This Privacy Statement explains how Worldline collects, uses and discloses (hereinafter referred to together as “processes”) personal user data (hereinafter “Personal Data”) of visitors to this website (hereinafter “User”), and the means by which this is done. The Privacy Statement also describes how Worldline safeguards the confidentiality of the Personal Data processed.

If you are one of our customers, merchants, or suppliers, our contract with you will contain further information on how we use your data.

If you are a consumer, we recommend that you also read the privacy notice of the merchant with which you did business to understand how they process your Personal data.

The Website may contain links to other third-party websites (for instance, for registration purpose to events organized by third parties).  If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data.  Please check these policies before you submit any personal data to such third-party websites.  

 This Privacy Notice is intended to explain our privacy practices and covers the following below areas:

  1. Information we may collect about you; 
  2. Uses of your personal data; 
  3. Transmission, storage and security of your personal data; 
  4. Your rights and how to contact us; 
  5. Our Cookie Notice; 
  6. Changes to this Privacy Notice and the Cookie Notice: 

1. Information we may collect about you

We will collect and process all or some of the following personal data about you:

  • Information you provide to us personal data that you provide to us such as when you complete a form on our Website, including but not limited to, your name, email address, phone number, country and company (and/or the industry your work in). We may also process information on your education and work experience in connection with a job opening at WORLDLINE for which you wish to be considered. You may also provide us with your contact details, address and bank details to enable us to perform a contract you have entered into with us or to make payments to you in relation to goods or services you provide to us; 
  • Correspondence and other communications if you contact us by telephone, letter or by email, we will typically keep a record of that correspondence or communication;
  • Survey information and feedback, we may also ask you to complete surveys that we use for research purposes or to provide feedback that we use to develop and improve our product and service offering.  In such circumstances we shall collect the information provided in the completed survey/feedback request;
  • Website and communication usage details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, browser language, access time, traffic data, location data, web logs, movements on the website, referring web site addresses and other communication data.  We may also collect information about the pages you view within the Website and other actions you take while visiting us. In addition, we may also use such technologies to determine whether you’ve opened an e-mail or clicked on a link contained in an e-mail.
  • Information from third parties we may also be provided with your information from other sources, for example from our affiliate companies or business partners in relation to business opportunities or from search engines, credit reference companies or government agencies, in relation to our due diligence processes.
     

2. Uses of your personal data

In this section, we set out the purposes for which we use personal data that we collect and hold and, in compliance with our obligations, especially under European privacy law, identify the “legal grounds” on which we rely to process the information.

We use your Personal data only when we have a valid legal basis to do so. Depending on the circumstance, we may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your Personal data where we believe it is in our or others’ legitimate interests, taking into consideration your own interests, and rights.

To communicate effectively with you and conduct our business, including to fulfil your requests:
We might use your personal data in order to effectively respond to your contact request; your registration request to events organized by us; or to your appointment request with one of our experts; to respond to your request for proposal or offer if you are interested in doing business with us; or we may contact you if we are interested in doing business with you; to respond to your job application; to otherwise communicate with you; or with other internal and external parties concerning you; or to carry out our obligations arising from any agreements entered into between you and us.

When we use your information for these purposes, we often base such use on your prior and informed consent, or on contractual necessity (which means we will not be able to fulfil our part of an agreement without using your data to do so), or on our legitimate interests (which means we have legitimate business interests that we wish to protect and cannot do so without using your Personal data).

To provide you with access to restricted Website areas: 
In order to provide you with an online account and access to restricted areas, where you have filled in a form to create an account on our Website.

When we use your information for these purposes, we base such use on contractual necessity (which means we will not be able to facilitate access to the restricted areas without using your data to do so), or on our legitimate interests (which means we have legitimate business interests that we wish to protect and cannot do so without using your Personal data).

To provide you with marketing materials: 
To provide you with email alerts, updates, offers and invitations to our events, where you have chosen to receive these.  We may also use your information for marketing our own and our selected business partners’ products and services to you. Where required by law, we will ask for your prior and informed consent. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by Contacting us as set out in the “Contacting us” section below.

When we use your information for these purposes, we base such use on your prior and informed consent, or on our legitimate interests (which means we have legitimate business interests to keep you updated with news about our products and services and cannot do so without using your Personal data).

For research and development purposes: 
To analyze your personal data in order to better understand you so that we can continue to develop and improve our products and services.

