Privacy Policy

The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:

XPAY Solutions GmbH
Stuntzstraße 16
81677 München
Deutschland
info@xpay.de

Data Protection Officer:
XPAY Holding AG
Stuntzstraße 16
81677 München
089 46 13 44 22 44
datenschutz@xpay.de

1. Content of this privacy policy and definitions

We appreciate your interest in our website. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data and which personal data we collect, process and use when you visit our website. In addition, you will learn in this data protection declaration which options you have to choose and object with regard to your data.

For the purposes of the General Data Protection Regulation (DSGVO), the meaning of the expression:
• "personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• "profiling" means any automated processing of personal data that consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Further official definitions can be found explained in Art. 4 GDPR.

2. Data subject rights

You can exercise the following rights at any time using the contact details provided by our data protection officer:
• Information about your data stored by us and its processing (Art. 15 DSGVO),
• Correction of incorrect personal data (Art. 16 DSGVO),
• deletion of your data stored by us (Art. 17 DSGVO),
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
• objection to the processing of your data by us (Art. 21 DSGVO) and
• Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).
If you have given us consent, you can revoke this at any time with effect for the future.
In addition, you have the right to complain to a supervisory authority (Art. 77 DSGVO). As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. The following supervisory authority is responsible for us:
State Office for Data Protection Supervision
Promenade 27 (Castle)
91522 Ansbach
http://www.lda.bayern.de

Right of objection

Insofar as we process personal data as explained in this data protection declaration in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. Insofar as the processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.

If you wish to exercise your right to object, please let us know by email.

Profiling (automated decision making)

Pursuant to Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. As a matter of principle, we do not carry out automated decision-making unless this serves to comply with overriding legal provisions (e.g. prevention of money laundering and financing of terrorism).

3. Collection of general information when visiting our website

Nature and purpose of processing

You can visit our website without providing any personal information. If you only use our website for informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. Each time a website is accessed, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer.

Legal basis

This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. In accordance with Art. 6 para. 1 p. 1 lit. f DSGVO, this serves to protect our legitimate interests in the correct presentation of our offer, which outweigh our interests in the context of a balancing of interests.

Hosting services through a third party provider

As part of processing on our behalf, a third-party provider provides us with the services for hosting and displaying the website. This serves to protect our legitimate interests in the correct presentation of our offer, which are outweighed by a balance of interests. All data collected in the course of using this website or in forms provided for this purpose in the online store as described below are processed on its servers. Processing on other servers only takes place within the framework explained here.

This service provider is located within a country of the European Union or the European Economic Area. According to Art. 28 DSGVO required order processing contracts are concluded before commissioning.

Storage duration

All access data is deleted no later than seven days after the end of your visit to the site.

Provision prescribed or required

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited. For this reason, an objection is excluded.

4. E-mail advertising and newsletter subscription

Nature and purpose of the processing

If you subscribe to our newsletter, we will use the data required for this purpose or provided separately by you to regularly send you our e-mail newsletter.

You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. You can do this either by sending a message to the contact option described above or via a link provided for this purpose in the newsletter. After cancellation we will delete your e-mail address, unless you have expressly agreed to a further use of your data or we reserve the right to use your data for other purposes which are legally permitted and about which we inform you in this declaration.

Legal basis

On the basis of your expressly given consent (Art. 6 para. 1 lit. a DSGVO), we will send you our newsletter or comparable information regularly by e-mail to the e-mail address you have provided.

Storage duration

The data will only be processed in this context as long as the corresponding consent has been obtained. Afterwards they will be deleted.

Provision prescribed or necessary

The provision of your personal data is voluntary, solely based on your consent. Unfortunately, we cannot send you our newsletter without existing consent.

5. Integration of the Trusted Shops trustbadge

Nature and purpose of processing

In order to display our Trusted Shops seal of approval and any ratings collected, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops trust badge is integrated on this website.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after creation.

Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. The contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is checked automatically using a neutral parameter, the email address hashed by cryptological one-way function. The e-mail address is converted into this hash value, which cannot be decrypted by Trusted Shops, before it is transmitted. After checking for a match, the parameter is automatically deleted.

