Visitor Policy

We have recently updated our Privacy Policy to comply with the new requirements set out by the EU General Data Protection Regulation and to make it easier to read. The updated Privacy Policy will automatically come into effect for all existing users on May 25, 2018. Your continued use of our site from that day on will be subject to our new Privacy Policy.


This Privacy Policy describes the way Escalion S.à r.l. (hereinafter, “Escalion”, “we”, “our” or “us”) collects, uses and shares personal information of a visitor of Escalion.com website (the “Visitor”) and a merchant / business entity that signs up for our services (the “Merchant”)

Visitors and Merchants accept this Privacy Policy by visiting our website and/or by using our services.

If you are a customer of a Merchant [i.e., you purchase goods or services (including subscriptions services) on Merchant’s Website(s)], and you only indirectly interface with Escalion when you pay a Merchant’s invoice, this policy is not applicable to you. In this case, please refer to the Privacy Policy for Merchant’s customers / end-users located here.

You can contact us if you have any question about our privacy practices. We will be happy to provide you any assistance you may need.

1. WHO DECIDES “HOW” AND “WHY” YOUR PERSONAL DATA IS PROCESSED?

The company which decides how and why your personal data is processed, and which is called “Data Controller” is Escalion S.à r.l., a Luxembourg law governed private limited liability company with registered address at 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg, registered with the Luxembourg Trade and Companies Register under number B180.273.

2. WHAT PERSONAL DATA DO WE PROCESS?

We collect, use, share, transfer, and store different types of your personal information as a result of your visit of our website, your application for services or your use of our services.

The personal data we collect includes the following categories of data:

2.1. Personal data you give to us

o When you apply for a Merchant Account

We collect all information you choose to share with us in the application form, like:

- company name (even though the company name is not a personal data, in some cases, where the applicant is a sole proprietor or an auto entrepreneur, the company name may reveal the real name of the beneficiary owner of the business entity applying for our services);
- country;
- first and last name of contact person,
- position;
- telephone number;
- e-mail address;
- website;
- description of the products and services you offer, where and to whom;

In the application form, you provide us also with other details about your business like your main target markets, the expected total annual business turnover with cards, the average transaction amount, the ratio between consumer and corporate cards, etc., which is however not a personal data, but we treat this data with the same care and diligence as it was a personal data.

o When we create and configure your Merchant Account

We collect the following data when we create and configure your Merchant Account upon signature of your Merchant agreement (the “Merchant Agreement”) with us:

- contact details of all administrators of your Merchant Account. For avoidance of doubt, an “administrator” is an individual who has access to your Merchant Account and who acts and takes decisions on your behalf; whilst “contact details” means first and last name of an administrator, his/her position, telephone number and e-mail address. A Representative (as defined in the Escalion Terms) is also an administrator;

- your credit card information, i.e., card number, expiry date and CVC/CVV code (cf. please note, that even though you provide us with full credit card information, we only store the last 4 digits of it).

o When you contact our Customer Support

We collect all information you choose to share with our Customer Support when you write to support@escalion.com or use the contact form page https://www.escalion.com/en/contact/client-service, like:

- the category of your question (client service, sales or technical support);
- your e-mail (it can be the e-mail of an employee or yours, an administrator of your Merchant Account, or any other individual who contacts our Customer Support on your behalf);
- the content of the message you send;
- your conversations with our Customer Support.

More generally, when you communicate with us in any other way, we will collect whatever information you provide us with.

2.2. Personal Information we get when you visit our website and use our services

We collect certain information about you when you navigate on our website are use our services.

Concretely, this means that, when you visit our site or use our services, even if you have not applied for a Merchant Account or logged in, we collect certain information about you.


o Content information

We collect any content you provide on or through our website, such as information about your business in the application form or the content of your messages you send to our Customer Support.

We also collect, any information you communicate to and/or share with us in your Merchant Account, like for example, any request to blacklist a user, or the information that you take certain risk as regards a particular transaction of your customers, details you want to share about your customers, their purchased goods or services, etc.

We collect any other communication data such as telephone conversations, chat logs, text messages, faxes and letters you send to us.


o Log data and device information

We automatically collect log data and information from or about your computer, phone, or other device you use to access our services, your Merchant Account or navigate on our website. This includes:

- your IP address;
- location details like, time zone, city and country;
- Identifiers associated with cookies or other technologies that may uniquely identify your device or browser.


o Personal Information we get by Cookies and other Technologies

Like many websites and applications, we use cookies when you are visiting our website or when you connect into your Merchant Account.

These cookies are not tracking you for marketing purposes, neither are they monitoring your behavior. They are used only for practical reasons, i.e. to restore your recorded information if your browser crashes. Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. To learn more about how we use cookies and your choices, please check out our Cookie Policy.

2.3. Personal data we receive from third parties

The personal information we collect may also come from third parties, such as partners and service providers. For example, we collect information about you from the acquiring banks before confirming you as eligible business to work with. Other third parties assist us in maintaining data accuracy and providing and enhancing the services.

