Privacy Policy

General and Definitions

This privacy policy explains how b4payment processes your personal data. It applies to all our services, websites and benefits offered by b4payment. If you have any questions about this privacy policy or about data protection at b4payment in general, please email us at datenschutz@sepa.express.

Definitions

In this section, we explain the most important terms from the EU General Data Protection Regulation (hereinafter DSGVO), which we use in the following.

“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“data subject”

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

“restriction of processing”

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

“Profiling”

Profiling is any type of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

“Pseudonymisation”

Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

“Controller or person responsible for processing”.

Controller or controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

“Processor”

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient”

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

“Third Party”

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Translated with www.DeepL.com/Translator (free version)

“Recipient”

“Third party”

“Consent”

Consent means any freely given specific and informed indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Person responsible

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

b4payment GmbH

Osterhofener Straße 16

93055 Regensburg

Telefon: +49 (0)941 | 569 581 50-0

Email: info@b4payment.de

The relevant legal basis

In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.

1. Use of the website

By using the website, data is automatically collected, among other things, which may qualify as personal data.

Hosting of our website

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In doing so, we, or our hoster, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract). Art. 28 DSGVO (conclusion of order processing agreement).

Cookies

Cookies” are small files that are stored on the user’s computer. Various data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. The content of a shopping basket in an online shop or a login jam, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies” are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as “first-party cookies”).

Translated with www.DeepL.com/Translator (free version)

We may use temporary and permanent cookies and will explain this in our privacy policy.

On our website, we currently use analysis tools from the following companies that store cookies in your browser:

Google Tag Manager
Google Analytics (UA + GA4)
Google Ads Remarketing Tag
LinkedIn Insight Tag
Facebook / Instagram Pixel
Google Analytics (UA + GA)

Google Analytics

Google Analytics is a web analytics tool used to measure onsite activity by us. This data is used to measure target audiences and improve our services.

Google Analytics uses the following technologies,

and collects the following personal data collected through the use of this service,

Time information (e.g. event time)
Page information (e.g. page type)
Browser information (e.g. browser version)
Device information (e.g. advertising ID)
Marketing information (e.g. ad click ID)
Personal data (e.g. IP address or email address)
App data (e.g. app installation date)
Cookie data (e.g. session ID)
Behavioural data (e.g. surfing behaviour)
Results (e.g. A/B test information)
Location information (e.g. city).

The purpose of the data processing is analysis, improvement of onsite services and international data transfer.

The legal basis for processing the data is Art. 6 para. 1 lit. A DSGVO. The data must be deleted as soon as it is no longer needed for the stated purpose, but at the latest after 5 years. The data recipient is Alphabet Inc. The data is processed in the USA, Ireland and the European Union.

You can read the data processor’s privacy policy here http://www.google.com/intl/de/policies/privacy/ and you can withdraw consent to processing on all of the company’s domains here https://safety.google/privacy/privacy-controls/.

Google Ads Retargeting

We use Google Ads to show you targeted and personalised advertising on google and the Google network. The ad content should be as relevant as possible to users. To do this, we share some of your interactions on our website with Google Ads.

Google Ads uses Pixel Tags and Cookies technologies and by using the service the following data is collected,

Time information (e.g. event time)
Shop information (e.g. country)
Page information (e.g. page type)
Product information (e.g. digital barcode)
Browser information (e.g. browser version)
Device information (e.g. advertising ID).

The legal basis for processing the data is Art. 6 para. 1 lit. A DSGVO.

The data must be deleted as soon as it is no longer needed for the stated purpose. The lifetime of Google Ads cookies is up to 2 years. As soon as the lifetime of a cookie has expired, your browser deletes it automatically. All shared data is stored by Google Ads for 9 months. We store some of the information related to your interactions with our ads on Google Ads for up to 3 years. The data recipient is Alphabet Inc. The data is processed in the USA, Ireland and the European Union.

LinkedIn Insight-Tag

We use LinkedIn Insight-Tag to show you targeted and personalised advertising on LinkedIn. We want the ad content to be as relevant as possible to users. To do this, we share some of your interactions on our website with LinkedIn.

LinkedIn uses JavaScript technology and collects the following data,

URL,
Referrer URL,
device properties,
browser properties and
IP address.

The legal basis for processing the data is Art. 6 para. 1 lit. A DSGVO.

LinkedIn anonymises the data within 7 days. It deletes the data again within 90 days. We do not receive any personal data, only summarised reports on the demographics of our target group and the performance of their ads. In doing so, we receive information on criteria such as

industry,
job title,
company size,
career level and

The data is processed in the USA, Ireland and the European Union.

You can read the data processor’s privacy policy here https://www.linkedin.com/legal/l/dpa.

Please note that the USA is not a country that provides adequate protection for personal data within the meaning of the EU Regulation. This implies, among other things, that government authorities in the US may have the right to access your data without effective remedies being available.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online offer.

Facebook Pixel

We use the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if users are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine visitors to our website as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in us or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

The legal basis for the use of the Facebook Pixel as well as the storage of “conversion cookies” is based on Art. 6 para. 1 lit. a DSGVO.

For the processing of data for which Facebook acts as a data processor, we have concluded a data processing contract with Facebook in which we oblige Facebook to protect our customers’ data and not to pass it on to third parties.

Cookie consent (Cookie Consent) with CookieYes

Our website uses the cookie consent technology of CookieYes to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection-compliant manner. The provider of this technology is

CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.

When you enter our website, a CookieYes cookie is stored in your browser, which stores the consents you have given or the withdrawal of those consents. This data is not passed on to the CookieYes provider.

The collected data will be stored until you request us to delete it or until you delete the CookieYes cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of CookieYes-Cookie can be found at https://www.cookieyes.com/product/cookie-consent.

CookieYes-Cookie-Consent-Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

Server data

For technical reasons, the following data, among others, which your Internet browser transmits to us or to our web space provider, are recorded (so-called server log files):

browser type and version

Operating system used

Website from which you visit us (referrer URL)

Websites you visit

Date and time of your access

your internet (IP) address.

This anonymous data is stored separately from any personal data you may have provided and thus does not allow any conclusions to be drawn about a specific person. They are evaluated for statistical purposes in order to be able to optimise our Internet presence and our offers.

Contact option

On our website, we offer the possibility of contacting us by e-mail and/or via a contact form. In this case, the information provided by the user will be stored for the purpose of processing the contact. The data will not be passed on to third parties. The data collected in this way is also not compared with data that may be collected by other components of our site.

Google Web Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

2. Marketing

We use various social media fanpages for our marketing. We explain below

Social media fanpages

b4payment maintains social media profiles on the Meta social networks (Facebook and Instagram – so-called “fanpages”).

Insofar as you communicate directly with us via our fanpages or share personal content with us, b4payment is responsible for processing your data. An exception applies to the data processing described below for usage analysis (page insights); we are jointly responsible for this with Facebook.

Processing of your data by Meta (formerly Facebook)

Please note that Meta also processes your data when using our fan pages for its own purposes, which are not illustrated in this data protection declaration. We have no influence on these data processing procedures at Meta. In this respect, we refer you to the data protection information of the respective social networks:

Data protection notice of Facebook http://de-de.facebook.com/about/privacy

Usage analysis (page insights)

With every interaction with fan pages, Facebook records the usage behaviour of the fan page visits using cookies and similar technologies. On this basis, the fan page operators receive so-called “page insights”. Page insights only contain statistical, depersonalised (anonymised) information on visitors to the fan page, which can therefore not be assigned to any specific person. We have no access to the personal data used by Facebook to create Page Insights (“Page Insights data”). The selection and processing of Page Insights data is carried out exclusively by Facebook.

With the help of Page Insights, we obtain insights into how our fan pages are used, what interests the visitors to our fan pages have and which topics and content are particularly popular. This enables us to optimise our fan page activities, for example by better responding to the interests and usage habits of our audience when planning and selecting our content.

b4payment and Facebook are jointly responsible for processing your data for the provision of Page Insights. For this purpose, we and Facebook have entered into an agreement to determine which company fulfils which data protection obligations under the GDPR with regard to the processing of Page Insights data.

Further information on Page Insights

You can view the agreement with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum

Facebook has summarised the main contents of this agreement (including a list of Page Insights data) for you here: https://www.facebook.com/legal/terms/information_about_page_insights_data

Insofar as you have consented to Facebook in relation to the creation of page insights described above, the legal basis is Article 6(1)(a) DSGVO (consent). Otherwise, the legal basis is Article 6(1)(f) DSGVO, whereby our legitimate interests lie in the above-mentioned purposes.

b4payment also maintains a social media profile on the social network LinkedIn.

When you visit our profile, follow or engage with this site, LinkedIn processes personal data to provide us with statistics and insights in anonymised form. This provides us with insights into the types of actions that people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn page, e.g. whether you are a follower of our LinkedIn page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing is for the performance of a public task. The evaluation of the types of actions taken on our LinkedIn page serves to improve our LinkedIn page based on these insights. The legal basis for this processing is Article 6(1)(e) DSGVO.

https://www.linkedin.com/legal/privacy‐policy?trk=homepage‐basic_footer‐privacy‐policy.

We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.

Thereafter, the following applies:

LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link ( https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or contact LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our contact details provided about exercising your rights in relation to the processing of personal data in the context of the Page Insigts. In such a case, we will forward your request to LinkedIn.

LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie or any other supervisory authority.

Please note that under LinkedIn’s privacy policy, personal data may also be processed by LinkedIn in the US or other third countries. LinkedIn states that it only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.

What data is collected?

When you visit our fan pages, b4payment basically collects all messages, content and other information that you communicate to us directly there, such as when you post something on a fan page or send us a private message. If you have an account with the respective social network, we can of course also see your public information, such as your user name, information in your public profile and content that you share with a public audience.

Your privacy rights

You have the right to request confirmation as to whether data in question is being processed and to be informed about this data and to receive further information and a copy of the data in accordance with Art. 15 of the GDPR.

You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that the incorrect data concerning you be corrected.

In accordance with Art. 17 DSGVO, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data.

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the GDPR and to request that it be transferred to other data controllers. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.

Right of withdrawal

You have the right to revoke your consent in accordance with Art. 7 (3) DSGVO with effect for the future.

Right of objection

You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. In particular, you may object to processing for direct marketing purposes.

Data protection officer

You can contact our data protection officer, lawyer Kutlu Kaplan, Am Dobben 99, 2820 Bremen, e-mail: datenschutz@sepa.express for general questions about data protection at b4payment GmbH and to assert your claims.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

How we protect the data

Your personal data is transmitted securely by us using encryption. We use the SSL (Secure Socket Layer) coding system for this. Furthermore, we secure our websites and other systems by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons.

Supervisory authority

The supervisory authority responsible for us is the Bavarian State Commissioner for Data Protection (BayLfD)

https://www.datenschutz-bayern.de/vorstell/impressum.html

Changes to this data protection declaration

As we continue to develop our websites and apps and implement new technologies to improve our service to you, changes to this privacy notice may become necessary. Therefore, we recommend that you re-read this privacy policy from time to time.

21.07.2022