When we use your information for these purposes, we base such use on our legitimate interests (which means we have legitimate business interests to improve our products and services and cannot do so without using your Personal data).

To ensure proper functionality of our websites and to ensure relevance of content: 
We collect usage data and statistics about our websites’ usage and effectiveness through the use of various technologies and personalize your experience while you are on our Websites, as well as tailor our interactions with you. We have a separate Cookie Notice that gives you more information on how we use cookies on our website. We also collect information to ensure that content from our websites are presented in the most effective manner to you, which may include passing your data to business partners, suppliers and/or service providers. 

Depending on the types of cookies we place, which can range from strictly necessary to marketing cookies, we base such use on our legitimate interests to ensure proper functionality of our website or on your prior and informed consent. When using your data for content relevance, we typically base this on our legitimate interests (which means we have a legitimate interest to keep our website content current and updated and fit for your use. We will be unable to do this without using your personal data).

To monitor certain activities: 
We collect information about you to monitor queries and transactions to ensure service quality or to comply with our legal obligations to combat fraud.

When we use your information for these purposes, we base such use on our legal duty (which means that there are different laws that compel us to monitor for certain behaviors and activities) or on our legitimate interests (which means we have legitimate business interests to monitor for fraudulent transactions and cannot do so without using your Personal data).

To inform you of changes: 
To notify you about changes to our services and products;

When we use your information for these purposes, we base such use on our legitimate interests (which means we cannot communicate changes to you without using your Personal data).

To reorganize or make changes to our business: 
Should we ever sell our business or a part thereof; or undergo re-organization, we might be obligated to disclose your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your personal data to that re-organized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this notice.

When we use your information for these purposes, we base such use on our legitimate interests (which means we cannot communicate changes to you without using your Personal data).

In connection with contractual, legal or regulatory obligations: 
We may disclose your personal data to external third parties such as service providers, contractors, agents, advisors, group companies, affiliates, subsidiaries, supervisory authorities in order to comply with our contractual duties, legal obligations or to protect your interests.

We may also use your personal data to comply with our regulatory requirements or dialogue with regulators as applicable, which may include disclosing your personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.  Where permitted and feasible, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.  

When we use your information for these purposes, we base such use on contractual necessity (which means we will not be able to fulfil our part of an agreement without using your data to do so),  our legal obligations (which means we are legally required to comply with certain laws), or on our legitimate interests (which means we have legitimate business interests in cooperating with law enforcement and regulatory authorities in compliance with applicable laws and cannot do so without using your Personal data).


3. Transmission, storage and security of your personal data

Recipients
In order to fulfil your requests, we may need to share or otherwise transfer your personal data within our group of companies such as to a shared services company located in a different region or jurisdiction to you. Where appropriate we may also transfer your personal data to third parties, for example external event organizers or partner companies who may be in a better position to satisfy your request.

We may also share your personal data with our service providers who perform services on our behalf. We contractually require these service providers to use or disclose the personal data only as necessary to perform services on our behalf.

Security over the internet 
As you will know, the transmission of information via the internet is not completely secure. We maintain commercially reasonable physical, electronic, and procedural safeguards to protect your personal data in accordance with data protection legislative requirements.

All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of.  We ask you not to share a password with anyone.

International data transfer
Where we transfer personal data from the European Economic Area (the “EEA”) to a country outside the EEA (or a country that is NOT considered as offering an adequate level of protection as adopted by the European Commission on the basis of Article 45 of the General Data Protection Regulation 2016/679 (GDPR), we may be required to take specific additional measures to safeguard the relevant personal data and such transfer will be based on legal grounds and mechanisms justifying such transfer, such as EU Commission-approved standard contractual clauses, or other legal grounds permitted by applicable law.

Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal data to these jurisdictions (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm).

This international data transfer can for example occur when your personal data may be transferred to, or stored in, or accessed by our staff or suppliers in a destination outside the country in which you are located. Despite any differences in the regional or national laws, we will, in all circumstances, safeguard personal data as set out in this Privacy Notice.  

Data retention
Our retention periods for personal data are based on business needs and local legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain the information you provided to us as long as necessary to provide you with the services you requested through our website and until the time limit for claims which may arise from those services has expired, or to comply with regulatory requirements regarding the retention of such data. So, if we use your personal data for more than one purpose, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose(s) with a shorter period once that period expires.

