Responsible: Thomas Niemann
Company: pay & relax GmbH
Address: Lautenschlagerstr. 16
Postal code, City, Country: 70173 Stuttgart, Deutschland
Trade register No.: HRB 752781
Managing Directors: Thomas Niemann, Felix Hagspiel
Phone: +49 (0) 711 - 121 611 12
1. General information on data processing and legal bases
Terms like "personal data" or their "processing" refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
The personal data of users processed in the context of this online offer includes stock data (e.g., email address, names and addresses of users), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the websites visited in our online offer) and content data (e.g. information on fiduciary payments, chat messages, pictures).
The term "user" covers all categories of persons affected by data processing. These include our business partners, customers, prospects and other users of our online offer. The used terms, such as "users" are to be understood as gender neutral.
We process personal data of users only in compliance with the relevant data protection regulations. This means that users' data will only be processed if there is a legal permit. This is particularly required by law for the provision of our contractual services and online services, if the consent of the users exists, as well as our legitimate interests, i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art.6-(1)-f of the General Data Protection Regulation (GDPR), in particular in measuring range, creating profiles for advertising and marketing purposes, as well as collecting access data and using the services of third-party providers.
Please note that the legal basis of the consents in Art.6-(1)-a and Art.7 of the General Data Protection Regulation (GDPR) is the legal basis for the processing for the performance of our services, the performance of contractual measures in Art.6-(1)-b of the General Data Protection Regulation (GDPR), the legal basis for processing in order to fulfill our legal obligations in Art.6-(1)-c of the General Data Protection Regulation (GDPR), and the legal basis for processing in order to safeguard our legitimate interests Art.6(1)-f of the General Data Protection Regulation (GDPR).
2. Safety measures
We take state of the art organizational, contractual and technical security measures to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons.
One of the security measures is the encrypted transfer of data between your browser and our server.
3. Disclosure of data to third parties and third party providers
A transfer of data to third parties is done only within the scope of legal requirements. We only pass on the data of users to third parties if, for example, it is required on the basis of Art.6-(1)-b of the General Data Protection Regulation (GDPR) for contract purposes or based on legitimate interests in accordance with Art.6-(1)-f of the General Data Protection Regulation (GDPR) on an economical and effective operation of our business operations.
If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.
4. Provision of contractual services
We process stock data (e.g. names and addresses as well as contact data), contract data (e.g., used services, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art.6-(1)-b. of the General Data Protection Regulation (GDPR).
Website visitors can create a user account on our website with which they can, in particular, create, view and manage their fiduciary payments. For the opening of the user account as well as for the payment of the funds, the following data are collected:
- Name, first name
- Date of birth
- Address (street, house number, city, country)
- Bank details (IBAN, BIC)
For the registration we use a so-called double-opt-in-procedure. That is, the registration will not be completed until the user confirms the registration by clicking a link in a verification email sent for this purpose.
The user accounts are not public and can't be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their necessary retention for commercial or tax law reasons according to Art.6-(1)-c of the General Data Protection Regulation (GDPR).
For the purpose of carrying out fiduciary payments, personal data will be exchanged among the parties. The transaction partner gains knowledge of the first name and the first letter of the surname, as well as the contents, which were specified when creating a fiduciary payment. The user agrees with pay & relax GmbH transmitting the data to the trust partner invited to the trust payment.
The payments facilitated through PAYLAX via the electronic payment system are handled by our payment service provider MANGOPAY SA, 10 Boulevard Royal, L-2449 Luxembourg ("MANGOPAY"). For this purpose your data (see 4.2.) will be forwarded to MANGOPAY. Additional required data (e.g. identification data, credit card data for payment processing by credit card) are not kept by PAYLAX, but forwarded directly to MANGOPAY.
5. Contact methods
When contacting us (by email or telephone), the information for processing the contact request and its processing is handled according to Art.6-(1)-b of the General Data Protection Regulation (GDPR).
The information provided by users/customers can be stored in our Customer Relationship Management System ("CRM System") or similar request organizational systems.
6. Collection of access data and log files
Based on our legitimate interests within the meaning of Art.6-(1)-f of the General Data Protection Regulation (GDPR) we collect data on every access to the server on which this service is located (so-called server log files). These include the name of the requested web page, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, operating system of the user, referrer URL (the previously visited page), IP address and requesting provider.
