Version dated July 1, 2026
1. Purpose
The purpose of this Privacy Policy is to inform data subjects about the processing of personal data carried out by EASYTRANSAC in the course of its business activities.
In particular, it describes the categories of personal data processed, the purposes of the processing, the recipients of the data, the retention periods applied, and the rights of the data subjects.
EASYTRANSAC processes personal data in accordance with applicable data protection regulations, including Regulation (EU) 2016/679 of April 27, 2016, on the protection of personal data (“ GDPR”) and Law No. 78-17 of January 6, 1978, as amended, known as the “Data Protection Act.”
2. Data Controller
The controller of personal data is:
EASYTRANSAC
SAS with a capital of 491,450 €
Strasbourg Commercial Register No. 809 285 851
204 avenue de Colmar
67100 Strasbourg
France
Any questions regarding this Policy or the exercise of your rights regarding the protection of personal data may be directed to:
3. Scope
This Policy applies to the processing of personal data carried out by EASYTRANSAC in the course of its business activities.
It applies, in particular, to the processing of personal data relating to:
- To visitors of the EASYTRANSAC website;
- to prospective customers;
- to users of EASYTRANSAC services and platforms;
- to the legal representatives, beneficial owners, and business contacts of merchants;
- to cardholders in connection with payment transactions processed through the services offered by EASYTRANSAC.
4. Categories of Personal Data Processed
Depending on the processing activities carried out, EASYTRANSAC may process the following categories of personal data, among others:
• identification and contact information;
• data relating to pre-contractual, commercial, and contractual relationships;
• data required for identity and compliance verification (KYC/KYB);
• data regarding the use of the services;
• transaction data, including certain cardholder data;
• data necessary to comply with legal and regulatory obligations.
Personal data is collected directly from the individuals concerned or indirectly from merchants, partners, service providers, or any other source authorized by applicable regulations.
5. Purposes and Legal Bases for Data Processing
EASYTRANSAC processes personal data only for specific purposes and on an appropriate legal basis.
Purpose of processing: To manage contact requests and communications with prospective customers
Legal basis: Precontractual measures or legitimate interest
Purpose of processing: To manage pre-contractual and contractual relationships with merchants
Legal Basis: Pre-contractual Measures and Contract Performance
Purpose of processing: To provide, operate, and manage the services offered by EASYTRANSAC
Legal basis: Performance of the contract and legitimate interest
Purpose of processing: To perform identity and compliance checks (KYC/KYB)
Legal basis: Performance of the contract and legal obligation
Purpose of processing: To process, secure, and monitor payment transactions
Legal basis: Performance of the contract and legal obligation
Purpose of processing: To prevent fraud, ensure the security of services, and manage incidents
Legal basis: Legitimate interest and legal obligation
Purpose of processing: To ensure compliance with applicable accounting, tax, and regulatory obligations
Legal basis: Legal obligation
Purpose of processing: To manage support requests, complaints, and disputes
Legal basis: Performance of the contract and legitimate interest
Purpose of processing: To conduct sales prospecting activities
Legal basis: Legitimate interest or consent, where required
6. Recipients of Personal Data
Personal data is accessible only to those individuals who are authorized to have access to it as part of their job duties.
Depending on the processing activities carried out, they may be disclosed, in particular, to:
• authorized EASYTRANSAC employees;
• partners involved in the provision of services;
• service providers and subcontractors working on behalf of EASYTRANSAC;
• to the competent authorities when required by applicable regulations.
EASYTRANSAC ensures that recipients of personal data provide appropriate safeguards regarding confidentiality and security.
7. Personal Data Security
EASYTRANSAC implements appropriate technical and organizational measures to ensure the confidentiality, integrity, availability, and security of the personal data it processes.
These measures are tailored to the nature of the data being processed, the processing activities carried out, and the identified risks.
When processing transaction data, EASYTRANSAC complies with applicable security requirements, including those set forth in the PCI DSS standard.
8. Retention Periods
Personal data is retained for no longer than is necessary for the purposes for which it was collected, subject to applicable legal, regulatory, or contractual obligations.
The main retention periods applied by EASYTRANSAC are as follows:
Data category: Data related to prospects
Retention period: 3 years from the date of the last contact
Data Category: Merchant Data
Retention period: The duration of the contractual relationship plus 5 years
Data Category: KYC/KYB Documents and Information
Retention period: 5 years after the end of the business relationship
Data category: Transaction data
Retention period: Up to 5 years after the last transaction or the end of the relevant relationship, subject to applicable legal, regulatory, or contractual obligations
Data category: Accounting documents and supporting documents
Shelf life: 10 years
Data Category: Technical logs and connection logs
Shelf life: 12 months, unless otherwise required
Data Category: Cookies and Other Trackers
Shelf life: 13 months maximum
Upon expiration of the applicable retention periods, personal data is deleted, anonymized, or archived in accordance with applicable regulations.
9. Data Transfers Outside the European Union
The data processing carried out by EASYTRANSAC takes place primarily within the European Union.
When it is necessary to transfer personal data to a country outside the European Union, EASYTRANSAC ensures that the transfer is subject to appropriate safeguards in accordance with applicable regulations.
10. Rights of Data Subjects
Any affected individual has the rights granted to them under applicable regulations, including:
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restriction of processing;
• the right to object;
• the right to data portability, where applicable.
You may exercise these rights at any time by sending a request to the following address:
When necessary, EASYTRANSAC may request any information needed to verify the applicant's identity.
EASYTRANSAC responds to requests within the timeframes specified by applicable regulations.
Any affected individual also has the right to file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL).
11. Cookies and Other Trackers
The website and, where applicable, the services or platforms offered by EASYTRANSAC may use cookies and other trackers to ensure their proper functioning and security, to measure their audience, and, where relevant, to improve the user experience or offer features tailored to users’ preferences.
Cookies and other trackers that are strictly necessary for the operation of the relevant services are used in accordance with applicable regulations. Other cookies and trackers are placed only when the user’s consent is required and has been obtained.
Users can accept, reject, or change their preferences regarding cookies and other trackers at any time using the preference management tool provided.
Cookies and other trackers are retained for a period consistent with applicable regulations. Users’ preferences regarding the placement of cookies and other trackers are retained for a maximum of thirteen (13) months, unless they are withdrawn or modified before the expiration of that period.
12. Changes to the Privacy Policy
EASYTRANSAC may amend this Privacy Policy, in particular to reflect legal, regulatory, technical, or organizational changes.
The current version of the Privacy Policy is available on the EASYTRANSAC website.