Data protection Information
For card holders
Thank you for visiting PAYONE’s website. In the following, we like to explain to you in what form, to what extent and for what purposes your personal data are processed by PAYONE in the context of payment processing. We will also explain to you what rights you have.
You can rest assured that we process your personal data exclusively as mandated by statutory data protection provisions, especially the European General Data Protection Regulation (GDPR) and Federal Data Protection Act (BDSG). But data protection is more than just a legal obligation for us. In fact, data protection in practice is a customer-oriented quality feature and is of the utmost priority at PAYONE.
PAYONE GmbH (hereinafter referred to as "PAYONE" or "we") is an e-money and payment institution within the meaning of the Payment Services Supervision Act (ZAG) and specialises in the provision of secure terminals for cashless payment transactions and related services. In particular, PAYONE processes card-based cashless payment transactions for the retail and service industries as part of its payment services and offers various payment methods to this end.
When processing cashless payment transactions, PAYONE essentially performs two tasks on behalf of the merchant:
- Firstly, PAYONE acts as a network operator and ensures the technical processing of cashless payments via a technical infrastructure, such as the secure communication between a payment terminal and your card-issuing bank.
- In addition, PAYONE also acts as an acquirer and handles the secure forwarding and settlement of credit card transactions with international credit card companies (so-called ‘schemes’, such as VISA, MasterCard, Diners Club, Discover, JCB, UPI or American Express).
What does PAYONE do for you as a consumer and what tasks does PAYONE perform on behalf of the merchant?
PAYONE allows merchants to securely accept cashless payments from you as a consumer. In doing so, PAYONE ensures that payments you make with your card at a merchant are securely and quickly credited to the merchant. To this end, PAYONE cooperates with various banks, which in turn manage your account.
Personal data is needed from you when you pay by card. This website will provide you with details about the processing of your personal data.
Data protection information for card-based payments pursuant to art. 13, 14 GDPR
When you pay with your card, the merchant collects personal data via their payment terminal. They transmit the data to the network operator.
The network operator and the respective payment service providers for the acceptance and settlement of payments (e.g. acquirers) process the data. The processing of personal data takes place in particular to handle payment transactions, prevent card misuse and limit the risk of payment defaults, as well as for legally prescribed purposes such as anti-money laundering and criminal prosecution. For these purposes, your data is also transmitted to other data controllers, such as the bank which issued your card.
You will find details on the processing of your personal data below.
All references made here to “merchants” refer to the payees. This may be a merchant in the truest sense of the word, but it could also be any other business where you pay with your card, e.g. a restaurant or garage.
Payment by direct debit
1. Who is responsible for the processing of my data and who can I contact?
Many steps are necessary so that you can safely pay with your card. That is why the merchant you pay by card works with a network operator. The merchant and the network operator are each responsible – as data controllers – for the processing of the data within their own technical area:
a) the merchant for the operation of the payment terminal at the cash desk and possibly for its internal network up to the safe transmission of the data via the Internet or by telephone line to the network operator.
You will find the name and contact details of the merchant at the cash desk or at the shop door.
b) the network operator for the central operation of the network, the processing carried out in the network, recoding, risk assessment and further transmission. Its contact details are as follows:
PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, www.payone.com
Data Protection Officer: privacy@payone.com
Competent data protection authority:
The Hesse Data Protection Commissioner, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/
If the merchant uses a commercial network operator other than PAYONE, the merchant will ensure that its name and contact details are available to you. You can find this information on a notice or by enquiring at the cash desk.
2. What data is used for the payment?
- Card data (data which is stored on your card): IBAN or account number and bank sort code, card expiry date and card suffix.
- Other payment data: Amount, date, time, identification of the payment terminal (location, company and branch where you are paying), your signature or (alternatively) an existing mandate ID.
- In the case of a chargeback: Information about the non-execution of a direct debit by your card-issuing bank or the revocation of a direct debit by yourself, information about the amount due, such as your name, address, bank charges, reminder fees, reason for the chargeback, customer number with your contractual partner (not the nature of your purchases).
3. From what sources is your data derived?
- The payment terminal reads the card data from your card.
- The other payment data is provided by the payment terminal and in some cases directly by the merchant.
- You provide your signature yourself.
- The mandate ID (if available) comes from a SEPA mandate document previously issued and stored in a mandate management database of the network operator.
