What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This document engages GDPR (EU) and UK GDPR as primary frameworks, with explicit references to cross-border transfer mechanisms including Standard Contractual Clauses. The CCPA and California Privacy Rights Act apply to California residents with explicit opt-out rights for data sale or sharing. Additional regional frameworks in APAC and LATAM are acknowledged but not enumerated in detail. Enforcement authorities include the Dutch Data Protection Authority (Autoriteit Perso…

How does Adyen's Adyen Privacy Policy affect users?

Adyen processes personal data generated through payment transactions and interactions with merchant systems using Adyen infrastructure, including individuals without direct Adyen accounts. The policy authorizes data sharing with fraud prevention networks, financial institution partners, and government authorities, and permits international data transfers under Standard Contractual Clauses. Users may exercise access, correction, and deletion rights by submitting requests to Adyen's designated pr…

How often is Adyen's Adyen Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Adyen updates this document?

Yes. Monitor subscribers ($19/month) can add Adyen to their watchlist and receive same-day email alerts whenever this document or any other Adyen document changes.

CA-D-000665

Adyen Privacy Policy

Adyen

Last change detected May 5, 2026 Privacy policy

SHA-256: 9602a235ae55da92a34… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Adyen ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

9 Total

1 High severity

7 Medium severity

1 Low severity

Summary

This privacy policy describes Adyen's collection, processing, and use of personal data in connection with payment processing services provided directly to users or through merchants using Adyen's infrastructure. The policy authorizes Adyen to process financial transaction data, device identifiers, behavioral information, and IP addresses for fraud prevention, payment processing, and business operations. The policy establishes data subject rights including requests for access, correction, and deletion of personal data, exercisable through privacy@adyen.com or a designated webform.

Technical / Legal Breakdown

This document is Adyen's privacy statement governing the collection, processing, and sharing of personal data for individuals who interact with Adyen's payment processing platform, website, and related services, with legal bases including contractual necessity, legitimate interests, legal obligations, and consent as applicable under GDPR and equivalent frameworks. The statement asserts that Adyen processes a broad range of personal data categories including identification data, financial and transaction data, device and behavioral data, and in limited contexts special categories of data such as biometric data for KYC purposes, with the terms authorizing sharing with financial institution partners, fraud prevention networks, government authorities, and third-party service providers globally. Notably, the policy discloses that Adyen processes data as both a data controller and a data processor depending on the service context, a distinction that materially affects which rights individuals may exercise directly against Adyen versus the merchant using Adyen's infrastructure. The document engages GDPR, UK GDPR, CCPA and California Privacy Rights Act, and regional frameworks across APAC and LATAM markets, with explicit acknowledgment of cross-border data transfer mechanisms including Standard Contractual Clauses for transfers outside the EEA. Material compliance considerations include the dual controller-processor role, the breadth of legitimate interests asserted as a processing basis, and the adequacy of consent mechanisms for cookie-based and behavioral data collection.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 1 provision

Special Category Data Processing for KYC Compare →

Adyen may collect and process sensitive data like biometric identifiers when verifying your identity for financial compliance purposes, either because the law requires it or because you have consented.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 7 provisions

Dual Controller and Processor Role Compare →

Adyen wears two hats: sometimes it decides how your data is used (controller), and sometimes it just processes your data on behalf of the business you bought from (processor). Which role applies determines where you should direct your privacy requests.

Added May 10, 2026 Standard Seen across 284 platforms
Legitimate Interests as Processing Basis Compare →

Adyen can process your personal data without your consent in certain cases where it believes its business reasons, like preventing fraud or improving its products, outweigh your privacy interests.

Added May 10, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers Compare →

Adyen moves your personal data to countries outside Europe, but it uses legal mechanisms like Standard Contractual Clauses to try to ensure your data is still protected.

Added May 10, 2026 Standard Seen across 284 platforms
Data Sharing with Fraud Prevention Networks and Government Authorities Compare →

Adyen can share your personal data with fraud-fighting agencies and with government bodies or law enforcement when required by law or to protect legal rights.

Added May 10, 2026 Standard Seen across 252 platforms
Cookie and Behavioral Tracking Compare →

Adyen uses cookies and tracking tools to record how you use its website and services, and some of this tracking is used for marketing. You can adjust your cookie settings through a preference tool on the site.

Added May 10, 2026 Standard Seen across 284 platforms
Data Retention Periods Compare →

Adyen keeps your personal data for as long as it needs to, based on its purposes and any legal requirements, rather than specifying fixed retention periods for most data types.

Added May 7, 2026 Standard Seen across 284 platforms
California Consumer Rights (CCPA/CPRA) Compare →

California residents have a specific set of privacy rights under state law, including the ability to see, delete, correct, and limit the use of their personal data, and can opt out of Adyen selling or sharing their data.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

Marketing Communications and Opt-Out Compare →

Adyen may send you marketing emails based on consent or legitimate interests, but you can unsubscribe at any time via a link in any marketing email or by emailing Adyen directly.

Added May 10, 2026 Standard Seen across 262 platforms

Monitoring

Adyen has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Automated Fraud Decision-Making and similar clauses.

Compare across platforms →