INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULATION (GDPR)
We take data protection seriously and inform you how we process your data and what claims and rights you are entitled to under applicable data protection regulations.
1. Name and Contact Information of Controller and Data Protection Officer
Company Name: dedified Germany UG (haftungsbeschränkt) Company Address: Mühlenstraße 8a, 14167 Berlin Telephone: 0049 176 82649470
2. Categories of Data, Purposes and Legal Basis of Data Processing
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and other applicable provisions of data protection legislation. The details of the data processed by us, the purposes of the data processing and the legal basis of such data processing depend on the circumstances of the individual case.
2.1 When you visit our Website
Access Data: When you visit our website for informational purposes, we collect data on each access of our server on which the service is located (server log files). Such data include
- the name of the website accessed
- file, date, and time of the access
- quantity of data transferred
- reporting of successful access
- browser type and version
- the user’s operating system
- referrer URL (the page visited previously)
- P address, and
- the enquiring provider.The access data will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of twelve months and then deleted. Data that must be stored for the purpose of evidence are excluded from deletion until the final clarification of the occurrence in question. The legal basis of our data processing is our justified interest (berechtigtes Interesse) in presenting our service offering on the internet (legitimate interest in accordance with Art. 6(1)(f) GDPR).
Cookies: Cookies are information that are transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage. We use different types of cookies:
- Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Session cookies are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie (so-called session ID). In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
- Functionality cookies remember your preferences for a website, such as language preference.
- Performance cookies capture website and app usage information on an abstract level and are used to provide analytics and metrics such as the number of visitors and which pages are most frequently accessed. These cookies include Google Analytics (see also below).
The cookies we use on our website are listed in the chart below:
General cookies Company Consent cookie
Analytics cookie Performance cookie
Authentification cookie Functionality cookie
Company Company Company
Cookie consent Analystics Website and App Usage Information
Authentification Language Preference
As far as legally required, we ask you for your consent in advance.
If you do not wish cookies to be stored on your computer, you can deactivate the appropriate option in the system settings of your browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
The legal basis of our data processing related to cookies is your consent (Art. 6(1)(a) GDPR) and/or our justified interest (berechtigtes Interesse) in presenting our service offering on the internet (legitimate interest in accordance with Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
Deactivate Google Analytics
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way in order only to present users with advertisements that may be of interest to. If users, for example, are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as “web beacons”) are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area and only sent in full to Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google an also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the “Google Tag Manager” in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.]
2.2 When you register on our Website
Identification Data: When you register on our website or on the website or mobile application of one of our business partners offering our services, we collect specific identification data of you and – in case you register on behalf of a business enterprise – of third parties related to such enterprises as beneficiaries. Such data include
For natural persons:
- Your title
- Your first name and last name
- Your postal address
- Your gender
- Your language preference
- Your email address(es)
- Your country of residence
- Your date of birth
- Your nationality
- Your phone number
- Your ID-Card or passport number
For legal person:
- The first and last name of the legal representative(s)
- Address of the legal representative(s)
- Date of birth of the legal representative(s)
- Country of residence of the legal representative(s)
- E-mail of the legal representative(s)
- The nationality of the legal representative(s)
- ID-Card or passport number of the legal representative
- For ultimate benficial owners (UBO, i.e. shareholders holding 25% or more of the company shares:
- First and last name
- Postal address
- Date, place and country of birth
When you register on our website or on the website or mobile application of one of our business partners offering our services, we also collect specific registration and authentication data of you or the business enterprise you represent in order to be able to perform payment transactions. Such data includeIf you act in your own name:
- Your bank account number (IBAN)
- Your current street address
- The identification number of your mobile device
The legal basis of our data processing related to the aforementioned registration data of you personally is your consent (Art. 6(1)(a) GDPR), and/or our justified interest in assessing business risks associated with payment transactions effected by you (legitimate interest in accordance with Art. 6(1)(f) GDPR) and in ensuring that payment transactions effected by you are carried out in compliance applicable laws and regulations (legitimate interest in accordance with Art. 6(1)(c) GDPR).
The legal basis of our data processing related to the aforementioned registration data of legal representatives and ultimate beneficiary owners of business enterprises represented by you is our justified interest in assessing business risks associated with payment transactions effected by you (legitimate interest in accordance with Art. 6(1)(f) GDPR) and in ensuring that payment transactions effected by you are carried out in compliance applicable laws and regulations (legitimate interest in accordance with Art. 6(1)(c) GDPR).
