Valid from: 01.01.2025
1. Introduction
Welcome to Green Banana (“we”, “our”, or “us”). We process personal data on behalf of merchants who use our payment platform (“platform”). In this privacy policy, we explain how we handle personal data as part of this processing.
Since we act as a data processor according to Art. 28 GDPR, the respective merchant is the responsible data controller within the meaning of the GDPR. Merchants are required to refer to our data processing in their own privacy statement.
2. Information We Process
As part of our services, we process the following personal data on behalf of the respective merchant:
Personal Information: Name, email address, phone number, billing details.
Transaction Data: Amount, date, payment method, chosen BNPL provider (“Buy Now, Pay Later”).
Technical Information: IP address, browser type, operating system, device information.
Usage Data: Interactions with the platform, accessed pages and features.
As part of our services, we process the following personal data on behalf of the respective merchant:
Personal Information: Name, email address, phone number, billing details.
Transaction Data: Amount, date, payment method, chosen BNPL provider (“Buy Now, Pay Later”).
Technical Information: IP address, browser type, operating system, device information.
Usage Data: Interactions with the platform, accessed pages and features.
3. Purpose of Data Processing
We process the aforementioned data exclusively for the following purposes:
Handling and technical support of BNPL payments on behalf of the merchant.
Forwarding transaction data to the chosen BNPL provider.
Ensuring platform performance and IT security.
Compliance with legal and regulatory requirements (e.g., money laundering prevention).
We do not decide on the purposes of data processing – this is done by the merchant as the responsible party.
We process the aforementioned data exclusively for the following purposes:
Handling and technical support of BNPL payments on behalf of the merchant.
Forwarding transaction data to the chosen BNPL provider.
Ensuring platform performance and IT security.
Compliance with legal and regulatory requirements (e.g., money laundering prevention).
We do not decide on the purposes of data processing – this is done by the merchant as the responsible party.
We process the aforementioned data exclusively for the following purposes:
Handling and technical support of BNPL payments on behalf of the merchant.
Forwarding transaction data to the chosen BNPL provider.
Ensuring platform performance and IT security.
Compliance with legal and regulatory requirements (e.g., money laundering prevention).
We do not decide on the purposes of data processing – this is done by the merchant as the responsible party.
4. Sharing of Data
Personal data is only shared when necessary to fulfill services. The data is shared with:
BNPL Provider: For payment processing, we forward the transaction data to the BNPL provider selected by the customer during the ordering process. The privacy policies of the respective BNPL providers can be viewed at the retailer or directly with the BNPL provider:
Personal data is only shared when necessary to fulfill services. The data is shared with:
BNPL Provider: For payment processing, we forward the transaction data to the BNPL provider selected by the customer during the ordering process. The privacy policies of the respective BNPL providers can be viewed at the retailer or directly with the BNPL provider:
Service Providers (Sub-Processors): We employ third parties for hosting, data analysis, and IT security, who are contractually obligated to comply with the GDPR.
Authorities and Legal Entities: If required by law or to enforce legal claims.
5. Rights of the Individuals Concerned
As we act as a processor, all inquiries concerning data protection rights should be directed to the relevant retailer. This includes:
Right of access (Art. 15 GDPR): Review of stored data.
Right to rectification (Art. 16 GDPR): Correction of incorrect data.
Right to erasure (Art. 17 GDPR): Deletion of personal data.
Right to object (Art. 21 GDPR): Objection to certain processing activities.
Right to data portability (Art. 20 GDPR): Provision of data in a machine-readable format.
If an inquiry is received by us nonetheless, we will forward it to the responsible retailer.
As we act as a processor, all inquiries concerning data protection rights should be directed to the relevant retailer. This includes:
Right of access (Art. 15 GDPR): Review of stored data.
Right to rectification (Art. 16 GDPR): Correction of incorrect data.
Right to erasure (Art. 17 GDPR): Deletion of personal data.
Right to object (Art. 21 GDPR): Objection to certain processing activities.
Right to data portability (Art. 20 GDPR): Provision of data in a machine-readable format.
If an inquiry is received by us nonetheless, we will forward it to the responsible retailer.
As we act as a processor, all inquiries concerning data protection rights should be directed to the relevant retailer. This includes:
Right of access (Art. 15 GDPR): Review of stored data.
Right to rectification (Art. 16 GDPR): Correction of incorrect data.
Right to erasure (Art. 17 GDPR): Deletion of personal data.
Right to object (Art. 21 GDPR): Objection to certain processing activities.
Right to data portability (Art. 20 GDPR): Provision of data in a machine-readable format.
If an inquiry is received by us nonetheless, we will forward it to the responsible retailer.
6. Data Storage
We implement technical and organizational measures to protect personal data. These include encryption, access restrictions, and regular security audits.