Privacy Policy

INFORMATION ON DATA PROTECTION IN CONNECTION WITH OUR PROCESSING PURSUANT TO ARTICLES 13, 14 AND 21 OF THE GENERAL DATA PROTECTION REGULATION (GDPR)

We take data protection seriously and inform you about how we process your data and what claims and rights you are entitled to under the applicable data protection regulations.

 

1. Name and contact information of the controller and the data protection officer

Company name: dedified Germany UG (haftungsbeschränkt) Company address: Brienner Straße 12, D - 80333 Munich

E-Mail: datenschutz@dedipay.io

 

2. Data categories, purposes and legal basis of data processing

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations. The details of the data processed by us, the purposes of the data processing and the legal basis of the data processing depend on the circumstances of the individual case.

2.1 When you visit our website
Data access: When you visit our website for information purposes, we collect data about every access to our server on which the service is located (server log files). Such data includes

  • the name of the website accessed
  • File, date and time of retrieval
  • Amount of data transferred
  • Notification of successful access
  • Browser type and version
  • the user's operating system
  • Referrer URL (the previously visited page)
  • IP address, and
  • the enquiring

The login data is stored for a maximum of twelve months for security reasons (e.g. to clarify cases of misuse or fraud) and then deleted. Data that must be retained for evidence purposes are excluded from deletion until the respective incident has been finally clarified. The legal basis for our data processing is our legitimate interest in presenting our range of services on the Internet (legitimate interest pursuant to Art. 6(1)(f) GDPR).

Cookies: Cookies are information that is transferred from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. We use different types of cookies:

  • Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.
  • Session cookies are only stored for the duration of the current visit to our website (e.g. to enable the storage of your login status or the shopping basket function and thus enable you to use our website in the first place). A randomly generated unique identification number is stored in a session cookie (so-called session ID). In addition, a cookie contains information about its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you stop using our website and log out or close the browser.
  • Consent cookies (i.e. the consent you have given to the use of cookies in general) are stored for a period of two months.
  • Functionality cookies store your preferences for a website, e.g. your preferred language.
  • Performance cookies collect website and app usage data at an abstract level and are used to provide analyses and metrics such as the number of visitors and the most frequently accessed pages. These cookies include Google Analytics (see also below).

The cookies we use on our website are listed in the table below:

Name Supplier Purpose of
General cookies Company
Consent cookie Company Cookie-Consent
Analysis-Cookie Company Analysts
Performance-Cookie Company Information on website and app usage
Session-Cookies
Authentication-Cookie Company Authentication
Functionality Cookie Company Preferred language

Where required by law, we ask for your consent in advance.

If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies on your computer can lead to a limited function of this online offer.

You can also refuse the use of cookies used for reach measurement and advertising via the deactivation pages of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

You can change or revoke your consent in the cookie declaration on our website at any time.

The legal basis for our data processing in connection with cookies is your consent (Art. 6(1)(a) GDPR) and/or our legitimate interest in the presentation of our range of services on the Internet (legitimate interest pursuant to Art. 6(1)(f) GDPR).

Google Analytics
If you have given us your prior consent, we use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), for the purpose of analysing, optimising and economically operating our online offer on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to analyse the use of our online offer by users and to compile reports on the activities within the online offer in order to provide us with further services associated with the use of this online offer. Pseudonymised user profiles can be created for the users from the processed data.

We use Google Analytics to ensure that we only show the adverts provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products determined based on the websites visited) that we send to Google (this is known as remarketing or Google Analytics audiences). We use remarketing audiences to ensure that our advertising matches the potential interest of the user and is not perceived as annoying.

We only use Google Analytics with activated IP anonymisation. This means that the user's IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user's browser will not be merged with other data by Google. Users can prevent the storage of cookies by setting their browser accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google. To do this, the browser plugin available at the following link can be downloaded and installed: https://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain, delete your cookies in this browser, then click on this link again):

Deactivate Google Analytics
Further information on the use of data by Google as well as setting and opt-out options can be found on the Google website: https://www.google.com/ intl/de/policies/privacy/partners („How Google uses information from sites or apps that use our services“), https://policies.google.com/technologies/ads („How Google uses cookies in advertising“), https://adssettings.google.com/authenticated („Make the ads you see more useful to you“).

Google Re/Marketing Services
We use the marketing and remarketing services ("Google Marketing Services" for short) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, ("Google") on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR).

