Adyen Events Privacy Policy

Please read this privacy statement if you would like to know more about the way Adyen and its group companies around the world (hereinafter referred to as “Adyen” or “we”) collect and process your personal data. This privacy statement applies to the processing activities in which Adyen acts as a data controller.

It is important to us that your personal data is handled carefully, and that you are well informed about the way we process your personal data. This privacy statement tells you what data we process – including how, why and how long we process it for – and informs you of your data privacy rights.

Adyen is a financial technology company operating under a banking license. This means that Adyen provides its customers with payments and other financial products, including payments processing for its customers and platforms via credit card, bank transfer, and other payment methods, card issuing, (merchant) bank accounts, fraud detection, and other financial services. It is also important to note that Adyen N.V. is supervised by the Dutch Central Bank as a regulated bank under Dutch law. In addition, Adyen and its group companies are supervised by various regulators and authorities, as applicable, around the globe.

You may have seen Adyen on your bank statements if you have bought something, automatically renewed a subscription, or received a payout from one of Adyen’s customers. If you would like more information about any of these charges, you can use Adyen’s Look Up Charge Tool.

– Right to know: You may have the right to verify that we have collected personal data about you, as well as know what personal data we have collected about you. This includes, as applicable, (i) the categories of personal data we have collected; (ii) the sources from which we collected that

personal data; (iii) the business or commercial purposes for which we collected, “sold”, and “shared” that personal data; (iv) the categories of personal data that we “sold”, “shared”, or disclosed to third parties for business purposes; and (v) the categories of third parties to whom we “sold”, “shared”, or disclosed personal data. You can also contact us if you want to know more about the data we process for our legitimate interests.

– Right to deletion: You may be entitled to request that we delete the personal data that we have collected from you. We will use all commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need or be required to keep such information, such as for our legitimate business purposes, or to comply with applicable laws.

– Right to opt-out of sales and sharing of personal data to third parties for cross-context behavioral advertising: You are entitled to opt-out of sales of your personal data to third parties and to opt-out of the sharing of your personal data to third parties for cross-context behavioral advertising, if applicable. You can opt-out of sales and sharing of your personal data by visiting our Cookies Policy and disabling the ‘Sale or Share of Personal Data’ toggle in the Cookies Preference Center, or by contacting us using one of the methods below. If you have enabled the Global Privacy Control mechanism on your browser, device, or platform, you will automatically be opted out of any “sharing” when you use our website. Adyen seamlessly processes the Global Privacy Control (GPC) signal if enabled on your browser, device, or platform. Please visit this page to learn more about enabling the GPC.

– Right to object to the processing of your personal data: You are entitled to object to us processing your personal data. In addition, where you have given your consent for us to process personal data, you can withdraw this consent at any time. Please note that Adyen maintains a record of withdrawals of consent to ensure that we do not contact you in the future.

– Right to opt-out of profiling: As defined under privacy laws, Adyen may profile customers to determine their eligibility for certain financial products, or to offer them certain financial services. Please note that opting-out of profiling will mean that you are no longer eligible for these financial products or services.

These rights may be limited under applicable laws, and are also subject to technical feasibility. For example, if we collect your personal data in our role as a service provider to one of our customers, you will need to contact that customer directly to exercise your rights.

Please note that we may require additional information from you to verify your identity and process your request. Alternatively, you can submit a request through an authorized representative using the contact methods described below. If you use an authorized representative, we may require a copy of their signed permission to act on your behalf. We may also need to verify your identity directly and ask you to confirm the representative’s authority.

To exercise your rights, your information will be disclosed to our privacy management third-party service provider. Please be informed that Adyen has implemented the appropriate safeguards to ensure your information is adequately protected.

Some of the information you send us may be disclosed to other Adyen group companies outside of the European Economic Area ("EEA"). These countries encompass the countries in which we have operations (you can find a full list here).

To protect your data when it is transferred to countries outside of the EEA, we have implemented appropriate safeguards. When we transfer data to our Adyen group companies, the transfers are protected by an intragroup agreement containing Standard Contractual Clauses. For transfers to our services providers located outside of the EEA, we rely on Standard Contractual Clauses. If you would like to know more about these safeguards, you can contact us using the details below, under “Contact us”.

