Data Privacy

Responsible in the sense of the data protection laws, in particular the EU Data Protection Basic Regulation (DSGVO), is

XPAY Solutions GmbH
Stefan-George-Ring 2
81929 München
Deutschland
info@xpay.de

Datenschutzbeauftragter:
XPAY Holding AG
Stefan-George-Ring 2
81929 München
089 46 13 44 22 44
datenschutz@xpay.de

1. The content of this privacy statement and definitions

Thank you for your interest in our website. The protection of your privacy is very important to us. In the following document we will inform you in detail about how we handle your data and which personal data we collect, process and use when you visit our website. Additionally, this data protection declaration will inform you about the options and objections you have with regard to your data.

For the purposes of the basic data protection regulation (DSGVO), the following definitions apply

  • “personal data” shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • “processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, arranging, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • “profiling” means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analysing or predicting aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that natural person.

Further official definitions are explained in Art. 4 DSGVO.

2. Rights of data subjects

You can exercise the following rights at any time by contacting our data protection officer:

  • Information about your data stored with us and their processing (Art. 15 DSGVO),
  • Correcting incorrect personal data (Art. 16 DPA),
  • Deletion of your data stored with us (Art. 17 DSGVO),
  • Restriction of data processing, insofar as we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
  • Objection to the processing of your data by us (Art. 21 DSGVO) and
  • Data transferability, provided you have consented to data processing or have concluded a contract with us (Art. 20 DSGVO).

If you have given us your consent, you can revoke it at any time with effect for the future.

You also have the right to complain to a supervisory authority (Art. 77 DSGVO). As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our registered office for this purpose. The following supervisory authority is responsible for us:

Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
http://www.lda.bayern.de

Right of objection

Insofar as we process personal data as explained in this data protection declaration in order to safeguard our legitimate interests which outweigh any other interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If processing is carried out for other purposes, you only have the right to object if there are reasons arising from your particular situation.

After exercising your right of objection, we will not further process your personal data for these purposes, unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. In this case we will not process your personal data further for this purpose.

If you wish to exercise your right of objection, please inform us by e-mail.

Profiling (automated decision making)

According to Art. 22 DSGVO, you have the right not to be subjected to a decision based solely on automated processing – including profiling – which has legal effect on you, or which significantly affects you in a similar way. As a matter of principle, we do not carry out automated decision making unless this serves to comply with overriding legal provisions (e.g. prevention of money laundering and terrorist financing).

3. Collection of general information when visiting our website

Nature and purpose of the processing

You can visit our website without providing any personal information. If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. Whenever you call up a website, the web server automatically saves a so-called server log file, which contains e.g. the name of the requested file, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call.

This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our services.

Legal basis

This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offer. In accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, this serves to safeguard our predominantly legitimate interests in the correct presentation of our website when weighing up the interests involved.

Hosting services through a third-party provider

Within the scope of processing on our behalf, a third-party provider provides us with the services for hosting and displaying the website. This serves to protect our legitimate interests in a correct presentation of our offer, which outweigh any other interests. All data collected in the course of using this website or in forms provided for this purpose in the online shop as described below are processed on its servers. Processing on other servers only takes place within the scope described here.

This service provider is located within a country of the European Union or the European Economic Area. Processing contracts required under Art. 28 DSGVO will be concluded prior to commissioning.

Storage duration

All access data will be deleted at the latest seven days after the end of your site visit.

Provision required or necessary

The provision of the aforementioned personal data is not required by law or contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted. For this reason, an objection is excluded.

4. E-Mail advertising and newsletter subscription

Nature and purpose of the processing

If you subscribe to our newsletter, we will use the data required for this purpose or provided separately by you to regularly send you our e-mail newsletter.

You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. You can do this either by sending a message to the contact option described above or via a link provided for this purpose in the newsletter. After cancellation we will delete your e-mail address, unless you have expressly agreed to a further use of your data or we reserve the right to use your data for other purposes which are legally permitted and about which we inform you in this declaration.

Legal basis

On the basis of your expressly given consent (Art. 6 para. 1 lit. a DSGVO), we will send you our newsletter or comparable information regularly by e-mail to the e-mail address you have provided.

Storage duration

The data will only be processed in this context as long as the corresponding consent has been obtained. Afterwards they will be deleted.

Provision prescribed or necessary

The provision of your personal data is voluntary, solely based on your consent. Unfortunately, we cannot send you our newsletter without existing consent.

