Since online payments processing is the primary activity of MultiSafepay, we are a data controller, responsible for keeping it, and not a so-called (sub)processor, responsible for processing it any way. For this reason, we have added an addendum, which includes a number of provisions similar to a processing agreement.
Yes. In accordance with, among other things, our PCI DSS certification, we regularly perform checks on our security including the pen test (ethical hacking). A so-called pen test (or penetration test) is a test for evaluating the security of a system by simulating cyberattacks and trying to find vulnerabilities that can be removed.
No, absolutely not. The acquired data is solely used for the purpose of processing online payments. For all other purposes, explicit consent is requested before using (personal) data.
Yes. MultiSafepay’s number one priority is to protect the privacy of users. All acquired data is stored as anonymized to the highest extent possible.
According to a standard procedure - in accordance with Dutch law and legislation-, the data is automatically destroyed as soon as it is no longer used.
MultiSafepay has taken several measures to ensure the protection of your data, e.g. the use of specific software, company policy, procedures, and operational guidelines within our organization. The requirements set by the Payment Card Industry Data Security Standard (PCI DSS) are taken into account. MultiSafepay is PCI DSS certified, meaning that all stored customer data is encrypted.
MultiSafepay has two certified data centers in the Netherlands. Therefore, all collected data remains within the European Union.
A few certified/cleared employees have very limited access to this data, strictly on a ‘need-to-know’ basis.