Key focus areas
Understand the essential aspects of GDPR and how they relate to using Payerbee’s platform for cardholder engagement.
GDPR’s core principles require that personal data is processed lawfully, fairly, and transparently; collected for specified, legitimate purposes; limited to what is necessary; kept accurate and up to date; stored only as long as needed; and handled securely.
Payerbee uses only relevant cardholder data
Issuer should maintain records of what data is processed and for what purpose
GDPR requires a valid legal basis for processing personal data (e.g., consent, contract, legitimate interest). The basis must be documented and communicated to data subjects.
Issuer determines and documents the appropriate legal basis (e.g. legitimate interest or marketing consent)
Payerbee acts on the issuer’s instructions
Cardholders have rights under GDPR, including access to their data, correction, erasure (the “right to be forgotten”), restriction of processing, data portability, and the right to object to certain uses (such as marketing).
Payerbee supports card issuers in fulfilling data subject requests
Issuers should have processes in place to handle requests from cardholders regarding their data
GDPR distinguishes between the data “controller” (who determines purposes and means of processing) and the “processor” (who processes data on the controller’s behalf). Controllers ensures processors comply with GDPR and formalize the relationship with a Data Processing Agreement (DPA).
A DPA regulates the relationship between the issuer (Controller) and Payerbee (Processor)