5. Integration of the Trusted Shop Trustbadge

Nature and purpose of the processing

For the display of our Trusted Shops seal of approval and the possibly collected ratings as well as the offer of Trusted Shops products for buyers after an order, the Trusted Shops trust badge is integrated on this website.

When the trust badge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, transferred data volume and the requesting provider (access data) and documents the call. Individual access data is stored in a security database for the analysis of security incidents. The log files are automatically deleted at the latest 90 days after creation.

Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered for use. It applies the contractual agreement met between you and Trusted Shops. For this an automatic collection of personal data from the order data takes place. Whether you are already registered as a buyer for a product use is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted before transmission into this hash value, which cannot be decrypted by Trusted Shops. After checking for a match, the parameter is automatically deleted.

Legal basis

The integration of the Trusted Shops Trustbadge serves to protect our predominantly legitimate interests in an optimal marketing in the context of a balancing of interests by enabling secure shopping in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO. In addition, the transfer of personal data is necessary for the fulfilment of our and Trusted Shops’ predominant legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. Further details, also regarding the objection, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.

Valuation reminder by Trusted Shops: If you have given us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, we will transmit your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de), so that they send you a valuation reminder by e-mail. This consent can be revoked at any time by sending a message to the above-mentioned contact option or directly to Trusted Shops.

Data Processor

The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The trust badge is provided by a CDN provider (Content Delivery Network) within the scope of order processing. Trusted Shops GmbH also uses service providers from the USA. An adequate level of data protection is guaranteed. Further information on data protection at Trusted Shops GmbH can be found here.

Provision required or necessary

The provision of your personal data is voluntary, solely based on your consent. No evaluation can be made without existing consent.

6. Cookies

Nature and purpose of the processing

To make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests, which outweigh any other interests, in an optimised presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. Cookies are small text files that are automatically stored on your end device. They are not able to execute programs or transmit viruses.

Legal basis

The use of cookies serves to safeguard our predominantly legitimate interests in an optimised presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

Storage duration of the cookies used

This website uses the following types of cookies, the scope and function of which are explained below:

  • Transient Cookies
  • Persistent Cookies

Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can see the duration of the storage in the cookie settings of your web browser.

You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

You will find these for the respective browsers under the following links:

Internet Explorer™: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: https://help.opera.com/de/latest/web-preferences/#cookies

If cookies are not accepted, the functionality of our website may be limited.

Revocation of consent

SYou can revoke your consent at any time with effect for the future by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google. Furthermore, you can deactivate the setting “personalized advertising” in your Google account. Details can be found here. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from recording data on this website in the future. In doing so, an opt-out cookie will be stored on your end device. If you delete your cookies, you will be asked again to give your consent.

7. Online Marketing

a) Use of Google Analytics for web analysis

Nature and purpose of the processing

This website uses Google (Universal) Analytics for the purpose of website analysis. Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

Insofar as you have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, this website also uses Google Signals. This is an extension function of Google Analytics that enables so-called “cross-device tracking”. This means that if your internet-enabled devices are linked to your Google account, Google can generate reports on usage behaviour (in particular cross-device user numbers), even if you change your end device. For this purpose, Google uses data if you have activated the setting “personalised advertising” in your Google account.

A processing of personal data does not take place by us, we only receive statistics based on Google Signals.

Legal basis

The processing of data is based on the consent of the user (Art. 6 para. 1 lit. a DSGVO).

Processor

The recipient of the data is Google as the processor of the order. We have concluded the corresponding contract with Google for this purpose.

Storage duration

After the discontinuation of the purpose and the end of the use of Google Analytics by us, the data collected in this context will be deleted.

Transfer to third countries

The web analytics service is provided by Google Ireland Limited, a company incorporated and organised under the laws of Ireland, with registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

Provision required or necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of consent

You can revoke your consent at any time with effect for the future by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google. Furthermore, you can deactivate the setting “personalized advertising” in your Google account. Details can be found here. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from recording data on this website in the future. In doing so, an opt-out cookie will be stored on your end device. If you delete your cookies, you will be asked again to give your consent.

Profiling

With the help of the tracking tool Google Analytics, the behaviour of visitors to the website can be evaluated and their interests analysed. For this purpose we create a pseudonymous user profile.

b) Google AdSense

Nature and purpose of the processing

Our website markets space for third-party ads and advertising networks through Google AdSense. These ads are shown to you in various places on this website. As far as you have given us your consent according to art. 6 para. 1 sentence 1 lit. a DSGVO, the so-called DoubleClick-Cookie is set by Google in the context of the integration of Google AdSense.