Google is certified under the Privacy Shield framework and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Marketing Services enable us to display adverts for and on websites in a more targeted manner in order to present users only with adverts that may be of interest to them. For example, when users are shown adverts for products that they have shown an interest in on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code from Google is executed and (re)marketing tags (invisible graphics or codes, also known as "web beacons") are integrated into the website. These are used to store an individual cookie, i.e. a small file, on the user's device (comparable technologies can also be used instead of cookies). The cookies can be created by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites users visit, what content they are interested in and which offers they click on. The file also contains technical information about the browser and operating system, referring websites, the duration of the visit and other information about the use of the online offer. The IP addresses of the users are also recorded, whereby we point out within Google Analytics that the IP addresses are shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and are only transmitted to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offers. Google may also combine the aforementioned information with information from other sources. If users then visit other websites, they may be shown adverts tailored to their interests.

In addition, we may use the "Google Tag Manager" to integrate and manage Google's analysis and marketing services into our website.

You can find further information on the use of data for marketing purposes by Google at https://policies.google.com/technologies/ads.

You can find Google's privacy policy at https://policies.google.com/privacy.

If you wish to object to interest-based advertising by Google Marketing Services, you can use the settings and objection options provided by Google: https://adssettings.google.com/authenticated.

2.2 When you register on our website
Identification Data: When you register on our website or on the website or mobile application of one of our business partners offering our services, we collect certain identification data from you and, if you register on behalf of a company, from third parties associated with these companies as beneficiaries. This data includes

For individuals:

  • Your title
  • Your first and last name
  • Your postal address
  • Your gender
  • Your language preference
  • Your e-mail address(es)
  • Your country of residence
  • Your date of birth
  • Your nationality
  • Your phone number
  • Your ID card or passport number

For legal entities:

  • First name and the last name of the legal representative(s)
  • Address of the legal representative(s)
  • Date of birth of the legal representative(s)
  • Country of residence of the legal representative(s)
  • E-mail of the legal representative(s)
  • The nationality of the legal representative(s)
  • Identity card or passport number of the legal representative

For ultimate beneficial owner (UBO, i.e. shareholders who hold 25 % or more of the company shares:

  • First and last name
  • Postal address
  • Nationality
  • Date, place and country of birth

Registration dataWhen you register on our website or on the website or mobile application of one of our business partners offering our services, we also collect certain registration and authentication data from you or the company you represent in order to process payment transactions. Such data includes

If you are acting on your own behalf:

  • Your bank account number (IBAN)
  • Your current address
  • The identification number of your mobile device

The legal basis for our data processing in relation to the above-mentioned registration data of your person is your consent (Art. 6(1)(a) GDPR) and/or our legitimate interest in assessing the business risks associated with the payment transactions you make (legitimate interest pursuant to Art. 6(1)(f) GDPR) and in ensuring that the payment transactions you make are carried out in accordance with applicable laws and regulations (legitimate interest pursuant to Art. 6(1)(c) GDPR).

The legal basis of our data processing relates to the aforementioned registration data of the legal representatives and the ultimate beneficiary owners of companies

The legitimate interest you represent is our legitimate interest in assessing the business risks associated with the payment transactions you make (legitimate interest pursuant to Art. 6(1)(f) GDPR) and in ensuring that the payment transactions you make are carried out in accordance with applicable laws and regulations (legitimate interest pursuant to Art. 6(1)(c) GDPR).

2.3 When you carry out payment transactions using our services
Transaction data: When you carry out payment transactions on our website or on the website or mobile application of one of our business partners offering our services, we collect certain transaction data from you. Such data includes:

  • The amount of the payment to be made
  • Identification data of you as the payer (first name and surname, bank account number (IBAN), virtual IBAN of the payment account.
  • Identification data of the recipient (first and last name, virtual IBAN of the payment account)
  • Date and time of receipt of the payment transaction
  • Reference/Topic Number

The legal basis for our data processing in connection with the aforementioned transaction data is your consent (Art. 6(1)(a) GDPR) and/or our legitimate interest in fulfilling the contractual instructions you have given us in order to provide the payment service you have requested (legitimate interest pursuant to Art. 6(1)(b) GDPR).

2.4 Newsletters
We send newsletters, e-mails and other electronic notifications with advertising information only with your consent or with legal authorisation and process your e-mail contact data in this context.