When personal data is no longer needed, we either irreversibly anonymize the data (and we may further retain and use the anonymized information) or securely destroy the data. 


4. Your rights & how to contact us

Marketing
You have the right to ask us not to process your personal data for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not checking certain boxes in the forms we use to collect your personal data. You can also exercise the right at any time by Contacting us as set out in the “Contacting us” section below.

Updating information
We will use reasonable endeavors to ensure that your personal data is accurate. In order to assist us with this, you should notify us of any changes to the personal data that you have provided to us by Contacting us as set out in the “Contacting us” section below.  

Your rights
You have the right to information. We strive to provide you with transparent information through notices such as this.

If you have any questions in relation to our use of your personal data, you should first fill in the Data Subject Request webform designed for that purpose. You can access it here. If you have other questions, please contact our Data Protection Officers.  

 

4. Your rights & how to contact us

Under certain conditions, if you reside in the EU, California or other jurisdiction that provides you rights as a matter of law, you may have the right to require us to:

(a)    provide you with further details on the use we make of your information;
(b)    provide you with a copy of your personal data that we hold;
(c)    update any inaccuracies in the personal data we hold (please see the “Contacting us” section);
(d)    delete any personal data that we no longer have a lawful ground to use;
(e)    where processing is based on consent, to withdraw your consent so that we stop that particular processing;
(f)    object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
(g)    restrict how we use your information whilst a complaint is being investigated.
(h)    not be subject to profiling or decisions based on automated decisions that could result in adverse effects.

Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise them in all situations. In addition, these might vary slightly between countries due to national specificities. For instance, in France, in addition to the rights listed above, you also have the right to define directives as to how you wish your personal data to be used after your death.

If you wish to exercise any of these rights, we will check your entitlement and respond within the applicable timescale.

If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to lodge a complaint with the relevant Supervisory Authority of your usual place of residence or place where the alleged breach to the law occurred. In our communications with you, we will provide you with the contact details to enable you to effectively exercise your rights. For EU Member States, please click here to see the list and contact information of the EU Supervisory Authorities.

Additional country or regional specific provisions
Where WORLDLINE is subject to certain privacy requirements in the United States in the State of California, the following also applies: in accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), WORLDLINE does not and will not sell your Personal data.

Furthermore, you have the right:

  • to request from us access to your Personal data that WORLDLINE collects, uses, or discloses about you;
  • to request that we delete Personal data about you;
  • to non-discriminatory treatment for exercise of any of your data protection rights;
  • in case of request from us for access to your Personal data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.

Contacting us
Depending on where you are located, the “data controller” of your personal data processed by us under this Privacy Notice may be different.  

If you have any questions in relation to this notice or want to exercise any of your subject rights described above, request, please fill in the Data Subject Request webform designed for that purpose. You can access it here.

Please see here for a list of which group companies will be data controllers in which countries and obtain the contact details of the relevant Data Protection Officer.


5. Cookie Notice

We use cookies and tracking technologies on our websites. To find out more about how we use cookies, please see our Cookie Notice.


6. Changes to our Privacy Notice and Cookie Notice

We may change the content of our websites and how we use cookies and consequently our Privacy Notice and our Cookie Notice may change from time to time in the future. If we change this Privacy Notice or our Cookies Notice, we will update the date it was last changed below. If these changes are material, we will indicate this clearly on our Website.

This Privacy Notice was last updated on 19 July 2021.


Annex A: Use Justifications

Targeting Cookies

Use of personal data under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy.  An explanation of the scope of the grounds available can be found here.  We note the grounds we use to justify each use of your information next to the use in the “Uses of your personal data” section of this notice.

These are the principal legal grounds that justify our use of your information: 

  • Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent by using the “unsubscribe” option in the email you have received or by using the Contact Us form).
  • Contract performance: where your information is necessary to enter into or perform our contract with you.
  • Legal obligation: where we need to use your information to comply with our legal obligations.
  • Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
  • Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

Annex B

Country

Legal entity acting as Data Controller

Data Protection Officer / Data Protection Contact

All equensWorldline entities

EquensWorldline SE

dataprotection-ew@equensworldline.com

Americas

Ingenico Business Support Americas

contato.protecaodedados@ingenico.com

Argentina

Worldline Argentina SA

contato.protecaodedados@ingenico.com

Australia

ANZ Worldline Payment Solutions dataprotection-ms-au@worldline.com

Austria

Payone Austria GmbH

privacy@payone.com

Belgium

Ingenico e-Commerce Solutions BV / SRL

privacy@ecom.ingenico.com

Ingenico e-Commerce Solutions Ltd.