This enables the display of interest-based advertising by automatically assigning a pseudonymous UserID, with the help of which the interests are determined on the basis of visits to this and other websites.

Legal basis

Legal basis for the integration of Google AdSense is your consent according to Art. 6 para. 1 sentence 1 lit. a DSGVO.

Data processor

The recipient of the data is Google as the processor of the order. We have concluded the corresponding contract with Google for this purpose.

Storage duration

After discontinuation of the purpose and end of the use of Google AdSense by us, the data collected in this context will be deleted.

Transfer to third countries

Google AdSense is an offer by Google Ireland Limited, a company registered and regulated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com). As far as information is transferred to servers of Google in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

Provision required or necessary

The provision of your personal data is voluntary, solely based on your consent.

Revocation of consent

You can revoke your consent at any time with effect for the future by deactivating the remarketing cookie via this link. You can also contact the Digital Advertising Alliance to find out how cookies are set and to adjust your settings.

c) Use of Google Remarketing

Nature and Purpose of the Processing

We promote this website in the Google search results via Google Ads and on third party websites. Google Ads is offered by Google Ireland Limited, a company incorporated and regulated under the laws of Ireland, with registered offices at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

When you visit our website, the so-called remarketing cookie is set by Google, which automatically enables interest-based advertising by means of a pseudo-anonymous cookie ID and based on the pages you visit. After the discontinuation and the end of use of Google Ads Remarketing by us, the data collected in this context will be deleted.

Any further data processing will only take place if you have agreed with Google that your web and app browsing history will be linked by Google to your Google account and information from your Google account will be used to personalize ads you see on the web. In this case, if you are logged in to Google while browsing our website, Google will use your information along with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form target groups.

Legal Basis

Your consent forms the legal basis for the integration of Google Remarketing and the associated data transfer to Google (Art. 6 para. 1 lit. a DSGVO).

Data Processor

Whenever you visit our website, personal data, including your IP address, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected via the technical process to third parties.

Our company does not contain any information from Google by which the person concerned could be identified.

Transfer to Third Countries

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

You can revoke your consent at any time with effect for the future by deactivating the remarketing cookie via this link. You can also contact the Digital Advertising Alliance to find out how cookies are set and to adjust your settings.

According to its own information, Google does not collect any personal data during this process. If you still do not wish to use Google’s remarketing function, you can deactivate it by making the appropriate settings at https://support.google.com/adwordspolicy/answer/143465. Alternatively, you can disable the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at https://optout.networkadvertising.org.

d) Affilinet Partner Programme

Nature and Purpose of the Processing

Our website participates in the Affilinet partner program. This is offered by AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter “affilinet”). This is a so-called affiliate system in which persons registered with affilinet (also “publishers”) advertise the products or services of the so-called “advertisers” on their websites by means of advertising material. By means of cookies affilinet is able to track the progress of the respective order and in particular that you have clicked on the respective link and then ordered the product via the affiliate partner program.

Legal Basis

Participation in the Affilinet partner program serves to protect our legitimate interests in the optimization and economic utilization of our online offering in accordance with Art. 6 Para. 1 lit. f) DSGVO.

Data Processor

AWIN AG, Eichhornstrasse 3, 10785 Berlin

Storage Duration

The data collected in this context will be deleted after the discontinuation of the purpose. If legal retention periods exist, we will delete the data after these periods have expired.

Provision Required or Necessary

The provision of the aforementioned personal data is not required by law or contract.

Revocation of Consent

You can prevent the setting of cookies by our contractual partners or our website at any time by means of an appropriate setting in your Internet browser. In addition, cookies already set can be deleted at any time via the Internet browser or other software programs.

Further information on data processing at affilinet can be found here.

e) Live-Chat-Tool Zendesk

Nature and Purpose of the Processing

If you use the live chat tool to contact us, the data you voluntarily enter there (name, e-mail address, message) will be processed by us for the purpose of answering the enquiry within the framework of contract processing.

Legal Basis

The personal data will be processed by us for the purpose of answering the enquiry within the framework of contract processing in accordance with Art. 6 Paragraph 1 S. 1 lit. b DSGVO. In addition, the use of this tool serves to safeguard our legitimate interests in effective and improved customer communication in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, which outweigh the interests of our customers.

