Data Privacy Statement of RatePAY GmbH

  1. INFORMATION ON RATEPAY GMBH
    RATEPAY GmbH (“RATEPAY”) offers individual solutions in the field of online payment for a large number of online sales companies (“ONLINE MERCHANTS“). ONLINE MERCHANTS may use the RATEPAY payment methods for their respective e-commerce offerings and online trading platforms (“MARKETPLACE”). In case the payment methods offered by RATEPAY are used, RATEPAY assumes the credit risk associated with the transaction or the assigned purchase price claims.In doing so, RATEPAY processes personal data. This data protection statement provides you with all information about the processing of personal data and data protection rights when using RATEPAY online payment system.The company responsible for the data processing, as far as the handling of payment processes are concerned, is RATEPAY GmbH, Franklinstraße 28-29, D-10587 Berlin, Germany, registered with the District Court of Charlottenburg (Berlin) under Ref. No. HRB 124156 B, (“we”, “us”, “RATEPAY”).Your privacy is important to us. We take the protection of your personal data very seriously. We do not, however, have any influence on the data processing by the ONLINE MERCHANT or the MARKETPLACE. To this end, please check information of how data is processed by the ONLINE MERCHANT and the MARKETPLACE at the relevant websites.In case of enquiries, you may contact the RATEPAY data protection team at any time as follows:
    RatePAY GmbH
    – Data Protection –
    Franklinstraße 28-29
    D-10587 Berlin
    datenschutz@ratepay.comOur data protection officer can be reached directly as follows:
    ISiCO GmbH
    – Data Protection Officer RATEPAY –
    Am Hamburger Bahnhof 4
    10557 Berlin
    berlin@isico-datenschutz.de
  2. WHY RATEPAY PROCESSES YOUR DATA
    1. The ONLINE MERCHANT use one or more RATEPAY payment methods on the MARKETPLACE. To this end, both the ONLINE MERCHANT and the MARKETPLACE cooperate with RATEPAY.
    2. Purchase price claims arising from the contract between you and the ONLINE MERCHANT are ultimately ceded to RATEPAY whenever a RATEPAY payment method is used (factoring).
    3. Please understand that the disposal of different RATEPAY payment methods requires the processing of your data. Therefore, the legal basis for the data processing is Art. 6 Para. 1 Clause 1 lit. b GDPR.
  3. WHICH DATA ARE PROCESSED
    1. For the purposes stated above, RATEPAY gathers and processes the following data from you:
      1. Personal Data: Name (title, first name(s), last name), date of birth, address, e-mail address and telephone number.
      2. Account data (for direct debit transactions): Account holder, IBAN, BIC/SWIFT, banking institute.
      3. Order data: Data pertaining to your current, previous and/or future orders placed with the ONLINE MERCHANT or the MARKETPLACE and other online shops or marketplaces with which RATEPAY cooperates such as details of the products and RATEPAY payment methods selected by you.
      4. Creditworthiness data: Data, in particular from credit agencies and other cooperation partners that give information about your creditworthiness such as details of any enforceable claims against you and other data relating to creditworthiness, always subject to the provision that the usage of this data is permissible according to the relevant data protection laws.
      5. Technical Data: Data concerning the features of the terminal device used by you such as IP address, browser version, language settings (“device-specific data”) and data concerning usage of the websites of the MARKETPLACE.
    2. We mainly collect these data from the MARKETPLACE to process your order with the ONLINE MERCHANT with whom you conclude a contract. Additionally, we obtain data pertaining to creditworthiness from credit agencies and information from service providers for the purpose of combating fraud.
  4. RISK ANALYSIS AT RATEPAY
    1. In our risk analysis, we process your data in order to determine whether you will be able to fulfil your payment obligations and protect you from fraudsters, which may try to use your data to commit criminal acts. To this end we determine the probability of orderly payment in connection with RATEPAY payment methods. In this way we protect you from possible over-indebtedness, fraudulent use of your personal data and ourselves against a default risk.
    2. In order to be able to carry out these risk analyses the ONLINE MERCHANT transmits your data via the MARKETPLACE to RATEPAY. Depending upon the result of the risk analysis you will be able to use the respective RATEPAY payment method.
    3. The risk analysis is a precondition for the use of a RATEPAY payment method. The necessary data processing is thus for the purpose of the conclusion and performance of the contract that you have concluded with the ONLINE MERCHANT (Art. 6 Para. 1 Clause 1 lit. b GDPR). Inasmuch as you should additionally grant your consent thereto, processing shall also take place according to Art. 6 Para. 1 Clause 1 lit. a GDPR.
  5. DATA PROCESSING FOR THE RISK ANALYSIS FOR RATEPAY PAYMENT METHODS
    1. When implementing the risk analysis for RATEPAY payment methods RATEPAY determines the likelihood of orderly payment (the “RESULT”). The RESULT shall be determined on the basis of our experience in the field of online payment and the payment process as well as on that of a mathematical-statistical evaluation of the following data:a) Information pertaining to the current order (price of the goods or services, details of the purchaser or the person availing him-/herself of the service, shopping cart level, technical data),
      b) Information concerning orders already placed with a RATEPAY payment method,
      c) Information about your address,
      d) Information from credit rating agencies, so-called credit scores (e.g. Schufa, a credit investigation company) and creditworthiness information. Creditworthiness data, including the RESULT and the data upon which the evaluation has been based shall, in the event of the approval of a RATEPAY payment method, be used for a period of 12 months in order to ensure that the evaluations flow into risk analyses should you once more decide in favour of a RATEPAY payment method.
