Provisions on data protection

Preamble

 

The protection of the personal data provided by the customer is very important for payever GmbH, Rödingsmarkt 20, 20459 Hamburg (“payever“, “we” or “us“). payever provides to its commercial and private customers (the “Users“) a web-based solution with which various services (the (“payever-Services”) can be used on the “payever-Platform”. To the extent services of third parties can be ordered through the payever-Platform, the data protection policy of the respective third party applies for those services.

Scope / personal data

These provisions on data protection apply for the use of the payever-Platform both through the website as well as by the app and for other services.

You can use the payever-Platform through our websites or apps. payever offers commercial customers the possibility to offer their own products and services through the payever-Platform and enables all Users to use further services and solutions of payever or other external service providers.

These provisions on data protection apply for the processing of personal data. Personal data constitute, pursuant to Art. 4 no. 1 GDPR, all information relating to an identified or identifiable natural person; this includes, for example, names or also identification numbers.

  1. Data controller / contact

    The data controller for the data processing through the websites, apps and other offerings of payever is:

    payever GmbH
    Rödingsmarkt 20
    20459 Hamburg

    Appointed as Data Protection Officer: Alexander Politz (Braun & Paul IT GmbH, Marienbergstraße 84, 90411 Nürnberg). If you have questions or suggestions, please feel free to also contact us by email at [privacy@getpayever.com].

    If payever acts only as an intermediary for the services of a third party, for example, payment processing, the respective third party is the controller for the data processing.

  2. Collection and use of your data

    1. Access to the payever-PlatformUpon accessing the payever-Platform, usage data is collected and used to the extent necessary. We store the following data in this situation:
      • date and time of access
      • browser type / version
      • used operating system
      • URL of the previously visited page
      • the previously opened app or website (if you were linked from the other offering to us)
      • volume of transmitted data
      • the IP address assigned to the end-device

      We process these data for technical reasons, in order to be able to provide our services. We also process these data for the purpose of recognizing and following up on misuse. We process these data in accordance with Art. 6 para. 1 sentence 1 b) (General Data Protection Regulation, “GDPR”), in order to perform a contract as well as in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to preserve our justified interests and secure the proper operation and availability of the payer-Services as well as the transactions processed through those services.

      We processed the used browser type, date and time of use as well as the IP address for the purpose of analyzing statistics with regard to the payever-Services. We optimize the payever-Services on the basis of this analysis. This is based on the fact of our justified interest in providing services adapted and optimized for you and the used end-devices and needs of the customers and the fact that your interests and rights or freedoms do not have greater weight, Art. 6 para. 1 lit. f GDPR.

      The use data are not combined with other data.

    2. Registration
      1. Registration with a payever customer accountWe process your following data for the registration of the payever-Services:
        • name
        • email address
        • company name, if applicable
        • business address, if applicable
        • telephone number, if applicable
        • information about the relevant online shop, if applicable
        • password

        The data are processed in the course of registration so that we can provide the payever-Services to you. The processing of the data, therefore, is necessary to fulfill a contract, Art. 6 para. 1 lit. b GDPR.

        After registration through the website, one of the payever apps or some other manner, the User receives a confirming email together with an activation link to complete the creation of the User’s customer account. If the User establishes a customer account when making a payment in a webshop, we send the access data to the entered email address and set up the customer account in parallel.

      2. Registration with the user account of a third party providerThe User also has the possibility of registering with payever using an existing user account at third party providers, especially in a social media platform. Upon confirming the registration button at the requested service, the data are forwarded to the respective service provider. The provisions on data protection and terms and conditions of use of the respective third party provider, which is also the controller within the meaning of Art. 4 no. 7 GDPR, apply for using the third party services. payever receives, in this event and depending on the terms and conditions of use of the third party provider, the information designated as public in the respective account as well as possibly additional information, such as the email address and the date of birth of the User.Registration at payever is currently possible especially through the following third party providers in the course of the respectively linked data protection policies:
    3. Performance of the payever-ServicesIn the course of rendering performance, payever processes the following data:
      • complete name
      • billing and delivery address
      • personal circumstances
      • date of birth
      • banking account and other information for payment
      • order details and order history
      • interests and preferences
      • User generated content which the respective User uploads or has entered itself

      The processing of the data serves the purpose of providing all payever-Services with all functions to the Users. This includes maintaining the user account, use of various payever-Services or external service providers, communication with the User in the course of providing the payever-Services as well as forwarding the data to third parties for performance of the contractual service.

