PAYONE e-payment Data protection regulations

Welcome to the PAYONE website. In the following, we will inform you about the type, scope and purposes of the processing of your personal data and your rights.

It goes without saying that we process your personal data exclusively in accordance with the statutory data protection regulations. However, data protection is more than just a legal obligation for us. Rather, data protection in practice is a customer-oriented quality feature and enjoys the highest priority at PAYONE.

Responsible party:
PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, Germany, e-mail: info@payone.com

Legal representatives:
Management Board: Ottmar Bloching, Dr. Matthias Böcker, Roland Schaar, Corinna Valentine
Chairman of the Supervisory Board: Michael Gievert

Data Protection Officer:
Data Protection Officer of PAYONE GmbH, Lyoner Straße 15, 60528 Frankfurt am Main, privacy@payone.com

1. Categories of data that are processed

1.1 When you visit our website and use the website functions

Data categories:
Processing purpose:
Legal basis:
Storage period:
Data categories:

Name, address and contact data, payment data, company information (in particular legal form, industry), products and/or services ordered, ID card data and video or image recordings for identification purposes, if applicable

Processing purpose:

  • Order processing on request

  • Contract initiation and, if applicable, contract conclusion

Legal basis:

Art. 6 para. 1 sentence 1 lit. b) and c) GDPR

Storage period:

  • Max. 1 year

  • In the event of contract conclusion: storage until the end of the contractual relationship and the expiry of corresponding retention periods

Data categories:

Name and contact details, information about your request

Processing purpose:

  • Contact form/ Contact us

  • Sending of information material on request

  • Contract initiation and, if applicable, contract conclusion

Legal basis:

Art. 6 para. 1 sentence 1 lit. b) and f) GDPR

Storage period:

  • Max. 1 year

  • In the event of contract conclusion: storage until the end of the contractual relationship and the expiry of corresponding retention periods

Data categories:

E-mail address

Processing purpose:

Newsletter registration and delivery

Legal basis:

Art. 6 para. 1 sentence 1 lit. a) GDPR

Storage period:

  • Until the user logs out

Data categories:

Server log data: IP address, website usage data (log data on website accesses or file retrievals, e.g. name of the retrieved file, date and time of retrieval, amount of data transferred) and device information (e.g. operating system, browser type and version), cookie information in session cookies

Processing purpose:

  • Network communication

  • Functionality and security of the website

  • Fault and error detection and elimination

Legal basis:

Art. 6 para. 1 sentence 1 lit. f) GDPR, § 25 para. 2 TDDDG

The legitimate interest in the temporary storage of log data (server log files) and session cookie information lies in our interest in the efficient and secure provision of our website.

Storage period:

  • 7 days

  • If further storage is required for evidence purposes, deletion will take place after final clarification of the incident

  • Session cookies are automatically deleted at the end of the browser session

Data categories:

Analysis data: IP address (partly anonymized, as described below), website usage data (cookie information)

Processing purpose:

  • Website analysis and optimization, marketing

  • Integration of external media and third-party services

  • See the following additional information

Legal basis:

Art. 6 para. 1 sentence 1 lit. a) and f) GDPR, § 25 para. 1 TDDDG

Storage period:

  • The cookies set can be deleted at any time under Point 2.5 Cookie settings and revocation within this privacy policy and via the browser settings

  • To delete the stored data, see the following additional information

Data categories:

Name, e-mail address, information about you or your company, type of data protection request, information about your request, identification documents

Processing purpose:

  • Responding to requests in the PAYONE data protection web form

  • Further communication in relation to your data protection request

Legal basis:

Art. 6 para. 1 sentence 1 lit. c) GDPR

Storage period:

  • 4 years

  • Identification documents are deleted immediately after final processing

1.2 When using the PAYONE payment link

Data categories:
Processing purpose:
Legal basis:
Storage duration:
Data categories:

Name, reference, order overview, your selected payment method, country

Processing purpose:

  • Processing of cashless payments

(Further information on data processing for the processing of cashless payments by PAYONE can be found here.)

