- Overview 2
- Who are we? 2
- What personal data do we process and when/how? 2
- On which legal basis and for which purposes do we process your personal data? 3
- What about SILVRR’s profiling and solely automated decisions that significantly affect you? 8
- For how long will we process your personal data ? 9
- To whom do we communicate or give access to your personal data? 9
- Do we transfer your personal data to third countries? 10
- Do we receive any information on you from third-parties? 11
- What are your rights and how can you exercise them? 11
- Questions and complaints – Contact information 14
For the purpose of the relevant data protection legislation, the data controller responsible for your personal data is SILVRR (as further described in section 2. below).
You are welcome to contact us (see our contact information below) if you have any questions relating to our data protection activities that are not answered in this data protection declaration.
2. Who are we?
Cotsworlds Ecommerce Limited SA (hereinafter “SILVRR”, “we”, “us”) is registered with the Belgian authorities under BCE n°0771.804.155, with registered address Avenue Louise 65-11, 1050 Brussels, whose email is service.XX@silvrr.com. SILVRR is a service provider, through cooperation with its payment service partner, providing consumers with the option to “pay later without interest or cost” or “pay in several instalments without interest or cost” (altogether the “payment solutions”).
3. What personal data do we process and when/how?
3.1 What personal data do we process?
Personal data means any information relating to an identified or identifiable natural person and therefore concerns all information about a (directly identified) customer or on the basis of which the identity of the customer can be derived.
We collect the following personal data from you when you visit our Website and use our Service(s):
- Device-related information: national code, adjust id, Google id, hardware information, display screen information, build information, memory information, system information storage information (like 128G or 256G), Wifi information, Bluetooth information, Internet information, battery information, sensor information,data relating to device ID, IP address, language settings, time zone settings, operating system, screen resolution, App usage behaviour;
- Contact information:email address, mobile phone number, billing address;
- Information about the goods and services: data relating to details of the goods and services that you buy, delivery address, tracking number of the delivery;
- Identification information: your first and last name, your date of birth, a copy of your ID card or identification documents, your national registration number, your title, your occupation, your gender, your nationality;
- Financial information:information relating to your income, any credit obligations that you might have, your negative credit records, your payment history, credits granted to you, your account number, the name of the account holder used for the payment solutions;
- Contacts information: information relating to reference contacts;
- Additionalinformation: information on your behaviour and consumption.
3.2 When/how do we collect your personal data?
The personal data described in section 3.1 are either directly collected from you via direct interactions or from your devices, by SILVRR or via third parties or publicly available sources, in the following manner:
- device-related information is directly collected from your device when you launch our App;
- contact information is directly collected from you when you open an account with us and register to use our Service(s);
- information about the goods and services is directly collected from you when you place an order or complete an order via our Service(s);
- identification information is directly collected from you when you apply for payment solutions;
- financial information is collected from third parties when you apply for payment solutions;
- contacts information is directly collected from you and your device when you apply for payment solutions;
- additional information is collected from telecom operators or other e-commerce platforms when you apply for payment solutions.
4. On which legal basis and for which purposes do we process your personal data?
1.1 On which legal basis do we process your personal data?
Under this section, we tell on what legal grounds we process your personal data. Depending on this legal basis, your rights with regard to our processing activities may differ.
We will process your personal data on the basis of one of the following legal grounds:
- the processing is necessary for entering into a contract or performing a contract (Article 6(1)(b) of the GDPR);
- the processing is necessary for the purposes of the legitimate interests pursued by the controller (us) or by a third party (Article 6(1)(f) of the GDPR) and does not unduly affect your interests or fundamental rights and freedoms;
- Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interest and your privacy. This data will remain strictly confidential. Such legitimate interests include fraud prevention, marketing, know your customer (“KYC”). You can contact us for more information on how we strike a balance (see section for our contact details).
- the processing is necessary for compliance with a legal obligation to which SILVRRis subject (Article 6(1)(c) of the GDPR), for example in limited cases with regard to the prevention of money laundering, or to respond to requests from competent authorities in this context;
- you gave your explicit consent for the processing for one or more specific purposes, it being understood that SILVRRwill at all times ensure that your consent is compliant with the applicable laws and regulations (Article 6(1)(a) of the GDPR).
4.1 For which purposes do we process your personal data?
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose.
