic Remarketing

Who: https://apps.ghostery.com/nl/apps/google_dynamic_remarketing

Purpose: Using dynamic remarketing in Analytics allows you to display remarketing ads for content or products that your users will most probably be interested in, based on the content or products they viewed in the past, related and best performing content and products, and their transaction history and demographics.

Cookies: __utma, __utmb, __utmc, __utmv, __utmz, _ga

Expiry period: No more than 2 years

Cookie opt-in: Required

 

Social

Facebook Connect

Who: https://apps.ghostery.com/nl/apps/facebook_connect

Purpose: Measuring conversions and making targeted offers on third-party websites. The anonymous conversion information is used to determine the value of various advertising partners on a central ad server, and this anonymous information is used to display targeted offers on third-party websites via this central ad server.

Cookies: locale, c_user, csm, datr, fr, lu, xs, pk, s, p, act, x-src, presence

Expiry period: No more than 1 year

Cookie opt-in: Optional

Facebook Social Plugins

Who: https://apps.ghostery.com/nl/apps/facebook_social_plugins

Purpose: Measuring conversions and making targeted offers on third-party websites. The anonymous conversion information is used to determine the value of various advertising partners on a central ad server, and this anonymous information is used to display targeted offers on third-party websites via this central ad server.

Cookies: locale, c_user, csm, datr, fr, lu, xs, pk, s, p, act, x-src, presence

Expiry period: No more than 1 year

Cookie opt-in: Optional

Twitter Buttons

Who: https://apps.ghostery.com/nl/apps/twitter_button

Purpose: Measuring conversions and making targeted offers on third-party websites. The anonymous conversion information is used to determine the value of various advertising partners on a central ad server, and this anonymous information is used to display targeted offers on third-party websites via this central ad server.

Cookies: _twitter_sess, personalization_id, guest_id, tfw_exp, eu_cn, syndication_guest_id

Expiry period: No more than 2 years

Cookie opt-in: Optional

 

Customer interaction

LiveChat

Who: https://apps.ghostery.com/nl/apps/livechat

Purpose: Initiate customer interaction via the website.

Cookies: __lc_cst, amplitude_idlivechatinc.com, __lc_cid, landing_page, __livechat, 3rdparty, __lc_vv.group16, referrer, message_text.group16, chat_widget_amplitude_idlivechatinc.com, recent_window.group16, main_window_timestamp.group16, main_window_timestamp_16.group16, _ga, notification[status_ping].group16, utm_source, __livechat_lastvisit

Expiry period: No more than 2 years

Cookie opt-in: Optional

Contact

If you need any help, our customer service department will be happy to assist you.

T +41 (0)58 220 60 00 | E info@ch.ccv.eu