Privacy Policy

KPS Payment GmbH & Co. KG

Status 29.04.2024

Who we are

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is

KPS Payment GmbH & Co KG
Contrescarpe 75A
28195 Bremen
Germany

+ 49 (0) 421 36 66 222
info@kps-payment.de
https://www.kps-payment.de

 

Contacting the data protection officer

The data protection officer of the controller is

DataCo GmbH
Nymphenburger Str. 86
80636 Munich
Germany

+49 89 7400 45840
www.dataguard.de

On this page we inform you about the processing of your personal data on the website.

How we collect and use your personal data depends on how you interact with us or which services you use. We will only collect, use or share your personal data where we have a legitimate purpose and legal basis for doing so.

What do we mean by legal basis?

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – You have given us your consent to process your personal data for the specific purpose that we have explained to you. You have the right to withdraw your consent at any time. For more information on how you can withdraw your consent, please refer to the subsections “Exercising your rights” in the following sections of this Privacy Policy.

Contract (Art. 6 para. 1 sentence 1 lit. b GDPR) – We need to use your data to fulfil a contract you have with us. Alternatively, it is necessary to use your data because we have asked you to do so or you have taken certain steps yourself before entering into this contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – We must use your data to comply with the law.

Vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) – The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm.

Public task (Art. 6 para. 1 sentence 1 lit. e GDPR) – The processing of your data is necessary for the performance of a task carried out in the public interest or because it is covered by a task defined by law, e.g. for a statutory function.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – The processing of your data is necessary to support a legitimate interest that we or another party have, only if your own interests do not prevail.

Please note that we may not be able to provide you with our website services if your data is processed to fulfil a contract or legal obligation and you do not provide the requested data.

Data sharing and international transfer

As explained in this Privacy Policy, we use various service providers to help us provide our services and ensure the security of your data. When we use these service providers, it is necessary for us to share your personal data with them.

We have concluded agreements with all service providers to whom we pass on your data, obliging them to protect your data.

If your personal data is transferred outside the EU, we will ensure that your personal data receives an equivalent level of protection, either because the country to which your personal data is transferred has an “adequate” standard of data protection according to the European Commission, or by applying another protection measure, such as an enhanced contractual agreement, i.e. the Standard Contractual Clauses (SCCs) adopted by the European Commission.

 

For example, when we use US service providers, we rely on either the SCC or the EU-US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs we have entered into with our service providers by sending an email to the email address provided in this Privacy Policy.

Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information (Art. 15 GDPR)

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

  • Processing purposes
  • Categories of personal data
  • Recipients or categories of recipients
  • Planned storage duration or the criteria for determining this duration the existence of the rights to rectification, erasure, restriction or objection
  • Right to lodge a complaint with the competent supervisory authority
  • If applicable, origin of the data (if collected from a third party)
  • The existence of automated decision-making, including profiling with meaningful information, where applicable.
  • Information about the logic involved, the scope and the expected effects
  • Possible transfer of personal data to a third country or international organisation

2. Right to rectification (Art. 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to request immediate correction or completion of the personal data.

3. Right to restriction of processing (Art. 18 GDPR)

If one of the following conditions is met, you have the right to request that the processing of your personal data be restricted:

  • You contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data.
  • In the event of unlawful processing, you object to the erasure of the personal data and instead request the restriction of the use of the personal data.
  • We no longer need your personal data for the purposes of processing, but you need your personal data for the establishment, exercise or defence of legal claims, or
  • After you have lodged an objection to the processing, for the duration of the examination as to whether our legitimate reasons outweigh your reasons.

4. Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

If one of the following reasons applies, you have the right to demand that your personal data be deleted immediately:

  • Your data are no longer necessary for the processing purposes for which they were originally collected.
  • you withdraw your consent and there is no other legal basis for the processing.
  • You object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) GDPR.
  • Your personal data is being processed unlawfully.
  • The deletion is necessary to fulfil a legal obligation under Union law or the law of the member state to which we are subject.
  • The personal data was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

Please note that the above reasons do not apply if the processing is necessary:

  • To exercise the right to freedom of expression and information;
  • To fulfil a legal obligation or to perform a task that is in the public interest and to which we are subject.
  • For reasons of public interest in the area of public health.
  • For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes.
  • For the assertion, exercise or defence of legal claims.

5. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.

6. Right to object to certain data processing (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.

If your personal data is processed for the purpose of direct marketing, you have the right to object to such processing.

You have the right to object at any time to the processing of personal data concerning you.

data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

7. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of

the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

A list of the competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used
  • The user’s operating system
  • Date and time of access
  • Websites from which the user’s system accesses our website

This data is stored in the log files of our system.

This data is not stored together with other personal data of the user.

2. Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

3. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after ten weeks at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Exercise your rights

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user can object to this. Whether the objection is successful must be determined as part of a balancing of interests.

E-mail contact

1. Description and scope of data processing

It is possible to contact us via the e-mail address provided on our website. In this case, the user’s personal data transmitted with the e-mail will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of data processing

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

3. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to answer your enquiry that you send by email in the best possible way.

If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Exercise your rights

If the user contacts us by email, they can object to the storage of their personal data at any time by sending an email to info@kps-payment.de. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Hosting

The website is hosted on servers of a service provider commissioned by us.

Our service provider is:

Tako Deppe, of the supplier: Tako Deppe – Webdesign Bremen Hamburger Str. 35-37 28205 Bremen.

 

Further information can be found in the provider’s Privacy Policy: https://www.homepage-bremen.de/datenschutz/

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is

  • Information about the browser type and version used
  • The user’s operating system
  • Date and time of access
  • Websites from which the user’s system accesses our website

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest in processing this data is to display our website without errors and to optimise its functions.

The website server is geographically located in Germany.

 

Changes to the Privacy Policy

We reserve the right to amend the Privacy Policy in order to adapt it to any changes in the legal situation or changes to the service and data processing.

 

This Privacy Policy was created with the support of DataGuard.