    2. Based on the RESULT, the ONLINE MERCHANT shall take the decision as to whether the desired RATEPAY payment method may be offered to you on the MARKETPLACE. To this end, RATEPAY transmits to the ONLINE MERCHANT the information whether the risk analysis has ended positively or negatively. The ONLINE MERCHANT shall not at any point in time be able to access the data upon which the risk analysis has been based, inasmuch as he has not transmitted them to RATEPAY itself.
    3. In the event that it should not have been possible to place a RATEPAY payment method at your disposal, your data from the order in question shall be used for this purpose for a period of 6 months. This enables us to avoid double inquiries from credit agencies and thus also serves the purpose of data minimisation.
  6. COOPERATION WITH CREDIT AGENCIES
    1. In addition to the other data categories listed in the above, the RESULT is also based on the scoring ratings from credit agencies. In order to obtain these scoring values from the agencies, RATEPAY initially transmits data connected to the conclusion of your contract, in particular the application and the acceptance of the contract with the ONLINE MERCHANT, to the agencies. As a part of the risk analysis this collection and transmission of data is required for the conclusion of the contract between you and the ONLINE MERCHANT and thus based on Art. 6 Para. 1 Clause 1 lit. b GDPR.In case the payment to us in the context of the RATEPAY payment method is not carried out correctly, we shall transmit the information of default to the credit agencies at the time. This processing is in the interests of all participants in commercial life, in order to avoid payment defaults and the over-indebtedness of consumers and debtors and thus takes place on the basis of Article 6 Para. 1 Clause 1 lit. f GDPR.
      The list of credit agencies data may be shared with can be found here.
  7. DATA PROCESSING WHEN PROCESSING THE CONTRACT
    1. We process your data based on Art. 6 Para. 1 Clause 1 lit. b GDPR to the extent that is required and for the purpose of the purchasing and ceding of claims resulting from the contractual relationship between you and the ONLINE MERCHANT, of the subsequent handling of the payment transaction by RATEPAY as well as the general establishment of contact in the contractual context. In particular, we process your bank account details in order to be able to redeem a direct debit or your address and e-mail address in order to be able to send payment information to you. Where required, in this context we transmit data for this purpose to banks and payment service providers.
    2. For the purpose of asserting a claim that might not have been settled, RATEPAY shall be entitled to transmit your data to debt collecting agencies who shall then take charge of the further debt recovery procedure, based on Art. 6 Para. 1 Clause 1 lit. f GDPR.
    3. For Group controlling purposes we may transmit your data to companies within our Group. This serves, inter alia, to liquidity planning and consolidation, based on Art. 6 Para. 1 Clause 1 lit. f GDPR.
    4. Partly, we also transmit the information that is relevant for your order process and the payment transaction to the ONLINE MERCHANT and the MARKETPLACE. The ONLINE MERCHANTS need this information in order to judge if any warranty claims are given or to offer you information pertaining to your order or customer services. Therefore, the MARKETPLACE receives the data to the sole purpose of making this available to both you and the ONLINE MERCHANT. This processing is thus based on Art. 6 Para. 1 Clause 1 lit. f GDPR (legitimate interest) or, inasmuch as it should be a matter of contractual information, based on Art. 6 Para. 1 Clause. 1 lit. b GDPR.
  8. COMBATING FRAUD
    1. In order to rule out the abuse of your data and to avert financial losses, we process your data in order to be able to detect fraudulent acts based on unusual usage patterns. To this end, we transfer your data to service providers who subjects your technical data and the order data to a plausibility review, for example in order to evaluate orders to a different address. This processing is based on Art. 6 Para. 1 Clause 1 lit. c) GDPR as we are obliged by Section 53 Payment Services Supervision Act (ZAG) to mitigate operational risks including fraudulent transactions.
    2. Fraud prevention is specifically based upon information relating to, inter alia:(a) Whether the user’s terminal device currently communicates via a proxy connection or has done so in the past,
      (b) Whether the terminal device has recently dialed in via different internet service providers,
      (c) Whether the terminal device had or has a frequently changing geo-reference,
      (d) How many internet transactions have recently been affected via the device (without it being possible to establish the type of transactions in question) and
      (e) How likely the terminal device on file in the database of the services provider is indeed that of the user;
      (f) Whether information provided by the customer is plausible and consistent.
    3. The services provider is bound by a contract under data protection law to our instructions and does not process the data for any purposes of its own.
  9. SERVICES PROVIDERS AND TRANSMISSION OF DATA OUTSIDE THE EU
    1. For the purpose of establishing contact in the context of customer satisfaction (e.g. by e-mail) we avail ourselves of services providers in order to save costs through automated procedures. In order to ensure the protection of your data in these cases also we have obliged these services providers to process your data exclusively based on instructions issued by us.
