Valid from: 02/17/2025
1. Introduction
Welcome to Green Banana (“we,” “our,” or “us”). We process personal data on behalf of merchants that use our payment platform (“Platform”), just like the merchant you're currently shopping with. In this privacy statement, we inform you about how we process personal data on behalf of this merchant. We do this on behalf of the merchant, who is obligated to inform you as the data controller according to Article 13 of the GDPR and only limited to the Buy Now, Pay Later function (“BNPL”). For more information about the merchant’s data processing, please refer to the merchant’s privacy policy.
2. Information We Process
We process the following personal data on behalf of the merchant:
- Personal Information: Name, email address, phone number, billing data.
- Transaction Data: Amount, date, payment method, selected BNPL provider (“Buy Now, Pay Later”).
- Technical Information: IP address, browser type, operating system, device information.
- Usage Data: Interactions with the platform, pages and features accessed.
3. Purpose of Data Processing
We process the aforementioned data solely for the following purposes:
- Processing and technical support of BNPL payments on behalf of the merchant.
- Forwarding transaction data to the chosen BNPL provider.
- Ensuring platform performance and IT security.
- Compliance with legal and regulatory requirements (e.g., money laundering prevention).
We do not determine the purposes of data processing – this is done by the merchant as the data controller. All data processing is conducted within the framework of executing a contract in accordance with Article 6(1)(b) of the GDPR.
4. Sharing of Data
Personal data will only be shared if it is necessary to fulfill the services. The data will be shared with:
BNPL Provider:
For payment processing, we forward the transaction data to the BNPL provider chosen by the customer during the ordering process. The privacy policies of the respective BNPL providers can be viewed at the retailer or directly from the BNPL provider:
- In the future, additional BNPL providers may be added.
- Service providers (sub-processors): We use third parties for hosting, data analysis, and IT security, who are contractually obligated to comply with the GDPR. The service providers process the data within the European Union.
- Authorities and legal entities: If required by law or for the enforcement of legal claims.
5. Rights of the Individuals Concerned
Since we act as a data processor, all inquiries regarding your rights as a data subject should be directed to the respective merchant. This includes:
- Right of Access (Art. 15 GDPR): View stored data.
- Right to Rectification (Art. 16 GDPR): Correct incorrect data.
- Right to Erasure (Art. 17 GDPR): Delete personal data.
- Right to Object (Art. 21 GDPR): Oppose certain processing.
- Right to Data Portability (Art. 20 GDPR): Provide data in a machine-readable format.
If a request still reaches us, we will forward it to the responsible dealer.
6. Data Storage
The duration for which personal data is stored is determined by the respective merchant as the responsible party. We only keep data as long as it is necessary to fulfill contractual obligations or legal requirements.