We use third parties to offer you our website, as well as our products and services. Where necessary, we will disclose your information to our service providers and professional advisers (e.g. IT providers, KYC partners, CRM providers, marketing support providers (such as agencies that manage our social media accounts), social media providers such as LinkedIn, analysts, customer service providers, business development providers and legal service providers). We have established agreements with our service providers to protect your personal data.

We may disclose information to third parties in connection with legal claims, or when we have a legal obligation to do so. We may also disclose information with your permission (such as if we wish to disclose your details with another group company for their recruitment purposes).

Name, date of birth, contact information, bank account number, tax identification number, nationality and national identification number, and job title, including biometric data. Birth certificates for parents or guardians of minors (children ages 13-17).

Adyen discloses this information to identity and verify providers and screening partners, including credit reference agencies, and may disclose this information to regulatory authorities upon request or for mandated reporting. Adyen may disclose this information to payment schemes, local payment providers, debt collecting agencies, and other third-party service providers, depending on the services acquired. Adyen may also make such information available to Platform customers you have signed up with.

Adyen discloses this information to our customers in our Customer Area, to authorities pursuant to legal orders, and to the selected payment schemes, such as Visa and Mastercard, and local payment methods upon request. Adyen may disclose this information to regulatory authorities upon request or for mandated reporting.

If an event (or workspace or campaign) uses an Activity challenge advanced module that includes step count data, and participants allow the use of step count on their devices, this data is collected solely to foster engagement. The data is used only within the scope of the challenge for this specific event, reported in aggregate form, and is not retained or processed as health-related data or personal activity profiles.

Questions, comments, requests, or complaints concerning this privacy statement or the way we process your personal data are welcomed and can be addressed to our Data Protection Officer at dpo@adyen.com or Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, the Netherlands, or to lgpd@adyen.com if you are located in Brazil.

If you would like further details on any of the third parties your personal data is “sold” to or “shared” with, would like to know the purpose of their data processing, the manner in which data is processed, or how you can communicate with such third party to exercise your data privacy rights, please contact dpo@adyen.com, or lgpd@adyen.com if you are located in Brazil.

If you have a complaint about the way we handle your personal data, you also have the right to address this to the data protection authority of the country in which you live or work, or the country in which we are located.

Adyen is a payment service provider and as such provides acquiring services to its customers. This means that Adyen accepts payments on behalf of the relevant merchant and transfers the funds paid by the shopper (“you”) to merchant. Adyen’s role is to request the relevant payment scheme, such as Mastercard, Visa or iDeal, to authorize the transaction and send this authorization to the shopper’s bank for approval. If the bank gives approval, Adyen is notified by the relevant payment scheme and makes the payment to merchant’s bank.

When we provide such acquiring services to our customers, we process your personal data as a data controller. It is important to us that your personal data is handled carefully and that you are well informed about the way we process your personal data.

We process the data we need for our legitimate interest of providing acquiring services to our merchants, which in this context are usually web shops and brick-and-mortar stores that sell you goods and services. This means that we receive your payment on behalf of merchant and handle matters relating to these financial transactions. In addition, when a merchant wishes to charge your card for a recurring payment and your card has expired, Adyen may request the relevant payment scheme or look up your up-to-date card information on the Adyen platform, to facilitate your payment.

In addition, we process your data to comply with our legal obligations as a financial institution, such as to monitor financial transactions to help prevent fraud, money laundering and terrorist financing. For these reasons, we may collect (i) your debit or credit card number (which we encrypt in accordance with PCI DSS standards); (ii) the expiry date (month and year) of your card; (iii) your bank account details, including IBAN and SWIFT/BIC; (iv) the transaction amount and the currency in which the transaction is initiated, the date, time, and location of the transaction; and (v) the category and ID of merchant you are shopping with.

If necessary, we can also process any of the information outlined above for our legitimate interest of protecting our legal rights – for example, in connection with legal claims, and when we have a legal obligation to process your information.

