GDPR & data protection
How VINR processes personal data and your obligations.
VINR processes personal data on your behalf to settle payments, run billing, and power loyalty. This page explains who is responsible for what under the EU General Data Protection Regulation (GDPR), what data flows through the platform, and how to honor data subject requests. This page is informational and not legal advice; consult your compliance counsel for binding decisions.
Roles: controller vs. processorAsk
GDPR assigns obligations based on who decides why and how personal data is processed. For most data flowing through VINR, the relationship is split:
| Activity | Your role | VINR's role |
|---|---|---|
| Collecting customer details, deciding to sell, running marketing | Controller | — |
| Storing customers, processing payments, sending invoices | Controller | Processor |
| Loyalty enrollment and points balances | Controller | Processor |
| Fraud scoring, AML screening, regulatory reporting | Joint / independent | Controller (where legally required) |
You decide what data to collect and why; VINR processes it under your instructions, governed by the Data Processing Agreement. For a narrow set of activities — fraud prevention and statutory anti-money-laundering checks — VINR acts as an independent controller because the law, not your instructions, defines the purpose.
The practical takeaway: you own the lawful basis and the customer relationship. VINR is the engine, not the decision-maker, for everything except the regulatory duties it must perform in its own right.
Data we processAsk
VINR stores the minimum needed to operate the platform reliably and meet financial regulation. Personal data falls into these categories:
| Category | Examples | Why |
|---|---|---|
| Identity | name, email, phone | Customer records, receipts |
| Payment | card last 4, brand, billing country | Authorization, fraud, disputes |
| Transactional | amounts, timestamps, pay_ / inv_ IDs | Settlement, reporting |
| Loyalty | loy_ account, points balance, redemptions | Engagement programs |
| Technical | IP address, device fingerprint | Fraud scoring, 3DS |
Full card numbers (PAN) are never exposed to you — they are tokenized inside VINR's PCI-DSS environment. See PCI compliance for the cardholder data scope.
Data subject rightsAsk
When a customer exercises a right — access, erasure, portability, or objection — you act as controller and VINR helps you fulfill it. Each request is logged and emits a webhook so you can track completion.
Export a customer's data
Retrieve everything VINR holds for one customer as a portable bundle. This covers the right of access (Art. 15) and portability (Art. 20).
import { Vinr } from '@vinr/sdk';
const vinr = new Vinr({ secretKey: process.env.VINR_SECRET_KEY });
// Returns a signed, time-limited URL to a JSON export.
const job = await vinr.privacy.exports.create({
customer: 'cust_abc123',
include: ['customer', 'payments', 'invoices', 'loyalty'],
});
console.log(job.status); // "pending" -> "ready"
// Listen for privacy.export.ready to fetch job.downloadUrl.Erase a customer
Erasure (Art. 17) anonymizes identity and contact fields while retaining records VINR is legally required to keep — invoices and settlement data under tax and AML retention rules stay, but are decoupled from the person.
const result = await vinr.privacy.erasures.create({
customer: 'cust_abc123',
reason: 'data_subject_request',
});
// Fields like name/email are nulled; financial records are pseudonymized.
console.log(result.status); // "completed"Confirm completion via webhook
Both operations are asynchronous. Verify the callback and update your own records.
const event = vinr.webhooks.verify(payload, request.headers['x-vinr-signature']);
if (event.type === 'privacy.erasure.completed') {
// event.data.customer is now anonymized in VINR.
}Erasure is irreversible and may break links to active subscriptions. Cancel open sub_ and resolve open dp_ disputes first — VINR rejects erasure while a dispute is in progress, because the data is needed as evidence.
DPA & subprocessorsAsk
A signed Data Processing Agreement is in place for every live merchant; it is part of the VINR Terms and is countersigned automatically when you activate your account. The DPA covers processing scope, security measures, international transfer mechanisms (EU Standard Contractual Clauses), and audit rights.
VINR uses a vetted list of subprocessors — cloud hosting, card networks, and KYC providers — each bound by equivalent obligations. The current list and a subscription for change notifications live in the Trust Center. You receive at least 30 days' notice before a new subprocessor takes effect, during which you may object.
Personal data of EU subjects is stored in EU regions by default. Where a subprocessor operates outside the EEA, transfers rely on SCCs plus supplementary technical measures (encryption in transit and at rest).
Breach notificationAsk
If VINR detects a personal data breach affecting your customers, we notify you without undue delay — and within 72 hours of becoming aware where the breach is likely to affect your obligations under Art. 33. Notifications include the nature of the breach, categories and approximate volume of records, likely consequences, and the measures taken.
As controller, you are responsible for assessing whether the breach must be reported to your supervisory authority and, where the risk is high, to affected individuals. VINR provides the technical detail you need to make that assessment but does not file on your behalf. Keep your security and compliance contact current in account settings so alerts reach the right people.
Next stepsAsk
PCI compliance
How cardholder data is scoped and tokenized.
Trust Center & subprocessors
DPA, security, and the subprocessor list.
Customers API
The records that hold personal data.
Last updated on