      The processing is carried out, in order to perform the use contract concluded with the Users, Art. 6 para. 1 lit. b GDPR.

    4. Transfer of personal data
      1. Transmission for performance of the contract or with consentAs a general rule, personal data cannot be disclosed to third parties unless this is necessary to fulfill contractual obligations, Art. 6 para. 1 lit. b GDPR, or if the customer has expressly consented, Art. 6 para. 1 lit. a GDPR or if there is another applicable authorization under the law.
      2. Transfer to contract processors
        We use in part service providers who are bound by our instructions (“contract processors”) to provide the services. In such cases, personal data are forwarded to these contract processors in order to enable them to do the further processing. These contract processors are carefully selected and examined by us on a regular basis, in order to make sure that your privacy is preserved. The contract processors can only process the data for the purposes we have determined and in accordance with our instructions and are additionally under an obligation towards us under contract to treat your data exclusively in accordance with this present data protection policy as well as the German laws on data protection. The legal requirements in Art. 28 GDPR are strictly complied with.
      3. Transfer for foreign countriesIn this respect, processing can also take place in countries outside the European Economic Area, for example, because certain offerings are provided on servers located there.The European Commission decided with a resolution dated 12 July 2016 with regard to the USA that, subject to the provisions of the EU-US Privacy Shield, there is a reasonable level of data protection for the forwarding of data to the USA (so-called resolution on reasonableness under Art. 45 para. 1 GDPR). We transfer data to the following companies certified under the EU-US-Privacy Shield:
        • Amazon, Inc. and all subsidiaries
        • Amazon Web Services, Inc. and all subsidiaries
        • Atlassian Pty Ltd and the subsidiaries Atlassian, Inc.; Atlassian Network Service, Inc., Dogwood Labs, Inc.; Trello, Inc.
        • Bamboo HR LLC
        • Bugsnag, Inc.
        • Facebook Inc. and all subsidiaries
        • FullStory, Inc.
        • Google LLC and all subsidiaries
        • Microsoft Corporation and all subsidiaries
        • Stripe, Inc.
        • Twilio, Inc.
        • Zendesk, Inc.

        [If data are transferred on the basis of EU standard contract clauses:] Furthermore, we transfer data using standard contract clauses of the EU Commission pursuant to Art. 46 para. 2 lit c GDPR, in order to assure a level of data protection. These clauses are available at any time at [ https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en], and you can alternatively also request these documents from us at the stated contacts. This involves the following service providers:

        • PayPal (Europe) s.à r.l. et Cie, S.C.A.
        • PayPal Pte. Ltd.
        • SmartRecruiters Inc.
  3. Subscriptions to newsletters and other notifications

    You can voluntarily subscribe to our newsletter and other notifications from us by email on our website. The content of the respective notifications is set forth in the subscription.

    We collect for this purpose your name as well as your email address and use these data to send to you by email the newsletter as well as the respective notifications you have subscribed to.

    The legal basis for this processing is the consent granted by you pursuant to Art. 6 para. 1 lit. a GDPR.

    You can revoke your consent to the sending of newsletters and other notifications at any time with effect for the future.

  4. Receiving advertising

    You have the possibility to consent to receiving advertising when using the payever-Services. In this event, we use the information you have provided to send you advertising by regular mail or any other communication channels you have requested (email, SMS, telephone, push messages in our mobile apps or using various other communications services, such as Facebook Messenger, Whatsapp Messenger, telegram and Skype). The specific content of the advertising results from the respective consent you have issued.

    You can revoke your consent to receiving advertising at any time with effect for the future.

  5. Communication through services of third party providers

    payever provides to commercial customers the embedding of various communications services of third party providers (e.g. Facebook Messenger, Whatsapp Messenger, telegram and Skype). This enables the respective commercial customer to send messages and recommendations directly to its customers.

    payever is not the controller for the sent content of the communications or the operation of and the related processing in the communications services. The controllers for the sending of the content of the communications are the respective commercial customers. The controllers for purposes of Art. 4 no. 7 GDPR for the operation of these communications services and the related data processing are the respective service providers. The terms and conditions of use and data protection of the respective service provider always additionally apply for the use of those services.

