Payment data

Import the existing customer data into Solidgate accounts with a smooth transition

Solidgate offers a feature to import your existing customer data into your Solidgate account for a seamless transition. This ensures uninterrupted charging of your customers using their existing payment details.

Data migration

Switching to a new provider helps keep payments with your customers seamless, which is essential to maintaining their trust. Reasons for migration:

Competitive processing fees

If your current processor has not scaled fees to match your growing transaction volumes, Solidgate’s favourable terms become an attractive alternative.

Modern platform needs

Switch from outdated payment platforms that no longer support your evolving business requirements, particularly when they lack essential features and logical capabilities.

Industry consolidations

Consider moving to Solidgate if your current processor is involved in mergers or acquisitions that could destabilize your service continuity.

Initial setup

Properly configuring your Solidgate account is key to a successful migration and ensuring your system works efficiently after the transition.

Begin by setting up a merchant account with Solidgate to access their services.
Build a custom integration to connect your systems with Solidgate, ensuring all components communicate efficiently.
Implement a checkout system that integrates seamlessly with Solidgate to handle transactions smoothly.

Plan your migration

Careful planning helps ensure that all payment details are moved smoothly without interruptions.

Decide which payment details to migrate and determine the volume of customer records involved.
Organize the migration schedule based on your existing processor’s capabilities, customer volume, and critical deadlines.
Provide Solidgate with comprehensive details about your existing processing setup to ensure a smooth transition.

Data transfer

Keeping your data safe and intact during the move keeps your customers’ trust and meets security standards.

Strong encryption transforms sensitive data into unreadable formats that can only be decoded with the correct key, safeguarding customer information during transfer.
Employ secure communication methods provided by Solidgate to maintain the integrity and security of data as it moves from your old system to the new one.

Execute migration

This step is critical as it involves moving data and updating systems to ensure the new setup works well with your business.

Finalize the integration with Solidgate and outline your data transfer strategy to Solidgate and your current processor.
Coordinate the transfer method like SFTP to securely move data to Solidgate, and adjust your systems accordingly after the transfer.
Stay in close communication with Solidgate to monitor the data integration process and make necessary adjustments.

Post-migration

After moving, it is important to stabilize the new system. Inform your customers about the changes to maintain their trust and explain the benefits of the new setup.

Solidgate provides tokens corresponding to transferred card details, enabling ongoing payment processes without storing sensitive data.
Subscriptions cannot be transferred and must be recreated in the Solidgate system using the newly provided tokens.

Communicate openly with your customers about the changes to maintain transparency and trust.

Handle data protection and privacy requests

Under EU General Data Protection Regulation ( GDPR Reference ) and other privacy laws, customers have the right to access, request erasure, and correct their personal data.

Merchants must respond to these requests within the specified timeframe. Solidgate provides support tools for compliance with these requests, including automated data retrieval and deletion capabilities.

Below you may find a high-level summary of the main GDPR provisions. They apply to data subject requests to erase data, restrict processing, or object to processing, including the role of Solidgate in these processes.

Please note that you must respond to your customers’ GDPR-related requests within one month. You must inform the individual of your decision or explain why the request cannot be fulfilled (Recital 59 of the GDPR).

Right to Erasure

Your customers have the right to have their personal data erased (known as ‘right to be forgotten’) if:

The personal data is no longer necessary for the purpose which you originally collected or processed it for.
You are relying on consent as your lawful basis for holding the data, and the customer withdraws their consent.
You are relying on legitimate interests as your basis for processing, the customer objects to the processing of their data, and there is no overriding legitimate interest to continue this processing.
You are processing the personal data for direct marketing purposes and the customer objects to that processing.
You have processed personal data unlawfully, meaning in breach of the lawfulness requirement of the first principle.
You have to do it to comply with a legal obligation.
You have processed the personal data to offer information society services to a child.

For more details, please refer to Recital 65 and Article 17 of GDPR, and the UK Information Commissioner Office ( UK ICO Reference ).

Right to Restriction

Your customers have the right to restrict the processing of their personal data if:

The customer contests the accuracy of their personal data, and you are verifying the accuracy of the data.
The data has been unlawfully processed, meaning it breaches the lawfulness requirement of the first principle of the UK GDPR. The customer opposes erasure and requests restriction instead.
You no longer need the personal data but the customer needs you to keep it to establish, exercise, or defend a legal claim.
The customer has objected to you processing their data under Article 21(1), and you are considering whether your legitimate grounds override those of the individual.

For more details, please refer to Article 18 of GDPR, and the UK Information Commissioner Office ( UK ICO Reference ).

Right to Object

Your customers have the right to object to the processing of their personal data if:

You process their personal data for the purposes of direct marketing.
You process their personal data for a task carried out in the public interest.
You process their personal data to exercise of official authority vested in you.
You process their personal data for your / third party’s legitimate interests, including profiling.

Please note, according to the guidelines of the UK ICO, ‘Individuals have an absolute right to stop their data being used for direct marketing’.

For more details, please refer to Article 21 of GDPR, and the UK Information Commissioner Office ( UK ICO Reference ).

As a payment data processor, processing customer data on your behalf and under your instructions, Solidgate should assist you with technical and organisational measures. This applies only where possible and supports the controller’s obligation to respond to data subject requests under Article 28(3)(e) of the GDPR.

In practice, this means that you are solely responsible for compliance with the controller’s obligation to respond to data subject rights. So, you are the one who is authorized to decide on how to respond to your customers’ data subject requests.

If you decide to delete your customer’s personal data and request us to act accordingly, Solidgate is obliged to delete it from its databases. This does not apply when Solidgate is obliged to store the data to comply with EU or EU Member State laws.

However, some data is needed to handle refunds, chargebacks, or future payments (if any) for a particular customer. If you request us to delete all personal data for a customer, Solidgate cannot be able to support further refunds, chargebacks, or payments.

Additionally, the rights to data erasure, restriction of processing, and objection are not absolute rights. They apply only in the cases specifically laid down in the GDPR.

The right to erasure under Article 17 of the GDPR usually does not apply if processing is necessary to perform a contract with the customer. This legal basis for processing is set out in Article 6(1)(b) of the GDPR.

You must lawfully process the data only to the extent and duration needed to provide services under the contract with your customer. This does not include information society services provided to a child.

This usually covers processing for service provision, payment acceptance, refund initiation, and other contract-related activities, including data shared with Solidgate. However, this does not cover processing that is not strictly necessary to perform the contract. For example, if you process customer data for direct marketing, such as sending newsletters, this processing requires a different legal basis.

The information on this page does not, and is not intended to, constitute legal advice. All information, content, and materials here are for general informational purposes only. It is strongly recommended to consult legal counsel or a data protection officer before responding to customer requests. A correct decision should always be based on careful analysis of business processes and personal data flows. Therefore, it cannot rely on general overviews like this one.

Looking for help? Contact us

Stay informed with Changelog