We keep the data we collect to perform the transaction in accordance with applicable laws. For most jurisdictions, this is a period of seven (7) years after conclusion of the relevant transaction, in order to meet our fiscal, corporate, and other statutory obligations.

The retention terms above can be longer than stated, if we are required to keep this data for any other applicable law or to administer our business. If we need to keep any information longer for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.

In some jurisdictions, we may partner with third parties to be able to offer you our acquiring services. It will depend on your location, the payment method you use, and the third party issuing bank. Additionally, we disclose your information to merchant you are shopping with, and if relevant, used by the platform. We may also disclose some of your information to competent authorities and/or regulators, in case this is required to comply with our obligations as a financial institution – for example, to prevent money laundering or terrorist financing.

Otherwise, we will not disclose your information to any third party, unless we have your permission, and where it is necessary in connection with the purposes above, or with legal claims, or when we have a legal obligation to do so.

You may be an Adyen customer as a (i) merchant; (ii) platform, user / sub-merchant (for instance by using our services through a third-party platform); (iii) card holder; (iv) business account holder; or (v) card program

provider. If you sign up to become one of our customers by entering into an agreement with Adyen (including by accepting our terms and conditions), we will collect information we need to establish and perform a contract with you; this includes your (i) contact information; (ii) address; (iii) ID documentation; (iv) tax information; (v) creditworthiness; and (vi) payment details. We use this information to set up our products and services for you, and to provide you with support, onboarding, and integration to our platform. We also use this information to help you with configuring settings in the Adyen Customer Area, POS terminal field services, installation of POS terminals in stores, to pick up old/damaged POS terminals, and with other actions that need to be taken to establish or perform our contract with you. In addition, we use your information for our legitimate interest of managing our internal administration and to comply with our legal obligations, such as the prevention and detection of fraud, our Know-Your-Customer processes, and taxation obligations.

We have an obligation to comply with applicable laws and regulations, and to prevent fraud, money laundering, and terrorist financing. Since we are active in the financial sector, we cannot accept any customer without performing thorough checks, or without determining, investigating, and reporting suspicious transactions that take place. Therefore, if you are applying to become one of our customers, d we will need to collect up-to-date information and documents during the performance of our agreement to:

– Monitor your behavior and transactions across the Adyen platform, including by using automated systems such as machine learning models that detect risks, fraud metrics and patterns, and verify the origins of your capital/assets;

To carry out the above checks, we process information (including personal data) that you have provided to us, as well as other information created by your use of the Adyen services. This may include your name, your contact information, a copy of your identification document, your tax identification number or BSN (if legally required), biometric data (including a facial scan, voice recording and/or video), the address of your legal representative and shareholders, your bank account number, information contained in correspondence between us, bank statements, your signature, and an extract of your company registration document. We may use third-party identification, screening, and verification services (including credit reporting agencies or open banking providers) in order to assist us in verifying your identity and the documents provided to Adyen. Depending on the services you use, we may share your data with payment schemes, local payment methods, and other third-party service providers.

We use this data to ensure the safety and integrity of the financial sector by aiming to identify, prevent, and counter illegal conduct, and to comply with our Know-Your-Customer and anti-money laundering obligations, for example under the Dutch Financial Supervision Act (Wft) and the Dutch Money Laundering and Terrorist Financing Prevention Act (Wwft). In accordance with local laws, Adyen may be required to process the above mentioned personal data to investigate and report unusual transaction behavior.

Adyen may use automated decision-making, including profiling, during the initiation or execution of a contract with you, where permitted by applicable laws, or with your consent. If this decision would have legal implications or otherwise significantly affect you, you have the right to opt-out of such profiling, obtain human intervention, express your point of view, or contest the decision based solely on automated processing, including profiling.

