Data Trust & Compliance
Privacy Policy.
1. Introduction
PayoutMatching B.V. ("we", "us", "PayoutMatching") respects the privacy of its users and partners. This Privacy Policy describes what data we collect, how we use it and what rights you have under the General Data Protection Regulation (GDPR). This policy applies to all services offered through the PayoutMatching platform and our website.
2. Data Controller vs. Data Processor
In the context of our services, PayoutMatching fulfils two roles:
- Data Controller: For data relating to our direct customers (such as contact persons and account information).
- Data Processor: For the operational data that our customers load into the Platform (such as transaction data of their end customers). In this case the customer is the data controller and PayoutMatching is the data processor.
3. Data We Collect
A. Directly Provided Data
When creating an account or requesting a demo we collect: Name, business email address, phone number, company name, Chamber of Commerce number and VAT number.
B. Operational Platform Data
Via API integrations with marketplaces (such as Bol.com, Amazon, Shopify) we process: Order data, payout specifications, settlements and shipping status.
C. Automatically Collected Data
IP addresses, browser type, device information and usage statistics via functional and analytical cookies to ensure the security and functioning of the Platform.
4. Purposes of Processing
We use the collected data exclusively for the following purposes:
- Delivering the agreed services (reconciliation, content generation, etc.).
- Invoicing our services and managing the business relationship.
- Improving our algorithms and AI models (exclusively on an aggregated and anonymised basis).
- Complying with legal obligations, such as tax legislation.
- Securing our Platform against fraud and misuse.
5. Retention Periods
We do not retain personal data longer than necessary for the purposes for which it was collected:
- Account data: Up to 2 years after termination of the contract.
- Tax data: In accordance with the statutory retention period of 7 years.
- Operational data: Up to 30 days after termination of the contract, unless otherwise agreed in a specific data processing agreement.
6. Sharing Data with Third Parties
PayoutMatching does not share data with third parties for commercial purposes. We use trusted sub-processors for our infrastructure:
- Amazon Web Services (AWS): For hosting and data storage (Servers in Frankfurt, DE).
- Stripe: For processing payments.
- HubSpot: For CRM and customer communications.
Data processing agreements compliant with GDPR requirements have been concluded with all these parties.
7. Security
We apply strict security measures to protect data against loss, theft and unauthorised access. This includes AES-256 encryption, multi-factor authentication (MFA), regular penetration tests and a strict access policy for employees.
8. Your Rights
Under the GDPR you have the following rights:
- Right of access and rectification.
- Right to erasure ("right to be forgotten").
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing.
Requests can be directed to our Data Protection team at privacy@payoutmatching.com. We will respond to your request within 30 days.
9. Changes
PayoutMatching reserves the right to periodically update this Privacy Policy. Material changes will be proactively communicated by email to our active users.
Compliance ID: GDPR-MQ-2026-v1.8
Last updated: 8 May 2026