Accordingly, we process your personal data for one of the following purposes:
- fulfilment of Service(s) : we use your personal information (i) to take and handle your order and delivery, (i) to send you statements, billings, notices, (iii) to communicate with you about your orders, products and services, (iv) to respond to queries, requests and complaints; it being understood that our processing activities may slightly differ depending on whether we act as merchant or as pure platform operator;
- fraud prevention: we use your personal information to allow us to detect and prevent fraud and abuse in order to protect the security of our customers, SILVRRand others;
- (direct) marketing: we use your personal information to send or contact you to provide you on the e-mail address you have provided for direct e-mail marketing with commercial information (e.g. offers, promotions, discounts, rewards) about the goods and services offered on our platform.We will only inform you about Services that are similar to those services and goods you have used in the past and in case you have not objected the use of your personal data for marketing purposes;
- know your customer (“KYC”): we use your personal data for enabling us to better understand you and your financial state in order to manage the risks of our payment solutions in a well-judged manner;
- credit assessment: if you apply to one of ourpayment solutions (and provided those are available in your jurisdiction), we use your personal data in the context of an automated credit check to assess your request. The purpose of this assessment is to prevent payment defaults, but also to detect fraud attempts or attempts at other offences;
- payment collection: should you not pay us on time for any reason,we may use your personal data to remind you to pay;
- training of our AI systems: we use your personal data in a pseudonymised manner for enabling us to train our artificial intelligence software for delivering, ensuring proper functioning and improving our Platform and Service(s).
- improvement of our Service(s): we use, to the extentnecessary, any category of personal data to evaluate, improve and ensure our Service(s) are working as intended. This includes but is not limited to (i) communicating with you (customer support, reviews of our products and services, information on new products and features, surveys etc.), (ii) monitoring the usage of the App after a publicity or marketing campaign, (iii) analysing the use and performance of our products, services and websites, (iv) tuning, enhancing, improving and facilitating the functionality of the App and (v) performing accounting, auditing, billing, reconciliation and collection activities, (vi) fraud management and risk management;
- compliance with applicable rules:we use, to the extent necessary, any category of personal data to comply with applicable legal requirements and industry standards and policies.
4.2 Overview of our processing activities
(namely, what we are doing, why and when)
|Categories of personal data used for this purpose, and their source
(See section 3. for more information on each category)
|Legal basis for the processing under the GDPR|
|Fraud Prevention (on a continuous basis when you use our App)
|· device-related information;
· contact information;
· identification information (only to the extent relevant for the purposes of fraud prevention);
· financial information;
· contacts’ information;
· additional information;
|The processing is based on SILVRR’s legitimate interest (to prevent any fraud in the use of our Service(s), which also benefits our customers).
Where we process special categories of personal data, our processing will only be carried out on the basis of your explicit consent (Article 9(2)(a) of the GDPR), or on the basis of a legal obligation depending on the jurisdiction (Art. 9(2)(g) GDPR).
Please note that we only process additional information (see section 3. for further details) provided you gave us your explicit consent.
|(direct) Marketing (on a continuous basis as long as you remain a client of ours or until you object to our processing for marketing)||· contact information;
· information about goods/services;
|The processing is based on SILVRR’s legitimate interest (our interest to inform you of our products and Service(s)).|
|Fulfilment of Service(s) (when you use our Service(s) and until completion thereof)||· information about goods/services;||The processing is necessary for the performance of the contract you concluded with us.|
|Know Your Customer (“KYC”)
(when you register with us; and at regular interval, to update your information)
|· identification information ;
|The processing is based on SILVRR’s legitimate interest (to know its customers to ensure proper performance of the contract).
Where we process special categories of personal data, our processing will only be carried out on the basis of your explicit consent (Article 9(2)(a) of the GDPR), or on the basis of a legal obligation depending on the jurisdiction (Art. 9(2)(g) GDPR), for instance compliance with AML law.
|Credit assessment (when you apply for one of our payment solutions and provided these payment solutions are available in your jurisdiction)||· financial information;
· contacts’ information;
· additional information;
|The processing is necessary for the performance of the contract you concluded with us and is based on SILVRR’s legitimate interest (to ensure the solvency of its customers).
Insofar as this is based on automated individual decision making, this decision making is carried out in compliance with Art. 22 GDPR.
This means in particular, that an automated individual decision making which produces legal effects towards you or similarly significantly affects you will only be carried out with your express consent.
In such cases, we will take suitable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on our side, to express your point of view and to contest the decision.
|Payment collection||· financial information;
· additional information;
|The processing is based on SILVRR’s legitimate interest to collect payments.
|Training of our AI systems||· any category of personal data (to the extent necessary for the purpose for which they are processed);||The processing is based on SILVRR’s legitimate interest (being to deliver, ensure proper functioning and improve our Platform and Service(s).|
|improvement of our Service(s)
|· information about goods/services;
· additional information;
|The processing is based on SILVRR’s legitimate interest (being to improve our Service(s)).|
|compliance with applicable rules||· any category of personal data (to the extent necessary for the purpose for which they are processed);||The processing is necessary for compliance with legal obligations to which SILVRR is subject.|
5. What about SILVRR’s profiling and solely automated decisions that significantly affect you?
Profiling is an automated processing of personal data to assess certain personal matters, for example by analysing or predicting your behaviour and your personal preferences as a customer (e.g. shopping interests).
We use profiling to provide you a better service, namely to provide:
- a personalised service by customizing our content in accordance with what we believe is the most interesting to you; and
- a personalised and suitable marketing.
You have the right to object to our profiling for marketing purposes at any time by contacting us (see our contact details in section 12. If you object to such processing, we will stop our profiling for marketing purposes. Please note that once you terminate your contract with us, we will also stop our profiling for marketing purposes.
Please contact us should you have any questions/remarks about how we proceed to our profiling (see our contact details in section 12).
5.1 Solely automated decisions that significantly affect you
A solely automated decision refers to a decision that has been delivered to you without any of our employees being involved in the process of the decision making. Such processing, involving solely technological mean, allows us to offer you an objective and transparent decision.
For the purpose of entering a contract relating to our payment solutions with you, we provide you with a solely automated decision where we:
- decide whether to approve (or not) your application for one of our payment solutions;
These decisions are taken on the basis of the data you provide us, data that we gather from third parties or public sources as well as our internal policies based on our internal credit risk levels and the general repayment rates of our customers (depending, for example, on the product category) and we may use, among other things, mathematical-statistical procedures to calculate payment probabilities based on this information (scoring);
- decide whether you present a risk of fraud;
These decisions are taken to determine whether your behaviour indicated possible fraudulent conduct or is inconsistent with what we know about your, whether you are truly who you pretend to be. These decisions are taken on the basis of the data you provide us or collected from your device. We may use, among other things, mathematical-statistical procedures to calculate payment probabilities based on this information (scoring). We use your address data for scoring. However, the scoring is never only based on your address data.
As indicated above, some of the decisions we take are solely automated and, as they influence your access to some of our Service(s), significantly affect you as a customer. You may object to a solely automated decision that significantly affected you by contacting us by e-mail service.XX@silvrr.com and contest our decision. In that case, one of our employee will review your query and make sure that your credit request or your fraud risk profile be reviewed with the involvement of human intervention.
Please contact us should you have any question about how we proceed to our solely automated decisions (see our contact details in section 12).
6. For how long will we process your personal data ?
We only keep personal data in an identifiable format for as long as is necessary for the purpose for which we are processing it (see more information on this in section 4.3), and, duly restricted, for as long as prescribed to comply with applicable laws and regulations (e.g. anti-money laundering laws, tax laws).
In particular, where we have a contractual relationship with you, we keep your personal data for as long as this contractual relationship lasts, and thereafter, duly restricted for as long as necessary for keeping legal evidence, protecting us against claims and safeguarding our legal rights. We may also keep the data for a longer period if required by law.
In any case, we will protect the confidentiality of your data, and where appropriate take steps to anonymise your personal data and any other information.
7. To whom do we communicate or give access to your personal data?
We may transfer data to third parties who process data in the context of performing or offering our Service(s) on our behalf (subcontractors which have integrated our Service(s) into their own platforms or applications and offer them to their customers or merchants with which we do not have a contractual relationship). Those actors act either as processors for us, or for the customers or merchants to which they offer their services. When acting as our processors, they are not authorized to use the data or disclose it in any way except as here above described or to comply with legal requirements. The processors accessing your personal data generally operate in the information systems. We contractually require these third parties and our Partners to appropriately safeguard the privacy and security of personal data they process on our behalf.
If you want more information on the entities to whom we disclose, please contact service.XX@silvrr.com.
8. Do we transfer your personal data to third countries?
SILVRR may (i) enter into agreements with Partners located outside the European Economic Area whereby those have access to personal data or (ii) transfer personal data to entities, including group entities to which SILVRR belongs, located outside the European Economic Area (such as, for instance, China, Indonesia).
The level of data protection in countries outside the European Economic Area may be less than the level of data protection offered within the European Economic Area and transfers outside the European Economic Area. SILVRR shall ensure that an adequate level of protection for such personal data is guaranteed by implementing one or more of the safeguards as set forth in Chapter V of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”)).
In case SILVRR cannot rely on an adequacy decision taken by the European Commission under Article 45 GDPR for a data transfer outside of the European Economic Area, SILVRR will enter into Standard Contractual Clauses (as approved by the European Commission) under Article 46.2 GDPR with the recipient of your personal data. In addition and where necessary, SILVRR may take supplementary measures in order to ensure compliance with the level of protection guaranteed within the European Economic Area.
We are committed to processing your personal data within the European Economic Area (the “EEA”), but your personal data may be transferred outside the EEA in certain situations, including (without this list being limitative) within the entities to which SILVRR belongs or to some of our Partners outside the EEA.
If you want more information on the entities, countries where your data is transferred, and safeguarding measures we take, please contact our DPO (see contact details in section 12. below).
9. Do we receive any information on you from third-parties?
Yes, we do.
We may receive additional information on your behaviour or your consumption from credit reference agencies, telecom operators or from other e-commerce platform you dealt with, if there are available to use and only if you agree to it.
10. What are your rights and how can you exercise them?
10.1 Data protection rights
In accordance with applicable regulations, you have the following rights:
a) Right to access
At any time, you have the right to access your personal data that we process, meaning that you have the right to obtain a copy of your personal data that is processed by us.
b) Right to rectification
You have the right to have inaccurate or incomplete personal data rectified, respectively completed (which may involve providing a supplementary statement to the incomplete data).
c) Your right to erasure
You may ask us to erase the personal data concerning you in the following circumstances:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent on which the processing is based and there is no other legal ground we can invoke for the processing activity concerned;
- you object to the processing of personal data concerning you which is based on the necessity of processing for (i) the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or (ii) the purposes of the legitimate interests pursued by us or by a third party, which includes profiling based on those provisions, and there are no overriding legitimate grounds for the processing;
- you object to the processing of personal data concerning you for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation to which we are subject;
However, we do not have to agree to delete all your personal data in those situations as prescribed by law where we are allowed or required to keep your personal data for a longer period of time.
d) Your right to restrict processing
If you have an issue with the content of the information we hold or with the way we have processed your personal data, you may limit the way we process your personal data.
You have the right to obtain restriction of processing by us in the following circumstances:
- you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- you have objected to the processing of personal data concerning you which is based on the necessity of processing for (i) the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or (ii) the purposes of the legitimate interests pursued by us or by a third party, which includes profiling based on those provisions, pending the verification whether our legitimate grounds override yours.
e) Your right to data portability
Where legally applicable, you have the right to have the personal data you have provided to us to be returned to you or, where technically feasible, transferred to a third party in a structured, commonly used and machine-readable format. Upon your request, we will provide you or the recipient designated by you in your written request, a copy of such personal data in a CSV or similar format.
f) Your right to object
You have the right to object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing. In some cases and depending on the legal basis of our processing of your data, your right to object may be limited.
g) Your right to withdraw your consent
Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. You have the right to withdraw your consent to such activities at any time, by sending a request by our App. Such withdrawal will not affect the lawfulness of past data processing. Please note that opposing to some processing can, however, affect some aspects of your use of our Service(s) as SILVRR cannot provide these without processing necessary elements of your personal data.
h) Your right not to be subject to a decision based solely on automated processing
You have the right to ask that we do not make our decision solely based on automated processes, including profiling. You can object to such an automated decision, and ask that a person reviews it unless such decision is authorised by applicable law to which we are subject.
10.2 How to exercise your data protection rights
- by email: email@example.com
We do our best efforts to respond to your request within a reasonable timeframe.
We will ensure that you are informed of the changes sufficiently in advance thereof, taking into account the potential impact of the change on you.
12. Questions and complaints – Contact information
- by email: firstname.lastname@example.org
In case you contact us, you are required to provide at least your first and last name, and a copy of your ID card / identification document, when necessary to identify you (passport or other proof of identity). Otherwise we won’t be able to identify you and, consequently, reply to your complaint.
If you feel like we have not addressed your questions or concerns adequately, you have the right to lodge a complaint at any time with the Data Protection Authorities, e. g. with the Authority competent for us in Belgium, using the following contact details:
- by e-mail to email@example.com;
- via their helpline on +32 (0)2 274 48 00; or
- by writing to Rue de la Presse / Drukpersstraat 35, 1000 Brussels.