Back to blog

Let us explain: how do we recover your payment data

Spaycial has access to your payment data, after you have given your consent. This is its role as a bank account aggregator. We explain it all with our Head of Legal, Nurgül Sivasli, how it works and why is everything so secure (we wouldn't exist without this regulation). Interview.

Read our fact-checking 100% privacy :
Three fears & fantasies about your payment data

Spaycial:How does a service provider end up collecting individual payment data?

Nurgül Sivasli: If you have to keep in mind only one thing: don't worry. Everything is legally framed by the PSD2 since 20218, by bank approvals which are close to impossible to get, then by your consent, then by mandatory renewal requests (90 days then 180 days), then finally by company lawyers. We have already discussed this topic from different angles but we feel that we cannot stress enough the importance of this subject.

What is PSD2?

Spaycial: How does this DSP2 regulation change the way shoppers' payment data is collected?

N.S.: It is crucial. Open banking has existed for years elsewhere, as has cashback, especially in the United States, and everything is perfectly legal. In recent years, slowly but surely, players from all over the world have been arriving on our market with non-European regulations, upsetting our rules of national sovereignty. Moreover, until the DSP2, the banks had the exclusive right to access payment data, under the guise of professional secrecy. DSP2 puts the data in the hands of its users.

Explain this last point to us?

N.S.:The question to ask is simple: who owns the data? Banks? Service providers like us? No, the shoppers! This is also what the GDPR brings, to put the individual at the center of data processing. 
We always ask for the shopper's consent before anything else, it's fundamental, it's at the heart of our product and our technical innovations, like our funnel. We are 100% privacy by design. The Data Protection Officer (DPO) works directly with the Head of Product in this context. It's like a consent to a contract: we execute the offer after signing. And above all, we do not go beyond this contract; the PSD2 imposes this regulatory framework on us. We meet the control and security standards set by the Bank of France and the European Commission.

Read : GDPR and payment data : what are the stakes

Once collected, do you still have access to all this personal data?

N.S.: Our databases are encrypted and beyond consent, they are pseudonymized. Especially when we generate statistics, such as "out-of-mall purchases".

Read : Strong authentication: a better experience for shoppers, better loyalty for brands

In the end, what is the purpose of data collection?

N.S.: We give shoppers back their spending power by analyzing their payment data, which results in personalized special offers, cashback, BNPL and renegotiated insurance.