– To protect our platform, systems and services from misuse, fraud, financial crime, or other unauthorized or illegal activity including the prevention, investigation, and detection of (payment) fraud on the basis of legitimate interest and/or compliance with legal obligations; and

If you are currently, or become, one of our customers, we will keep information relating to our business relationship for a period of seven (7) years following the end of your contract with us, or until the rejection of your application. Documents used to verify your identity, including biometric identifiers, are stored for five (5) years, in accordance with our obligations to prevent fraud, money laundering, as well as in accordance with counter terrorism financing regulations. Data that we have collected in relation to our legal obligation to verify our customers will be kept for as long as it is required by law – in most cases, five (5) years. We may also disclose some of your information to competent authorities and/or regulators, in case this is required to comply with our obligations as a financial institution, for example, for the purpose of preventing money laundering and terrorist financing.

If you or your employer sign up for our Card Services, we may provide you with a debit card, charge card, or prepaid card depending on the type of account linked to your card (“Card Services”), and in connection with your Card Program Provider’s agreement with Adyen. We will process your personal data, including KYC information (e.g., name and address), in order to provide you with these services. Your name, address, and card details may be shared with card manufacturers to provide you with a physical card.

We keep the data we collect in order to perform the transaction in accordance with applicable laws. For most jurisdictions, this is a period of seven (7) years after conclusion of the relevant transaction, in order to meet our fiscal, corporate, and other statutory obligations.

The retention terms outlined above may be extended if we are required to keep data longer due to applicable law, or to administer our business. If we need to keep any information for an extended period for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.

If you are a user or sub-merchant and are signed up for Adyen Capital (a financial product offered by Adyen to its platform customers), you may receive an Adyen loan or merchant cash advance, depending on your location. To be able to offer you these products, Adyen will need to collect KYC information from you.

In order to determine your eligibility for Adyen Capital, we will run initial checks on your use of Adyen products and services, including your current and anticipated sales volume. We may rely on our customer’s own internal credit checks and compliance checks to determine eligibility and/or may collect additional information. This process may involve automated decision-making, which may include profiling under certain privacy laws. You have the right to opt-out of such profiling. Please note that opting-out of profiling will mean that you are no longer eligible for Adyen Capital. Please see Your Individual Rights for more information about these rights and how to opt-out.

The retention terms above may be extended if we are required to keep data longer due to applicable law, or to administer our business. If we need to keep any information for an extended period for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.

If you request an Adyen business account, we process your personal data such as your name, address, company name, and address in order to provide you with the business account. In addition, we may collect additional personal information to complete KYC or other compliance obligations. In order to perform any services related to your business account, Adyen will process all information relevant to the business account, account funding, as well as the account and routing number associated with the business account.

The retention terms may be extended if we are required to keep data longer due to applicable law, or to administer our business. If we need to keep any information longer for an extended period for our legitimate interest of protecting our legal rights, we will keep the necessary information for this purpose until the relevant claim(s) has/have been settled.

We are committed to securing your personal data and have implemented measures to do so effectively. In order to prevent unauthorized people or parties from being able to access your data, we have put in place a range of technical and organizational measures to safeguard and secure the information we process about you. These include:

We maintain an Information Security Program to identify risks and implement appropriate controls. This program is reviewed on a regular basis to ensure continued effectiveness and accuracy. We have a full-time information security team responsible for monitoring, maintaining, and continually improving our security. We have suitable and effective information security policies and procedures that are essential to complying with relevant regulations.

PCI DSS is a set of information security and business best-practice guidelines to establish a “minimum security standard” to protect customers’ payment card information. Adyen undergoes at least an annual third-party audit to certify our product and payment platform with the PCI-DSS.

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate Adyen’s information systems relevant to security, availability, confidentiality, and privacy. Adyen undergoes at least an annual third-party audit to report on the suitability of the design and the operating effectiveness of our controls.

We restrict administrative access of our production systems to approved personnel. When hired, our approved personnel are assigned unique IDs and credentials. Upon termination of approved personnel, or where compromise of such credentials is suspected, administrative access is revoked. Access rights and levels are based on our employees’ job function and role, and are based on the security concepts of ‘least-privilege’ and ‘need-to-know’, to ensure access privileges are matched with defined responsibilities.