  6. Sessions and Cookies

    payever uses so-called “cookies” or sessions on the side of the servers. “Cookies” are small text data files which are stored on your computer. They make it possible for a computer or another device to be again recognized when using the payever platform. Cookies are only used to enable better use of the payever-Services, or to the extent necessary for billing.

    Cookies serve the following purposes in this regard:

    • conducting a session (i.e. so that entered content is retained)
    • identification of the User
    • personal greeting with the member’s name
    • attribution to the visited shop and merchandise pages and used payer-Services together with the beginning, end and scope of the respective use
    • as well as the further personalization of the services of payever, as well as
    • use analysis as described in more detail in Point 7 of this data protection policy

    The described processing of cookies is carried out on the basis of our justified interests in structuring our services in accordance with the demand as well as statistical analysis of the payever-Services and the circumstance that your justified interests do not have greater weight (Art. 6 para. 1 lit. f GDPR).

    You can also deactivate the cookie function in your internet browser by deactivating the storage of cookies or setting the browser so that it is informed when cookies are sent. Permission for cookies is not necessarily required for the navigation and functionality of the website, but we wish to point out that it is possible that not all functions of the payever-Service will also be available when the cookies are switched off.

  7. Analysis of use by third party providers

    1. Use profiles with cookiesWhen using the payever-Services, we prepare use profiles for purposes of advertising, market research or structuring the website appropriately for the demand by using pseudonyms. Exclusively data about your use of the payever-Platform is used, but not the content which you have transmitted. This involves especially features for the identification of the User (pseudonym), information about the beginning, end and scope of the use of the payever-Services and log-in data. You can object at any time to the use of your data for such purposes with effect for the future. Since the use analysis functions by using cookies, you can also deactivate the cookie function in your internet browser. Permission for cookies is not necessarily required for the navigation and functionality of the website, but we wish to point out that it is possible that not all functions of the payever-Service will also be available when the cookies are switched off.Cookies are used on the basis of our justified interest in structuring our service appropriately for the demand as well as for the statistical analysis of the payever-Services and the circumstance that your justified interests do not have greater weight, Art. 6 para. 1 lit. f GDPR as well as on the basis of § 15 para. 3 German Telemedia Act [Telemediengesetz, “TMG”].
    2. Use of Google AnalyticsThis website uses Google Analytics, a web analysis service of Google operated by Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), and we collect and store through this web analysis service data from which user profiles are produced using pseudonyms. The used profiles produced in this manner serve to analyze the visitor behavior, in order to structure and improve the offering displayed on this website in a manner appropriate for the demand. Google Analytics uses so-called “cookies”, small text data files which are stored on your computer and which enable an analysis of your use of the website. The information produced by the cookie concerning your use of this website is normally transmitted to and stored on a server of Google in the USA. However, the IP anonymization is activated from our website. This means that your IP address is generally shortened by Google within the Member States of the European Union or in other treaty nations to the Convention on the European Economic Area prior to transmission to the USA. The full IP address is transmitted only in exceptional situations to a server of Google in the USA and shortened there. On behalf of the operator of this website, Google uses this information in order to analyze your use of the website for the purpose of compiling reports about website activities and to provide other services to the website operator related to the use of the website and the internet. The IP address transmitted from your browser in the context of Google Analytics is not combined with other data of Google. The use profile maintained under a pseudonym is also not combined with the personal data of the User without an express and separately declared consent.You can prevent the storage of the cookies with the corresponding setting in your browser software; however, we wish to point out that you may not be able to fully use all functions of this website in this event.You can also prevent the collection of the data produced by the cookie which are related to your use of the website (incl. your IP address) for Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link [http://tools.google.com/dlpage/gaoptout?hl=de].You can find additional information about how Google uses your data in Google’s data protection policy: [http://www.google.de/intl/de/policies/privacy/]. You can find more detailed information about the terms and conditions of use and data protection at [http://www.google.com/analytics/terms/de.html] and at [http://www.google.com/intl/de/analytics/privacyoverview.html].We wish to point out that Google Analytics was expanded with the code “gat._anonymizeIp();” on this website, in order to assure anonymized collection of IP addresses (so-called IP masking).
    3. Use of Zopim

      This website uses a live chat function of Zopim. Zopim is operated by Zendesk, 1019 Market St, San Francisco, CA 94103, USA. The Zopim function uses cookies and flash cookies to enable the User to personalize the online use of the services. Cookies are small text data files which are stored on the User’s computer and make it possible to analyze the use of the website by the User. The cookies are stored on the User’s hard drive by a website server and contain information which can be read later by a web server in the domain which sent the cookies to you. We store the unique ID number and the point in time when the User logged in for the duration of the use in an encrypted cookie on the User’s hard drive. This cookie enables the User to move from page to page on the website without having to log in again for each page.

