9 Confidentiality, Privacy and Compliance


All information relating to the Merchant or to Adyen and designated as being confidential, and all information not expressly designated as confidential but which should reasonably be deemed confidential by reason of its nature or content, is considered "Confidential Information". Each party remains the owner of all data made available to the other party. Merchant acknowledges that the terms of the Merchant Agreement and any information provided by Adyen on its Services (including communications from Adyen's support functions) are Confidential Information.

 Each party undertakes to take all necessary steps to protect the confidential nature of all Confidential Information of the other party, agreeing, in particular:

  • to share Confidential Information solely with personnel and representatives of the parties which have a need to have access to such information in order to exercise rights and obligations under the Merchant Agreement; and
  • to refrain from making any Confidential Information available to any third party without the prior written consent of the other party except for Adyen where necessary to perform the Services.


The obligation to maintain confidentiality does not apply to information:

  • available to the general public;
  • disclosed to one of the parties by a third party without any obligation of confidentiality;
  • already in the possession of or known to one of the parties at the time of disclosure;
  • developed independently of the Confidential Information by the other party; or
  • if and to the extent to one of the parties and/or their employees are obliged under an act or by decision of a court or administrative authority to disclose such information.

The obligation of confidentiality as described in this clause shall remain in effect also following the termination of the Merchant Agreement, regardless of the grounds for termination.

The following data is to be considered confidential, without need for special mention:

  • all financial data;
  • any agreed Merchant specific terms and conditions in the Merchant Agreement, if applicable; and
  • all user manuals, guides and any Software relating to Adyen's products and services.


Where Adyen processes personal data while performing the Services they will act as data processor under the direction and responsibility of the Merchant in accordance with EU Privacy Directive 95/46 and any successor (including EU Privacy Regulation 2016/679) and applicable Dutch privacy laws. Merchant will comply with the personal data protection laws of the Merchant's country of origin and of those countries in which the Merchant offers its goods and/or services from time to time, in particular when processing and sending personal data to Adyen in the context of using the Services and submitting transactions. Both Adyen and Merchant shall implement appropriate technical and organisational measures to protect personal data against misuse.


The Merchant's use of the Hosted Payment Page is PCI compliant under Adyen's PCI DSS certification for the Hosted Payment Pages subject to Merchant complying to these Adyen Terms and Conditions.