2.3 When you engage in Payment Transactions by Means of our Services
Transaction Data: When you enter payment transactions on our website or on the website or mobile application of one of our business partners offering our services , we collect specific transaction data of you. Such data include:
- The amount of the payment to be effected
- Identification data of you as payor (first name and last name, bank account number
(IBAN), virtual IBAN of payment account.
- Identification data of the recipient (first name and last name, virtual IBAN of the
- Date and time of entry of the payment transaction
- Reference/Subject Number
The legal basis of our data processing related to the aforementioned transaction data is your consent (Art. 6(1)(a) GDPR), and/or our justified interest in performing the contractual instructions given by you in order to effect the payment service requested by you (legitimate interest in accordance with Art. 6(1)(b) GDPR).2.4 Newsletters
We send newsletters, emails, and other electronic notifications with promotional information only with your consent or with legal permission and we process your email contact data in that context.
Double opt-in and logging:
Registering to receive our newsletters requires a “double opt-in procedure”: After registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. We keep a log (storing the time of your registration and of your confirmation and your IP address) of your registration for our newsletters in order to be able to prove that you have given the required consent to receive our newsletters.
You can terminate your agreement to receive of our newsletter at any time. You will find a link for cancellation option of the newsletter at the end of each newsletter.
The legal basis of our data processing related to our newsletters is your consent (Art. 6(1)(a) GDPR), and/or our justified interest in promoting our services (legitimate interest in accordance with Art. 6(1)(f) GDPR).
3. Recipients of your Data
3.1 Your personal data will only be transferred to third parties if
- you have given us consent to transmit the data to third parties;
- transmission is necessary in accordance with Art. 6(1)(b) GDPR for fulfillment of
our contractual obligations in the business relationship with you,
- transmission is covered by a legitimate interest in accordance with Art. 6(1)(f) GDPR)
- we are obligated or entitled to give information, notification or to forward data under applicable laws and regulations.
3.2 The categories of personal data transmitted by us to third parties and the recipients of such data are:
When you open a payment account
Registration data of you as per time 2.1 and 2.2
Transaction data of you per item 2.3 above are transmitted to our business
partner MANGOPAY SA, 2 Avenue Amélie, L-1125 Luxembourg
3.3 To the extent that we commission external service providers to process your data (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti- money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work), your data will be subject to adequate security standards agreed by us with such service providers in order to adequately protect your data.
4. Duration of Data Storage
In general, we process and store your data only for as long as such processing or storage is required.
The personal data that we collect from you will be stored until the end of the legal storage period and erased, unless we are obliged to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law, or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR. Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations).
If the data are no longer required to meet our contractual or statutory obligations and rights, data will be routinely erased unless further processing is necessary due to an overriding legitimate interest. Such an overriding legitimate interest may exist, if it is not possible to erase the data as a result of the particular type of storage, if such is erasure is only possible at a disproportionately great expense, provided that processing for other purposes is excluded by appropriate technical and organizational measures.
5. Processing of Data in a Third Country or through International Organizations
5.1 Your data are transmitted to recipients in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or if you have given your consent to such transmission.
5.2 If your data is processed in a third country on our behalf and if no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection in that country, we warrant that your rights and freedoms will be reasonably protected and guaranteed in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
6. Your Rights as Data Subject
In accordance with the provisions of the GDPR, you as data subject can assert the following data protection rights against us:
6.1 You may revoke the consent that you have issued to us at any time (Art. 7(3) GDPR). As a result, we will no longer perform the data processing covered by this consent in future.
6.2 You have the right to obtain information on your personal data processed by us (Art. 15 GDPR with limitations in accordance with Section 34 Federal Data Protection Act).
6.3 You have the right to request the rectification of data stored by us on you where such data are inaccurate or incorrect (Art. 16 GDPR).
6.4 You have the right to request the erasure of data stored by us on you, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or if there is an overriding interest on our part (for example, to defend our rights and claims) (Art. 17 GDPR).
6.5 You may request us to restrict the processing of your data in accordance with Art. 18 GDPR.
6.6 You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party (Art. 20 GDPR).
6.7 You may file an objection to the processing of your data in accordance with Art. 21 GDPR. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
6.8 You have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
6.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR).
7. Changes to this Privacy Statement
This Privacy Statement may change when prompted by new developments.