Data Protection

With this privacy policy, we would like to inform you about the data processing involved when using our website ratepay.com, our buyer portal „MyRatePAY“ and the trader portal „cora.ratepay.com“. Responsible for data processing is RatePAY GmbH, Franklinstraße 28-29, 101587 Berlin.

You may contact the RATEPAY data protection team at any time as follows:
RatePAY GmbH
– Data Protection –
Franklinstraße 28-29
D-10587 Berlin
datenschutz [ a t ] ratepay.com

Our data protection officer can be reached directly as follows:
ISiCO GmbH
– Data Protection Officer RATEPAY –
Am Hamburger Bahnhof 4
10557 Berlin
berlin [ a t ] isico-datenschutz.de

Additional GTC for RATEPAY payment methods and data protection notice of RatePAY GmbH: https://www.ratepay.com/legal

Data processing on our website

View our website/access data

Every time you visit our website, we collect the access data that your browser automatically transmits to allow you to visit the website. The access data include the following in particular:

  • IP address of the requesting device;
  • date and time of request;
  • address of the website and the requesting website;
  • information about the used browser and the operating system;
  • online identifiers (e.g. device IDs, session IDs).

Processing of these data is necessary to allow the visit of the website and to ensure the long-term functionality and security of our systems. The access data are temporarily stored in internal log files for the purposes described above, to provide statistical information on the use of our website in order to further develop our website in terms of our visitors’ usage practices (for example, if the number of mobile devices being used to view the pages increases), and to generally maintain our website on an administrative level. The legal basis is Art. 6 par. 1 s. 1 letter b GDPR.

The information stored in the log files does not allow any direct inference to your person – in particular, we only store the IP addresses in a truncated, anonymised form. The log files are stored for 30 days and archived after subsequent anonymisation.

Establishing contact

You have several different options to contact us. These include the contact form or the call-back function. In this context, we solely process data for the purpose of communicating with you. The legal basis is Art. 6 par. 1 letter b GDPR. The data collected by us through the contact form will be automatically deleted after complete processing of your request, unless we still need your request to fulfil contractual or legal obligations (cf. „Storage duration“).

Registration for MyRatePAY

You have the option of registering at MyRatePAY, to change your personal information, to process payments, and to check the status of your payments. To use the portal, it is necessary for us to collect and use personal information about you. Personal data such as name, address, telephone number, etc., or data that you enter into your customer account for the purpose of using the portal or processing the request, are used in accordance with data protection laws. Registration is not possible without these data. The legal basis of the processing is Art. 6 par. 1 letter b GDPR.

Registration for trader portal

As a trader, you have the possibility of registering at cora.ratepay.com, in order to:

  • Search, view and export RatePAY transactions and have them clearly displayed;
  • Communicate status changes, shipment of goods, cancellations, returns and credit notes/ adjustment charges to RatePAY;
  • View and download trader statements and payout reports;
  • Contact our trader customer service for specific transactions.

In order to use the portal, it is necessary that we collect and use personal data from you, in particular your contact data and business information. Data processing serves the purpose of fulfilling the trader contract concluded with you, art. 6 par. 1 letter b GDPR.

Cookies and similar technologies

Parts of our services require us to use so-called cookies. A cookie is a text file that is stored either temporarily (“session cookies”) or for a longer term (“persistent cookies”) on your hard drive. Cookies are not used to run programs or to load viruses onto your computer. Instead, the main purpose of cookies is to provide you with a customised offer and to make the use of the service as expeditious as possible. Most browsers are set to accept cookies by default. However, you can change your browser settings to reject cookies or to only save them with prior consent. If you reject cookies, the functioning of some of our offers might be restricted.

We use cookies to personalise and optimise your user experience. We mainly use session cookies, which are deleted when you close the browser. Session cookies are used for login authentication and traffic load distribution.

We use persistent cookies, for example, to save your language settings or to indicate that you have been shown specific information posted on our website already – so that it will not be displayed again the next time you visit the website. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. These services are based on our legitimate interests, the legal basis is Art. 6 par. 1 s. 1 letter f GDPR. We hereby wish for you to have a more comfortable and customised experience when visiting our website.

In order to improve our website, we also use various technologies for the analysis of user behaviour and evaluation of the associated data. The data collected may include, in particular, the IP address of the device, the date and time of access, the identification number of the cookie, the device identifier of mobile devices, and technical information about the browser and the operating system. However, the collected data are stored exclusively under an alias, so that no direct conclusions about persons can be drawn. The legal basis for this data processing is Art. 6 par. 1 s. 1 letter f GDPR.

We use Matomo (formerly called Piwik), an open source analytics platform by InnoCraft Ltd., 150 Willis St, 6011, Wellington, New Zealand (“Matomo”). Matomo uses a cookie to analyse your behaviour on our website. The cookie that is stored on your computer when you visit our website also stores and transmits your anonymised IP address. Thus, when transmitting data to our server, the IP address is truncated so that we can no longer identify you, the visitor to our website. The usage data transmitted to us by the cookie are only evaluated by us and are not forwarded to third parties. The evaluation solely serves to optimise and further develop our website.

You can configure your browser to automatically reject cookies, or you can prevent the collection of the data related to your use of this website generated by the cookie (including your IP address) by pressing the following button. For more information, see Matomo’s privacy policy.

