In accordance with § 4g Paragraph 2 BDSG (German Data Protection Act) the details pertaining to the automatic processing of personal data, as outlined in § 4e BDSG, must be made publicly available in an appropriate form.
1. Responsible Entity: EVO Payments International GmbH
2. Management Board: Nicole Mantow, Thorsten Hinderks, Michael Reidenbach and Darren Wilson
3. Responsible for IT and Data Processing: Michael Reidenbach
4. Data Protection Officer: Stephan Schmitz
5. Address: Oppenheimstrasse 11, 50668 Cologne, Germany, Phone: +49 221 99577-0
6. Purpose of the collection, processing and usage of data: As an international acquiring and payment service provider, EVO Payments International GmbH processes order and transaction data for e-commerce, mail order and stationery (bricks-and mortar) companies (point-of-sale) in accordance with § 11 of the BDSG.
Order and transaction data processing: processing and use of data as contractor within the terms of service and individual contracts; data processing for own purposes only for administrative and for contract and order processing and settlement with contract principals.
7. Persons affected: Personal data relating to the following persons – inasmuch as they are natural persons – are processed insofar as they are required for the purposes described in Number 6 above: Data provided by the contract principals relating to
– Customers of the principal
Data for the processing for own purposes relating to
– Contract principals (exclusively corporate information)
– Prospective customers / non-customers ( exclusively corporate information)
– Job applicants / employees / former employees
– Suppliers / service providers (e.g. letter shops)
8. Data or data categories: The data categories received -after checking the legality of the data transfer- are:
– Address data
– Additional data, depending on the content of the order
The data categories for the processing for own administrative and order processing and settlement are:
– Address and communication data
– Employee data
9. Recipient of data or categories of data:
– Internal organisational units involved in the execution of the relevant business processes.
– External contractors (service providers) through sub-contractual relationships
– Contract principals
10. Safekeeping periods and deadlines for data deletion:
Numerous safekeeping periods and obligations are defined by law (HGB [Commercial Code], AO [Basic Tax Code] etc.). All data is deleted once the corresponding safekeeping periods and deadlines expire inasmuch as the data is not required for contractual fulfilment (e.g. service contracts or for order processing). Inasmuch as data is not relevant to the above, it is deleted in accordance with data protection practice or it is returned to the principal if the purposes as defined in Number 6 cease to apply.
11. Planned data transfer to third countries: Data is not transmitted to other countries