GDPR Policy

 

Bambora’s general position on data security

This text serves to provide any existing customer of Bambora, or any company considering becoming a customer of Bambora (irrespectively if Bambora acts as payment service provider, payment acquirer or in any other role or combination of roles) with general information on Bambora’s position on the General Data Protection Regulation (the “GDPR”) and what Bambora does to comply with the requirements in the GDPR.

At Bambora, security has always been a core principle and as an actor in the payment industry, we comply with the strict industry requirements as well as our own internal regulations on information security. Based on this, Bambora was already prior to the adoption of the GDPR, to a large extent compliant with the requirements. This regards not only security measures of our systems used to process each payment transaction, but also the services we provide to our merchants such as the merchant portal MyBambora. Notwithstanding the above and based on the requirements of the GDPR, we have even further improved our data security, including internal policies and regulations covering data security, to ensure that personal data always is protected.

Continuous improvement

Bambora is always working on improving our security and compliance with data protection laws. Therefore, new measures and/or functions may be implemented over time as technology evolves, in order to further strengthen the security of personal data and payment data.

Data controller or data processor

The GDPR includes the concepts of “data controller” respectively “data processor”. The data controller is a party (organization) determining the purposes and means of a particular processing of personal data whereas a data processor is a party (organization) processing the personal data on behalf of the data controller. Bambora provides several different types of services and may take different roles in the payment transaction industry. For example, Bambora may act as a payment service provider and/or a payment acquirer. Depending on Bambora’s role and the services provided, Bambora may either be acting as a data controller or a data processor. Where Bambora acts as payment acquirer, Bambora will be the data controller of the payment transaction information such as the card data. This is for example due to the facts that Bambora determines what kind of data that needs to be collected and that Bambora is subject to legal requirements and/or requirements of the payment transaction industry to which Bambora needs to adhere.

Irrespective of for what purposes you contract Bambora, you as a merchant will not process personal data on behalf of Bambora and Bambora will not process personal data on behalf of you. Therefore, it is normally not necessary for merchants to sign so-called “data processing agreements” with Bambora*.

Other requirements under the GDPR

Naturally, Bambora is aware of that the GDPR contains far more requirements than those relating to technical and organizational security measures, respectively the concept of data controller and data processors. Bambora, therefore, has a continuous GDPR compliance project in place in order to align the business as a whole to all requirements emanating from the GDPR and to improve all aspects of the business from a GDPR perspective. Bambora has implemented a number of measures as a part of this project, and will continue to do so as privacy legislation evolves. Bambora has also appointed a Data Protection Officer to ensure that the protection of card-holders’ personal data is always a prioritized issue going forward. You may contact the Data Protection Officer by sending an e-mail to dpo@bambora.com.

* There are a few exceptions to this rule. It does not apply to DevCode Payment AB, who acts as a data processor when providing its services. Neither does it apply to PayByWay Oy who has integrated functionality in its service which means that PayByWay Oy will process personal data on behalf of its customers. Finally, the rule does not apply when a company contracts Bambora as a payment service provider and uses invoice functionality. In such case, Bambora will need to process personal data on behalf of its customer to forward it to Bambora’s invoicing partner. Therefore, data processing agreements are necessary in these cases.

 

Cookies

Bambora use cookies to give you the best possible experience when visiting our site.

Cookies are small text files that are stored on the visitors computer and are used to track what the visitor is doing on the website.  

There are two main types of cookies;

  1. A persistent cookie, which is stored on the visitors computer during a selected time.
  2. A session cookie, which is stored temporarily in the computer memory when the visitor is browsing the site. The session cookie disappears when you close your browser.

Bambora use cookies to:

  1. Improve the user experience of the site, by for example by adapting the site to reflect the visitors requirements, choices and interests.
  2. Provide information for web site statistics regarding the use of the site
  3. Follow advertisement in media to adapt our services to help you receive more relevant offers.

Bambora also use cookies from third-party providers. These are used mainly to analyse user behaviour with the purpose to improving user experience, and to offer more relevant advertising.

You can choose if you want to accept cookies.
If you do not want to accept the use of cookies, you can adjust the system settings in your browser. Certain functionality can only be used if your browser allows cookies.

We are open for business!

Welcome to the world of payment solutions. Choose your country and start accepting payments from customers all over the world.