Legal basis

The integration of the Trusted Shops trust badge serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 (1) p. 1 lit. f DSGVO. In addition, the transfer of personal data is necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO. Further details, including the objection, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.
Rating reminder by Trusted Shops: If you have given us your express consent to this during or after your order in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, we will transmit your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de), so that they can send you a rating reminder by e-mail. This consent can be revoked at any time by sending a message to the contact option described above or directly to Trusted Shops.

Processor

The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The trust badge is provided by a CDN provider (content delivery network) as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured.

Provision prescribed or necessary

The provision of your personal data is voluntary, based solely on your consent. Without existing consent, no evaluation can be created.

6. Cookies

Nature and purpose of the processing

To make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests, which outweigh any other interests, in an optimised presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. Cookies are small text files that are automatically stored on your end device. They are not able to execute programs or transmit viruses.

Legal basis

The use of cookies serves to safeguard our predominantly legitimate interests in an optimised presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

Storage duration of the cookies used

This website uses the following types of cookies, the scope and function of which are explained below:
• Transient cookies
• Persistent cookies
Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can see the duration of the storage in the cookie settings of your web browser.

You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

You will find these for the respective browsers under the following links:

Browser URL
Internet Explorer™ https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™ https://support.apple.com/en-gb/guide/safari/sfri11471/12.0/mac/10.14
Chrome™ https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
Firefox™ https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
Opera™ https://help.opera.com/en/latest/web-preferences/

If cookies are not accepted, the functionality of our website may be limited.

Revocation of consent

You can revoke your consent at any time with effect for the future by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google. Furthermore, you can deactivate the setting "personalized advertising" in your Google account. Details can be found here. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from recording data on this website in the future. In doing so, an opt-out cookie will be stored on your end device. If you delete your cookies, you will be asked again to give your consent.

7. Online Marketing

a) Use of Google Analytics for web analysis

Nature and purpose of the processing

This website uses Google (Universal) Analytics for the purpose of website analysis. Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

Insofar as you have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, this website also uses Google Signals. This is an extension function of Google Analytics that enables so-called "cross-device tracking". This means that if your internet-enabled devices are linked to your Google account, Google can generate reports on usage behaviour (in particular cross-device user numbers), even if you change your end device. For this purpose, Google uses data if you have activated the setting "personalised advertising" in your Google account.

A processing of personal data does not take place by us, we only receive statistics based on Google Signals.

Legal basis

The processing of data is based on the consent of the user (Art. 6 para. 1 lit. a DSGVO).

Processor

The recipient of the data is Google as the processor of the order. We have concluded the corresponding contract with Google for this purpose.

Storage duration

After the discontinuation of the purpose and the end of the use of Google Analytics by us, the data collected in this context will be deleted.

Provision required or necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of consent

You can revoke your consent at any time with effect for the future by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google. Furthermore, you can deactivate the setting "personalized advertising" in your Google account. Details can be found here. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
As an alternative to the browser plugin, you can click this link to prevent Google Analytics from recording data on this website in the future. In doing so, an opt-out cookie will be stored on your end device. If you delete your cookies, you will be asked again to give your consent.

Profiling

With the help of the tracking tool Google Analytics, the behaviour of visitors to the website can be evaluated and their interests analysed. For this purpose we create a pseudonymous user profile.

b) Google AdSense

Nature and purpose of the processing

Our website markets space for third-party ads and advertising networks through Google AdSense. These ads are shown to you in various places on this website. As far as you have given us your consent according to art. 6 para. 1 sentence 1 lit. a DSGVO, the so-called DoubleClick-Cookie is set by Google in the context of the integration of Google AdSense.

This enables the display of interest-based advertising by automatically assigning a pseudonymous UserID, with the help of which the interests are determined on the basis of visits to this and other websites.

Legal basis

Legal basis for the integration of Google AdSense is your consent according to Art. 6 para. 1 sentence 1 lit. a DSGVO.

Data processor

The recipient of the data is Google as the processor of the order. We have concluded the corresponding contract with Google for this purpose.