    2. In part, these services providers have their headquarters outside the European Economic Area. Inasmuch as a transfer outside the EEA takes place and no adequacy resolution of the European Commission is available or an US-American service provider is not EU-US privacy shield certified, we use standard contractual clauses of the European Commission, a copy of which can be requested by contacting us using the above mentioned contact details.
  10. RETENTION AND STORAGE OF YOUR DATA
    1. RATEPAY retains the data that we collect from you in the context of initiating and processing the contract for a period of 5 years. The period commences at the end of that year in which the contract had been concluded or at least initiated and concords with the statutory period of limitations for civil law claims. We thus fulfil our statutory retention duties as a payment service provider according to Section 30 ZAG.
    2. Access to these data is subject to strict restrictions. As a fundamental principle, our employees do not have access to information on creditworthiness.
    3. After the storage period has expired, your personal data generally will be blocked and, after the expiry of those commercial and fiscal provisions applicable to us and/or any other statutory retention obligations, will be finally deleted or anonymised. It shall then no longer be possible to draw any conclusions pertaining to your person. The anonymised data do, however, help us to constantly optimise our risk analysis and our business model. The retention of the data and their subsequent anonymisation are thus in our legitimate interests, Art. 6 Para. 1 Clause 1 lit. f GDPR.
  11. YOUR RIGHTS PERTAINING TO DATA PROCESSING
    1. Right to information as to which data of yours are processed (Art. 15 GDPR)
      You have a right to receive information as to which data of yours are processed by us as well as to further information according to Art. 15 GDPR that is connected with data processing. Upon request we will gladly supply the data and information to you and also make a copy of said data available to you.
    2. Right to correction of your data (Art. 16 GDPR);
      You have a right to the correction of your data should these be incorrect or – taking the purposes of the processing into account – incomplete.
    3. Right to deletion (Art. 17 GDPR)
      You have a right to deletion should data no longer be needed, the processing thereof be unlawful or any other of the cases under Art. 17 GDPR apply. In these cases we delete your data immediately.
    4. Right to the restriction of the processing of your data (Art. 18 GDPR)
      You have the right to restriction of your data in those cases listed in Art. 18 GDPR. This covers, inter alia, the case that we may process data in places or to an extent as a result of which the data processing is no longer legitimised by law. The circumstance may also be relevant that data are subject to a retention obligation and that we are for this reason not able to delete them without further ado. In this case we shall restrict the data processing to the greatest possible extent. Generally speaking, restriction means that the data are stored but employees no longer have access thereto.
    5. Right to Data Portability (Art. 20 GDPR)
      The right to so-called data portability enables you to receive data concerning your person from us which you have supplied to us yourself in the format provided for in Art. 20 GDPR and to have these sent to you. Excluded from this, however, are such data that we ourselves gain as a result of the processing (so-called processing results).
    6. Right to object to types of processing that are based on Art. 6 Para. 1 Clause 1 lit. f GDPR (Art. 21 GDPR)
      We shall cease the processing of data based on Art. 6 Para. 1 Clause 1 lit. f GDPR should you object to this and your objection should be justified.
    7. Right of Revocation
      You may revoke at any time the consents you have granted us at the time of the contractual conclusion between you and the ONLINE MERCHANT by addressing RATEPAY directly, e.g. by e-mail or telephone. Should you revoke your consent, your data shall no longer be processed based on that consent. The permissibility of the data processing that has taken place based on your consent until its revocation shall not be affected by that revocation, and neither shall the permissibility of data processing based on other legal foundations be affected.
    8. Right to lodge a complaint
      You also possess the right to lodge a complaint to the responsible supervisory authority (Berlin Officer for Data Protection and Freedom of Information).
  12. INFORMATION IN THE CASE OF THE REJECTION OF RATEPAY PAYMENT METHODSHow can there be a rejection?Based on the risk assessment, the ONLINE MERCHANT automatically decides whether to accept or reject your order request.
    It may happen that for your order the RATEPAY payment methods are not available to settle your purchase.
    In addition to creditworthiness reasons, there may also be other reasons:
    – The combination of your name and address could not be found. This can be the case with spelling mistakes, relocations, marriage or relocation.
    – You have entered the different delivery address, Packstation or a company address instead of your registration address as the billing address.
    – The personal purchase limit was exceeded with the order inquiry. This is possible if there are still too many unpaid orders.What can you do in case of rejection?

    If your preferred RATEPAY payment method is not available, you can of course choose an alternative payment method offered by the ONLINE MERCHANT, e.g. payment by credit card.If you believe that the rejection is based, for example, on an incorrect address entry, you can place the order again on the MARKETPLACE and enter the corrected data.If there are still open or unpaid orders, please check and settle them.Contact the credit agencies directly to check whether the data processed there is up to date and correct.
    If the current reason for a rejection is still unclear from your point of view, we are at your disposal. Please use the contact form on our website for your enquiry.