2.4. Personal data we process when we provide the services to you

We process data about your customers in accordance with our Privacy Policy applicable to Merchant’s Customers located here. We provide you with all said data in your Merchant Account or otherwise, as part of our Merchant Agreement.

2.5. Sensitive or special categories of personal data

We do not process any sensitive personal information about you, such as religion, race, ethnicity and/or political views.

3. WHY DO WE PROCESS YOUR PERSONAL DATA?

We use the information we collect for the following purposes:

3.1. Open your Merchant Account and provide you with the services

We use your personal data to create your Merchant Account and provide you with the services.

Your Merchant Account allows you to do a number of activities like monitor our processing of your customer’s data in accordance with your instructions, download your reports, view statistics relating to the transactions we process for you, configure and manage your settings, etc.

Your Merchant Account is a way to exercise control over your customers’ personal data we process on your behalf. In your Merchant Account, you can also manage and administer your administrators. You are in control of the services we provide to you.

The use of your personal information is necessary to perform the contract that we have with you as a Merchant.

If you fail to provide details about you and if you do not give instructions, the consequence will be that we will not be able to provide you the services.

3.2. Improve and promote our services

We use your personal data for analytical and statistical purposes. We place great emphasis on the improvement of our services and on the enhancement of your experience as a Visitor or a Merchant.

In order to better understand what your needs are and how we can improve our services, we compile the information you gave to us or that we collected about you when visiting pages on our website or while using our services, to detect general needs of our business partners.

We also use your personal data for testing purposes, troubleshooting and improving the functionality and quality of our payment solutions. Our main goal is to optimize our website and services to your needs.

We process this information given our legitimate interest in developing and improving our website and our services.

3.3. Customer relationship management and communication with you

We provide Customer Support to Merchants (or prospective Merchant) from 9 am to 5 pm (CET). Sharing your personal details with our Customer Support team allows us to respond to any question you might have about our services.

All your communications with our Customer Support and all information you provide in the course of such communications, including any information about the services are collected and analyzed so that we may respond to your request. We can also ensure this way the performance of the Merchant Agreement.

Please note that the Customer Support may communicate with you through emails or any other means, if appropriate.

Please note that we may also communicate with you through emails or any other means, if appropriate, in order to inform you of certain changes regarding our website or our services.

We process this information given our legitimate interest in improving our users’ experience and delivering appropriate customer services to you.

3.4. Billing and Accounting

We use your data and payment information for billing and accounting purposes and to maintain legally required accounting records.

We process this information, as it is necessary for the adequate performance of the Merchant Agreement we have with you once you have your Merchant Account opened.

3.5. Ensure a safe and trustworthy environment

Because we want to create and ensure a safe environment, we use your personal data to detect and prevent fraud and other illegal activities related to the use of our website and services.

We use your personal information for security purposes and risk assessment, such as to authenticate you when you access your Merchant Account.

We process this information given our legitimate interest in ensuring fraud detection and prevention, as well as, information, system, network and cyber security.

3.6. Comply with any legal requirements and enforce our legal rights

We may rely on a legal obligation to process your personal data, such as for accounting purposes, to respond to requests of competent authorities or to establish, exercise or defend legal claims.

4. HOW DO WE PROTECT YOUR PERSONAL DATA?

We implement serious security measures to grant maximum protection to your personal information against unauthorized access, modification, disclosure or deletion. Your data is always protected by our highly sophisticated security systems. This is part of our PCI DSS compliance.

We actively implement data loss prevention systems against leakage, theft and data breach in order to ensure that our payment platform and the entire IT infrastructure related to it are updated against the latest network security vulnerabilities. We periodically test our IT systems and do sophisticated penetration tests. Our payment systems and platform incorporate the most advanced security technologies available in order to ensure maximum safety of its users and the safekeeping of their related information.

5. WHO WE SHARE YOUR DATA WITH?

We share certain details of your personal data with the following parties:

5.1. Entities of Docler Group

If you are third party Merchants and do not belong to our group of companies (the “Docler Group”), we never share your personal information with any of the companies of the Docler Group.

If you are a Merchant belonging to the Docler Group, we share your personal information with the following companies of our group, as they are helping us to deliver the services to you, as well as for internal administration purposes, like management of our Merchants’ portfolio:

- Docler Holding S.à r.l., 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand Duchy of Luxembourg.

- Docler SSC Kft, Expo tér 5-7, H-1101, Budapest, Hungary;

5.2. Service providers

We use carefully selected and trusted third parties, who act as our service providers.

We ensure that they are bound by contractually binding obligations to process information we share with them in accordance with our instructions, this Privacy Policy and all applicable data protection laws.

As we constantly work on the development and enhancement of the technology to support our site, our third party service providers use may regularly change. Such entities mainly belong to the following areas: (a) business intelligence and analytics; (b) customer care; (c) sales.

5.3. Payment providers and financial institutions

While examining your request for a Merchant Account opening, we may share your information with relevant financial institutions or payment providers, as a part of our KYC process, as well as for fraud detection and prevention purposes.

5.4. Law enforcement agencies or governmental authorities

We may also share your information with law enforcement agencies or authorities, if such disclosure is reasonably necessary to (a) comply with our legal obligations, (b) respond to information requests for fraud investigations and alleged illegal activities, (c) enforce and administer our Merchant Agreement with you, and/or (d) protect our rights or defend ourselves against any claims.

