Date: May 2018
1. General aspects
Protecting your personal data is something we take very seriously. We treat your personal data confidentially and in compliance with statutory data protection regulations.
This Privacy Notice informs you about how your personal data are processed when you use the http://www.kps-payment.de/en/ (hereinafter the ‘website’).
The controller within the meaning of the General Data Protection Regulation (‘GDPR’), as far as the processing of personal data in connection with the website is concerned, is KPS Payment GmbH & Co. KG, Contrescarpe 75A, 28195 Bremen, Germany, (hereinafter ‘KPS’, ‘we’, ‘us’).
In the following, we tell which data we collect and for what purposes when you use our website, how we use those data, and what your rights are in that respect.
Please note that the website may contain links to the websites of other providers, over which we have no control and to which this Privacy Notice does not apply.
2. Processing of your data
As a basic principle, we process your personal data only to the extent necessary to provide a functioning website, our content and our services.
a) Visiting the website
You may, in principle, visit our website without communicating any personal data to us. As is common practice on most websites, our systems automatically log every access to and retrieval of information from our website and store these log data temporarily in a log file. The data thus stored include the following in particular:
- the IP address of the computer submitting the enquiry,
- the name and URL of the file retrieved,
- the date and time of access,
- the access status/HTTP status code,
- the volume of data transferred in each case,
- the identification data of the browser being used.
These data are associated with persons who cannot be identified by us. Nor are any personal user profiles generated (but please note the following statements concerning ‘analytics’). The aforementioned data processing is carried out to enable use of the website (establishing a connection) and for internal, system-related purposes (technical administration, system security). Data are stored in log files to ensure the operability of the website. These data also help us to optimise the website and to safeguard the security of our systems.
If and to the extent that the data processed when you visit the website are personal data, such data are processed on the basis of Article 6 (1) (f) GDPR (legitimate interests). These legitimate interests derive from the purposes mentioned above.
b) Contacting by email
It is possible on the website to contact us by email using the address provided. In this case, the user’s personal data which are sent with the email are stored.
Said data are used solely for the purpose of responding to the respective requests for contact.
The legal basis for processing said data is provided in Article6 (1) (f) GDPR (legitimate interests). These legitimate interests derive from the fact that we are only able to do what the user requests of us (e.g. respond to enquiries) if the user’s data are processed accordingly. If the aim of establishing contact is to conclude a contract, then an additional legal basis for processing is provided by Article 6 (1) (b) GDPR (performance of a contract, steps prior to entering into a contract).
3. Transfer of data to third parties
The personal data collected when you use the website are not transferred or otherwise communicated to third parties without your consent – except in other cases explicitly described in this Privacy Notice. Exceptions include the communication of personal data to government agencies and authorities if we have a legal obligation to do so. The legal basis for such processing of your personal data is Article 6 (1) (c) GDPR (compliance with a legal obligation).
To operate the website and to provide the services offered on the website, external service providers are used by us (e.g. to host the website), who process personal data of yours on our behalf. These service providers process the data solely in accordance with our instructions. The legal basis for such data processing is provided in Article 6 (1) (b) GDPR (performance of a contract, steps prior to entering into a contract) and Article 28 GDPR (processor).
4. Duration that your personal data are kept
Unless a shorter duration of storage is specified in the other provisions of this Privacy Notice, we store your personal data which we obtain in connection with your use of the website only for as long as this is necessary to process your enquiry to us and subsequently only to the extent that we have a legal obligation to do in order to comply with statutory archiving requirements. If we no longer need your data for the purposes described above, they are stored merely for the respective statutory archiving period and are not processed for other purposes.
5. Your rights
You have the right to demand information from us at any time about your personal data stored by us. If the statutory requirements are met, you also have rights to the rectification, erasure and restriction of processing of the respective data, the right to object to your data being processed by us and the right to receive the personal data concerning you in a structured, commonly used and machine-readable format (you may arrange for said data to be transferred or communicated to other bodies). If you have granted your consent to the use of personal data, you may revoke that consent at any time.
If you believe that our processing of the personal data relating to you is in breach of the applicable data protection laws, you may file a complaint with the competent supervisory authority for data protection.
6. Contact details of the data protection officer
You can contact us under the address stated in clause 1 above, or by using the email address firstname.lastname@example.org, or by phoning +49 (0) 421 36 66 0.
If you have any questions relating to data protection (including the exercise of your rights described in 4 above), you can also contact our data protection officer directly. The contact details of the data protection officer are as follows: The Data Protection Officer, KPS Payment GmbH & Co. KG, Contrescarpe 75A, 28195 Bremen, Tel.: +49 (0) 421 36 66 0, email: email@example.com.
7. Data security
KPS implements state-of-the-art technical measures to safeguard data security, in particular to protect your personal data against risks ensuing from the transmission of data and against third parties gaining knowledge of the data. These measures are continuously updated to match the current state of technological development.
8. Changes in the Privacy Notice
It may be necessary from time to time to make changes to this Privacy Notice, for example due to further development of our website or due to changes in the law. We therefore reserve the right to make changes to this Privacy Notice at any time, with effect for the future. We therefore recommend that you read through this Privacy Notice again at regular intervals.