Privacy Policy
DataStreamLiner Payments Last updated: March 2026
1. Who We Are
DataStreamLiner Payments is a SaaS platform registered in the Netherlands (KVK:68388551). We are the data controller for merchant account data. For payment transactions, the relevant PSP is the data controller.
Contact: info@datastreamliner.com
2. What Data We Collect
From merchants (service providers):
- Name, email address, business name
- Connected PSP account identifiers
- Transaction volume (for billing purposes)
From customers (tourists and payers):
- Name and email address (required by PSP for payment processing)
- Payment method details (collected and processed directly by the PSP, not stored by us)
- IP address and browser locale (used to determine default currency)
Automatically:
- Session data for merchant login
- Basic access logs (IP address, timestamp, page visited)
3. Why We Collect It
| Data | Purpose | Legal basis |
|---|---|---|
| Merchant account data | Account management, billing | Contract |
| Customer name/email | Required by PSP for transaction processing | Legitimate interest |
| IP address / locale | Default currency detection | Legitimate interest |
| Session data | Merchant authentication | Contract |
| Access logs | Security, fraud prevention | Legitimate interest |
We do not sell your data. We do not use your data for advertising.
4. Who We Share Data With
- Payment service providers (Stripe, Xendit, Mollie, ECPay, PayPal): to process transactions. Each PSP has their own privacy policy.
- Wise: for subscription fee processing where applicable.
- Hosting and infrastructure providers: under data processing agreements.
We do not share your data with any other third parties.
5. Data Retention
- Merchant account data: retained for the duration of the account plus 7 years (legal/tax obligation)
- Customer transaction data: retained for 7 years (financial records requirement)
- Access logs: 90 days
- Session data: expires on logout or after 24 hours
6. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (where no legal retention obligation applies)
- Object to processing based on legitimate interest
- Portability of your data in a machine-readable format
- Lodge a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl)
To exercise your rights: info@datastreamliner.com. We will respond within 30 days.
7. Cookies
For our cookie policy, refer to our Cookie Policy.
8. International Transfers
Our PSP partners may process data outside the EU. Where this occurs, transfers are covered by Standard Contractual Clauses or equivalent safeguards as required by GDPR.
9. Security
We use HTTPS for all data in transit. Passwords and tokens are hashed. Payment details are never stored on our servers — they are handled entirely by the PSP.
10. Changes
We will notify merchants by email of material changes to this policy at least 30 days before they take effect.