privacy@ecom.ingenico.com

Ingenico Financial Solutions NV / SA

privacy@ecom.ingenico.com

Worldline SA/NV

dpoms@worldline.com

Brazil

Worldline Brazil Serviços Ltda

contato.protecaodedados@ingenico.com

Czech Republic

Worldline Czech Republic s.r.o.

dpoms@worldline.com

Denmark

Bambora Online AS

dpo@bambora.com

Estonia

Worldline Payment Estonia Oü

dataprivacy.baltics@worldline.com

France

Banks & Acquirers International Holdings SAS

contact.dataprotection@ingenico.com

Ingenico B&A France SAS

contact.dataprotection@ingenico.com

Ingenico e-Commerce Solutions SAS

privacy@ecom.ingenico.com

Retail International Holding SAS

contact.dataprotection@ingenico.com

Santeos SA

dpo-worldline-france@worldline.com

Similo SAS

dpo-worldline-france@worldline.com

Worldline France SAS

dpo-worldline-france@worldline.com

Ingenico Group SA

contact.dataprotection@ingenico.com

Worldline SA

dpo-worldline-france@worldline.com

Germany

Credit & Collections Service GmbH

privacy@payone.com

Ingenico e-Commerce Solutions GmbH

privacy@payone.com

Ingenico Healthcare GmbH

kontakt.ihc@ingenico.com

Ingenico Marketing Solutions GmbH

privacy@payone.com

Ingenico Payone Holding GmbH

privacy@payone.com

Payone GmbH

privacy@payone.com

Italy

Ingenico Italia SpA

DPO.ITA@ingenico.com

Latvia

Worldline Latvia SIA

dataprivacy.baltics@worldline.com

Lithuania

Worldline Lietuva UAB

dataprivacy.baltics@worldline.com

Luxemburg

Worldline Financial Services (Europe) S.A. (former SIX Payment Services (Europe) S.A.)

dataprotection.europe@worldline.com

Worldline Luxemburg SA

dpooffice-belux@worldline.com

Netherlands

Global Collect Sercives B.V.

dataprotection@epay.ingenico.com

PaySquare SE

dpoms@worldline.com

Worldline BV

dpoms@worldline.com

Romania

Ingenico Business Support Romania SRL

contact.dataprotection@ingenico.com

Spain

Worldline Iberia SA

dles-datospersonalesiberia@worldline.com

Sweden

Bambora AB

dpo@bambora.com

Bambora Danmark AS

dpo@bambora.com

Bambora Device AB

dpo@bambora.com

Bambora Group AB

dpo@bambora.com

Bambora Telesales AB

dpo@bambora.com

DevCode AB

dpo@bambora.com

All Bambora entities

dpo@bambora.com

Switzerland

Worldline Schweiz AG

dataprotection.switzerland@worldline.com

UK

Ingenico (UK) Ltd.

UKdataprotection@ingenico.com

Ingenico Retail Enterprise (UK) Limited

UKdataprotection@ingenico.com

Ingenico Terminals SAS

UKdataprotection@ingenico.com

UK & Ireland

Worldline IT Services UK Ltd.

dpo-rbub@worldline.com

USA

MRL Pay. Inc

dataprotection@worldline.com

Worldline Holdings US. LLC

dataprotection@worldline.com

Worldline US Inc.

dataprotection@worldline.com



Welcome to the website of PAYONE. In what follows, we will tell you how your personal data will be processed and inform you about the scope and purpose of that processing, and about your rights. Of course, we will only process your personal data in keeping with current data protection laws and regulations. However, for us, data protection is not simply a legal obligation; rather, the high-quality data protection service we provide represents a customer-orientated feature that takes pride of place here at PAYONE.

Data controller:

PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, E-Mail: info@payone.com

Legal representatives:

Executive directors: Niklaus Santschi, Frank Hartmann, Björn Hoffmeyer and Roland Schaar

Chairman of the Supervisory Board: Ottmar Bloching

Data protection officer:

Data protection officer, PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, privacy@payone.com

Recipient

For purposes relating to the provision of our website, personal data are passed on, in particular, to the following recipients: hosting service-providers, data centre operators and E-Mail marketing and tracking service-providers. Further information can be found below.