Data Processor

As part of processing on our behalf, the third party provider Zendesk, Inc. provides us with the services to provide the live chat tool. All data collected during the use of the chat tool is processed on its servers.

Transfer to Third Countries

Zendesk, Inc. is based in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. As a result of this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

Storage Duration

After the end of the use of the live chat tool, the data will be deleted. If legal retention periods exist, we will delete the data after these periods have expired.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, it is not possible to contact us via Zendesk.

f) Use of Google Maps

Nature and Purpose of the Processing

This website uses Google Maps for the visual presentation of geographical information. Google Maps is provided by Google Ireland Limited, a company incorporated and regulated under the laws of Ireland, with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

Further information about data processing by Google can be found in the data protection information of Google. The terms of use for Google Maps contain detailed information about the map service.

Detailed instructions on how to manage your own data in connection with Google products can be found here.

Legal Basis

The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO) as well as the safeguarding of our predominantly legitimate interests in an optimised presentation of our offer and easy accessibility of our locations in accordance with Art. 6 para. 1 lit. f) DSGVO.

Data processing is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO, which you can view here.

Data Processor

When using Google Maps, Google transmits or processes data on the use of the Maps functions by website visitors, which may include in particular the IP address and location data. We have no influence on this data processing.

Storage Duration

We do not collect any personal data through the integration of Google Maps.

Transfer to Third Countries

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

To deactivate the Google Maps service and thus prevent data transmission to Google, you must deactivate the Java Script function in your browser. In this case, Google Maps cannot be used or can only be used to a limited extent.

g) Google reCAPTCHA

Nature and Purpose of the Processing

For the purpose of protection against misuse of our web forms as well as against spam, we use the Google reCAPTCHA service in some forms on this website. Google reCAPTCHA is provided by Google Ireland Limited, a company incorporated and regulated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.com). By verifying manual input, this service prevents automated software (known as bots) from carrying out abusive activities on the website.

Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, as part of the verification methods that allow an analysis of the use of the website by you, such as cookies. The automatically collected information about your use of this website including your IP address is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored by Google services in your browser are evaluated by Google reCAPTCHA.

A readout or storage of personal data from the input fields of the respective form does not take place.

Further information about data processing by Google can be found in the data protection information of Google.

Legal Basis

The integration of Google reCAPTCHA serves, in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, to protect our legitimate interests in the protection of our website from misuse and in the trouble-free presentation of our online presence.

Data Processor

Whenever you visit our website, personal data, including your IP address, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected through the technical process to third parties.

Storage Duration

The data collected in this context will be deleted after the discontinuation of the purpose. If legal retention periods exist, we will delete the data after these periods have expired.

Transfer to Third Countries

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

You may refuse the use of JavaScript or cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. Please note that this may limit the functionality of our website for your use.

h) Google Web Fonts

Nature and Purpose of the Processing

In order to display our content correctly and in a graphically appealing manner across browsers, we use “Google Web Fonts” on this website from Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Further information about data processing by Google can be found in Google’s privacy policy.

Legal Basis

The legal basis for the integration of Google Web Fonts and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO).

Data Processor

When you access script libraries or font libraries, a connection is established between the browser you are using and Google’s servers. This enables Google to know that our website has been accessed via your IP address.

Storage Duration

We do not collect any personal data through the integration of Google Webfonts.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/.

Transfer to Third Countries

Insofar as information is transferred to Google servers in the USA and stored there, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

Provision Required or Necessary

The provision of personal data is not required by law or contract. However, it may not be possible to display the content correctly using standard fonts.

Revocation of Consent

The JavaScript programming language is regularly used to display the content. You can therefore object to the data processing by deactivating the execution of JavaScript in your browser or installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

8. Registration on our Website

Nature and Purpose of the Processing

We collect personal data when you provide us with this information as part of your order or when you contact us (e.g. via contact form or e-mail). Mandatory fields are marked as such, because in these cases we need the data for the processing of the contract, for the processing of your contact and you cannot complete the order or send the contact without the data. Which data is collected can be seen from the respective input forms.

Legal Basis

The processing of the data entered during registration is based on the consent of the user (Art. 6 para. 1 lit. a DSGVO).

If the registration serves the performance of a contract to which the data subject is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.

Storage Duration

After the contract has been fully executed, your data will be restricted for further processing and deleted after the expiry of any retention periods required under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes that go beyond this, which is permitted by law and about which we inform you in this declaration.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. Without the provision of your personal data we cannot grant you access to our offered contents and services.