      When the User logs off, the cookies are deleted by the User’s computer. You can prevent the storage of the cookies by setting your browser software accordingly; however, we wish to point out that in this event you may not be able to fully use all functions of this website.

      payever processes the email address and all content of the email, the date, time zone and language with which contact was made in the context of all customer inquiries which are received through the Zendesk channel.

      The customer can review the details about the handling of the customer’s personal data and information about the collection and use of the data by the Zopim function in the data information of Zendesk at https://www.zendesk.com/company/privacy/.

  8. Social media links and plugins

    1. Social networkspayever has the own social media sites at third party providers which are reached through links from this website. When using the links, you arrive at the respective internet sites of the third party providers (e.g. Facebook, Twitter, Google+). If you have accessed the site of the third party provider, you are within the area controlled by the respective service provider so that also that service provider’s data protection policy or its policies concerning the use of data apply. The respective third party provider is the controller within the meaning of Art. 4 no. 7 GDPR. payever is not the controller for the data processing in this situation.You can find more detailed information about the collection and use of the data by Facebook and your corresponding rights and possibilities to protect your privacy in the data protection information of Facebook at [https://www.facebook.com/about/privacy/].The customer can review the data protection information for Google at [http://www.google.com/policies/privacy/?hl=de].You can find further information about the use of data at Twitter in the Twitter data protection policy at [http://twitter.com/privacy].You can find the details concerning data processing by LinkedIn as well as your rights and possibilities for settings at the data protection information of LinkedIn. LinkedIn has this information available at [http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv] .
    2. Social media plugins / ShariffWe use website plugins on our website from the social networks Facebook, Twitter, Google+, LinkedIn and Xing only through the tool Shariff. Our buttons for parts of the content are activated through social networks with the software “Shariff” and the data is first then forwarded to the respective operator of the networks when you click the buttons. You can find more about Shariff here: [http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html].Various data are transmitted to the respective social network only when you click on such a button. This can include:
      • date and time of visiting the website
      • URL of the website where the visitor is located
      • URL of the website which the visitor visited beforehand
      • used browser
      • used operating system
      • IP address of the visitor

      If you are logged in in parallel in the respective social network during the visit to our site (Facebook, Twitter, Google+, LinkedIn or Xing), the possibility cannot be precluded that the provider will attribute the visit to your network account. If you use the plugin functions (e.g. clicking on the “Like” button, making a comment), this information is also transmitted directly from your browser to the respective social network and may be stored there. Information about the purpose and extent of the collection of data and the further processing and use of the data by the networks can be found in the data protection information at the respective social network.

    3. Use ofYouTubeThis website and the integrated offerings contain so-called embedded videos on YouTube. This enables a connection to YouTube and the videos placed there. YouTube is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google is the sole controller for purposes of Art. 4 no. 7 GDPR for the data processing when using YouTube.You can find the purpose and extent of the data processing and use of data by Google as well as your rights and possibilities for settings for purposes of protection as a customer in the data protection information of Google. You can find this information at: [https://www.google.com/intl/de/policies/privacy/].
    4. Use of VimeoThis website uses plugins from Vimeo.com. Vimeo.com is operated by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA (“Vimeo”). If the customer accesses a site with a plugin through that internet site, a connection to the severs of Vimeo.com is established and the plugin is displayed on the internet page through a message to the customer’s browser. As a result of this process, which of our internet sites the customer has visited are transmitted to the servers of Vimeo.com. Vimeo is the sole controller for the processing of the data when using the Vimeo services.If the Customer is a member at Vimeo.com, the visits by the customer can be attributed to the personal user account when the customer is logged in. The customer can prevent this attribution by logging out from the customer’s personal user account. The customer can find the details about the handling of the customer’s personal data and information about the collection and use of the data at Vimeo.com in the data protection information of Vimeo.com at [https://vimeo.com/privacy].
  9. Contact