Double opt-in and logging:

Registration to receive our newsletter requires a "double opt-in procedure": After registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register using another person's e-mail address. We log your registration for our newsletters (saving the time of your registration and confirmation as well as your IP address) in order to be able to prove that you have given the necessary consent to receive our newsletters.

Termination/cancellation:

You can revoke your consent to receive our newsletter at any time. You will find a link to unsubscribe from the newsletter at the end of each newsletter.

The legal basis for our data processing in connection with our newsletters is your consent (Art. 6(1)(a) GDPR), and/or our legitimate interest in promoting our services (legitimate interest pursuant to Art. 6(1)(f) GDPR).

 

3. Recipients of your data

 Your personal data will only be passed on to third parties if

  • The transfer is necessary pursuant to Art. 6(1)(b) GDPR for the fulfilment of our contractual obligations in the business relationship with you,
  • you have given us your consent to transfer the data to third parties;
  • the transfer is based on a legitimate interest pursuant to Art. 6(1)(f) GDPR)
  • we are obliged or authorised under the applicable laws and regulations to disclose, communicate or pass on data.
  • The categories of personal data transmitted by us to third parties and the recipients of this data are

If you open a payment account

  • Registration data from you in accordance with points 2.1 and 2
  • Transaction data from you in accordance with section 2.3 will be transmitted to our business partner MANGOPAY SA, 2 Avenue Amélie, L-1125 Luxembourg.
  • Insofar as we commission external service providers to process your data (e.g. external data centres, support and maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening to combat money laundering, data validation and data protection. If we use external service providers (e.g. data processing, plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printers or companies for data disposal, courier services, logistics, press relations), your data will be subject to appropriate security standards that we agree with these service providers in order to adequately protect your data.

     

4. Duration of data storage

In general, we only process and store your data for as long as is necessary.

The personal data that we collect from you will be stored until the end of the statutory retention period and then deleted, unless we are required to store the data for a longer period in accordance with Art. 6(1)(c) GDPR due to retention and documentation obligations under tax and commercial law or if you have consented to longer storage in accordance with Art. 6(1)(a) GDPR. In addition, special statutory provisions may require longer storage, such as the preservation of evidence in connection with statutory limitation provisions (limitation periods).

If the data is no longer required to fulfil our contractual or legal obligations and rights, the data is routinely deleted unless there is an overriding legitimate interest in further processing. Such an overriding legitimate interest may exist if deletion of the data is not possible or only possible with disproportionate effort due to the special type of storage, provided that processing for other purposes is excluded by suitable technical and organisational measures.

 

5. Processing of data in a third country or by international organisations

Your data will always be transferred to recipients in countries outside the European Economic Area EU/EEA (third countries) if this is necessary to fulfil a contractual obligation towards you (e.g. if you are posted to another country), if this is required by law (e.g. tax reporting obligations), if this is in our legitimate interest or that of a third party or if you have consented to such a transfer.

If your data is processed on our behalf in a third country and the EU Commission has not yet issued a decision on the existence of an adequate level of data protection in this country, we ensure that your rights and freedoms are adequately protected and guaranteed by appropriate contractual agreements in accordance with EU data protection regulations. We will be happy to provide you with detailed information on request.

 

6. Your rights as a data subject

In accordance with the provisions of the GDPR, you as the data subject can assert the following data protection rights against us:

  • You can revoke the consent you have given us at any time (Art. 7 para. 3 GDPR). As a result, we will no longer carry out the data processing covered by this consent in the future. 
  • You have the right to receive information about your personal data processed by us (Art. 15 GDPR with restrictions according to § 34 Federal Data Protection Act).
  • You have the right to request the correction of data that we have stored about you if this data is incorrect or incomplete (Art. 16 GDPR).
  • You have the right to request the deletion of the data we have stored about you, unless this is contrary to other statutory provisions (e.g. statutory retention obligations or the restrictions of § 35 BDSG) or there is an overriding interest on our part (e.g. to defend our rights and claims) (Art. 17 GDPR).
  • You can ask us to stop the processing of your data in accordance with Art. 18
  • You have the right to receive your personal data in a structured, commonly used and machine-readable format or to transmit this data to a third party (Art. 20 GDPR).
  • You may object to the processing of your data pursuant to art. 21 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 
  • You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
  • In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

 

7. Changes to this Privacy Statement

This Privacy Policy is subject to change if new developments require it.