Last update: September 2025
This Privacy Notice (“Notice”) explains how and when Twikey processes your personal data in compliance with General Data Protection Regulation (‘GDPR’). For the purposes of this Notice, the terms “Twikey,” “we,” “our,” or “us” designate the Twikey entity that is engaged in collecting, using, and handling personal data as outlined here. We process your personal data when you visit our website or when you interact with us. Moreover, we will also process your personal data, when you are (a representative of) a customer of Twikey (also known as “merchant”) or (a representative of) a customer of a merchant (also known as “debtor”).
Twikey provides merchants with digital solutions for managing payments and recurring transactions as well as any processes related to those services. This means that Twikey will process personal data both on its own behalf and on behalf of its customers. Depending on the activity, Twikey may act as a ‘controller’ or a ‘processor’ under the GDPR.
Where Twikey processes your personal data as a processor, another party (such as the merchant) acts as the controller and is responsible for the processing of your personal data. We therefore recommend that you consult the privacy notice of that party to understand how your personal data is handled. This Notice merely discusses the processing activities where Twikey is considered a controller. Where Twikey describes its role as controller or processor, this is solely to provide transparency and, where relevant, to guide you to the appropriate controller.
This Notice explains what personal data we collect, how we use and share it, and how you can contact us with privacy-related questions. The Notice also sets out your rights as a data subject, including the right to access, rectify, or object to certain processing.
The manner in which we collect and process your personal data depends on the capacity in which we interact. For example, if you act as the representative of a company seeking to use our services, we may process your personal data for onboarding. At the same time, you may also qualify as a visitor when you browse our website.
Under this Notice, we process the following personal data:
In general, we receive the listed personal data directly from you. However, we may also receive the information from third parties (like your bank or other payment service providers like WERO), including our customers. In that case, you will be informed on the fact that we received your personal data and how we will process it.
We engage in business interactions, including the conclusion of agreements with our customers (the merchants) or partners. In that instance, we collect and process identity information, contact information, employment information, financial information, transaction information and advertising information, oftentimes of the employees of merchants/partners.
For this processing, we rely on our legitimate interest in being able to conclude and perform agreements with our customers and suppliers.
When you communicate with us via our website, social media profiles, phone, e-mail, or any other available communication channel, or when you hand us your business card, we collect and process identity information, contact information, employment information, communications information and any other information you share with us.
For this processing, we rely on our legitimate interest in being able to respond to requests, questions and comments, and to contact you proactively for questions of any kind and to build and maintain a network of contacts.
When you visit, use or interact with our website and our social media (such as LinkedIn, Facebook or X), we collect and process identity information, contact information, communications information, technical information, advertising information, as well as any other information you decide to share with us.
For this processing, we rely on our legitimate interest in being able to respond to request, questions, and comments. In addition, when we track interactions such as customer experiences and reactions to our services, we rely on our legitimate interest to remain aware of messages about our services or about us as a company, or the industry in which we operate.
Please note that information may also be collected through cookies and similar technologies. We refer to our Cookie Notice for more information.
For communications, promotions, offerings, and other advertisement purposes, we may send you marketing communications. For sending such marketing communications we may collect and process your identity information, contact information, communications information, marketing preferences, and advertising information.
For this processing, we rely on our legitimate interest to provide you with relevant information on products and services that may interest you as an existing or former customer (opt-out).
Where you are not an existing or former customer, we process your personal data only on the basis of your consent (opt-in).
Please be aware that you have the right in all cases to withdraw your consent to receiving such marketing communications. This can be done by contacting us at [support@twikey.com].
When you or one of your company’s representatives places an order with Twikey for our services, we collect and process identity information, contact information, employment information, financial information, communications information and order information.
For this processing, we rely on our legitimate interest to market and sell our services, to ensure the adequate resolution of orders placed by our customers. When an agreement is concluded, we base ourselves on the agreement we conclude with the merchant for the onboarding processes and the initial setup of the services.
Twikey offers a wide range of services, including identity verification, document exchange and signing, and the handling of direct debit mandates.
When Twikey provides these services to the merchant, personal data will be collected and processed of all the parties involved. However, in this instance, Twikey is no longer the controller of the processing activities but rather acts on behalf of the merchants, who provide Twikey with instructions. Where we process your personal data in the context of the provision of our services to merchants, we encourage you to verify the applicable privacy policies of the merchants to learn more about the processing of your personal data. Twikey and the merchants have concluded the necessary data processing agreements to ensure that your personal data is processed in compliance with applicable data protection legislation.
Your personal data may be processed in the context of the provision of our services where you are a merchant, a merchant representative, a debtor, a debtor representative or a third party whose information we receive from the debtor or merchant. On instruction of the merchant, your personal data may be shared with third parties.
When you register for or participate to events and trainings, we collect and process identity information, contact information, employment information, and any other information you may choose to provide to us, such as food preferences.
When such events or trainings are held online, we may also collect and processing technical information, communications information, and other information you may choose to share with us, such as your image or voice during recordings. Please note that we may make use of tools allowing for the automated transcription of your voice during online events.
To process this personal data, we rely on our legitimate interest to be able to organize events that lead to high interest and attendance rates or to promote our services. In some cases, we may also conclude additional agreements with you, upon which the processing of personal data will be based on that agreement. You will always be informed when this is the case.