    1. Direct contact / contact formYou can contact payever at any time using the above referenced contact data.We also provide a form on our website with which you can contact us, in order to ask us questions, for example, about the payever-Services. We use your entered data (name, address, telephone number, email address) exclusively to handle the contact with you.We process these data in order to be able to receive and answer your question, Art. 6 para. 1 lit. b GDPR.
    2. Contact with payever through services of third party providerspayever can be contacted by its customers through various other channels. Exclusively communications services of third party providers are used for this purpose (especially Facebook Messenger, Whatsapp Messenger and Skype).The communications services through which payever can be contacted can change. payever especially has no influence on these communications services. The terms and conditions for use and data protection of the respective communications services provider apply. payever is not responsible for the availability of the respective communications service. payever is not the controller within the meaning of Art. 4 no. 7 GDPR for the processing of data in connection with using these services. The controllers are solely the respective service providers.

      The purpose of using these communications services is to make it possible for the customer to have simple, uncomplicated and direct contact with payever. payever does not guarantee that it can be contacted immediately and on every weekday as well as at every time of the day through each service.

      We process the personal data which you transmit to us when communicating through these communications services in order to handle the contact with you. We process these data in order to be able to receive and process your inquiry, Art. 6 para. 1 lit. b GDPR.

  10. Storage period / deletion of data

    We delete or anonymize your personal data as soon as the data are no longer needed for the purposes for which we have collected or used the data under the preceding points. We normally store your personal data for the period of use and the contract through the payever-Services to the extent these data are no longer required for purposes of criminal investigation or to secure, assert or enforce legal claims.

    If you cancel your user account, your profile is deleted.

    To the extent data must be retained for legal reasons, these data are deleted only after the expiration of this period and are blocked until then. The data are then no longer available for any further use except for the purposes of the legal retention period.

    After deletion from our operational systems, the data remain for a certain period in the back-up copies in our revolving data-backup process and are then, however, automatically deleted in the course of this process at the end of the backup cycle.

  11. Your rights as a data subject

    1. Right to informationYou have the right to obtain from us at any time, upon request, information about the data we have processed and the personal data relating to you in the scope set forth in Art. 15 GDPR. You can submit a request by regular mail or by email to the address set forth above.
    2. Right to correction of incorrect dataYou have the right to demand from us the correction of the personal data related to you without undue delay if these data are incorrect. Please, use the contact addresses set forth above for this purpose.
    3. Right to deletionYou have the right to demand from us the deletion from the personal data related to you under the prerequisites set forth in Art. 17 GDPR. These prerequisites especially provide for a right to deletion of the personal data are no longer needed for the purposes for which they were collected or otherwise processed as well as in cases of incorrect processing, the existence of an objection or the existence of a duty to delete under the law of the European Union or the law of the Member State which governs us. Aside from this, reference is made to point 13 of this data protection policy with regard to the time for which data are stored. In order to assert your above right, please, contact the addresses set forth above.
    4. Right to limit the processingYou have the right to demand that that we limit the processing in accordance with Art. 18 GDPR. This right exists especially when the accuracy of the personal data is in dispute between the User and us, and this right exists for the duration which is needed to examine the accuracy as well as in the event that the User demands limited processing instead of deletion in the event that there is a right to deletion. Furthermore, the right to limit use also exists in the event that the data are no longer needed for our intended purposes, but the User needs the data to assert, exercise or defend against legal claims as well as if the successful exercise of an objection is still a matter of dispute between us and the User. Please contact the above stated addresses for the purpose of asserting your above right.
    5. Right to transferability of dataYou have the right to receive the personal data related to you which you have provided in a structured, common, machine-readable format in accordance with Art. 20 GDPR. Please contact the above stated contact addresses for the purpose of asserting your above right.
    6. Right to object
      You have the right to submit an object under Art. 21 GDPR against the processing of personal data related to you which is taken place, among other bases, on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons resulting from your particular situation. We will stop the processing of your personal data unless we can prove mandatory reasons for the processing which are deserving of protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims.
    7. Right to make complaintsYou also have the right to address complaints to the relevant supervisory authority.
  12. Amendments to the data protection policy

    The current version of this data protection policy is always available at [https://getpayever.com/about/privacy/].

Status: [10.08.2018]