Web analysis on ratepay.com

Our website ratepay.com uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies and similar technologies to help us analyse and improve our website based on your user behaviour. The data collected in this context can be transmitted for evaluation to a server in the USA by Google and is then stored there. In the event that personal information is transferred to the USA, Google is subject to the EU-US Privacy Shield. Your IP address will be truncated before the user statistics are evaluated so that you cannot be identified. For this purpose, Google Analytics has been expanded on our website with the code “anonymizeIP” to ensure anonymised collection of IP addresses.

Google will process the information obtained through the cookies in order to evaluate your use of the website, to compile reports on website activity for the website operators and to provide other services related to website activity and internet usage.

You can configure your browser to reject cookies, as described above, or you can prevent the collection of the data generated by cookies and related to your use of this website (including your IP address) and the processing of these data by Google by downloading and installing the browser add-on provided by Google. As an alternative to the browser add-on or if you access our website from a mobile device, please use this opt-out link. This will prevent the collection of data by Google Analytics within this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies in this browser, you must click on this link again.

For more information, see Google’s privacy policy.

Transfer of data

A transfer of the data which we have collected only takes place if:

  • you have given your express consent to this pursuant to Art. 6 par. 1 s. 1 letter a GDPR;
  • transfer pursuant to Art. 6 par. 1 s. 1 letter f GDPR is required to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in refraining from passing on your data;
  • we are legally required to provide data in accordance with Art. 6 par. 1 s. 1 letter c GDPR;
  • this is legally permissible and in accordance with Art. 6 par. 1 s. 1 letter b GDPR and is required for the conclusion of contractual relationships with you or for the implementation of pre-contractual measures, which are carried out at your request.

Service providers might assume data processing duties in part. In addition to the service providers mentioned in this privacy policy, this may include, but is not limited to, data centres that store our website and databases, IT service providers who maintain our systems, and consulting firms. If we pass on data to our service providers, these providers may only use the data to fulfil their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, and are regularly monitored by us.

Additionally, transfer or disclosure may take place in connection with government inquiries, court orders, and legal proceedings if required for the prosecution or enforcement.

Storage duration

We generally only store personal data as long as necessary to fulfil the contractual or legal obligations for which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or to comply with statutory retention requirements.

For evidence, we must store contract information for three years from the end of the year in which the business relationship with you ends. Any claims become time-barred after the legal limitation period at the earliest at this time.

Even after that, we may have to store your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from the German Commercial Code, General Fiscal Law, the Banking Act, the Money Laundering Act and the Securities Trading Act. The duration of storing documents is between two and ten years.

Your rights

You have the right to request information about the processing of your personal data from us at any time. In the course of the provision of information, we will explain data processing and provide you with an overview of the data stored about you. If stored data should be incorrect or out of date, you have the right to have this information corrected. You may also request the deletion of your data. If deletion is not possible due to other regulations, the data will be blocked so that they are only available for this legal purpose. You can also limit the processing of your data, for example, if you believe that the information we have is incorrect. You also have the right to data transmission; we will send you a digital copy of the personal data provided by you on request.

To exercise your rights as described here, you can get in touch with us through the contact details stated above at any time. This also applies if you wish to receive copies of warranties to demonstrate adequate data protection.

In addition, you have the right to object to data processing, which is based on Art. 6 par. 1 letter e or f GDPR. Finally, you also have the right to complain to the data protection supervisory authority responsible for our company. You can assert this right with a supervisory authority in the member state of your place of residence, your place of work, or the place of the alleged breach. In Berlin, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

Right of revocation and objection

In accordance with Art. 7 par. 2 of the GDPR, you have the right to revoke consent once given to us at any time. As a result, we will not continue data processing in the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 par. 1 letter f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your data and to give us reasons that arise from your particular situation and that, based on your opinion, speak in favour of your legitimate interests. If it concerns an objection to the data processing for purposes of direct advertisement, you have a general right of objection, which is also implemented without having to specify reasons to us.

If you would like to exercise your right of revocation or objection, sending an informal message to the above-mentioned contact details suffices.

Data security

We maintain up-to-date technical measures to ensure data security, especially to protect your personal data against dangers during data transfers as well as from third parties gaining access to your data. These are adjusted in line with the current state of technology. To secure the personal information you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you provide.

Our merchant portal uses Google reCAPTCHA, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. reCAPTCHA prevents automated software (so-called bots) from carrying out abusive activities on the website, i.e. it checks whether entries made actually come from a human being. In order to determine this, the following data is processed:

Referrer (address of the page on which the Captcha is used), IP address, cookies set by Google, input behaviour of the user (e.g. answering the reCAPTCHA question, input speed in form fields, order of selection of input fields by the user), browser type, browser plug-ins, browser size and resolution, date, language setting, display instructions (CSS) and scripts (Javascript).

Google also reads cookies from other Google services such as Gmail, Search and Analytics. If you do not wish to be associated with your Google profile, you must log out of Google before accessing our contact page.

The data listed above is sent to Google in encrypted form. Google’s analysis determines the form in which the Captcha is displayed on the page. In the event that personal data is transferred to the USA, Google has submitted itself to comply with the EU-US Privacy Shield.

Please see Google’s Privacy Policy for more information.

Changes to the data protection policy 

From time to time, we update this data protection policy, for example, when we adapt our website or change the legal or regulatory requirements.

 

April 2019