Data protection notice
Data protection notice of secupay AG (hereinafter "secupay")
We hereby inform you about the processing of your personal data and the rights and claims to which you are entitled under the data protection regulations.
Who is responsible for data processing and whom can I contact?
Represented by the board of directors Hans-Peter Weber and Katja Hartmann
Phone +49 (0) 35955 7550-0
Fax +49 (0) 35955 7550-99
E-mail address email@example.com
You can reach our data protection officer at:
Mr Axel Hirsch
E-mail address firstname.lastname@example.org
For what purposes and on what legal basis do we process your data?
We process personal data that we receive from you in the course of initiating business or a business relationship in order to perform our services, execute your orders, and conduct all activities required in connection with operating and administering a financial transfer service provider. We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-neu).
To the extent necessary to provide our services, we process data that we have duly received from other companies or other third parties (e.g. infoscore GmbH). In addition, we process personal data that we have obtained from publicly accessible sources (e.g. debtor lists, land registers, commercial and association registers, press and other media) and are permitted to process. Relevant personal data may include, in particular:
- Personal data (name, date of birth, place of birth, nationality and similar data)
- Contact details (address, email address, telephone number and similar data)
- Legitimation data (identification, registration and comparable data)
- Current accounts and credit card data
- Information about your financial situation (creditworthiness data including scoring, i.e. data for assessing credit risk)
- Data on the use of tele media we offer (e.g. time you call up our websites, apps or newsletters, pages of ours clicked or entries and comparable data)
Who else receives your data (recipients)?
To provide our services if is necessary for your data to be passed on to the following companies:
- Creditreform Boniversum GmbH
- Concardis GmbH
- infoscore Consumer Data GmbH, Baden-Baden
- SIX Group AG
- Transact elektronische Zahlungssysteme GmbH
- SIT Solution for IT-Payment GmbH
- HIT Hanseatische Inkasso-Treuhand GmbH
- Bluro GbR („Serverspot“)
- Professionals with an obligation to secrecy such as auditors, tax consultants and lawyers
- secucard GmbH
- hp.weber GmbH & Co. POS-cash KG
Within secupay AG, your data is sent to those departments that require it for us to fulfil our contractual and legal obligations.
If we commission service providers, your data is subject to the same security standards there as it is with us.
If the purchase price claim has been assigned to secupay AG, the data may be passed on to subsequent companies to enforce the purchase price claim:
- Creditreform Dresden Aumüller KG
- Creditreform München Ganzmüller, Groher & Kollegen KG
Is data transferred to a third country or an international organization?
In connection with providing our service, data is transferred to companies in the United States of America on the basis of EU standard contractual clauses (it is possible to inspection of this document).
How long will my data be stored?
To the extent necessary, we process and store your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from, inter alia, the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG) and the German Money Laundering Act (GwG). The periods specified for storage or documentation therein are between two and ten years.
What data protection rights do I have?
Against us, you have
- a right of access to your personal data pursuant to Art. 15 GDPR, as well as, under certain conditions,
- a right of rectification pursuant to Art. 16 GDPR should your personal data be inaccurate or
- a right to erasure pursuant with Art. 17 GDPR if, inter alia, the erasure does not conflict with any statutory retention obligations or
- a right to restriction of processing pursuant to Art. 18 GDPR or
- a right to object to the processing of your personal data pursuant to Art. 21 GDPR and
- the right to data portability according to Art. 20 GDPR, i.e. the right to receive your data in a structured, common and machine-readable format and to transfer it to a third party.
In addition, you have a right to appeal to the data protection supervisory authority (Art. 77 GDPR). You can address this to the data protection supervisory authority responsible for us, whose contact details can be found at https://www.saechsdsb.de/impressum-datenschutzerklaerung .
Is automated decision-making conducted in individual cases (including profiling)?
We transmit your data (name, address and, if applicable, date of birth) to check your creditworthiness, obtain information for assessing the risk of non-payment based on mathematical-statistical methods using address data, and verify your address (checking for deliverability) to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden.
