Privacy policy

Privacy policy for visitors to our website.

We would like to inform you about the protection of your privacy, data protection and informational self-determination when using our website at www.epay.de as follows:

 

1. Who are we?

Responsible for the website at www.epay.de is pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR)

transact Elektronische Zahlungssysteme GmbH
Head of the company Marc Ehler, Dr. Markus Landrock, Martin Croot
Fraunhoferstr.
82152 Martinsried

Phone. +49 (0)89 899 64 3 0
E‑mail: info@epay.de

(for more information see our legal notice).

 

2. Who is responsible for data protection?

All our employees take care of the topic of data protection. In addition, we have appointed a data protection officer, which you can contact as follows:

transact Elektronische Zahlungssysteme GmbH

The Data Protection Supervisor

Yago Amat Martinez
Fraunhoferstr. 10
82152 Martinsried
E‑mail DPO_DE@epayworldwide.com
Phone: +49 89 899643-292
Euronet Worldwide

The Group Data Protection Officer:

Yago Amat Martinez

Email: yamat@euronetworldwide.com

Phone: +34 912.868.268

Euronet Payment Serviced LTD,

Sucursal Spain

Calle Cantabria 2 | 28120 Alcobendas (Madrid)

 

3. Your rights

You have the following rights with respect to your personal data:

  • Right to information,
  • right to rectification or erasure,
  • right to restrict processing,
  • Right to object to the processing,
  • right to data portability.

 

4. Collection of personal data when visiting our website

When you use our website in an informative way, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to show you our website, to ensure stability and security, as well as the statistical analysis (legal basis is Art. 6 sec. 1 p. 1 lit. f GDPR):

  • IP address,
  • the date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access Status/HTTP Status Code
  • amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

 

5. Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only in accordance with the legal requirements.

Subject to express consent or contractual or legally required transmission, we process or have the data processed only in third countries with a recognised level of data protection, or on the basis of special guarantees, such as contractual obligation by so-called standard safeguard clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

 

6. Use of cookies

Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user’s computer. A cookie is primarily used to store the information about a user during or after his visit within an online offer. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored on the basis of pseudonymous online identifiers, also known as “user IDs”)

The following types of cookies and functions are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
  • Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Similarly, the interests of users used for range measurement or marketing purposes may be stored in such a cookie.
  • First-party cookies: First-party cookies are set by us.
  • Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) cookies: On the one hand, cookies may be strictly necessary for the operation of a website (e.g. to store logins or other user entries or for reasons of security).
  • Statistics, marketing and personalization cookies: In addition, cookies are usually also used in the context of range measurement and when the interests of a user or his behaviour (e.g. viewing certain content, benefits of functions, etc.) are stored on individual websites in a user profile. Such profiles are used to display to users, for example, content that corresponds to their potential interests. This procedure is also referred to as “tracking”, i.e. tracking the potential interests of users. . Insofar as we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed by cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary, in order to fulfil our contractual obligations.

General notices on revocation and opposition (opt-out):Depending on whether the processing is based on consent or legal permission, you have the possibility at any time to revoke a given consent or to object to the processing of your data by cookie technologies (collectively, “opt-out”). You can first declare your objection by means of the settings of your browser, e.g. by disabling the use of cookies (whereby this may also limit the functionality of our online offer.

Processing of cookie data on the basis of consent: Before we process or have data processed in the context of the use of cookies, we ask the users for a revocable consent at any time. Until consent has been given, cookies that are necessary for the operation of our online offer will be used. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.

  • Types of data processed:usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons:users (e.g. website visitors, users of online services).
  • Legal bases:Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

7. Rights of data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

  • Right to object: For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is subject to Article 6(4) of the Year. 1 lit. e or f GDPR to object; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing.
  • Right of withdrawal in case of consent: You have the right to revoke consents given at any time.
  • Right of access: You have the right to request confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copy of the data in accordance with the legal requirements.
  • Right to correction: In accordance with the law, you have the right to request the completion of the data concerning you or the correction of the inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right to request that you delete data concerning you immediately or alternatively to demand a restriction of the processing of the data in accordance with the legal requirements.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request their transmission to another controller.
  • Complaint to supervisory authority: You also have the right, in accordance with the legal requirements, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, workplace or place of alleged infringement, if you believe that the processing of personal data concerning you is in breach of the GDPR.