- To the extent necessary to prevent card misuse and to limit the risk of payment defaults, data is collected from the police KUNO system and from the network operator’s in-house databases.
- As far as is necessary to handle a chargeback, in compliance with the statutory provisions, data is also processed which is taken from publicly accessible sources (e.g. debtor lists) or transmitted by third parties (e.g. the bank which issued your card or a credit agency).
4. For what purpose is your data processed and on what legal basis?
- Merchant:
- Verification and execution of your payment to the merchant, Art. 6 (1) b) GDPR.
- Archiving of records in compliance with legal obligations, in particular Sections 257 (1) no. 4 Commercial Code (HGB), Section 147 (1) no. 4 Fiscal Code (AO); Art. 6 (1) c) GDPR.
- Sale of the amount receivable to the network operator by way of factoring, Art. 6 (1) f) GDPR.
- Communicating an address to the network operator after a chargeback, Art. 6 (1) b) and f) GDPR.
- Network operator:
- Verification and execution of your payment to the merchant, Art. 6 (1) b) GDPR.
- Prevention of card misuse (Section 10 (1) no. 5 Money Laundering Act (GWG)); Art. 6 (1) (c) GDPR.
- Limitation of the risk of non-payment, Art. 6 (1) f) GDPR.
- Safe transmission of your data, particularly in accordance with the legal requirements for SEPA payments, Sections 25a Banking Act (KWG), 27 Payment Services Supervision Act (ZAG); Art. 6 (1) c) and f) GDPR.
- Avoidance of future non-payment through the transmission of chargeback data, should your payment result in a chargeback, Art. 6 (1) f) GDPR.
- Archiving of records in compliance with legal obligations, in particular Sections 257 (1) no. 4 Commercial Code (HGB), Section 147 (1) no. 4 Fiscal Code (AO); Art. 6 (1) c) GDPR.
- Debt recovery after a chargeback, Art. 6 (1) b) and f) GDPR.
- Reporting (exclusively masked or pseudonymised as well as with aggregated data), Art. 6 (1) f) DSGVO
5. Who receives the data?
Apart from the merchant and the network operator, other parties require your data in order to carry out the payment or to comply with legal obligations. Your data will only be passed on to this extent, and to the following entities:
- your card-issuing bank and the merchant’s payment service provider
- the entities acting as intermediaries on behalf of the German credit industry, which assume the clearing and settlement of payments
- judicial authorities in the cases provided for by law
- financial intelligence units in the cases provided for by law
- If the merchant belongs to a network association set up with the network operator, the mandate ID assigned by the system can be made available to other participating merchants in the same network association so that your signature can be dispensed with for payments to these merchants.
Participating merchants provide information about their membership of a network association in the checkout area using an extended, unique SEPA Direct Debit acceptance symbol:
The illustration shows an example of an acceptance sign (decal) for the PAYONE network.
- in the event of a chargeback, in order to find out the address by means of the account number and the bank code (IBAN) of the card used: the card-issuing bank, a credit agency such as SCHUFA Holding AG, or alternatively, the merchant, insofar as the address is known to them
- Please see section 10 for further details
6. Is data transferred to a third country or an international organisation?
No, no such transmission takes place.
7. For what length of time is my data stored?
PAYONE stores and processes your data for as long as is necessary for the performance of the contract and fulfilment of our contractual and statutory obligations. Where storage of the data for the performance of contractual or special statutory obligations is no longer necessary and the purpose of storage no longer applies, the data will be erased, except where its continued processing is necessary for the following reasons:
- Satisfaction of storage requirements under commercial law or fiscal law or for other mandatory reasons (e.g. accounting data must be kept for 10 years)
- Preservation of evidence within the framework of statutory limitation periods
8. What data protection rights do I have?
Every data subject may assert the following data protection rights with the respective data controller (see section 1 above):
- the right to access pursuant to Article 15 GDPR
- the right to rectification pursuant to Article 16 GDPR
- the right to erasure pursuant to Article 17 GDPR
- the right to restriction of processing pursuant to Article 18 GDPR
- the right to object pursuant to Article 21 GDPR
- the right to data portability pursuant to Article 20 GDPR
The restrictions set forth in Sections 34 and 35 of the Federal Data Protection Act (BDSG) apply in respect of the right to access and the right to erasure (for GER).