Furthermore, for credit assessment and address verification purposes, we transmit your data (name, address and date of birth) to the companies that make up the association Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss: Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Creditreform München Ganzmüller, Groher & Kollegen KG, Machtlfinger Str. 13, 81379 Munich and Creditreform Dresden Aumüller KG, Augsburger Str. 4, 01309 Dresden.
The legal basis for these transfers is Art. 6(1)(b) GDPR.
No information on particularly sensitive data according to Art. 9 GDPR is processed.
Fraud prevention utilizing device fingerprint
For fraud prevention and detection, the data you provide may be used to verify whether an atypical payment transaction has occurred. In principle, we have a legitimate interest in carrying out such a review. The legal basis of the processing is Art. 6(1)(f) GDPR.
The data is stored by Risk.Ident in a fraud prevention database. In the database, we also store data transmitted by us to Risk.Ident regarding terminal devices, through the use of which (attempted) fraud has already occurred. Also in this respect, no allocation to specific users takes place. When a user uses our services, we retrieve a risk assessment of the user's terminal device from the Risk.Ident database. This risk assessment on the probability of a fraud attempt takes into account, inter alia, whether the terminal device has dialled in via different service providers, whether the terminal device has a frequently changing geo-reference, how many transactions have been made via the terminal device, and whether a proxy connection is used. The legal basis of the processing is Art. 6(1)(f) GDPR.
What data is collected when visiting the website?
For technical reasons, the following data, inter alia, that your Internet browser transmits to us or our web space provider is recorded (known as server log files):
- browser type and version
- operating system used
- website from which you visit us (referrer URL)
- website you visit
- date and time of your access
- your Internet Protocol (IP) address.
This anonymous data is stored separately from any personal data you may have provided for 7 days and thus does not allow any conclusions to be drawn about a specific person. It is evaluated for statistical purposes in order to be able to optimize our Internet presence and our offers. The legal basis for the processing of this data is Art. 6(1)(1)(f) GDPR (our legitimate interests as the data controller).
If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provide there, will be transmitted to us in encrypted form.
The legal basis for the processing of this data, which is transmitted in the course of sending a request, is Art. 6(1)(f) GDPR (our legitimate interests as the data controller). If the request is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR (performance of a contract).
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
When users leave comments, their IP addresses may be stored for 7 days based on our legitimate interests as defined in Art. 6(1)(f) GDPR. This is done for our security, in case someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we ourselves may be prosecuted for the comment or post and are therefore interested in the identity of the author.
Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, to process the information of the users for the purpose of spam detection.
We will store personal information provided in the context of the comments, any contact and website information, as well as content-related information, permanently until the user objects.
Wir verwenden auf unserer Seite sog. Cookies zum Wiedererkennen mehrfacher Nutzung unseres Angebots, durch denselben Nutzer/Internetanschlussinhaber. Cookies sind kleine Textdateien, die Ihr Internet-Browser auf Ihrem Rechner ablegt und speichert. Sie dienen dazu, unseren Internetauftritt und unsere Angebote zu optimieren. Es handelt sich dabei zumeist um sog. „Session-Cookies“, die nach dem Ende Ihres Besuches wieder gelöscht werden.
Teilweise geben diese Cookies jedoch Informationen ab, um Sie automatisch wieder zu erkennen. Diese Wiedererkennung erfolgt aufgrund der in den Cookies gespeicherten IP-Adresse. Die so erlangten Informationen dienen dazu, unsere Angebote zu optimieren und Ihnen einen leichteren Zugang auf unsere Seite zu ermöglichen.
Sie können die Installation der Cookies durch eine entsprechende Einstellung Ihres Browsers verhindern; wir weisen Sie jedoch darauf hin, dass Sie in diesem Fall gegebenenfalls nicht sämtliche Funktionen unserer Website vollumfänglich nutzen können.
We use functions of the web analysis service Google Analytics on this website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimize both its web offering and its advertising.
We have activated the IP anonymization function on this website. As a result, your IP address is truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Use of Google Adwords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google LCC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").
Within the scope of Google AdWords, we use “conversion tracking”. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through AdWords customers' websites. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.
The storage of “conversion cookies" is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimize both its web offering and its advertising.
