Solidgate offers a feature to import your existing customer data into your Solidgate account for a seamless transition. This ensures uninterrupted charging of your customers using their existing payment details.
Data migration
Switching to a new provider helps keep payments with your customers seamless, which is essential to maintaining their trust. Reasons for migration:
Initial setup
Properly configuring your Solidgate account is key to a successful migration and ensuring your system works efficiently after the transition.
- Begin by setting up a merchant account with Solidgate to access their services.
- Build a custom integration to connect your systems with Solidgate, ensuring all components communicate efficiently.
- Implement a checkout system that integrates seamlessly with Solidgate to handle transactions smoothly.
Planning your migration
Careful planning helps ensure that all payment details are moved smoothly without interruptions.
- Decide which payment details to migrate and determine the volume of customer records involved.
- Organize the migration schedule based on your existing processor’s capabilities, customer volume, and critical deadlines.
- Provide Solidgate with comprehensive details about your existing processing setup to facilitate a smooth transition.
Data transfer
Keeping your data safe and intact during the move keeps your customers’ trust and meets security standards.
- Strong encryption transforms sensitive data into unreadable formats that can only be decoded with the correct key, safeguarding customer information during transfer.
- Employ secure communication methods provided by Solidgate to maintain the integrity and security of data as it moves from your old system to the new one.
Executing the migration
This step is critical as it involves moving data and updating systems to ensure the new setup works well with your business.
- Finalize the integration with Solidgate and outline your data transfer strategy to Solidgate and your current processor.
- Coordinate the transfer method (e.g., SFTP) to securely move data to Solidgate, and adjust your systems accordingly after the transfer.
- Stay in close communication with Solidgate to monitor the data integration process and make necessary adjustments.
Post-migration
After moving, it is important to stabilize the new system, inform your customers about the changes to maintain their trust and explain the benefits of the new setup.
- Solidgate will provide tokens corresponding to transferred card details, facilitating ongoing payment processes without storing sensitive data.
- Subscriptions cannot be transferred and must be recreated in the Solidgate system using the newly provided tokens.
Handling data protection and privacy requests
Under GDPR (EU General Data Protection Regulation, available at the link) and other privacy laws, customers have the right to access, request erasure, and correct their personal data.
Merchants must respond to these requests within the specified timeframe. Solidgate provides support tools to facilitate compliance with these requests, including automated data retrieval and deletion capabilities.
Below you may find a high-level summary of the main GDPR provisions that apply to data subject’s requests to erase data, restrict processing, or object to processing, including the role of Solidgate in these processes.
Related provisions of GDPR
Please note that you must respond to your customers’ requests to exercise their rights laid down in the GDPR within one month, letting the individual know your decision, or giving reasons where you do not intend to comply with any such requests (Recital 59 of GDPR).
Your customers have the right to have their personal data erased (known as ‘right to be forgotten’) if:
- The personal data is no longer necessary for the purpose which you originally collected or processed it for.
- You are relying on consent as your lawful basis for holding the data, and the customer withdraws their consent.
- You are relying on legitimate interests as your basis for processing, the customer objects to the processing of their data, and there is no overriding legitimate interest to continue this processing.
- You are processing the personal data for direct marketing purposes and the customer objects to that processing.
- You have processed the personal data unlawfully (i.e., in breach of the lawfulness requirement of the 1st principle).
- You have to do it to comply with a legal obligation.
- You have processed the personal data to offer information society services to a child.
For more details, please refer to Recital 65 and Article 17 of GDPR, and the UK Information Commissioner Office (the UK ICO) guidelines available at the link.
Your customers have the right to restrict the processing of their personal data if:
- The customer contests the accuracy of their personal data, and you are verifying the accuracy of the data.
- The data has been unlawfully processed (i.e., in breach of the lawfulness requirement of the first principle of the UK GDPR) and the customer opposes erasure and requests restriction instead.
- You no longer need the personal data but the customer needs you to keep it in order to establish, exercise, or defend a legal claim.
- The customer has objected to you processing their data under Article 21(1), and you are considering whether your legitimate grounds override those of the individual.
For more details, please refer to Article 18 of GDPR, and the UK Information Commissioner Office guidelines available at the link.
Your customers have the right to object to the processing of their personal data if:
- You process their personal data for the purposes of direct marketing.
- You process their personal data for a task carried out in the public interest.
- You process their personal data to exercise of official authority vested in you.
- You process their personal data for your / third party’s legitimate interests, including profiling.
Please note, according to the guidelines of the UK ICO, ‘Individuals have an absolute right to stop their data being used for direct marketing’.
For more details, please refer to Article 21 of GDPR, and the UK Information Commissioner Office guidelines available at the link.
Solidgate aids in GDPR compliance support
As a payment data processor (a company processing customer data on your behalf and your instructions), Solidgate should assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights (art. 28(3)(e) of GDPR). In practice, this means that you are solely responsible for your compliance with the controller’s obligation to respond to requests for exercising the data subject’s rights. So, you are the one who is authorised to decide on how to respond to your customers’ data subject requests.
If you decide to delete your customer’s personal data and request us to act accordingly, Solidgate is obliged to delete the requested personal data from its databases, except for the cases when we are obliged to store such data to comply with the EU / EU Member’s laws.
However, it is worth mentioning that some data is needed to handle the refunds, chargebacks, or future payments (if any) for a particular customer. If you request us to delete all the personal data related to a customer, we will not be able to assist you with the processing of any further refunds, chargebacks, or other payments for this customer.
Additionally, please note that the rights to data erasure, restriction of processing, and objection to the processing of data are not absolute but are applicable only in the cases laid down in the GDPR.
For example, the right to erasure laid down in article 17 of the GDPR will most likely not be applicable if the processing of your customer’s personal data is necessary for the performance of a contract with your customer (the legal basis for processing envisaged by Art. 6(1)(b) of GDPR) and you lawfully process the data only to the extent and for no longer than is necessary for rendering services under your contract with a customer, and such services do not include information society services to a child. This usually covers the processing for services provision, payments acceptance, refunds initiation, other services-tied processing activities, including the data you share with Solidgate. On the contrary, this example will not cover the processing which is not strictly necessary for the performance of a contract (e.g., if you also process customer’s personal data for direct marketing, like sending newsletters; such processing should be covered by other legal bases).