Additionally, every data subject has the right to lodge a complaint with a supervisory authority for data protection (Art. 77 GDPR in conjunction with (for GER) Section 19 BDSG). You can find PAYONE’s competent supervisory authority for data protection in the context of payment processing in Section 1. Alternatively, you can contact your own local supervisory authority for data protection.
9. Must I make my data available?
You are neither legally nor contractually obliged to supply your data. If you do not wish to supply your data, you can choose another payment method, such as paying in cash.
10. Is my data used for automated decision-making?
To prevent card misuse and to limit the risk of payment defaults, maximum amounts are fixed for payments within certain periods of time. The decision also takes into consideration whether a direct debit from your card-issuing bank was previously not honoured due to insufficient funds or revoked by you (chargeback). This information is not included in the decision if the chargeback is made in the context of a revocation declaring the assertion of rights based on the underlying transaction (e.g. due to a material defect in a purchase). This information serves to prevent future payment defaults. Upon complete settlement of outstanding debts, this data is deleted.
This information enables the network operator to make recommendations to merchants using its system as to whether or not to accept a direct debit payment. For this purpose, the network operator may
- use chargeback information of all the merchants linked to the network;
- for a short time – only a few days – evaluate payment information across multiple merchants in order to prevent card misuse;
- apart from that, only evaluate payment information received from one and the same merchant.
- Your data is not used for solvency checks. Your payment data is only used to decide whether or not to recommend payment by direct debit, with or without obtaining a signature, to the respective merchant.
11. Right to object in individual cases
You have the right to object at any time, for reasons arising from your particular situation, to the processing of data which takes place pursuant to Article 6 (1) f) GDPR, i.e. to the processing of data based on a balancing of interests.
Please direct your objection to: privacy@payone.com
If you file a justified objection, your data will no longer be processed pursuant to Article 6 (1) f) GDPR, with two exceptions:
- Your data will continue to be processed if the data controller can prove the existence of compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, in particular, for example, in the case of legal retention obligations and for carrying out a payment which has already been started at the payment terminal but not yet completed.
- Your data will continue to be processed if this serves to assert, exercise or defend legal claims.
12. Information up to date as at
2nd January 2024
Electronic cash ("girocard")
1. Who is responsible for the processing of my data and who can I contact?
Many steps are necessary so that you can safely pay with your card. That is why the merchant you pay by card works with a network operator. The merchant and the network operator are each responsible – as data controllers – for the processing of the data within their own technical area:
a) the merchant for the operation of the payment terminal at the cash desk and possibly for its internal network up to the safe transmission of the data via the Internet or by telephone line to the network operator.
You will find the name and contact details of the merchant at the cash desk or at the shop door.
b) the network operator for the central operation of the network, the processing carried out in the network, recoding, risk assessment and further transmission. Its contact details are as follows:
PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, www.payone.com
Data Protection Officer: privacy@payone.com
Competent data protection authority:
The Hesse Data Protection Commissioner, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/
If the merchant uses a commercial network operator other than PAYONE, the merchant will ensure that its name and contact details are available to you. You can find this information on a notice or by enquiring at the cash desk.
2. What data is used for the payment?
- Card data (data which is stored on your card): IBAN or account number and bank sort code, card expiry date and card suffix.
- Other payment data: Amount, date, time, identification of the payment terminal (location, company and branch where you are paying), verification data of your card-issuing bank (“EMV data”).
- PIN: Your PIN entry is checked by the card-issuing bank after being cryptographically secured. The network operator adopts cryptographic safeguards and transmissions, but does not store the PIN and has no access to the encrypted PIN.
3. From what sources is your data derived?
- The payment terminal reads the card data from your card.
- The other payment data is provided by the payment terminal and in some cases directly by the merchant.
- You enter your PIN yourself.
4. For what purpose is your data processed and on what legal basis?
- Merchant
- Verification and execution of your payment to the merchant, Art. 6 (1) b) GDPR.
- Archiving of records in compliance with legal obligations, in particular Sections 257 (1) no. 4 Commercial Code (HGB), Section 147 (1) no. 4 Fiscal Code (AO); Art. 6 (1) c) GDPR.
- Network operator:
- Verification and execution of your payment to the merchant, Art. 6 (1) b) GDPR.
