Personal data – To combat fraud

The information relating to your transaction is processed on an automated level by Oneytrust as data controller to increase the level of security of transactions made on the partner’s Internet site and protect the latter and its customers from identity fraud or attempted fraud phenomena.

 

Purpose of the processing of data

Purposes

The purpose of processing is to combat identity and payment fraud on transactions made remotely over the Internet network.
It enables Oneytrust to:

• provide additional information in order to qualify some of the transaction data (email address, phone, postal address, IP address, BIN 6);
• according to predetermined rules, reduce manual review by automatically validation transactions that could not be validated by an automatic analysis mechanism (automatic score);
• manage requests from the people concerned.

 

Legal basis

Article 6 (1) f of the General Data Protection Regulation.
The purpose of processing is for legitimate purposes sought by Oneytrust; that is to say, to combat identity and payment fraud on transactions made remotely over the Internet network.

 

The data processed

Categories of data processed

• Identification data, invoicing and delivery details, phone number, email address, IP address, the first 6 digits of the bank card;
• Sub-elements of technical identification data validation by correlation (validity, associated identity, supplier, operator, etc.).

 

Data source

Information is collected from the customer by the partner, as well as from Oneytrust service providers for enriched data.

 

Obligatory nature of data collection

Non-transmission of data relating to your transaction may prevent your transaction from being made and analysed.

 

Automatic decision making

Processing provides for a decision by an automated system only when this decision is positive. Processing does not allow the exclusion of a person’s contact details in respect of the benefit of a contract, even temporarily. No refusal decision is taken on the basis of processing.

 

People concerned

Data processing concerns:

• private individuals and legal entities that make transactions on Oneytrust partner sites;
• authorised Oneytrust personnel responsible for the implementation of processing.

 

Data recipients

Recipient categories

According to their respective requirements, the following are the recipients of data, in whole or in part:

• the Oneytrust Partner with which the customer has made the transaction;
• authorised Oneytrust personnel;
• Oneytrust subcontractors and service providers responsible for the hosting and provision of enriched data.

 

Transfer of data outside the EU

No data transfer outside the European Union is made.

 

Data retention period

Personal data will be kept for a period of 15 days.

 

Your rights concerning your personal data

You are entitled to access and obtain copies of your personal data, oppose processing of this data, have it rectified or deleted. You are also entitled to limit the processing of your data and express specific and general directives after your death concerning the retention, deletion and communication of your data.

 

Exercising your rights

The Oneytrust Data Protection Officer (DPO) is your contact for any request to exercise your rights regarding processing.

• Contact the DPO by email on dpo[at]oneytrust.com* *(replace [at] with @ when sending the request)
• Contact the DPO by post
The Data Protection Officer
Oneytrust
34 avenue de Flandre
59170 Croix
FRANCE

 

Complaints

You can send in a complaint relating to the processing of your requests by Oneytrust by writing to the DPO. The latter will make every effort to reply to every complaint and endeavour to resolve the problem.
If, after contacting us, you consider your rights have not been respected, you can send a complaint to your local personal data protection authority or to the Oneytrust data protection authority, that is to say, the CNIL – 3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07.