The logfile information is stored for security purposes (e.g. to investigate abusive or fraudulent activities).
7. Cookies & audience metrics
Cookies are data that are transferred from our web server or third-party web servers to the web browsers of users of our online offering and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use "session cookies" which are only stored for the duration of the current visit on our online presence (e.g. to enable the storage of your login status and thus the general use of our online offer). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can't save any other data. Session cookies are deleted if you have finished using our online offer and log out, for example.
If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's settings. Saved cookies can be deleted in the settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
8. Google Analytics
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
We use Google Analytics to display advertisements displayed within Google and its affiliate advertising services, only to those users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in specific topics, products or websites visited by them) that we submit to Google (so-called "remarketing" or "Google Analytics Audiences"). With Remarketing Audiences, we also want to make sure that our ads are in line with the potential interest of users and are not annoying.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.
Google will not link the IP address transferred by your browser with any other data held by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
For more information about data usage by Google, setting and contradictory options, visit the websites of Google: https://www.google.com/intl/de/policies/privacy/partners ("Google uses data when you use websites or apps from our affiliates"), http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), http://www.google.de/settings/ads ("Managing information that Google uses to show you advertising").
With the following information, we will inform you about the content of our free newsletter as well as the registration, shipping and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to the receipt of it and the procedures described.
Content of the newsletter: We send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are described, they are authoritative for the consent of users. Our newsletters also contain information about our products, offers, promotions and our company.
Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. This means you will receive an email after logging in asking for confirmation of your registration. This confirmation is necessary so that nobody can register with email addresses they don't have control over. The registration for the newsletter will be logged in order to prove the registration process according to legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.
Furthermore, the shipping service provider may, according to its own information, use this data in a pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of shipping and the presentation of newsletters or for statistical purposes in order to determine which countries the recipients come from. However, the shipping service provider does not use the data of our newsletter recipients to send them their own material or to pass them on to third parties.
Subscription information: To subscribe to the newsletter, it is sufficient to enter your email address.
Statistical Survey and Analyzes - The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the shipping service provider when the newsletter is opened. This retrieval process will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys can also include determining if the newsletters are opened, when they are opened and which link are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The use of the shipping service provider, the implementation of statistical surveys and analyzes as well as logging of the registration process, are based on our legitimate interests in accordance with Art.6-(1)-f of the General Data Protection Regulation (GDPR). We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.
Termination/Revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent for shipping by the shipping service provider and the statistical analyzes expire. A separate revocation of the shipment by the shipping service provider or the statistical evaluation is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter. If the users have only subscribed to the newsletter and terminated this registration, their personal data will be deleted.
10. Integration of services and contents of third parties
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art.6-(1)-f of the General Data Protection Regulation (GDPR)), we make use of content or services offered by third-party providers in order to provide their content and integrate services such as videos or fonts (collectively referred to as "content"). This always presupposes that the third-party providers of this content receives the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is thus necessary for the presentation of that content. We strive to only use such content, of which their respective providers are using your IP address only for the delivery of content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through these pixel tags it is possible to analyze user traffic on the web pages of the offer. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web sites, visit time, and other information regarding the use of our online offer.
The following presentation provides an overview of third-party providers as well as their contents, as well as links to their privacy statements, which contain further notes on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):
Within our online offer functions of the service Twitter may be integrated. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. Privacy Statement from Twitter at http://twitter.com/privacy. You can change your privacy settings on Twitter in the account settings at http://twitter.com/account/settins.
11. Rights of users
Users have the right to freely obtain information on the personal data stored about them by us.
In addition, users shall have the right to correct inaccurate data, limit the processing and deletion of their personal data, if applicable, assert their rights to data portability and, in the event of unlawful processing, file a complaint with the appropriate regulatory authority.
Likewise, users can revoke their consent, generally with implications for the future.
12. Deletion of data
The data stored with us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the users' data are not deleted because they are required for other and legally permitted purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data of users who must be kept for commercial or tax reasons.
According to legal requirements, storage takes place for 6 years in accordance with § 257 (1) of the German trade law (HGB) (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) AO (books, records, management reports, Accounting documents, commercial and business letters, tax documents, etc.).
13. Right of Objection
Users may object to the processing of their personal data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.