Storage duration

After discontinuation of the purpose and end of the use of Google AdSense by us, the data collected in this context will be deleted.

Provision required or necessary

The provision of your personal data is voluntary, solely based on your consent.

Revocation of consent

You can revoke your consent at any time with effect for the future by deactivating the remarketing cookie via this link. You can also contact the Digital Advertising Alliance to find out how cookies are set and to adjust your settings.

c) Use of Google Remarketing

Nature and purpose of the processing

We use Google Ads to advertise this website in Google search results and on third-party websites. Google Ads is an offer of Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

When you visit our website, the so-called remarketing cookie is set by Google, which automatically enables interest-based advertising by means of a pseudonymous CookieID and on the basis of the pages you have visited. After the end of the purpose and the end of the use of Google Ads Remarketing by us, the data collected in this context will be deleted.

Further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalize ads you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups.

Legal basis

The legal basis for the integration of Google Remarketing and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO).

Data processor

Whenever you visit our website, personal data, including your IP address, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected via the technical process to third parties.

Our company does not contain any information from Google by means of which the data subject could be identified.

Provision prescribed or required

The provision of your personal data is voluntary, based solely on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of consent

If you do not wish to use Google's remarketing function, you can deactivate it in principle by making the appropriate settings at https://support.google.com/adwordspolicy/answer/143465. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at https://optout.networkadvertising.org.

d) Facebook Pixel

Nature and purpose of the processing

The Facebook Pixel is an analysis tool that can be used to measure the effectiveness of advertising measures by analyzing the actions of website visitors. The pixel is always triggered by the performance of a certain action (a so-called "event") and subsequently records it. This measures the effectiveness of Facebook ads and ensures that advertising addresses are delivered to the right people.

Legal basis

The legal basis for the activation and evaluation of the Facebook Pixel and the associated data transfer to Facebook is your consent (Art. 6 para. 1 lit. a DSGVO).

Processor

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Mother company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (Facebook).

Storage duration

After expiry or revocation of your consent, the data collected in this context will be deleted.

Provision required or necessary

The provision of the aforementioned personal data is neither legally nor contractually required.

Revocation of consent

You can prevent the setting of cookies by our contractual partners or our website at any time by means of an appropriate setting in your Internet browser. In addition, cookies that have already been set can be deleted at any time via the Internet browser or other software programs.

e) Google Tag Manager

Nature and purpose of the processing

The Google Tag Manager gives this website the possibility to manage website tags and integrate services into our online offer. It is therefore used to install and update website tags. The Google Tag Manager is a service provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

Further information about data processing by Google can be found in the privacy policy of Google.

Legal basis

The legal basis for the integration of the Google Tag Manager is the protection of our legitimate interests in an optimized presentation of our offer as well as an easy accessibility of our sites according to Art. 6 para. 1 lit. f) DSGVO.

Processed data

When using our website, your IP address is processed. We have no influence on this data processing.

f) Google reCAPTCHA

Nature and Purpose of the Processing

For the purpose of protection against misuse of our web forms as well as against spam, we use the Google reCAPTCHA service in some forms on this website. Google reCAPTCHA is provided by Google Ireland Limited, a company incorporated and regulated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.com). By verifying manual input, this service prevents automated software (known as bots) from carrying out abusive activities on the website.

Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, as part of the verification methods that allow an analysis of the use of the website by you, such as cookies. The automatically collected information about your use of this website including your IP address is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored by Google services in your browser are evaluated by Google reCAPTCHA.

A readout or storage of personal data from the input fields of the respective form does not take place.

Further information about data processing by Google can be found in the data protection information of Google.

Legal Basis

The integration of Google reCAPTCHA serves, in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, to protect our legitimate interests in the protection of our website from misuse and in the trouble-free presentation of our online presence.

Data Processor

Whenever you visit our website, personal data, including your IP address, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected through the technical process to third parties.