You can set your browser to inform you about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When cookies are disabled, the functionality of this website may be limited.
Use of Google reCaptcha
reCAPTCHA by Google LLC (Google). The query is used to distinguish whether the input is made by a human or abused by automated, machine processing. The query includes sending the IP address and possibly other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there further.To protect your queries submitted via Internet form, we use the service
By using reCaptcha, you agree that the recognition you provide will be used in the digitization of old works. In case of activation of IP anonymization on this website, however, your IP address will be truncated beforehand by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha is not merged with other data from Google. The deviating data protection provisions of the Google company apply to this data.
Use of OpenStreetMap
Use of Facebook components
We use components of the provider facebook.com on our site. Facebook is a service of facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
With each visit to our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component from facebook. This process informs facebook which specific page of our website you are currently visiting.
If you visit our site and are logged in to facebook during this time, facebook recognizes which specific page you are visiting through the information collected by the component and assigns this information to your personal account on facebook. If, for example, you click on the "Like" button or make corresponding comments, this information is transmitted to your personal user account on facebook and stored there. In addition, the information that you have visited our site is passed on to facebook. This happens regardless of whether you click on the component or not.
In addition, external tools are available on the market to block Facebook social plugins with add-ons for all popular browsers.
You can find an overview of the Facebook plugins at https://developers.facebook.com/docs/plugins/
Use of the Twitter recommendation components
We use components of the provider Twitter on our site. Twitter is a service of Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA.
With each visit to our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component from Twitter. This process informs Twitter which specific page of our website is currently being visited.
You can change your privacy settings in the account settings under http://twitter.com/account/settings ändern.
Use of Vimeo
We use the provider Vimeo, among others, to integrate our videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011.
On some of our web pages, we use plugins from the provider Vimeo to play videos. When you visit the Internet pages of our website that are provided with such a plugin, a connection is established to the Vimeo servers and the video is displayed. This transmits which of our Internet pages you have visited to the Vimeo server. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
Use of YouTube
In addition, videos from the YouTube platform are also integrated into our website. YouTube is operated by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google"). The videos from YouTube are embedded on our website, stored on http://www.youtube.com and can be played directly from this website. When you call up the embedded video, a connection is established to the servers of the provider YouTube in the USA and certain information (e.g. your IP address) is sent to the provider, even if you are not logged in to the provider. We do not obtain knowledge of the type and scope of the data collected by YouTube and have no influence on its use.
Use of unbounce
We use the service unbounce for promotions and advertising campaigns (landing pages) on certain pages.
unbounce Marketing Solutions Inc.
400-401 West Georgia Street
These pages are hosted by unbounce and the user's browser communicates directly with unbounce so that the user's IP address is transmitted and cookies can be set. All information entered by the user on these pages is also stored at unbounce. secupay is then provided with an evaluation of the activities. For more information about Unbounce and privacy at Unbounce, click here http://unbounce.com/privacy/
Our online presence on social networks and platforms
Our presence on social networks and platforms serves to improve active communication with our customers and prospects. On these channels, inform about our services and ongoing special promotions.
When visiting our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. “Usage profiles” are created from this data using pseudonyms. These may be used, for example, to serve advertisements within and outside the platform that are presumed to match your interests. Cookies are generally used on your terminal device for this purpose. These cookies store visitor behaviour and interests. Pursuant to Art. 6(1)(f) GDPR, this serves to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent (agreement) to the data processing, e.g. through a checkbox, the legal basis for the data processing is Art. 6(1)(a) GDPR.
Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: In connection with the provision of our service, data is transferred to companies in the United States of America on the basis of contracts that ensure the protection of personal data.
For detailed information on the processing and use of data by the providers on their sites, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular objection options (opt-out), please refer to the privacy notices of the providers linked below. If you still need help in this regard, you can contact us.
Shariff sharing function
We use the privacy-safe "Shariff" buttons. "Shariff" was developed to allow more privacy on the web and replace the usual "share" buttons of social networks. In this case, it is not the user's browser but the server on which this online offering is located that establishes a connection with the server of the respective social media platforms and queries, for example, the number of likes, etc. The user remains anonymous.