Data controller:

PAYONE GmbH, Austrian branch, Marxergasse 1B, 1030 Wien, E-Mail: info@payone.com

Legal representatives:

Andreas Labner, Christian Renk

Data protection officer:

Data protection officer of PAYONE GmbH, Austrian branch, Marxergasse 1B, 1030 Wien, privacy@payone.com

Recipient

For purposes relating to the provision of our website, personal data are passed on, in particular, to the following recipients: hosting service-providers, data centre operators and E-Mail marketing and tracking service-providers. Further information can be found below.

1. Categories of data that will be processed

PAYONE will process certain types of personal data in keeping with this Statement.

Legal or contractual secrecy obligations by which PAYONE is bound with respect to the user’s personal data will not be affected by this Statement.

PAYONE can amend this Statement unilaterally at any time. PAYONE will display the current wording online at all times.

PAYONE will process the following categories of data concerning the user:

 

  • Visits to this website will cause the processing of, for example, server log data such as the IP address, website-usage data (protocol data relating to instances of website access and file retrieval, e.g. name of the file that has been retrieved, date and time of its retrieval and amount of data transferred), as well as device information (e.g. operating system and browser type and version) and cookie information in session cookies.

    The purpose of such processing is to ensure failure-free network communications, the provision of all necessary functionalities and the achievement of fault and error detection and resolution.

    The legal basis of this type of processing is Article 6(1)(1) point (f) GDPR. The legitimate interest in the temporary storage of the protocol data (server log files) and session cookie information coincides with our interest in the efficient and secure provision of our website.

    Data will be erased at regular intervals. If it is necessary to store data for longer for purposes of proof, the data in question will be erased after the situation necessitating said proof has been definitively resolved. Session cookies will be erased automatically after the browser session has ended.

  • Analysis data: IP address (anonymised in some instances, as described below), website-usage data (cookie information).

    The purpose of such processing is website analysis and optimisation, as well as marketing.

    The legal basis of this type of processing is Article 6(1)(1) points (a) and (f) GDPR.

    The cookies that have been set up can be erased at any time via the browser settings. See below for additional information about the erasure of the data that have been stored.

  • If a user requests or uses products or services that PAYONE offers online; these would include, in particular, registration for specific services or web content that are only accessible via a personal login. This category would include the processing of the user’s name, address and other contact details, and their payment and access details.

    The purpose of such processing is the handling of orders upon request, as well as the taking of pre-contractual steps and the conclusion of contracts, if it takes place.

    The legal basis of this type of processing is Article 6(1)(1) point b) GDPR 

    If a contract is concluded: storage up until the contractual relationship ends and the expiry of corresponding storage periods. Alternatively, in accordance with a specified erasure deadline.
  • When you subscribe to online newsletters, your E-Mail address, amongst other things, will be processed.

    The purpose of such processing is subscription to/the requesting and sending out of newsletters.

    The legal basis of this type of processing is Article 6(1)(1) point (a) GDPR.

1.1 Website analysis and marketing tools

Google Analytics

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (Provider of Google Analytics), https://www.google.de/intl/de/analytics/

This website uses Google Analytics, a web analysis service provided by Google Inc. Via Google Analytics, it is possible, on more than one device, to assign data, sessions and interactions to a particular pseudonymous user ID, and thus to analyse a specific user’s activities across several devices.

Google Analytics uses cookies that make it possible for the website’s use to be analysed. The information produced by the cookie about your use of this website is generally transferred to a server belonging to Google in the USA, and stored there. However, through the activation of IP anonymisation on this website, your IP address will initially be shortened by Google within Member States of the European Union or within other countries that are signatories to the Agreement on the European Economic Area. The whole of the IP address will only be transferred to a server belonging to Google in the USA and shortened there in exceptional circumstances. The IP address transmitted from your browser in virtue of Google Analytics will not be combined with other data belonging to Google. Acting on our instructions, Google will use this information to evaluate your use of the website, to create reports about website activity and to provide us with other services associated with website and internet use.

Your use behaviour will only be analysed by means of Google Analytics after you have given your express agreement (opt-in). It will be possible for you to withdraw the consent you have given in your browser settings at any time, with effect from that time onwards. The legal basis of the use of Google Analytics is Article 6(1)(1) point (a) GDPR.