9. Provision of Services Subject to Charges

Nature and Purpose of the Processing

In order to provide services that are subject to a charge, we will ask you for additional data, such as payment details, so that we can execute your order. In order to fulfil the contract, we will pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the order process, we will pass on the payment data collected for this purpose to the bank commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service for the processing of payments. In some cases, the selected payment service providers may also collect this data themselves if you open an account there. In this case, you must log on to the payment service provider with your access data during the ordering process. In this respect, the data protection declaration of the respective payment service provider applies.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they undertake the shipping for us (drop shipment).

Legal Basis

The processing of the data required for the conclusion of the contract is based on Art. 6 para. 1 lit. b DSGVO.

Storage Duration

We store this data in our systems until the legal retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.

Provision Required or Necessary

The provision of your personal data is voluntary. Without the provision of your personal data we cannot grant you access to our offered contents and services.

10. Credit Assessment and Legitimation

Nature and Purpose of the Processing

In order to fulfil legal obligations, we collect personal data as part of the legitimacy check or credit assessment. The scope of these checks depends on the selected product and its services. In connection with the legitimacy check, video recordings can also be made by the provider commissioned by us, which we also store. We do not currently carry out credit checks, but reserve the right to do so in the future.

Legal Basis

The processing of the data

  • is based on the consent of the user (Art. 6 para. 1 lit. a DSGVO),
  • is necessary for the conclusion of the contract (Art. 6 para. 1 lit. b DSGVO,
  • is necessary to fulfil a legal obligation (Art. 6 para. 1 lit. c DSGVO).

Data Processor

Recipients of the data are credit reference and fraud prevention agencies and providers of identification solutions.

Storage Duration

After the contract has been fully executed, your data will be restricted for further processing and deleted after the expiry of any retention periods required under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes that go beyond this, which is permitted by law and about which we inform you in this declaration. Audio-visual recordings within the scope of the legitimacy check are deleted after five years.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. Without the provision of your personal data, we cannot grant you access to our offered services.

10.1. Vimeo Video Plugins

Nature and Purpose of the Processing

Contents of third party providers are integrated on this website. This content is provided by Vimeo LLC (“Provider”). Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”).

For videos from Vimeo that are embedded on our site, the tracking tool Google Analytics is automatically integrated. We have no influence on the tracking settings and the analysis results collected through this tool and cannot view them. In addition, web beacons are set for website visitors by embedding Vimeo videos.

Legal Basis

The integration of the videos serves to safeguard our predominantly legitimate interests in the optimal marketing of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

Data Processor

When you use Vimeo services, personal information, including your IP address, is transferred to Vimeo in the USA. This personal information is stored by Vimeo. Vimeo may share this personal information collected through the technical process with third parties.

Storage Duration

After the purpose has been discontinued, the data collected in this context will be deleted or made anonymous.

Transfer to Third Countries

As far as information is transferred to servers of Google or Vimeo in the USA and stored there, both the American company Google LLC and Vimeo, Inc. are certified under the EU-US Privacy Shield. A current certificate can be viewed here. As a result of this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

In order to prevent Google Analytics tracking cookies from being set, you can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from recording data on this website in the future. In doing so, an opt-out cookie will be stored on your end device. If you delete your cookies, you must click the link again.

For the purpose and scope of data collection and the further processing and use of data by the providers, as well as your rights in this regard and setting options for protecting your privacy, please refer to the Vimeo data protection information.

10.2. Social Media PlugIns – Our online presence on Facebook, Google, Twitter, Instagram, Xing, LinkedIn

Nature and Purpose of the Processing

Our presence on social networks and platforms serves a better, active communication with our customers and interested parties. There we inform about our products and current special offers.

When you visit our online presence in social media, your data may be automatically collected and stored for market research and advertising purposes. So-called user profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. The visitor behaviour and interests of the users are stored in these cookies.

Legal Basis

The use of your personal data is in accordance with Art. 6 para. 1 lit. f. DSGVO, the use of your personal data serves to safeguard our predominantly legitimate interests in an optimised presentation of our offer and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for consent (permission) to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a DSGVO.

Data Processor

Facebook: https://www.facebook.com/about/privacy/

The data processing is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum

Google/ YouTube: https://policies.google.com/privacy
Twitter: https://twitter.com/de/privacy
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Xing: https://privacy.xing.com/de/datenschutzerklaerung

Storage Duration

For detailed information on the processing and use of data by the providers on their sites as well as a contact option and your rights and settings options for the protection of your privacy, in particular opt-out options, please refer to the linked data protection information of the providers. Should you nevertheless require assistance in this regard, please contact us.

Transfer to Third Countries

Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: The European Commission has issued an adequacy finding for the USA. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

Opt-Out possibilities:
Facebook: https://www.facebook.com/settings?tab=ads
Google/ YouTube: https://adssettings.google.com/authenticated
Twitter: https://twitter.com/personalization
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Xing: https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen/widerspruchsrecht

11. Processors Used

In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly. We have concluded an order processing contract with all the companies we have commissioned to collect, process, analyse and delete your data and fully implement the requirements of the data protection authorities.

12. Changes to our Data Protection Regulations

We reserve the right to adapt this data protection declaration so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your next visit.

13. Questions to the Data Protection Officer

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of any consents granted or objection to a specific use of data, please contact our company data protection officer.

Data Protection Officer:

XPAY Holding AG
Stefan-George-Ring 2
81929 München
089 46 13 44 22 44
datenschutz@xpay.de

We use cookies for various functionalities on our site. You can find more information in the data privacy policy.

Cookie Präferenzen

Wir verwenden Cookies, um die Webseite zu personalisieren und den aktuellen Status zu speichern. Wenn du alle Cookies akzeptierst werden auch Informationen mit Sozialen Netzwerken, Werbe- und Analyse-Partner geteilt. Nähere Informationen findest du in unserer Datenschutzerklärung.
Nachfolgend kannst du deine gewünschten Cookie Präferenzen einstellen.
Benötigte Cookies
Name Speicherdauer Firma Zweck Speicherart Art Party Optional
language dauerhaft XPAY Solutions speichert die Standardsprache Cookie Session 1st Nein
cookiePolicy 1 Jahr Lofina Speichert die vom Benutzer eingestellten Cookie-Präferenzen. Cookie settings 1st Nein
PHPSESSID Session Lofina Session Cookie der beim Beenden des Browsers gelöscht wird. Notwendig um den Benutzer für die Dauer der Session zu identifizieren. Cookie session 1st Nein
Statistik
Name Speicherdauer Firma Zweck Speicherart Art Party Optional
_ga 2 Jahre Google Dieses Cookie steht im Zusammenhang mit Google Universal Analytics. Es wird verwendet, um eindeutige Benutzer zu unterscheiden, indem eine zufällig generierte Nummer als Client-ID zugewiesen wird. Es ist in jeder Seitenanforderung einer Website enthalten und wird verwendet, um Besucher-, Sitzungs- und Kampagnendaten für die Analytics-Berichte der Website zu berechnen. Cookie analytics 3rd Ja
_gid 24 Stunden Google Dieses Cookie steht im Zusammenhang mit Google Universal Analytics. Es speichert und aktualisiert einen eindeutigen Wert für jede besuchte Seite. Cookie analytics 3rd Ja
_gat 1-10 Minuten Google Wird verwendet, um die Abfragerate zu drosseln und/oder die Sammlung von Daten auf Websites mit hohem Datenverkehr zu begrenzen. Cookie analytics 3rd Ja
_gat_gtag_UA_148904111_1 1 Minute Google Wird von Google verwendet um den Traffic zu Google-Analytics zu „throttlen“ (einzugrenzen), damit deren Seite nicht mit Anfragen überflutet wird. Cookie analytics 3rd Ja
_gat_gtag_UA_148904111_3 1 Minute Google Wird von Google verwendet um den Traffic zu Google-Analytics zu „throttlen“ (einzugrenzen), damit deren Seite nicht mit Anfragen überflutet wird. Cookie analytics 3rd Ja
_gac_property-id 90 Tage Google Enthält kampagnenbezogene Informationen für den Benutzer. Wenn Sie Ihr Google Analytics- und das AdWords-Konto verknüpft haben, lesen die AdWords-Website-Conversion-Tags dieses Cookie, sofern Sie sich nicht abmelden Cookie analytics 3rd Ja
AMP_TOKEN 30 Sekunden bis 1 Jahr Google Enthält ein Token, das zum Abrufen einer Client-ID vom AMP-Client-ID-Dienst verwendet werden kann. Weitere mögliche Werte sind Opt-Out, Inflight Request oder ein Fehler beim Abrufen einer Client ID vom AMP Client ID Service. Cookie analytics 3rd Ja
Google Tag Manager