5.5. Business transfers

Finally, please also note that your information may also be transferred to another company in the event of sale of the whole or part of our business to a third party.

6. HOW DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

As we are a Luxembourg based company, we comply with the EU Data Protection Regulation commonly called "GDPR" (If you want to learn more you can check: EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), which provides a high level of protection of your personal data.

In the course of the provision of our services, your personal information may be transferred outside of the European Economic Area ("EEA") to third parties data processors located in the US, for the purposes specified in this Privacy Policy.

If we transfer your personal data outside of the EEA, we endeavor to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. For this purpose, we utilize the Standard Contractual Clauses approved by the European Commission that you can find here.

7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

We did our best to explain what your rights are and how you can exercise them. If, despite of our below explanations, you are still unsure about the actions you can take or the conditions of exercise of your rights, do not worry, our Customer Support will provide you with all the assistance you need when exercising your rights.

7.1. Data access and data portability

You have the right to access the personal information about you by requesting our Customer Support a copy of your personal data free of charge.

7.2. Rectification of inaccurate or incomplete data

You have the right to request that we correct any inaccuracies in your personal data

7.3. Data retention and erasure

We generally retain your personal information for as long as it is necessary for the performance of the contract between you and our company and to comply with our legal obligations.

If you no longer want us to use your information, you can request our Customer Support to erase your personal information.

Please note that if you request the erasure of your personal information:

- We might retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. For example, if we close or suspend your Merchant Account for fraud or illegal activities, we may retain certain information about you to prevent you from opening a new account in the future. Such information shall also be kept available in case of ongoing judicial proceedings/and or investigations.

- We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting and auditing obligations. Please note that according to Luxembourg legislation financial related information shall be kept for a period of ten years.

- Some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers.

- In order to protect our website and/or payment platform and your personal information from accidental or malicious loss and destruction, we have backup systems. Residual copies of your personal information may not be removed from our backup systems for a limited period of time.

7.4. Right to object

We process your data for a variety of reasons as explained in “4. WHY DO WE PROCESS YOUR PERSONAL DATA?”. Applicable law may entitle you to require us not to process your personal information for certain specific purposes where such processing is based on legitimate interest. If you object to such processing we will stop processing your personal data for these purposes.

In specific situations, we may have to refuse the execution of your request. This would be the case where we have legitimate grounds to continue such processing or if we have to establish, exercise or defend legal claims.

Please keep in mind that objecting to the use of your data might disable the use of your Merchant Account and affect negatively our contractual relationship.

7.5. Right to restriction of processing

You have the right to request that we hold your personal data in “limbo”, while other challenges are resolved. You can ask us to put on hold the use of your data in 4 cases:

- If you contest the fact that the personal data we hold about you is accurate: in this case, the processing operations in relation to this data will be put on hold for the period during which this is verified.

- You have objected to a processing activity based on legitimate interest(s): in this case, you can require the processing operation to be put on hold while we verify the grounds for processing.

- You consider that the processing is unlawful but you object to erasure and request restriction, instead.

- We have no further need for the data but you require it to establish, exercise, or defend legal claims.

Despite your request, we may still continue the processing of your personal data if we have to establish, exercise, or defend legal claims. We will notify you before lifting a restriction.

7.6. Right to lodge a complaint with a supervisory authority

If you consider that our processing of your personal data infringes the GDPR or any other applicable national laws, you have the right to lodge a complaint with a supervisory authority (in particular in the Member State where you live, place of work or of an alleged infringement of the GDPR).

8. DO WE COLLECT PERSONAL DATA OF CHILDREN?

We may process personal data of children in very limited cases, during our “KYC” review/study following a Merchant application for a Merchant Account, exclusively when the beneficiary owners of the Merchants or the individual, sole proprietor, auto entrepreneur, etc. are/is minor(s). We process such information, however, exclusively with the consent of such person’s parent or legal guardian.

9. CHANGES TO OUR PRIVACY POLICY

We may occasionally amend this Privacy Policy to reflect changes to our services and the way we handle your personal information or changes in the applicable laws.

If we make changes we consider important, we will let you know by placing a notice on our website and/or in your Merchant Account and/or contact you using other methods such as email.

To the extent permitted by applicable law, such changes will be applicable from the time they are published on our website, unless we specify a date of entry into force. Your continued use of our services from that day on will be subject to the new Privacy Policy.

10. HOW TO CONTACT US?

If you have any comments or questions about this privacy policy or generally about our privacy practices, please send an email to privacy@escalion.com or via mail to the address indicated below, and we will get quickly back to you. We are always glad to talk about our privacy practices.

Escalion S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg

We are also happy to inform you that we have an employee dedicated to ensuring your privacy, our Data Protection Officer. You can directly reach our Data Protection Officer via email at: dpo@escalion.com or mail to the following address:

To the attention of the DPO
Escalion S.à r.l.
44, Avenue John F. Kennedy
L-1855, Luxembourg
Grand Duchy of Luxembourg