Google has its headquarters in the USA. The European Court of Justice (CJEU) has decided that the USA does not have a level of adequate data protection that is the equivalent of European data protection law (CJEU, 16.7.2020 – C-311/18 ‘Schrems II’, press release). In particular, there is the risk that your data might be processed by the US authorities for monitoring and surveillance purposes, potentially even without any opportunity for legal redress (e.g. on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA 702)). If you accept cookies from Google, at the same time, you are consenting to the potential risks mentioned in Article 49(1)(1) point (a) GDPR whereby your data might be processed within the USA.

The data sent by us that are associated with cookies, user identifiers (e.g. user ID) and advertising IDs will be erased automatically after 14 months. Data for which the storage period has ended will be erased automatically once a month.

You can find more detailed information about this in Google’s Privacy Policy and Terms of Use.

Facebook pixel

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (provider of Facebook pixel), https://www.facebook.com/

On our website we use Facebook’s ‘conversion pixel’. We use the Facebook pixel for the following purposes: the analysis, optimisation and commercial operation of our online offering, our advertising presence and our marketing endeavours by means of displays on Facebook (what are termed ‘Facebook ads’).

On the one hand, by using the Facebook pixel, we aim to ensure that our Facebook ads correspond to users’ potential interests but are not annoying for them. The pixel enables us to designate the visitors to our website as the target group for our Facebook ads. In this process, the Facebook pixel is used for the following purpose: that the Facebook ads displayed by us should only be shown to those Facebook users who have also demonstrated an interest in our online offering or who, on the basis of their user behaviour, demonstrate characteristics (e.g. an interest in particular subjects or products that are determined in the light of the web pages visited) that we have specified for Facebook (what are termed ‘custom audiences’).

On the other hand, we use the Facebook pixel for statistical and market-research purposes. To this end, the Facebook pixel can tell us whether or not users, after having clicked on Facebook ads, have been directed to our website and have completed a transaction there (what is termed ‘conversion’).

Your use behaviour will only be analysed by means of the Facebook pixel after you have given your express agreement (opt-in). It will be possible for you to withdraw the consent you have given in your browser settings at any time, with effect from that time onwards. The legal basis of the use of the Facebook pixel is Article 6(1)(1) point (a) GDPR. In addition to the opt-in/opt-out function relating to our website, you will also be able to review and amend your personal advertising preferences in Facebook at any time.

Facebook Inc. has its headquarters in the USA. The European Court of Justice (CJEU) has decided that the USA does not have a level of adequate data protection that is the equivalent of European data protection law (CJEU, 16.7.2020 – C-311/18 ‘Schrems II’, press release). In particular, there is the risk that your data might be processed by the US authorities for monitoring and surveillance purposes, potentially even without any opportunity for legal redress (e.g. on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA 702)). If you accept cookies from Facebook, at the same time, you are consenting to the potential risks mentioned in Article 49(1)(1) point (a) GDPR whereby your data might be processed within the USA.

You can find further information about how user data are used by Facebook in Facebook‘s Data Policy.

LinkedIn Conversion Tracking

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (provider of the LinkedIn pixel) https://www.linkedin.com/

On our website we use Linkedin’s conversion tracking technology, as well as its retargeting function. By means of this technology, personalised advertisements can be displayed to visitors to this website on LinkedIn. It is also possible to produce anonymous reports about the performance of the advertisements, as well as information about website interactions. To this end, the LinkedIn Insight Tag (LinkedIn pixel) is embedded in this website; it creates a connection to the LinkedIn server, provided that you visit this website and give your consent.

Your use behaviour will only be analysed by means of the LinkedIn pixel after you have given your express agreement (opt-in). It will be possible for you to withdraw the consent you have given in your browser settings at any time, with effect from that time onwards. The legal basis of the use of the LinkedIn pixel is Article 6(1)(1) point (a) GDPR.

The LinkedIn Corporation has its headquarters in the USA. The European Court of Justice (CJEU) has decided that the USA does not have a level of adequate data protection that is the equivalent of European data protection law (CJEU, 16.7.2020 – C-311/18 ‘Schrems II’, press release). In particular, there is the risk that your data might be processed by the US authorities for monitoring and surveillance purposes, potentially even without any opportunity for legal redress (e.g. on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA 702)). If you accept cookies from LinkedIn, at the same time, you are consenting to the potential risks mentioned in Article 49(1)(1) point (a) GDPR whereby your data might be processed within the USA.

You can find further information about how user data are used by LinkedIn in LinkedIn’s privacy policy.

Social Media Buttons

Functions (plug-ins) belonging to third party providers or social media platforms (Facebook, Twitter, Google+ etc.) are embedded in PAYONE websites. These plug-ins enable the user to share content in the social networks mentioned above. When the website is accessed, the buttons are deactivated by default. This means that no personal data are transferred to the third party providers concerned without the user’s participation. After the user has activated the buttons, the plug-ins automatically transmit data, including personal data, to the relevant third party providers. If, when visiting the website, the user is simultaneously logged into the network of the third party provider in question, the latter can assign that visit to the user’s network account. PAYONE has no control over this. The purpose and scope of this kind of data collection, and the subsequent processing and use of such personal data, are set down in the privacy notices of each of the social networks. Similarly, users can find in those notices information about rights and settings options in relation to privacy protection.

2. Transfer to third countries

✖ no

✔ yes

Third country recipients:

1. Google Inc./Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Appropriate safeguards: Legal exceptions (Article 49 GDPR)

Processing purpose: Website analysis and optimisation, marketing

2. Facebook Inc., 1601 Willow Avenue, Menlo Park, California, 94025, USA

Appropriate safeguards: Legal exceptions (Article 49 GDPR)

Processing purpose: Website analysis and optimisation, marketing

3. LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA

Appropriate safeguards: Legal exceptions (Article 49 GDPR)

Processing purpose: Website analysis and optimisation, marketing

3. Rights of data subjects

Legal data subject right:

Substance of this right:

Legal basis:

§  Right to be informed

Right to receive information about the personal data concerning you that is being processed, and other information relating to data processing concerning you (e.g. processing purposes, recipients).

Article 15 GDPR

 

§  Rectification

Right to rectification of inaccurate personal data concerning you and to have incomplete personal data completed.

Article 16 GDPR

 

§  Erasure (‘right to be forgotten’)

Right to erasure of personal data concerning you where certain grounds apply (e.g. if the purpose ceases to exist or consent is withdrawn).

Article 17 GDPR

§  Restriction of processing

Right to restriction of the processing of personal data concerning you where certain conditions apply (e.g.  contested accuracy of the data during the verification period).

Article 18 GDPR

§  Data portability

Right to receive the personal data concerning you that has been provided, in a structured, commonly used and machine-readable format, in order that the data can be transmitted to another place, and the right to transmit the data directly to the other place, where technically feasible and where certain conditions apply.

Article 20 GDPR

§  Objecting

Right to object to the processing of personal data concerning you where certain conditions apply.

Article 21 GDPR

§ Right to lodge a complaint with a competent supervisory authority

Right to lodge a complaint with a competent supervisory authority for data protection if you consider that the processing of personal data relating to you infringes the GDPR. For example, you can exercise this right by lodging a complaint with the supervisory authority that is competent for PAYONE: The Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/.

Article 57(1) point (f) Article 77 GDPR

§ Right to withdraw consent

Right to withdraw, at any time, consent to the processing of personal data relating to you from that time onwards.

Article 7(3) GDPR

In order to assert your legal rights as a data subject, and for all other questions relating to data processing, please contact the address shown above in writing or send an E-Mail to privacy@payone.com

4. Further information about data processing

Legal obligation to provide personal data:

☒ No

☐ Yes

Contractual necessity of providing personal data:

☐ No

☒ Yes, for the purposes mentioned above.

Possible consequences of failing to provide personal data:

Only relevant in relation to contact and form fields. If you do not provide your data, it is possible that the desired contact will not be made or that the desired information material and/or newsletters will not be sent out.

 

In addition, it is possible that the desired order will not be completed.

Will an automated decision be made?

☒ No

☐ Yes

What is the source of the personal data? (if they are not collected from the subject):

Not relevant, since none of your data will be obtained from third party sources.

5. Form fields/TLS encryption

When you send us requests e.g. via the contact form, your details in the request form, including the contact details you have entered into it, will be stored by us for the purpose of processing the request and for the purpose of follow-up questions. We will not pass these data on without your consent. For security reasons and for the purpose of protecting the transfer of confidential content that you send us, our website uses TLS encryption software. This prevents third parties from reading data that you have transmitted via this website. You will see an encrypted connection to the ‘https://’ address bar of your browser and to the lock symbol in the browser bar. Further information about processing and the storage period can be found in Point 1, Categories of data that will be processed.

Version

01.2021