We have an incident management process for security events that may impact the confidentiality, integrity, or availability of our systems or data. This process includes defined response times for Adyen to notify relevant parties. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. The incident response program includes 24×7 centralized monitoring systems and on-call staffing to respond to security incidents.

At our physical locations, such as data centers, there are controls in place to prevent unauthorized physical access. These include: Security checkpoints, badged (or biometric) authentication, mandatory visitor sign-in, and video surveillance.

We uphold industry-standard, and secure network architecture, supported by reasonably sufficient bandwidth and redundant network infrastructure to mitigate the impact of any individual component failure. Our security

team utilizes industry-standard utilities to defend against known common unauthorized network activity, monitor security advisory lists for vulnerabilities, and undertake regular external vulnerability scans and audits.

Our products and our payment platform are designed and developed with industry-defined security and privacy practices in mind. We maintain a documented product development lifecycle, known as a Secure Software Development Lifecycle (SSDLC), with formal development principles.

You can sign up to receive marketing communications (such as our newsletter), personalized messages with the intent to establish a business relationship, or invitations to events, by providing your name and email address via the sign-up form on our website. When you fill out this form, you give your consent to receive our newsletters, invitations to events, and other relevant marketing communications. You can unsubscribe from these emails at any time by following the instructions in the respective communication.

If you are one of our merchants, we may contact you about relevant products or services, for our legitimate interest in developing our business. We can do this by reaching out to you via email, or by connecting with you on LinkedIn, and/or by sending you messages on LinkedIn. If you are not yet one of our merchants, we will only contact you with offers or about our products or services. When we contact you for these purposes via email, you will have an opportunity to opt-out by following the instructions within the email, or by contacting us using the contact details below (under “Contacting us”). Our action will be subject to applicable limitations of the laws of your home jurisdiction.

You can also download content, for example white papers and research reports, from our website using the forms designed for this purpose. We collect the data you provide on the form, including your name, company, country, and email address. We process the data you provide on this form for our legitimate interest of keeping track of who downloads our content, and to send you relevant marketing communications.

You can sign up to receive marketing communications (such as our newsletter), personalized messages with We store the information that we process from you as a result of you subscribing to our newsletters, or because you have consented to receive information about our products and services or about offers, until such a time as you decide you would no longer like to receive these mailings.

Through our website, you have the option to contact us directly and to ask us to contact you regarding any questions, queries, (support) requests, comments or complaints you have. Additionally, you can fill out an application to become a merchant or a partner, or sign up for a test account. When you do this, we collect the information that you provide, including your name, company, contact details, the reason you are contacting us, verification that you are not a robot, and other information you decide to fill out. You can also contact us by calling or emailing us using, for example, the contact details listed on our website. If you do so, we will collect

your name, company, and any other information we need to be of further assistance to you and/or communicate with you. When speaking with us over the phone, we may also process and record conversations you have with Adyen staff. The recording of your telephone conversations will be processed for quality assurance and training purposes related to your use of our products and services. We process this data with your consent so that we can assist you in adequately using our products and services, as well as to improve and optimize our services.

We use the data, as outlined above, to answer your question, comment, or complaint, and respond to your queries and (support) requests, as well as to assess your application to become a customer or partner. As such, we use this data to establish or perform our (future) contract with you and for our legitimate interests in following up with you. We also use the data above for our legitimate interest of conducting business with you and managing our internal administration, for training purposes, for establishing and performing our contract with you, for our legitimate interest of conducting marketing research so we can improve our products and services, and to be able to offer our (future) customers tailored products and services.

When you browse our website, we process your IP address, internet browser and device type, location data, and information about your use of our website and the app – including which pages you visited, how you came to our website, the time and length of your visit, and your language preferences.

We use this data for our legitimate interests of making sure our website works properly, including for debugging, to be able to deliver you content and for DDOS mitigation, and improving our website, and to perform statistical analyses for optimizing and improving our website. We also use this information to provide you with personal offers tailored to your needs, and to tailor what we show you to your preferences, with your prior consent.

