Management of internal payment service solution

L'Université de Namur a mis en place un service de paiement électronique interne pour pouvoir effectuer des paiements pour des services payants.  

Cette solution permet aux utilisateurs de ce service de charger de la monnaie sur son compte électronique pour payer certains services disponibles à l'Université de Namur (photocopies, impressions ...) via une borne de chargement, une application en ligne.

For the purposes of this activity, the University of Namur processes data in the following categories:

• General identification data [category grouping the following type of data: surname, first name, postal address, e-mail addresses, copy of identity card, passport photograph, telephone number ...]
• Identifiers assigned by UNamur [category grouping the following type of data: student number, internal matricule number, eID for access to internal resources, access card identifiers, student card number ...]
• Banking and financial data of individuals [category grouping the following type of data: bank account number, IBAN code, VAT details ...]
• Payment data [category grouping the following type of data: transaction data, amount, payment date, debtor, creditor, transaction purpose ...]
• Authentication data [category grouping the following type of data: log in, passwords, password modification date, token ...]
• Data related to IT resources [category grouping the following type of data: data related to user accounts, electronic communications, use of applications and software, use of storage tools in the IT resources made available ...]
• Connection and logging data [category grouping the following type of data: dates and times of connection, type of operation performed, user ID, IP addresses, type of data accessed ...]
• Data relating to an IT incident [category grouping the following type of data: data related to incidents linked to the use of IT resources, date and time of incident, nature of incident, imputability ...]
• Data relating to user category [category grouping the following type of data: staff member, student, external ..]
• Access card data [category grouping the following type of data: card number, expiry date....]

This data is used to:

• Manage user accounts specific to the payment solution
• Manage the use of the payment solution
• Manage refunds of unused balances
• Manage IT support in connection with the use of the payment solution

The University of Namur is entrusted with missions of public interest in teaching, research and services to the community. For the purposes of carrying out these missions, the University of Namur processes the data of members of all staff and students, as well as external persons who request it (Article 6, (1), e) of the RGPD) to allow access to the paid services offered by the University.

The categories of people whose data are processed for the purposes of the business are as follows:

• Staff members
• Registered students
• External recipients of university resources

The data included in the processing activity comes from the following source(s):

• The data is included in a University database
• The data is generated by an activity of the person

Data are processed solely by University individuals and departments for the purposes of carrying out the activity. Internal data recipients mainly belong to the following categories:

• Staff of the University's administrative services
• Staff of IT support services

External data recipients belong to the following categories:

• Accounting and financial bodies
• External service providers

The solution is hosted on behalf of UNamur by the service provider Xafax Belgium on European territory, with access to services in the form of a webservice (MyNetPay).

In order to recharge accounts, data relating to payments and transactions may be supplied to payment service providers, Worldine for recharges via physical recharging terminals and Mollie for online recharges via the user account. Other online account top-up modalities involve the provision of data to third-party providers by the user (payment via Bancontact involving a redirection to the Bancontact application) or to a bank interface (currently Belfius).

The data linked to the user account specific to the payment solution is kept for as long as this account is active. This account is deleted one year after the user has been deactivated as a beneficiary of access to paid services (for example, when they cease to be a reader of UNamur libraries or a student). The account balance is retained if it is not at zero to allow the balance to be reimbursed (maximum one year after account deactivation).

Persons affected by data processing have rights, which are described on the www.unamur.be/fr/vie-privee page. Any requests or questions relating to the Accounts can be addressed to support.bibliotheques@unamur.be.