- Safe transmission of your data, particularly in accordance with the legal requirements for SEPA payments, Sections 25a Banking Act (KWG), 27 Payment Services Supervision Act (ZAG); and the regulations of the Association of German Banks; Art. 6 (1) c) and f) GDPR.
- Archiving of records in compliance with legal obligations, in particular Sections 257 (1) no. 4 Commercial Code (HGB), Section 147 (1) no. 4 Fiscal Code (AO); Art. 6 (1) c) GDPR.
- Settlement of the fees which the merchant owes your card-issuing bank, Art. 6 (1) f) GDPR.
- Reporting (exclusively masked or pseudonymised as well as with aggregated data), Art. 6 (1) f) DSGVO.
5. Who receives the data?
Apart from the merchant and the network operator, other parties require your data in order to carry out the payment or to comply with legal obligations. Your data will only be passed on to this extent, and to the following entities:
- your card-issuing bank and the merchant’s payment service provider
- the entities acting as intermediaries on behalf of the German credit industry, which assume the clearing and settlement of payments
- judicial authorities in the cases provided for by law
- financial intelligence units in the cases provided for by law
6. Is data transferred to a third country or an international organisation?
No, no such transmission takes place.
7. For what length of time is my data stored?
PAYONE stores and processes your data for as long as is necessary for the performance of the contract and fulfilment of our contractual and statutory obligations. Where storage of the data for the performance of contractual or special statutory obligations is no longer necessary and the purpose of storage no longer applies, the data will be erased, except where its continued processing is necessary for the following reasons:
- Satisfaction of storage requirements under commercial law or fiscal law or for other mandatory reasons (e.g. accounting data must be kept for 10 years)
- Preservation of evidence within the framework of statutory limitation periods
8. What data protection rights do I have?
Every data subject may assert the following data protection rights with the respective data controller (see section 1 above):
- the right to access pursuant to Article 15 GDPR
- the right to rectification pursuant to Article 16 GDPR
- the right to erasure pursuant to Article 17 GDPR
- the right to restriction of processing pursuant to Article 18 GDPR
- the right to object pursuant to Article 21 GDPR
- the right to data portability pursuant to Article 20 GDPR
The restrictions set forth in Sections 34 and 35 of the Federal Data Protection Act (BDSG) apply in respect of the right to access and the right to erasure (for GER).
Additionally, every data subject has the right to lodge a complaint with a supervisory authority for data protection (Art. 77 GDPR in conjunction with (for GER) Section 19 BDSG). You can find PAYONE’s competent supervisory authority for data protection in the context of payment processing in Section 1. Alternatively, you can contact your own local supervisory authority for data protection.
9. Must I make my data available?
You are neither legally nor contractually obliged to supply your data. If you do not wish to supply your data, you can choose another payment method, such as paying in cash.
10. Is my data used for automated decision-making?
When you wish to use your card for payment, the card payment must first be authorised. This authorisation is given automatically on the basis of your data. The following criteria in particular can play a role: Amount of payment, place of payment, previous payment history, merchant, purpose of payment. Without authorisation, payment by card is not possible. This has no effect on other payment methods (other cards or cash, for example).
11. Right to object in individual cases
You have the right to object at any time, for reasons arising from your particular situation, to the processing of data which takes place pursuant to Article 6 (1) f) GDPR, i.e. to the processing of data based on a balancing of interests.
Please direct your objection to: privacy@payone.com
If you file a justified objection, your data will no longer be processed pursuant to Article 6 (1) f) GDPR, with two exceptions:
- Your data will continue to be processed if the data controller can prove the existence of compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, in particular, for example, in the case of legal retention obligations and for carrying out a payment which has already been started at the payment terminal but not yet completed.
- Your data will continue to be processed if this serves to assert, exercise or defend legal claims.
