Privacy policy for the epay services

Privacy policy for users of our services.

Payment merchant

We would like to inform you about the protection of your privacy, data protection and informational self-determination when using our services as follows:

1. Who we are?

Responsible for the website at in accordance with Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is

transact Elektronische Zahlungssysteme GmbH
Managing Directors Marc Ehler, Dr. Markus Landrock, Martin Croot
82152 Martinsried

Phone +49 (0)89 899 64 3 0
Fax +49 (0)89 899 64 3 21

(for further details, please refer to the legal notice).


2. Who is responsible for data protection?

All our employees are responsible for data protection. In addition, we have appointed a data protection officer who can be contacted as follows:

transact Elektronische Zahlungssysteme GmbH

The data protection officer

Yago Amat Martínez
Fraunhoferstr. 10
82152 Martinsried
Phone: +49 89 899643-292


Euronet Worldwide

The Corporate Privacy Officer

Yago Amat Martínez
Phone: +34 912868-268

Euronet Payment Serviced LTD
Sucursal España
Calle Cantabria 2
28120 Alcobendas (Madrid)


3. Rights of the persons concerned

As a data subject, you are entitled to various rights under the GDPR, arising in particular from Articles 15 to 18 and 21 of the GDPR:

  • Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: you have the right to revoke any consent given at any time.
  • Right to information: you have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: you have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
  • Right to erasure and restriction of processing: in accordance with the legal requirements, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to demand restriction of the processing of the data.
  • Right to data portability: you have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transfer to another controller.
  • Complaint to supervisory authority: you also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you may lodge a complaint with the supervisory authority.

In Bavaria :
Bavarian State Office for Data Protection Supervision
Tel.: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
P.O. Box 1349 | 91504 Ansbach, Germany


4. Information on the collection of personal data

(1) Contacting us

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information provided by the inquiring person is processed to the extent necessary to respond to the contact requests and any requested measures.

The response to the contact inquiries in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).
  • Data subjects
  • Purposes of processing: contact requests and communication.
  • Legal bases: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

5. Collection of personal data when visiting our services:

Payment merchant

Description of the processing of personal data:

In the case of credit card acceptance, the following personal data is processed:

  • The name and address of the company and the names and addresses of authorized representatives and beneficial owners are recorded and stored in our IT systems.
  • For payment transactions, the name (often abbreviated) and industry of your company are transmitted via the card organizations to the card-issuing institutions (issuers) to appear on cardholder sales summaries.

Purpose of processing:

To fulfill our obligations to verify your company under money laundering law and to document our business relationship.

  • Obtaining authorizations for card payments
  • Settlement of purchase amounts with card-issuing banks
  • Paying out the transaction amounts to the merchant and preparing statements of account

Categories of data processed:

Merchant data including address (registered office and additional branches, if any), contact details (telephone numbers, e-mail addresses, website, etc.), contact details of contact persons (telephone number, e-mail address)

  • Business activity data (goods/services offered)
  • Payment data in electronic payment transactions (data of payment cards used and corresponding amounts)
  • Bank details for payments

Data subjects: Merchants, customers

Legal basis:

  • Article 6(1) Lit a DSGVO (data processing based on your consent for one or more specific purposes).
  • Article 6 paragraph 1 lit b DSGVO (data processing for the purpose of the contract)
  • Article 6 (1) lit c DSGVO (fulfillment of a legal obligation, when implementing regulatory requirements)
  • Article 6 paragraph 1 lit f DSGVO (safeguarding legitimate interests, for example, in the case of fraud prevention requests).

Data deletion and storage period:

Your data will be stored by us in accordance with the requirements of the German Fiscal Code (AO) and the German Commercial Code (HGB), as well as for the execution of the contract and assertion of claims under civil law, and will be deleted automatically after the expiry of the respective periods.

Recipients or categories of recipients:

  • Creditreform (for verification under money laundering law).
  • Credit card organizations and card-issuing banks
  • Cardholder (brief description of the company for credit card billing)

Services Used and Service Providers:

We use an external service provider, Creditreform (Verband der Vereine Creditreform e. V.), to fulfill our obligation under money laundering law to verify the identity of the merchant and to carry out other searches required by law.