WTSS may collect, store, transfer and use the clients’ and personal data and group them as:
• Contact Data: billing address, delivery address, email address and phone numbers;
• Financial Data: bank account, payment details and source of funds;
• Identity Data: first name, maiden name, last name, username, title and date of birth;
• Transaction Data: payment details, product details, and transaction details;
• Usage Data: information about the user of the products and services and
• Profile Data: transactions, preferences, username, and password
A record of correspondence (including emails and letters) between WTSS and the Financial institution consuming the service may also be kept.
Regular usage of the portal (i.e. WTSS executing verifications from our owned account) where the customer uses the portal to investigate incidents/journeys needs the following data:
element | Mandatory | Reason |
---|---|---|
2FA key hash | Yes | Hash of 2FA key for second level authentication |
API Key hash | No | Needed for machine to machine integration |
Company | Yes | Account email restriction to depict FI |
Country | Yes | Language selection |
Department | Yes | Account email restriction (when applicable) to depict department within FI |
Email address | Yes | Account verification and main channel for contact |
Language | Yes | Language selection |
Name | Yes | Addressing of emails |
Mobile number | No | Only needed for SMS verification |
Password hash | Yes | Hash of password for first-level authentication |
Generally, data sent and received on a portal containing transaction and/or account data originates and belongs to WTSS (and/or WTSS affiliated parties).
WTSS categorises this data as restricted and explicitly makes it available for the portal users to see and use to investigate possible issues.
We can receive PI information for our PSD2-related (contracted) interfaces. However, this is always directly encrypted by a public key created and shared by the data owner.
Once encrypted, no one from WTSS can access that data; only the private key holder can decrypt it.