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority.

In Bavaria:
Bavarian State Office for Data Protection Supervision
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E‑mail: poststelle@lda.bayern.de
P.O. Box 1349 | 91504 Ansbach

 

8. Information on the collection of personal data

(1) Contacting

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information of the requesting persons will be processed, insofar as this is necessary to answer the contact requests and any necessary measures requested.

The answer to contact requests in the context of contractual or pre-contractual relationships is to fulfil our contractual obligations or to answer (pre)contractual enquiries and, in addition, on the basis of the legitimate interests in answering the enquiries.

  • Types of data processed: Inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).
  • Persons affected:
  • Purposes of processing: Contact requests and communication.
  • Legal bases: Performance of contracts and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

(2) Provision of the online offer and web hosting

In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance.

The data processed in the context of the provision of the hosting offer may include all information concerning the users of our online offer that is incurred in the context of use and communication. This regularly includes the IP address necessary to deliver the contents of online offers to browsers and all entries made within our online offer or from websites.

Captcha: We include the “Captcha” function for the detection of bots, e.g. when entering online forms. The user’s behavioral information (e.g. mouse movements or queries) is evaluated in order to distinguish people from bots.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.

  • Types of data processed: Content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Persons affected: users (e.g. website visitors, users of online services).
  • Legal bases: Eligible interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Services and service providers used:

(3) Commercial communication via e-mail, post, fax or telephone

We process personal data for advertising purposes, which can be carried out via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.

Recipients have the right to revoke consents given at any time or to object to the commercial communication at any time.

After revocation or opposition, we may store the data required to prove our consent for up to three years on the basis of our legitimate interests before we delete it. The processing of this data is limited to the purpose of a possible defense of claims. An individual request for cancellation is possible at any time, provided that the former existence of a consent is confirmed at the same time.

  • Types of data processed: Inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers).
  • Persons affected:
  • Purposes of processing: Direct marketing (e.g. by e-mail or postal).
  • Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

(4) Newsletter and broad communication

We only send newsletters, e-mails and other electronic notifications (hereinafter “Newsletter”) with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. For the rest, our newsletters contain information about our services and us.

In order to subscribe to our newsletters, it is always sufficient if you provide your e-mail address. However, we may ask you to provide a name for personal address in the newsletter, or other information if required for the purposes of the newsletter.

Double opt-in procedure: The registration for our newsletter is basically done in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation time as well as the IP address. The changes to your data stored by the shipping service provider will also be logged.

Deletion and restriction of processing: We may store the e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense of claims. An individual request for cancellation is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a block list (so-called “blacklist”) for this purpose alone.

The registration procedure is logged on the basis of our legitimate interests for the purpose of proving its proper conduct. Insofar as we commission a service provider to send e-mails, this is based on our legitimate interests in an efficient and secure shipping system.

Notes on legal bases: The newsletters are sent on the basis of the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was conducted in accordance with the law.

Content: Information about us, our services, promotions and offers.

  • Types of data processed: Inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).
  • Persons affected:
  • Purposes of processing: Direct marketing (e.g. by e-mail or postal).
  • Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).
  • Possibility of opposition (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consents or object to further receipt. You can either find a link to cancel the newsletter at the end of each newsletter or otherwise use one of the above-mentioned contact options, preferably e-mail.

    (5) Web analysis and optimization

    The web analysis (also referred to as “range measurement”) is used to evaluate the visitor flows of our online offer and may include behaviour, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, identify at what time our online offer or its functions or contents are used most often or invite to reuse. We can also understand which areas require optimization.