This Notice applies to the processing of personal data of people who choose to apply for a job at Twikey. This can either be via e-mail, by applying on our LinkedIn page, or another third-party service. For this processing purpose, we process your identity information, contact information, employment information, communications information, as well as any other information you choose to provide to us.
To process this personal data, we rely on the contract we negotiate upon receiving your application. If we reject your application, we may ask your consent to retain a copy of your personal data for a limited time.
We may conduct limited background checks, including review of publicly accessible social media profiles. This processing is based on our legitimate interest, which we have assessed as necessary and proportionate for (i) evaluating candidate suitability and cultural fit within our organization; and (ii) maintaining the security and integrity of our operations.
To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities we may process all the personal data stated above.
For processing this data, we rely on our related legal obligations.
To prevent, detect and combat fraud or other illegal or unauthorized activities, we may process any of the personal data stated above. This includes situations where we track usage of the Twikey platforms and services and a history of fraudulent transactions.
For processing this data, we rely on our legitimate interest in keeping our website, services, and the operations of Twikey and its merchants safe and secure.
To defend our interests in legal proceedings, we may process any of the personal data stated above.
For processing this data, we rely on our legitimate interest in using your personal data in these proceedings.
To inform a third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU.
For processing this data, we rely on our legitimate interest in entering into business transactions.
We generally do not send your personal data in an identifiable manner to any third party not working at or engaged by us without informing you. In any case, anyone receiving access to your personal data will be bound by strict legal and contractual obligations to keep your personal data confidential and secure.
Your personal data may, depending on the processing purposes explained above, be shared with the following categories of recipients:
Please note that in the context of our services to the merchants, your personal data may also be shared with services such as
We limit the processing of your personal data outside the European Economic Area (EEA), consisting out of the European Union, Liechtenstein, Norway, and Iceland. However, if we transfer your personal data outside the EEA, this will be done upon taking adequate safeguards to protect your personal data. These safeguards may take the form of relying on an adequacy decision or by adhering to the European Commission Standard Contractual Clauses, where necessary supplemented with the required risk assessments.
You have the right to request access to all personal data processed by us insofar it pertains to you. You can exercise this right by contacting us as set out below. We reserve the right to refuse multiple requests for access that are clearly submitted for causing nuisance or harm to us or others.
You have the right to ask that any personal data pertaining to you which are inaccurate, are corrected free of charge. If a request for correction is submitted, such request must be accompanied by proof of the flawed nature of the data for which correction is asked.
You have the right to request that personal data pertaining to you will be deleted if they are no longer required in light of the purposes outlined above. However, you need to keep in mind that a request for deletion will be evaluated by us against:
Instead of deletion you can also ask that we limit the processing of your personal data if and when (a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are no longer needed for the purposes which are outlined above, but you need them to defend yourself in judicial proceedings.
You have the right to withdraw your consent that was earlier given for the processing of your personal data at any time.
You have the right to object to the processing of personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.
Where the purposes identified above rely on your consent or a (pre-)contractual obligation, you have the right to receive from us, in a structured, commonly used, and machine-readable format, any personal data you have provided to us.
Each request addressed to us can be send via e-mail to support@twikey.com.
An e-mail requesting to exercise a right will not be construed as consent for the processing of your personal data beyond what is required for handling your request. Such request should clearly state and specify which right you wish to exercise and the reasons for it if such is required. It should also be dated and signed, and, where we ask this of you, be accompanied by a digitally scanned copy of the front of your valid identity card proving your identity.
We will promptly inform you of having received this request. If the request proves valid, we will notify you as soon as reasonably possible and at the latest thirty (30) days after having received the request.
If you have a complaint about the processing of your personal data by us, you can always contact us at the e-mail address mentioned above. If you are not satisfied with our response, you may lodge a complaint with the competent data protection authority, being the data protection authority of the country of your habitual place of residence, place of work or the place of an alleged infringement.
Twikey takes the appropriate technical and organizational measures to keep your personal data safe from unauthorised access or theft as well as accidental loss, tampering or destruction. Access by personnel of Twikey or our third-party processors will only be on a need-to-know basis and subject to strict confidentiality obligations. We have also taken other measures, such as taking internal policy measures, limiting the processing to the personal data necessary for the fulfilment of the purposes, minimizing the processing of personal data, taking backups of personal data and periodically evaluating our security measures.
Your personal data will only be processed for as long as necessary to achieve the purposes described above or, when we have asked you for your consent, until you withdraw your consent (for which we will periodically remind you). As a general rule, we will de-identify or delete your personal data when it is no longer needed for the purposes described above or when the retention period, as explained here, has expired. Please note that we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so.
We may update this Notice from time to time to reflect new services, changes in our privacy practices, or updates to applicable law. The “Last updated” date at the top of this Notice shows when it was last revised. Any changes will take effect either when the revised Notice is published on our website or when we otherwise provide notice in accordance with legal requirements.
We may also provide you with notifications or important information about this Notice or about how we process personal data. Such notices may be posted on our website and, if you are a merchant or a merchant representative, may also be sent to you directly by email or to the contact details linked to your account.
You can reach us via: support@twikey.com or +32 (0)9 395 45 00 (to reach the Belgian establishment) and +31 85 208 56 30 (to reach the Dutch establishment).
Twikey is located in Belgium and the Netherlands: