This Privacy Policy is provided in a layered format. Click through to jump to a specific section.
1. General information and principles of data processing
We are pleased that you are visiting our website. Getnet Europe, Entidad de Pago, S.L.U. (“Getnet EU”) and PagoNxt Merchant Solutions, S.L. – German Branch, (“PagoNxt”, jointly “we”) offer our customers products and services related to electronic payments. Insofar Getnet EU operates as financial institution that processes credit or debit card payments on behalf of merchants (acquirer) and PagoNxt operates as data processor. Our goal is to enable businesses and consumers worldwide to process electronic transactions securely and smoothly. The security and protection of personal data is one of the most important aspects when processing payments. That is why we attach particular importance to high data protection standards. PagoNxt operates this website in accordance with the requirements of the GDPR, the BDSG and all other relevant data protection law.
According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your e-mail address, but also your IP address.
Data for which no reference to your person can be established, such as anonymized information, is not personal data. Processing (e.g. collection, storage, retrieval, querying, use, transmission, deletion or destruction) according to Art. 4 No. 2 GDPR always requires your consent or another legal basis. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally prescribed retention obligations to fulfil.
Here you can find information about the handling of your personal data when visiting our website. To provide the functions and services of our website, it is necessary that we collect personal data about you.
Below you will also find information on the type and scope of the respective data processing, the purpose and the corresponding legal basis as well as the respective storage period.
This privacy policy only applies to this website. It does not apply to third-party websites to which we merely refer by means of a hyperlink. We cannot accept any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether they comply with the statutory data protection provisions. Please inform yourself about the handling of your personal data by third parties directly on their websites.
2. Responsible entity
Financial institution that processes credit or debit card payments on behalf of merchants (acquirer):
Getnet Europe, Entidad de Pago, S.L.U.
Ciudad Grupo Santander, Avenida de Cantabria, 3
28660, Boadilla del Monte, Madrid
Spain
E-Mail: connect@getneteurope.comInstitutions processing data on behalf of acquirer (Data Processors):
PagoNxt Merchant Solutions, S.L.
Ciudad Grupo Santander, Avenida de Cantabria, 3
28660, Boadilla del Monte, Madrid
Spain
E-Mail: connect@getneteurope.com3. Data Protection Officer
You can also contact our data protection officer at any time with questions about data protection:
Dr. Georg F. Schröder, LL.M.
legal data Schröder Rechtsanwaltsgesellschaft mbH
Prannerstr. 1
80333 Munich, GermanyPhone: +49-89 – 954 597 520
Fax: +49-89 – 954 597 522
E-mail: georg.schroeder@legaldata.law4. Provision and use of the website / server log files
a) Type and scope of data processing
If you use this website without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data in the form of log data (so-called log files), which are automatically transmitted to our server by your device, including:
- IP address
- Date and time of the request
- URL of the retrieved subpage
- URL of the page from which the forwarding to our page took place (so-called referrer URL)
- Access status/HTTP status code
- Browser software type, language and version
- Operating system
b) Purpose and legal basis of the data processing
This processing is technically necessary in order to display our website to you. We also use the data to ensure the security and stability of our website.
The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for the provision of our website and thus serves to protect a legitimate interest of our company.
c) Storage period
As soon as the aforementioned personal data is no longer required to display the website, it is deleted. This is the case at the latest seven days after visiting our website. The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Consequently, there is no possibility for the user to object to this aspect. Further storage may take place in individual cases if this is required by law.
5. Data collection for the implementation of pre-contractual measures and for the fulfillment of the contract with you
a) Type and scope of data processing
In the pre-contractual period and upon conclusion of the contract, we collect personal data about you. This concerns, for example, first and last name, address, e-mail address, telephone number or bank details.
b) Purpose and legal basis of the data processing
We collect and process this data exclusively for the purpose of fulfilling the contract with you or fulfilling pre-contractual obligations.
The legal basis for this is Art. 6 para. 1 lit b) GDPR. If you have also given your consent, the additional legal basis is Art. 6 para. 1 lit. a) GDPR.
c) Storage period
The data is deleted as soon as it is no longer required for the purpose of its processing. In addition, there may be legal obligations to retain data for up to 10 years, for example, obligations to retain data under commercial or tax law in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data upon expiration of these legal retention periods.
6. Contact form
a) Type and scope of data processing
On our website, you can contact us via a form provided. During the process of sending your request via the contact form, reference is made to this data protection declaration in order to obtain your consent.
If you make use of the contact form under Contact sales team, the following personal data of you can be processed:
- Company
- First name
- Last name
- Country you want to operate
- Salutation
- Website
- Annual Revenue
- Description
This data is stored in our customer relationship management system (“CRM system”). When using the contact form, your personal data will not be passed on to third parties.
b) Purpose and legal basis of the data processing
The purpose of processing your contact information is
- to respond to your inquiry;
- anonymously to support our internal business objectives, namely data analysis, audits, new product development, improving this website, improving our services, identifying usage trends and determining the effectiveness of our advertising campaigns;
- to prevent and identify abuse or fraud.
The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a) GDPR, which you can revoke at any time for the future.
c) Storage period
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request).
Mandatory legal provisions – in particular retention periods according to the German Commercial Code (HGB) or the German Fiscal Code (AO) – remain unaffected.
7. Contact options by e-mail
a) Type and scope of data processing
You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account you use to contact us, the metadata (time stamp, additional recipients) and the personal data you provide as you wish when contacting us.
Please note that e-mails are usually sent unencrypted and thus access of a third party can not be excluded. You can also contact us by mail at any time.
b) Purpose and legal basis of the data processing
The purpose of the data processing is responding to your request. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in processing the above-mentioned personal data to handle your request.
c) Storage period
The duration of the storage of the above data depends on the background of your contact. Your personal data will be deleted regularly if the purpose of the communication no longer applies and storage is no longer required due to legal retention obligations. This may be the case if we have completed processing your request.
8. Application possibility
a) Type and scope of data processing
You can apply to us by e-mail. When you apply, we collect and store the data that you send us by e-mail (see also No. 7 of this privacy policy).
b) Purpose and legal basis of the data processing
We use your data only for the purpose of processing your application. Your data will not be passed on to third parties. The legal basis for the processing is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 of the German Data Protection Act (BDSG). If, in the event of a rejection, the legal basis is Art. 6 para. 1 lit. a) GDPR, if you give us permission to continue to store your data so that we can return to your application in the future.
c) Storage period
If we are unable to offer you a position, we will store your data for a maximum of six months after the end of the application process, taking into account § 61b para. 1 of the German Labour Courts Act (ArbGG) in conjunction with § 15 of the German General Act on Equal Treatment (AGG). The start of the period is the receipt of the rejection letter.
If you have given us consent to include you in our applicant pool, we will store your data for a maximum of two years.
d) Data transfer
Your data will only be disclosed to the departments involved in the decision-making process (responsible HR or specialist departments, management).
In addition, we may be obliged by law, administrative or court order to disclose your data to public authorities (e.g. public prosecutor’s office, police, supervisory authorities, tax office, social security institutions, etc.).
Other data recipients may be those entities for which you have given us your consent to transfer data.
9. Call recording
a) Type and scope of data processing
In the case of customer telephone calls, you can consent to the recording of the telephone conversation. We will only record telephone conversations with you if you consent to such recording before or during the telephone call. You can withdraw your consent at any time. In addition to call recordings, we store technical call data such as call number, start of call, end of call and call time. If necessary, we make written notes on the course of the conversation. These notes are used to document the content of the call.
b) Purpose and legal basis of the data processing
We use the information and data obtained for training purposes and to improve service quality. We analyze some calls regarding communication with our customers, compliance with corporate standards, and optimization of our customer processes. Only in individual cases do we refer to specific passages of the telephone call in employee appraisals. This serves to train our employees. Our aim is to constantly improve communication with our customers and thus offer them better service and consulting quality. The legal basis is your consent according to Art. 6 par. 1 lit. a) GDPR.
c) Storage period
All call recordings will be deleted after 24 months at the latest, or before if you have withdrawn your consent.
d) Data transfer
The data collected is processed and used exclusively by internal departments or by a processor and is not passed on to third parties.
In addition, we may be obliged by law, administrative or court order to disclose your data to public authorities (e.g. public prosecutor’s office, police, supervisory authorities, tax office, social security institutions, etc.).
10. Cookies use
We use cookies. Cookies are small files that are placed on your computer and stored by your browser. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, enable us to perform various analyses. For example, some cookies can recognize the browser you are using when you visit our website again and transmit various information to us. We use cookies to facilitate and improve the use of our website. Among other things, cookies enable us to make our website more user-friendly and effective for you by, for example, tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. Various types of cookies are used on our website, the type and function of which we would like to explain below.
Temporary cookies / session cookies
Our website uses so-called temporary cookies or session cookies, which are automatically deleted as soon as you close your browser. With the help of this type of cookie, it is possible to record your session ID. This makes it possible to assign various requests from your browser to a common session and to recognize your device during subsequent visits to the website. These session cookies expire at the end of the session.
Persistent cookies
So-called persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can also manually delete permanent cookies via your browser settings.
Legal basis and storage period
Based on the purposes described, the legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f) GDPR. If you have given us your consent to the use of cookies in a consent tool (“cookie banner”) issued by us on the website, the legal basis is Art. 6 para. 1 lit. a) GDPR.
As soon as the data transmitted to us via the cookies is no longer required for the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law.
Browser settings configuration
Most web browsers are preset to accept cookies automatically. However, you can configure your respective browser so that it only accepts certain cookies or none at all. However, we would like to point out that you may then no longer be able to use all the functions of our website.
You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various browsers may differ in their respective modes of operation, we ask you to refer to the respective help menu of your browser for the corresponding configuration options.
Disabling the use of cookies may require the storage of a permanent cookie on your computer. If you delete this cookie, you must then set it again for it to take effect.
For more information on configuring cookie settings in the respective browsers, please see:
Cookie categories
We use the following categories of cookies:
a) Necessary cookies
Necessary cookies ensure functions without which our website cannot be used as intended. These essential cookies serve, for example, to ensure that logged-in users always remain logged in when accessing various sub-pages. They are so-called first-party cookies, which are only set and used by us. These cookies do not require your consent. You can disable cookies in your browser at any time.
b) Functional cookies
Functional cookies allow us to extend the functionality of our site to show you additional useful information or to optimize the presentation of our site. The data collected using such cookies may vary depending on the purpose of the cookie and are listed directly with the respective consent tool used.
c) Statistics cookies
Statistics cookies can be used to collect information about the use of a website in order to improve its attractiveness, content and functionality. This concerns, for example, the length of time spent on the page, the sub-pages accessed and the functions used (click path).
d) Marketing cookies
Marketing cookies can be used to display interest-based advertising to visitors of the website and to measure the effectiveness of advertising campaigns. With the help of these cookies, visitors can be recognized on other websites and personalized ads can be displayed to them there.
11. Google Analytics
a) Type and scope of data processing
On this website, we use the analysis tool Google Analytics. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland, Phone: +353 1 543 1000, Fax: +353 1 686 5660 (“Google”).
Google Analytics uses cookies, which are text files placed on your computer, to help us analyze how users interact with the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
On behalf of the website operator, Google will use this information for the purpose of systematically evaluating the user’s interaction with the website, compiling reports on website activity and providing similar statistical and analytical services relating to the website activity to us as the website operator.
If individual pages of the website are accessed, the following data is processed:
- Three bytes of the IP address of the user’s system (anonymized IP address)
- The visited website
- The website from which the user was forwarded to the page (referrer)
- The subpages that are viewed from the visited page
- The time spent on the website
- The frequency of visits of a site
We use Google Analytics with IP anonymization enabled. With IP anonymization, the IP addresses are shortened by the last octet (e.g. 192.168.79.***; so-called IP masking). It is no longer possible to trace back the abbreviated IP address to the user’s end device.
b) Purpose and legal basis
The Google Analytics service is used to analyze the usage behavior on this website. The legal basis is your consent according to Art. 6 par. 1 lit. a) GDPR.
c) Right of objection
You may disable the use of cookies by selecting the appropriate settings on your browser. However, please note that in this case, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
Learn more about the terms of use of Google Analytics:
http://www.google.com/analytics/terms/gb.htmlFor further information, please see Google Analytics’ data practices: https://support.google.com/analytics/answer/6004245?hl=en
In addition, you can object at any time by changing your cookie settings.
12. Google Adwords Conversion-Tracking
a) Type and scope of data processing
We use Google Adwords to display advertising on Google’s and other third party websites. Google Adwords Conversion-Tracking is a web analysis service of Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
With the conversion tracking we can determine how successful the individual advertising measures are. Our purpose is to show you advertisements that are of interest to you and to make our website more interesting for you. The advertising is delivered by Google via so-called “ad servers”. We use cookies to measure certain parameters for measuring success, such as the insertion of ads or clicks by users. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on your computer has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies can therefore not be traced via the website of Adwords customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to Google servers. We have no influence on the extent and further use of the data by Google and inform you according to our level of knowledge: By integrating AdWords Conversion-Tracking Google receives the information that you have called the corresponding part of our Internet presence or clicked an advertisement from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
b) Purpose and legal basis
The Google Adwords Conversion-Tracking is used to analyze the usage behavior on this website. The legal basis is your consent according to Art. 6 par. 1 lit. a) GDPR.
c) Right of objection
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
For more information see Google’s privacy policy: https://policies.google.com/privacy?hl=en
In addition, you can object at any time by changing your cookie settings.
13. Google Adwords Remarketing
a) Type and scope of data processing
We use Google Adwords Remarketing. Google Adwords Remarketing is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-mail: support-deutschland@google.com (“Google”).
This application allows us to display advertisements on other websites after you have visited our website. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage patterns when you visit various websites. In this way, Google can determine your previous visit to our website. According to Google’s own statements, the data collected in the course of remarketing is not combined with your personal data, which may be stored by Google. In particular, according to Google, a pseudonymisation is used for remarketing.
b) Purpose and legal basis
The Google Adwords Remarketing service is used to analyse the usage behaviour of our website.
Legal basis is your consent according to Art. 6 par. 1 lit. a) GDPR.
c) Right to object
You can permanently deactivate the use of cookies by Google by following the following link and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=en
For more information about Google Remarketing and its privacy policy, please visit: https://www.google.com/privacy/ads/
For more information see Google’s privacy policy: https://policies.google.com/privacy?hl=en
In addition, you can object at any time by changing your cookie settings.
14. Google Maps
a) Type and scope of data processing
We integrate the maps of the service Google Maps. Google Maps ist a service of Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland, E-mail: support-deutschland@google.com (“Google”).
This allows us to display interactive maps directly on our website and enables you to use the map function conveniently.
If you use the Google Maps component integrated on our website, Google will store a cookie on your end device via your Internet browser and process the following data:
- The operating system
- Information about the browser type and version used
- Information about your Internet service provider
- Your IP address
- Date and time of access
- Websites from which you came to our website
- Websites that you visit through our website
This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you’re logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with Google, you will need to log out.
The provider Google has its headquarters in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Processing of personal data may therefore also take place in a third country (a country outside the European Union or the signatory states to the Agreement on the European Economic Area). Google undertakes to conclude so-called EU Standard Contractual Clauses within the meaning of Art. 46 GDPR. Based on this contractual set of rules, recipients in third countries are also obliged to comply with a data protection standard which essentially corresponds to the European standard. Please note, however, that actual compliance with the requirements resulting from the EU Standard Contractual Clauses cannot be ensured in every case (e.g., due to official access to the data in the recipient country).
b) Purpose and legal basis
Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing demand-oriented advertising. The evaluation is also carried out to inform other users of the social network about your activities on our website. We use Google Maps to show you maps on our website, especially for directions.
The legal basis is your consent according to Art. 6 par. 1 lit. a GDPR.
c) Right to objection
You have a right of objection to the formation of these user profiles. This is to be addressed to Google.
You can prevent the transfer of data to Google by disabling JavaScript in your browser settings. In that case, you will not be able to use Google Maps on our website.
Learn more about the Google Maps Terms of Use:
policies.google.com/terms?gl=DE&hl=enLearn more about the Additional Terms of Service of Google Maps:
www.google.com/intl/en_US/help/terms_maps.htmlFor more information see Google’s privacy policy: https://policies.google.com/privacy?hl=en
In addition, you can object at any time by changing your cookie settings.
15. Google reCAPTCHA
a) Type and scope of data processing
We use reCAPTCHA, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-deutschland@google.com (“Google”).
This service enables Google to determine which website is sending a request and from which IP address you are using the so-called reCAPTCHA input box.
In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.
b) Purpose and legal basis
The purpose of using Google reCAPTCHA is to ensure data security during the transmission of forms.
This serves above all to differentiate whether the input is made by a natural person or whether it is misused by mechanical and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google.
The legal basis is Art. 6 par. 1 lit. f) GDPR. Our legitimate interest lies in the security of our internet presence and in the defence against unwanted, automated access in the form of spam.
c) Right to object
You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.
If you do not wish your data to be collected by Google via our website, so-called opt-out cookies can also be used. These prevent future processing of your personal data when you visit our website. In order to prevent the processing of your personal data across different systems, you must use the opt-out cookie on all systems used.
For more information see Google’s privacy policy: https://policies.google.com/privacy?hl=en.
16. Google Tag Manager
We use Google Tag Manager. Google Tag Manager is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 E-mail: support-deutschland@google.com (“Google”) that allows marketers to manage website tags through a single interface.
The Google Tag Manager only implements tags. Tags are small code elements on your website that are used, among other things, to measure traffic and visitor behavior, to measure the impact of online advertising and social channels, to use remarketing and targeting, and to test and optimize your website.
This means that no additional cookies are used. No personal data is collected. The Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level – especially if you have chosen the above described objection solution for Google Analytics or have made the appropriate settings in your browser – it will remain in effect for all tracking tags, as long as they are implemented with Google Tag Manager.
For more information see Google’s privacy policy: https://policies.google.com/privacy?hl=en
Privacy Policy for Advertising: https://www.google.com/intl/en/policies/technologies/ads/.
17. Data Transmission
We will only share your personal information with third parties if:
- you have given your express consent for this in individual cases in accordance with Art. 6 para. 1 lit. a) GDPR;
- this is legally permissible and necessary according to Art. 6 para. 1 lit. b) GDPR for the fulfillment of a contractual relationship with you or the implementation of pre-contractual measures (e.g. to payment, shipping, delivery or collection service providers);
- in accordance with Art. 6 para. 1 lit. c) GDPR, there is a legal obligation for the disclosure (e.g. to authorities, social insurance carriers, health insurance companies, supervisory authorities and law enforcement agencies);
- the disclosure is necessary in accordance with Art. 6 para. 1 lit. f) GDPR for the protection of legitimate business interests, as well as for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest in the non-disclosure of your data (e.g. to debt collection service providers);
- we use external service providers (so-called order processors) for processing in accordance with Art. 28 GDPR, who process data according to our instructions and are obliged to handle your data with care (e.g. in the areas of IT or marketing).
When transferring data to external recipients in third countries, i.e. outside the European Union (EU) or the contracting states to the Agreement on the European Economic Area (EEA), we ensure that these recipients treat your personal data with the same care as within the EU or the EEA. We only transfer personal data to third countries for which the EU Commission has confirmed an adequate level of protection or if we can ensure the careful handling of personal data through contractual agreements or other suitable guarantees.
18. Data security and backup measures
We are committed to protecting your privacy and treating your personal data confidentially. To this end, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.
This includes, among other things, the use of recognized encryption methods (SSL or TLS). However, data disclosed in an unencrypted manner, for example by e-mail, may be read by third parties. We have no influence on this. It is the responsibility of the user to protect the data provided against misuse by using encryption or otherwise.
PagoNxt uses firewalls to prevent unauthorized access to servers. The servers are located in a secure place in Germany, to which only authorized employees have access. All employees and all persons involved in data processing are obliged to comply with all data protection regulations and to handle personal data confidentially.
19. Changes to the privacy policy
We reserve the right to update this statement accordingly at any time if necessary.
20. Your legal rights
Below you can find your legal rights in relation to your personal data. Details can be found in Articles 7, 15-22 and 77 of the GDPR. You can also contact us as the controller (No. 2) or our data protection officer (No. 3) in this regard.
a) Right to revoke your data protection consent pursuant to Art. 7 para. 3 s. 1 GDPR
You may revoke your consent to the processing of your personal data at any time with effect for the future. However, the lawfulness of the processing carried out until the revocation is not affected by this.
b) Right to information according to Art. 15 GDPR
You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to obtain information about this personal data as well as further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.
c) Right to rectification and completion according to Art. 16 GDPR
You have the right to request the correction of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
d) Right to erasure (“right to be forgotten”) according to Art. 17 GDPR
You have a right to erasure insofar as the processing is no longer necessary. This is the case, for example, if your data is no longer required for the original purposes, you have revoked your declaration of consent under data protection law or the data was processed unlawfully.
e) Right to restriction of processing according to Art. 18 GDPR
You have a right to restrict processing, e.g. if you believe that the personal data is incorrect.
f) Right to data portability according to Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format.
g) Right of objection according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you.
In the event of direct marketing, you as the data subject have the right to object at any time to processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
h) Automated decision in individual cases including profiling according to Art. 22 GDPR
You have the right not to be subject to a decision based solely on automated processing – including profiling – except in the exceptional circumstances mentioned in Article 22 of the GDPR.
Decision-making based exclusively on automated processing – including profiling – does not take place.
i) Complaint to a data protection supervisory authority pursuant to Art. 77 GDPR
In addition, you can lodge a complaint with a data protection supervisory authority at any time, for example if you believe that the data processing does not comply with data protection regulations.
Competent supervisory authority:
Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach, GermanyPhone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de21. Google Fonts
a) Type and scope of data processing
We use external fonts from Google on this website. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com (“Google”).
The integration of these web fonts is done by a server call. This can also be a Google server in the USA. In this case, the server is informed which of our Internet pages you have visited. The IP address of your end device is also processed by Google.
b) Purpose and legal basis
The purpose of using Google Fonts is the uniform representation of fonts. The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR.
c) Storage duration
The data collected by Google due to the use of Google Fonts will not be processed by us.
d) Right of objection
You have the right to object to the creation of these user profiles. This should be addressed to Google.
You can find more information in Google’s privacy policy, which you can download here: https://www.google.com/policies/privacy/
22. Tealium
This cookie is used as part of the Tealium iQ Tag Management to enable our service provider Tealium Inc., 11085 Torreyana Road, San Diego, CA, 92121 USA, to assign a tag to each of our web pages and manage them. With the help of the tags, the tag manager can use analysis and tracking tools for us in a targeted manner. The tag management itself does not store any personal data from you. Only anonymized data is generated, which is stored locally in the browser in the cookie "utag_main".
You can find more information from Tealium at https://community.tealiumiq.com/t5/iQ-Tag-Management/Tealium-Cookies/ta-p/138/.
23. Integration of Vimeo videos
We use Vimeo to display videos on our website. This is a service of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, hereinafter referred to as "Vimeo."
When you visit our website, provided that you have given your consent, a connection is established to the Vimeo servers. This tells the Vimeo server which of our pages you have visited. Vimeo also collects your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transferred to Vimeo servers in the USA.
If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your Vimeo user account accordingly.
Vimeo offers further information about its data collection and processing as well your rights and your options for protecting your privacy at this link: http://vimeo.com/privacy.
We use Vimeo to show you videos on our websites.
The legal basis is your consent according to Art. 6 par. 1 lit. a GDPR.