1. Member States shall permit processing of
personal data by payment systems and payment service providers when
necessary to safeguard the prevention, investigation and detection of
payment fraud. The provision of information to individuals about the
processing of personal data and the processing of such personal data and
any other processing of personal data for the purposes of this
Directive shall be carried out in accordance with Directive 95/46/EC,
the national rules which transpose Directive 95/46/EC and with
Regulation (EC) No 45/2001.
2. Payment service providers shall only access,
process and retain personal data necessary for the provision of their
payment services, with the explicit consent of the payment service user.