When we collect information about how you use our website, such as which landing pages you visit and which items you look at, we do so in order to determine how we can best provide our services to you. For example, if you read about our products and services on our website, we might classify you as a user or a website visitor who is interested in our products and services, and therefore as a potential customer of Adyen. Based on the audience we infer you belong to, we may for example contact you with offers about our products and services, providing we have your consent to do so, and subject to limitations under the laws of your home jurisdiction.

In order to make the most accurate assessment about which audience you likely belong to, and as you can read in our Cookies Policy, we also use tracking cookies. These cookies track information about how you use our website and which other websites you visit, for example to show you advertisements for products and services of ours that we anticipate you might be interested in. We only place these tracking/targeting cookies with your prior consent. For more information about these tracking cookies, please view our Cookies Policy.

On our website, we might ask you to provide feedback on the specific page you are visiting. When giving your feedback, you can optionally provide your name and email address. We can use this information to follow up with you personally.

For example, data about your visit(s) to our website will be retained until your use (or ‘browsing session’) ends, except where it concerns data collected for the analytical and marketing purposes specified above. In those cases, we will keep your information for a period of one (1) year following its collection.

We use tags on our website from social media networks such as Facebook, LinkedIn, and X. You will be able to recognize these tags by their logos. Our tags are tracking pixels that will send user behavior back to the network(s). The tracking pixels will only work if you accept our cookie statement.

We do not have any influence over which data these providers collect from you and we are also not aware of the extent of their data processing. If you would like more information about their data processing, this can be found in the respective privacy policies of these providers.

We also collect data about your use of our products and services and your Customer Area account, including your login details, and the questions, queries, comments, and complaints you send or share with us regarding our business relationship. We process this data to be able to perform our contract with you by following up with you, provide you with support where necessary, and for our legitimate interest of being able to optimize and improve our products and services.

We can also use your (company) email address for: keeping you up to date with our products and services; tailoring offers to your needs (meaning that offering products and services similar to those that you have already purchased from us); inviting you to participate in surveys regarding our products and services; or inviting you to events.

If necessary, we can also process any of your information above for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process your information. We may also transfer your data in the event of a company reorganization, or business transactions, such as in the event of sale or bankruptcy.

The retention terms above may be extended if we are required to keep data longer on the basis of applicable law or to administer our business. If we need to keep any information for an extended period for our legitimate

Adyen offers its customers different kinds of fraud detection services. For some of our fraud services, Adyen acts as a data processor on behalf of, and under the instructions of, its merchants. Please take a look at our merchants’ privacy policies for more information regarding this processing of your personal data.

For activities involving fraud detection, prevention, and monitoring, where Adyen acts as a data controller, the following information may be utilized, including but not limited to transaction data (such as card number and cardholder name), email address, location data, IP address, information on disputed transactions, information on confirmed fraud, merchant details, device fingerprint, and unique identifier(s).

Adyen uses your personal data for the purposes of protecting you against fraud or unauthorized transactions, and preventing and monitoring fraud across the Adyen platform. Furthermore, Adyen has a legal obligation to prevent money laundering and terrorist financing. This includes the identification of fraud with the payment details provided by our merchants, or information about fraud from other third parties, such as issuing banks, acquirers, or payment schemes.

Additionally, Adyen processes and aggregates your personal data to create, train, and run models or other methods to accurately identify, predict, prevent, and mitigate fraud across the Adyen platform globally. These models or other methods may be leveraged to offer fraud-related products and services to our merchants.

Within the limits of what is legally permitted regarding automated decision-making, the use of these fraud models and/or other methods may result in merchants making decisions over whether or not to grant you access to a product or service, and/or whether or not to authorize a transaction. For more information please click here.

We use cookies and similar techniques, such as pixels, which are small text files stored on your device. Using cookies is a way for us to ensure that our website is continuously improved and serves as a tool to optimize our marketing strategies. In order for us to do this, we place only strictly necessary performance and functional cookies to enable the website to function, as well as targeting and social media cookies which help us reach the right audience and display advertisements effectively. Some of these cookies track your use of our website and visits to other websites, as well as allow us to show you advertisements when you browse other websites.