    In addition to web analysis, we can also use test methods to test and optimize different versions of our online offer or its components, for example.

    For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar methods can be used for the same purpose. This information may include, for example, content viewed, websites visited and elements and technical information used there, such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed depending on the provider.

    The IP addresses of the users are also stored. However, we use an IP masking method (i.e., pseudonymization by shortening the IP address) to protect users. In general, the web analysis, A/B testing and optimization do not store clear user data (such as e-mail addresses or names), but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

    Notes on legal bases: If we ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

    • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
    • Persons affected: users (e.g. website visitors, users of online services).
    • Purposes of processing: Range measurement (e.g. access statistics, detection of returning visitors), tracking (e.g. interest/behavioural profiling, use of cookies), visit action evaluation, profiling (creating user profiles).
    • Security measures: IP masking (pseudonymization of the IP address).
    • Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

    Services and service providers used:

    • Matomo:The information generated by the cookie about your use of this website is only stored on our server and will not be passed on to third parties; Service provider: web analysis/range measurement in self-hosting; Deletion of data: Cookies have a maximum storage period of 13 months; Possibility of appeal (opt-out): Users can object to matomo’s processing of their data at any time with effect for the future. In this case, an opt-out cookie is stored in your browser, which means that Matomo no longer collects session data. However, if users delete their cookies, the opt-out cookie is also deleted and therefore has to be reactivated by the users.

    (6) Presences on social networks

    We maintain online presences within social networks and process users’ data in this context in order to communicate with the users active there or to offer information about us.

    We would like to point out that users’ data can be processed outside the European Union. This can create risks for users, as this could, for example, make it more difficult to enforce users’ rights. With regard to US providers, we would like to point out that they are committed to complying with EU data protection standards.

    Furthermore, users’ data within social networks are usually processed for market research and advertising purposes. For example, user profiles can be created based on the user behaviour and the resulting interests of the users. The user profiles can in turn be used to display advertisements inside and outside the networks, for example, which presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the user’s usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

    For a detailed description of the respective processing methods and the opt-out, we refer to the data protection declarations and information of the operators of the respective networks.

    We would also like to point out that these can be asserted most effectively by the providers in the case of requests for information and the assertion of data subjects’ rights. Only the providers have access to the data of the users and can take direct action and provide information. If you still need help, you can contact us.

    • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
    • Persons affected: users (e.g. website visitors, users of online services).
    • Purposes of processing: Contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, range measurement (e.g. access statistics, detection of returning visitors).
    • Legal bases: Eligible interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

    Services and service providers used:

    (7) Plugins and embedded functions as well as content

    We incorporate functional and content elements from the servers of their respective providers (hereinafter referred to as “Third Parties”) in our online offering. These may include graphics, videos, social media buttons, and posts (hereinafter referred to as “Content”).

    The integration always presupposes that the third parties of this content process the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content or functions. We make every effort to use only those content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, websites to be referenced, the time of visit as well as other information on the use of our online offer, as well as to be linked to such information from other sources.

    Notes on legal bases: If we ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

    • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).
    • Persons affected: users (e.g. website visitors, users of online services).
    • Purposes of processing: Providing our online offer and user-friendliness, contractual services and services, security measures, management and response of enquiries.
    • Legal bases: Eligible interests (Art. 6 sec. 1 p. 1 lit. f. GDPR), consent (Art. 6 sec. 1 p. 1 lit. a GDPR), performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR).

    (8) Customer-recruit-customer program

    We process personal data for the purpose of acquiring new customers, which can be done via various channels, e.g. e-mail, telephone, in accordance with legal requirements.
    The recipients have the right to revoke consent given at any time or to object to the promotional communication at any time.
    After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data will be limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

    • Types of data processed: Contact details, e-mail, telephone.
    • Data subjects: Users of the program
    • Purposes of processing: new customer acquisition
    • Legal basis: Art. 6 lit. A, B DSGVO