Privacy Policy

---end

Welcome to the PAYONE documentation platform. In the following, we will provide you with information about nature, scope and purposes of processing your personal data and your rights.

You can rest assured that we process your personal data exclusively as mandated by statutory data protection provisions. But data protection is more than just a legal obligation for us. In fact, data protection in practice is a customer-oriented quality feature and is our highest priority at PAYONE.

Controller:

PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, Germany

Legal representative:

Managing Directors: Ottmar Bloching, Frank Hartmann, Björn Hoffmeyer, Roland Schaar
Chairman of the Supervisory Board: Sven Korschinowski

Data protection officer:

Data Protection Officer of PAYONE GmbH, Lyoner Strasse 15, 60528 Frankfurt am Main, email: privacy@payone.com

---end

Personal Data Processing

---end

Categories of personal data processed by us:	Purpose of processing:	Legal basis:	Period of storage:
Plausible Analytics Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (Plausible Analytics Provider), https://plausible.io/ We use Plausible's privacy-friendly web analytics service to collect anonymous statistics about the use of our website. Based on anonymized data, the analysis does not allow any conclusions to be drawn about individual persons. The following data is processed: Website URL HTTP referrer Browser version Operating system Device type Country (the IP address is not stored)	Basic Analytics about Website usage	The processing of the data is based on our legitimate interest in measuring the reach of our website (Art. 6 para. 1 p. 1 lit. f) GDPR).	No personally identifiable data points are stored. Salted hashes are rotated daily. The data storage does not take place in the Plausible Cloud, but on our own server. You can find more information about Plausible at https://plausible.io/data-policy.
Server log data: IP address, website usage data (log data about website access or file access, e.g. name of the file accessed, date and time of access, amount of data transferred) and device information (e.g. operating system, browser type and version), cookie information in session cookies	Network communication Security and functionality of the website Error detection and troubleshooting	§ Art. 6 (1) 1 lit. f) GDPR. The legitimate interest in the temporary storage of the log data (server log files) and session cookie information is in our interest for the efficient and secure provision of our website.	7 days If further storage is required for evidence purposes, the data will be deleted after the incident has been conclusively clarified Session cookies are deleted at the end of the browser session

Categories of personal data processed by us:

Purpose of processing:

Legal basis:

Period of storage:

Plausible Analytics
Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (Plausible Analytics Provider), https://plausible.io/
We use Plausible's privacy-friendly web analytics service to collect anonymous statistics about the use of our website. Based on anonymized data, the analysis does not allow any conclusions to be drawn about individual persons. The following data is processed:

Website URL
HTTP referrer
Browser version
Operating system
Device type
Country (the IP address is not stored)

Basic Analytics about Website usage

The processing of the data is based on our legitimate interest in measuring the reach of our website (Art. 6 para. 1 p. 1 lit. f) GDPR).

No personally identifiable data points are stored. Salted hashes are rotated daily.

The data storage does not take place in the Plausible Cloud, but on our own server. You can find more information about Plausible at https://plausible.io/data-policy.

Server log data:

IP address, website usage data (log data about website access or file access, e.g. name of the file accessed, date and time of access, amount of data transferred) and device information (e.g. operating system, browser type and version), cookie information in session cookies

Network communication
Security and functionality of the website
Error detection and troubleshooting

§ Art. 6 (1) 1 lit. f) GDPR.

The legitimate interest in the temporary storage of the log data (server log files) and session cookie information is in our interest for the efficient and secure provision of our website.

7 days

If further storage is required for evidence purposes, the data will be deleted after the incident has been conclusively clarified

Session cookies are deleted at the end of the browser session

---end

Data Recipients

Personal data is passed on to the following data recipients for the purpose of providing our website services: Hosting service providers, data center operators.

Data Transfer To Third Countries

None

Legal rights of the data subjects

Statutory data proteciton right	Content	Legal Basis
Right of access	Right to information about the processed personal data concerning you and further information relating to the data processing which concerns you (e.g. processing purposes, data recipients).	Art. 15 GDPR
Right to rectification	Right to rectify inaccurate personal data relating to you or to complete incomplete personal data.	Art. 16 GDPR
Right to restriction of processing	Right to restrict the processing of personal data concerning you under certain conditions (e.g. contested accuracy of the data for the duration of the review).	Art. 18 GDPR
Right to Erasure ("Right to be forgotten")	Right to erasure of personal data concerning you under certain conditions (e.g. cessation of purpose, revocation of consent).	Art. 17 GDPR
Right to object	Right to object to the processing of your personal data under certain conditions.	Art. 21 GDPR
Right to data portability	Right to receive personal data prepared in a structured, widely used and machine-readable format in order to be able to transfer the data to another location or right to transfer the data directly to the other location, to the extent that this is technically feasible, under certain conditions.	Art. 20 GDPR
Right to lodge a complaint with a supervisory authority	Right to lodge a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data breaches the GDPR. For example, this may be the supervisory authority responsible for PAYONE: The Hesse Data Protection Commissioner, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/	Art. 57 Para 1(f), Art. 77 GDPR
Right of withdrawal	Right to withdraw your consent to the processing of your personal data at any time with future effect.	Art. 7 Para 3 GDPR

---end

To assert the legal rights of the data subject and for all other questions regarding data processing, please write to the above address or send an email to privacy@payone.com.

---end

Additional Information About Data Processing

Legal obligation to provide personal data:

yes

Does automated decision-making take place?

yes

What is the source of the personal data? (if not provided by the data subject)

Not relevant, as none of your personal data is obtained from third-party sources.

---end

For any further information about Data Privacy and our Privacy Policy, please feel to contact us over the webportal here (in german) or contact our team under privacy@payone.com.