Last update 6/09/2018

7. Data Controller privacy policy request

Based on GDPR article 12, 13 & 14, a Data Controller has the obligation to inform its end-customers about the future processing of their personal data. Such information should be made specific based on the type of personal data to be filled-in for a specific transaction (e.g.: selected payment method, controller/processor, acquirer, fraud). The result should be available and visible at the moment of the data collection and the cardholder should be offered with a printable and downloadable version of it.

NOTE:
Barclaycard / Smartpay i act as Data Controller for our Fraud Expert and Alternative Payments products and services.

Per the GDPR policy, you need to display the information to your customer before they validate their transaction. This information should ideally be displayed on the same page as where your customer fills in their card/account credentials.

The below privacy policy request allows you to retrieve all the information you need to display to your customer about our services in order to be compliant with the GDPR regulation.

7.1 Query request

7.1.1 Request URL

• The request URL in the TEST environment is https://mdepayments.epdq.co.uk/ncol/test/privacy-policy.asp

• The request URL in the PRODUCTION environment is https://payments.epdq.co.uk/ncol/prod/privacy-policy.asp
Change "test" to "prod"
Replace “test” with “prod” in the request URL when you switch to your production account.

7.1.2 Request-parameters

The following table contains the mandatory request parameters to be sent to your customer regarding the usage of their privacy information:

Field  Format
Description
USERID  String Your API-user
PSWD  String Your API-user password
PSPID
 String Your account’s PSPID
BRAND  String (e.g. Visa) Optional: Payment method brand
You can send this field multiple times to get the result of several brands at once.
• Sending no brand is the same as sending all your active brands.
• Empty/wrong formatted brands are ignored. 
LANGUAGE  ISO 639-1: Two-letter codes (e.g. FR)  Optional: The language in which you want to retrieve the text.
If not provided, the text will be returned into the merchant configured language.

7.1.3 Test-page

You can test direct query requests here: https://mdepayments.epdq.co.uk/ncol/test/privacy-policy.asp

7.2 Query response

The following is a list of XML elements and the returned XML responses examples for different outcomes.

Name  Format Description
Response
Complex Root node, always present
Response.Status
String, possible values : Success, SuccessWithWarnings, Error
Always present
Response.Body
Complex
Present only when Response.Status = Success or SuccessWithWarnings
Response.Body.Html
String / html
Empty if Response.Status = SuccessWithWarnings & Response.Warnings.Warning.Code = NoContent
Response.Errors
Complex
Present only when Response.Status = Error
Response.Errors.Error
Complex
Can occur multiple times inside an <Errors> node
Response.Warnings
Complex
Present only when Response.Status = SuccessWithWarnings or Error
Response.Warnings.Warning Complex
Occurs multiple times inside a <Warnings> node
Response.Errors.Error.Code
Response.Warnings.Warning.Code
String, possible values :
•Inside an <Error> node : Unauthorized, InternalServerError
•Inside a <Warning> node : NoContent

Always present in an <Error> or <Warning> node
Response.Errors.Error.Message
Response.Warnings.Warning.Message 
String
Optional

If you face Response.Status=Error, please refer to the Response.Errors.Error to fix it.
The following are two successful examples:

1. Example of an XML response for success with warnings. This example displays if no privacy information needs to be disclosed to the customer. 

<?xml version="1.0" encoding="utf-8"?>
 <Response>
    <Status>SuccessWithWarnings</Status>
    <Warnings>
        <Warning>
            <Code>NoContent</Code>
        </Warning>
    </Warnings>
    <Body>
        <Html/>
    </Body>
 </Response>

2. Example of an XML response for success with content. The example shows a 2 section display.

<?xml version="1.0" encoding="utf-8"?>
<Response>
    <Status>Success</Status>
    <Body>
        <Html><![CDATA[<ul><li><h2>Title 1</h2><p>Content 1</p></li><li><h2>Title 2 (VISA, American Express)</h2><p>Content 2</p></li></ul>]]></Html>
    </Body>
</Response>

*Call Charges: The following is a guide to call charge information from Business landlines within the UK.

Barclaycard is a trading name of Barclays Bank PLC. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register number: 122702). Registered in England. Registered No. 1026167. Registered office: 1 Churchill Place, London E14 5HP

Barclays Bank PLC subscribes to the Lending Code which is monitored and enforced by the Lending Standards Board. Further details can be found at www.lendingstandardsboard.org.uk escape arrow


© Barclaycard 2016