Legal basis:

Art. 6 para. 1 sentence 1 lit. b) GDPR

Storage duration:

  • The payment link can be valid for up to 335 days and is automatically deleted 30 days after execution or expiry of validity

  • If the link is executed: Storage for the processing of the payment and retention until the expiry of corresponding retention periods

Data categories:

Server log data: IP address, website usage data (log data on website accesses or file retrievals, e.g. name of the retrieved file, date and time of retrieval, amount of data transferred) and device information
(e.g. operating system, browser type and version), cookie information in session cookies

Processing purpose:

  • Network communication

  • Functionality and security of the website

  • Fault and error detection and elimination

Legal basis:

Art. 6 para. 1 sentence 1 lit. f) GDPR,
§ Section 25 (2) TDDDG

The legitimate interest in the temporary storage of log data (server log files) lies in our interest in the efficient and secure provision of our website.

Storage duration:

  • 7 days

  • If further storage is required for evidence purposes, deletion will take place after final clarification of the incident

  • Session cookies are automatically deleted at the end of the browser session

2. Data recipient
[object Object]

https://www.payone.com/datenschutz-einstellungen/

Note: You can also prevent the storage of cookies at any time by selecting the appropriate settings in your browser software. There you can also allow only certain types of cookies or delete individual or all cookies. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

3. Rights of the data subjects

Legal right of data subjects:
Content:
Legal basis:
Legal right of data subjects:

Information

Content:

Right to information about the processed personal data concerning you and further information in relation to the data processing concerning you (e.g. processing purposes, data recipients).

Legal basis:

Art. 15 GDPR

Legal right of data subjects:

Correction

Content:

Right to rectification of inaccurate personal data concerning you or to completion of incomplete personal data.

Legal basis:

Art. 16 GDPR

Legal right of data subjects:

Erasure ("right to be forgotten")

Content:

Right to erasure of personal data concerning you under certain conditions (e.g. discontinuation of purpose, withdrawal of consent).

Legal basis:

Art. 17 GDPR

Legal right of data subjects:

Restriction of processing

Content:

Right to restriction of processing of personal data concerning you under certain conditions (e.g. contested accuracy of data during the period of verification).

Legal basis:

Art. 18 GDPR

Legal right of data subjects:

Data portability

Content:

Right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in order to transmit those data to another body or to have the data transmitted directly to the other body, where technically feasible, subject to certain conditions.

Legal basis:

Art. 20 GDPR

Legal right of data subjects:

Contradiction

Content:

Right to object to the processing of personal data concerning you under certain conditions.

Legal basis:

Art. 21 GDPR

Legal right of data subjects:

Right to lodge a complaint with a competent supervisory authority

Content:

Right to lodge a complaint with a competent data protection supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. This can be done, for example, with the supervisory authority responsible for PAYONE: Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany, https://datenschutz.hessen.decan be exercised.

Legal basis:

Art. 57 para. 1 lit. f),
Art. 77 GDPR

Legal right of data subjects:

Right of withdrawal

Content:

Right to withdraw your consent to the processing of personal data concerning you at any time with effect for the future.

Legal basis:

Art. 7 para. 3 GDPR

To assert the statutory rights of data subjects, please use our PAYONE data protection web form.

Note on the right to object

You can object to the processing of your data at any time under the conditions of Art. 21 GDPR, provided that the data processing is based on our legitimate interests or those of a third party (data processing on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR). In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

4. Further information on data processing

Legal obligation to provide personal data:

No
☐ Yes

Contractual necessity for the provision of personal data:

☐ No
Yes, for the above purposes.

Possible consequences of non-provisioning:

Only relevant for contact and form fields. If you do not provide your data, we will not be able to contact you, send you information and/or newsletters.

In addition, the requested order or payment cannot be processed otherwise.

Does automated decision making take place?

No
☐ Yes

What is the source of the personal data
(if not collected from the data subject)?

Not relevant, as no data is obtained from third party sources.

5. Form fields / TLS encryption

If you send us inquiries, e.g. via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. For security reasons and to protect the transmission of confidential content that you send to us, our website uses TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line. Further information on processing and storage duration can be found under point 1 Categories of data that are processed.

Status
2.2025