Storage Duration

The data collected in this context will be deleted after the discontinuation of the purpose. If legal retention periods exist, we will delete the data after these periods have expired.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

You may refuse the use of JavaScript or cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. Please note that this may limit the functionality of our website for your use.

g) Google Web Fonts

Nature and Purpose of the Processing

In order to display our content correctly and in a graphically appealing manner across browsers, we use "Google Web Fonts" on this website from Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.com). Further information about data processing by Google can be found in Google's privacy policy.

Legal Basis

The legal basis for the integration of Google Web Fonts and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO).

Data Processor

When you access script libraries or font libraries, a connection is established between the browser you are using and Google's servers. This enables Google to know that our website has been accessed via your IP address.

Storage Duration

We do not collect any personal data through the integration of Google Webfonts. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the Google privacy policy: https://policies.google.com/privacy?hl=en.

Provision Required or Necessary

The provision of personal data is not required by law or contract. However, it may not be possible to display the content correctly using standard fonts.

Revocation of Consent

The JavaScript programming language is regularly used to display the content. You can therefore object to the data processing by deactivating the execution of JavaScript in your browser or installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

h) Vimeo Video Plugins

Nature and Purpose of the Processing

Contents of third party providers are integrated on this website. This content is provided by Vimeo LLC ("Provider"). Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA ("Vimeo").

For videos from Vimeo that are embedded on our site, the tracking tool Google Analytics is automatically integrated. We have no influence on the tracking settings and the analysis results collected through this tool and cannot view them. In addition, web beacons are set for website visitors by embedding Vimeo videos.

Legal Basis

The integration of the videos serves to safeguard our predominantly legitimate interests in the optimal marketing of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

Data Processor

When you use Vimeo services, personal information, including your IP address, is transferred to Vimeo in the USA. This personal information is stored by Vimeo. Vimeo may share this personal information collected through the technical process with third parties.

Storage Duration

After the purpose has been discontinued, the data collected in this context will be deleted or made anonymous.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

In order to prevent Google Analytics tracking cookies from being set, you can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser plugin, you can click this linkto prevent Google Analytics from recording data on this website in the future. In doing so, an opt-out cookie will be stored on your end device. If you delete your cookies, you must click the link again.

For the purpose and scope of data collection and the further processing and use of data by the providers, as well as your rights in this regard and setting options for protecting your privacy, please refer to the Vimeo data protection information.

i) Social Media PlugIns - Our online presence on Facebook, Google, Twitter, Instagram, Xing, LinkedIn

Nature and Purpose of the Processing

Our presence on social networks and platforms serves a better, active communication with our customers and interested parties. There we inform about our products and current special offers.

When you visit our online presence in social media, your data may be automatically collected and stored for market research and advertising purposes. So-called user profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. The visitor behaviour and interests of the users are stored in these cookies.

Legal Basis

The use of your personal data is in accordance with Art. 6 para. 1 lit. f. DSGVO, the use of your personal data serves to safeguard our predominantly legitimate interests in an optimised presentation of our offer and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for consent (permission) to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a DSGVO.

Data Processor

Provider
Facebook https://www.facebook.com/about/privacy/
The data processing is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum
Google/YouTube https://policies.google.com/privacy?hl=en
Twitter https://twitter.com/en/privacy
Instagram https://help.instagram.com/519522125107875
LinkedIn https://www.linkedin.com/legal/privacy-policy
Xing https://privacy.xing.com/en

Storage Duration

For detailed information on the processing and use of data by the providers on their sites as well as a contact option and your rights and settings options for the protection of your privacy, in particular opt-out options, please refer to the linked data protection information of the providers. Should you nevertheless require assistance in this regard, please contact us.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of Consent

Opt-Out possibilities:
Facebook https://www.facebook.com/settings?tab=ads
Google/ YouTube https://adssettings.google.com/authenticated?hl=en
Twitter https://twitter.com/personalization
Instagram https://help.instagram.com/519522125107875
LinkedIn https://www.linkedin.com/legal/cookie-policy
Xin https://privacy.xing.com/en

8. Registration on our Website

Nature and Purpose of the Processing

We collect personal data when you provide us with this information as part of any order or when you contact us (e.g. via contact form or e-mail). Mandatory fields are marked as such, because in these cases we need the data for the processing of the contract, for the processing of your contact and you cannot complete the order or send the contact without the data. Which data is collected can be seen from the respective input forms.

