The General Data Protection Regulation 2016/679 (GDPR) is a European Union regulation on protecting and transferring personal data and privacy in the EU and European Economic Area.

MultiSafepay complies with all required measures to ensure data protection, including:

  • Storing all data in certified data centers in the Netherlands, so all data remains within the EU
  • Encrypting and anonymizing all stored data as much as possible using dedicated software
  • Following company policy, procedures, and operational guidelines
  • Registering a data protection officer with the Dutch Data Protection Authority (AP)

GDPR addendum

Our primary activity is processing online payments. We are a data controller, responsible for storing data only. We are not a processor or sub-processor of data.

For more information, see the MultiSafepay – GDPR addendum. It includes a number of provisions similar to a standard processing agreement.

Using customer data

MultiSafepay only uses customer data for processing online payments, and never for any other commercial purposes. If we ever need to use data for another purpose, we explicitly request consent.

Only a small number of certified MultiSafepay staff have very limited access to customer data, strictly on a need-to-know basis.

Destroying data

In accordance with relevant Dutch legislation, we automatically destroy data as soon as it expires.

Customers can also request us to delete their data in accordance with the right to Privacy by Design.

Email a request to delete data to the data protection officer at [email protected]


Propose a change on GitHubexternal-link-icon or
send an email to [email protected]

Other languages

For an explanation in another language, contact your account manager.