12. Information up to date as at
2nd January 2024
Other methods of payment by card
1. Who is responsible for the processing of my data and who can I contact?
Many steps are necessary so that you can safely pay with your card. That is why the merchant you pay by card works with a network operator. The merchant and the network operator are each responsible – as data controllers – for the processing of the data within their own technical area:
a) the merchant for the operation of the payment terminal at the cash desk and possibly for its internal network up to the safe transmission of the data via the Internet or by telephone line to the network operator. You will find the name and contact details of the merchant at the cash desk or at the shop door.
b) the network operator for the central operation of the network, the processing carried out in the network, recoding, risk assessment and further transmission. Its contact details are as follows:
PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, www.payone.com
Data Protection Officer: privacy@payone.com
Competent data protection authority:
The Hesse Data Protection Commissioner, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/
c) The acquirer is a payment service provider regulated under the Payment Services Supervision Act (ZAG) which performs the acceptance and settlement of payments on behalf of the merchant.
Who the acquirer is depends on the card which you used. The merchant will ensure that the acquirer’s contact details and those of the data protection authority responsible for the acquirer are available to you. You can find this information on a notice or by enquiring at the cash desk.
Where PAYONE is responsible for acquiring, the contact details already provided shall apply:
PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, www.payone.com
Data Protection Officer: privacy@payone.com
Competent data protection authority: The Hesse Data Protection Commissioner, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/
2. What data is used for the payment?
- Card data (data which is stored on your card): Card number, type of card (e.g. VISA, Mastercard, American Express) and expiry date.
- Other payment data: Amount, date, time, identification of the payment terminal (location, company and branch where you are paying), verification data of your card-issuing institution (“EMV data”), in some cases your signature.
- PIN: Your PIN entry is checked by the card-issuing institution after being cryptographically secured. The network operator adopts cryptographic safeguards and transmissions, but does not store the PIN and has no access to the encrypted PIN.
- Chargeback: If you are disputing a transaction performed with your card: In this case, the sales receipt and any other information about you with which the merchant wishes to prove the debt you owe (e.g. name and address) can be forwarded to the card-issuing institution.
3. From what sources is your data derived?
- The payment terminal reads the card data from your card.
- The other payment data is provided by the payment terminal and in some cases directly by the merchant.
- You enter your PIN yourself; you provide your signature yourself.
4. For what purpose is your data processed and on what legal basis?
- Merchant
- Verification and execution of your payment to the merchant, Art. 6 (1) b) GDPR.
- Archiving of records in compliance with legal obligations, in particular Sections 257 (1) no. 4 Commercial Code (HGB), Section 147 (1) no. 4 Fiscal Code (AO); Art. 6 (1) c) GDPR.
- Network operator:
- Verification and execution of your payment to the merchant, Art. 6 (1) b) GDPR.
- Safe transmission of your data, particularly in accordance with the legal requirements, Sections 25a Banking Act (KWG), 27 Payment Services Supervision Act (ZAG), and the regulations of the credit card organisations; Art. 6 (1) c) and f) GDPR.
- Acquirer
- Verification and execution of your payment to the merchant, Art. 6 (1) b) GDPR.
- Prevention of card misuse (Section 10 (1) no. 5 Money Laundering Act (GWG)); Art. 6 (1) (c) GDPR.
- Limitation of the risk of non-payment, Art. 6 (1) f) GDPR.
- Safe transmission of your data, particularly in accordance with the legal requirements, Sections 25a Banking Act (KWG), 27 Payment Services Supervision Act (ZAG), and the regulations of the credit card organisations; Art. 6 (1) c) and f) GDPR.
- Settlement of the fees which the merchant owes your card-issuing institution, Art. 6 (1) f) GDPR.
- Archiving of records, in particular in accordance with Sections 257 (1) no. 4 Commercial Code (HGB), Section 147 (1) no. 4 Fiscal Code (AO); Art. 6 (1) c) GDPR.
- Debt recovery after a chargeback, Art. 6 (1) b) and f) GDPR.
- Reporting (exclusively masked or pseudonymised as well as with aggregated data), Art. 6 (1) f) DSGVO.
5. Who receives the data?
Apart from the merchant and the network operator, other parties require your data in order to carry out the payment or to comply with legal obligations. Your data will only be passed on to this extent, and to the following entities:
- the payment card system
- your card-issuing institution and the acquirer's bank
- the entities acting as intermediaries on behalf of the credit card organisations, which assume the clearing and settlement of payments
- judicial authorities in the cases provided for by law
- financial intelligence units in the cases provided for by law
6. Is data transferred to a third country or an international organisation?
The acquirer forwards your data to the payment card system outside of the European Economic Area in accordance with the respectively agreed rules (e.g. binding corporate rules, standard contractual clauses) or for the purpose of fulfilling the contract with the foreign payer in order to authorise and carry out your payment.
With regard to the processing of your data by the payment card system, please consult its data privacy provisions:
a) Mastercard Europe SPRL, Chaussée de Tervuren 198A, 1410 Waterloo, Belgium, for the payment brands “Mastercard” and “Maestro”,
https://www.mastercard.de/de-de/datenschutz.html
b) Visa Europe Services LLC, registered in Delaware USA, acting through its branch office in London, 1 Sheldon Square, London W2 6TT, UK, for the payment brands “Visa”, “Visa Electron” and “V PAY”
https://www.visa.co.uk/privacy/
c) American Express Payment Services Ltd., Branch Office Frankfurt am Main, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, for the payment brand “American Express”; https://www.americanexpress.de/datenschutz
d) Diners Club International Ltd., 2500 Lake Cook Road, Riverwoods, IL 60016, USA, for the payment brands “Diners”, “Diners Club” and “Discover”;
https://www.dinersclub.com/privacy-policy
e) JCB International Co., Ltd., 5-1-22, Minami Aoyama, Minato-Ku, Tokyo, Japan, for the payment brand “JCB”; https://www.jcbeurope.eu/privacy/
f) Union Pay International Co., Ltd., German Branch, An der Welle 4, 60322 Frankfurt, for the payment brands “CUP” and “Union Pay”
https://www.unionpayintl.com/en/aboutUs/companyProfile/contactUs/Europe/Europe2/?currentPath=%2FglobalCard%2Fen%2Fglobal_7%2F10050072
7. For what length of time is my data stored?
PAYONE stores and processes your data for as long as is necessary for the performance of the contract and fulfilment of our contractual and statutory obligations. Where storage of the data for the performance of contractual or special statutory obligations is no longer necessary and the purpose of storage no longer applies, the data will be erased, except where its continued processing is necessary for the following reasons:
- Satisfaction of storage requirements under commercial law or fiscal law or for other mandatory reasons (e.g. accounting data must be kept for 10 years)
- Preservation of evidence within the framework of statutory limitation periods
8. What data protection rights do I have?
Every data subject may assert the following data protection rights with the respective data controller (see section 1 above):
- the right to access pursuant to Article 15 GDPR
- the right to rectification pursuant to Article 16 GDPR
- the right to erasure pursuant to Article 17 GDPR
- the right to restriction of processing pursuant to Article 18 GDPR
- the right to object pursuant to Article 21 GDPR
- the right to data portability pursuant to Article 20 GDPR
The restrictions set forth in Sections 34 and 35 of the Federal Data Protection Act (BDSG) apply in respect of the right to access and the right to erasure (for GER).
Additionally, every data subject has the right to lodge a complaint with a supervisory authority for data protection (Art. 77 GDPR in conjunction with (for GER) Section 19 BDSG). You can find PAYONE’s competent supervisory authority for data protection in the context of payment processing in Section 1. Alternatively, you can contact your own local supervisory authority for data protection.
9. Must I make my data available?
You are neither legally nor contractually obliged to supply your data. If you do not wish to supply your data, you can choose another payment method, such as paying in cash.
10. Is my data used for automated decision-making?
When you wish to use your card for payment, the card payment must first be authorised. This authorisation is given automatically on the basis of your data. The following criteria in particular can play a role: Amount of payment, place of payment, previous payment history, merchant, purpose of payment. Without authorisation, payment by card is not possible. This has no effect on other payment methods (other cards or cash, for example).
11. Right to object in individual cases
You have the right to object at any time, for reasons arising from your particular situation, to the processing of data which takes place pursuant to Article 6 (1) f) GDPR, i.e. to the processing of data based on a balancing of interests.
Please direct your objection to: privacy@payone.com
If you file a justified objection, your data will no longer be processed pursuant to Article 6 (1) f) GDPR, with two exceptions:
- Your data will continue to be processed if the data controller can prove the existence of compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, in particular, for example, in the case of legal retention obligations and for carrying out a payment which has already been started at the payment terminal but not yet completed.
- Your data will continue to be processed if this serves to assert, exercise or defend legal claims.
12. Information up to date as at
2nd January 2024
Download area
Below you will find a print version of this information and a summarised version of the information about the processing of your data available for download.