Legal Basis

The processing of the data entered during registration is based on the consent of the user (Art. 6 para. 1 lit. a DSGVO).

If the registration serves the performance of a contract to which the data subject is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.

Storage Duration

After the contract has been fully executed, your data will be restricted for further processing and deleted after the expiry of any retention periods required under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use your data for purposes that go beyond this, which is permitted by law and about which we inform you in this declaration.

Provision Required or Necessary

The provision of your personal data is voluntary, solely based on your consent. Without the provision of your personal data we cannot grant you access to our offered contents and services.

9. Provision of chargeable services

Nature and Purpose of the Processing

For the provision of chargeable services, we will request additional data, such as payment details, in order to be able to execute your order. For the fulfillment of the contract, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they take over the shipping for us (drop shipment).

Legal basis

The processing of data required for the conclusion of the contract is based on Art. 6 para. 1 lit. b DSGVO.

Storage duration

We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.

Provision Required or Necessary

The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to our offered content and services.

10. Credit check and legitimation

Nature and Purpose of the Processing

In order to fulfill legal obligations, we collect personal data as part of the legitimation check or creditworthiness check. The scope of these checks depends on the selected product and its services. In connection with the legitimation check, video recordings may also be made by the provider commissioned by us, which we also store. We do not currently perform creditworthiness checks, but reserve the right to do so in the future.

Legal basis

The processing of the data

  • is based on the consent of the user (Art. 6 para. 1 lit. a DSGVO),
  • is necessary for the conclusion of the contract (Art. 6 para. 1 lit. b DSGVO,
  • is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c DSGVO).

Processor

Recipients of the data are credit reference and fraud prevention agencies and identification solution providers.

Storage duration

After complete processing of the contract, your data will be restricted for further processing and deleted after expiry of any retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. Audiovisual recordings as part of the legitimation check are deleted after five years.

Provision Required or Necessary

The provision of your personal data is voluntary, based solely on your consent. Without the provision of your personal data, we cannot grant you access to our offered services.

11. International data transmission

We process your personal data on a European server. However, for some products or services it may be necessary to transfer your data outside the European Economic Area ("EEA").

For data transfers within and also outside the EEA, we conclude suitable contracts with our partners that guarantee the protection of your personal data abroad as well.

12. Security

Technical and organizational measures

We use organizational, administrative, technical and physical security measures to protect your personal data and to help ensure that your data is processed promptly, accurately and completely. We require service providers to protect your personal data, obligate them to maintain confidentiality, and use your personal data only for the purposes we designate.

Data transmission security

To protect the transmission of confidential content and personal data that you may transmit to us, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser begins with "https://" and a lock symbol is displayed in your browser line. An activated SSL or TLS encryption ensures that data that you transmit to us cannot be read by third parties.

13. Modification of our privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

14. Questions to the data protection officer

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of any consent given or objection to a particular use of data, please contact our company data protection officer.

Data protection officer
XPAY Holding AG
Stuntzstraße 16
81677 München
089 46 13 44 22 44
datenschutz@xpay.de

15. Disclaimer

This privacy policy is a translation from German. In the event of any discrepancies, interpretations or wording, the German version shall take precedence over this English version.

We use cookies for some functionality on our website. You can find detailed information in our privacy policy.

Cookie preferences

We use cookies to personalize our website and save the current state. If you accept all cookie we also share some data with social networks, ad-networks and tracking partners. You could find detailed information in our privacy policy.
Here you can set your personal cookie preferences.
Required cookies
Name Purpose
language Stores your preferred page language
PHPSESSID Session id with current user state
cookiePolicy Storage space for your cookie preferences
Statistics
Name Purpose
_ga Google Analytics
gat* Google Analytics
_gid Google Analytics

Please note!

We are sorry, but we are not supporting the Microsoft Internet Explorer! Please use another browser for our website.
Here is a list of alternative browsers you could download for free and install on your computer: