Wirecard Central Eastern Europe GmbH (Wirecard CEE) as well as the companies within the Wirecard Group (including Wirecard AG and its subsidiaries) offer their customers products and services relating to electronic payment transactions. The objective is to allow companies and consumers worldwide to process electronic transactions securely and smoothly. Security and the protection of personal data is one of the most important aspects in the context of handling and processing of payments. This is why the Wirecard Group places particular emphasis on high data protection standards.
As a subsidiary of Wirecard AG, Wirecard CEE processes personal data of visitors to the website as well as personal data of final consumers on behalf of our customers (merchants) when processing payment transactions.
1. Data controller
The data controller within the meaning of the Austrian and EU legislation regarding the protection of personal data is Wirecard Central Eastern Europe GmbH, Reininghausstraße 13a, 8020 Graz.
For all data processed on behalf of the customer (merchant), e.g. payment processing, the customer (merchant) is the controller. Wirecard will refer to the respective customer (merchant) in the event of any queries regarding these data.
2. General Information
On this website, we provide information on the services provided by Wirecard, a contact form as well as a newsletter. Also, we offer our associated customers (merchants) the option of logging into a restricted area to obtain information from different systems about the payments processed by Wirecard.
The General Data Protection Regulation (GDPR) of the European Union and the Austrian Data Protection Amendment Act 2018 (DSG) support the right to the protection of personal data. Wirecard only processes your data based on legal provisions and operates the website in accordance with these provisions (GDPR, DSG, Telecommunications Act 2003).
It is a matter of particular concern to us to protect and securely store all personal data you entrusted us with. This document shall give you more information on how we use and process your personal data.
3. Collection and Processing of Personal Data from Website Visitors
3.1 Anonymous use of the site
Visiting our website is possible without providing any personal data. Data collected automatically will always be made anonymous prior to their storage and usage (see section 3.2 below).
3.2 Non-personal Data collected Automatically (log file information)
When visiting this website, so-called log file information will be recorded - which is a standard procedure on the Internet. This non-personal information is transmitted automatically by your web browser. This information includes in particular: IP address, accessed pages on the website, date and time of the visit, cookies, used browser, operating system of the accessing computer, language setting and transferred data volume. The processing of the log file information is done mainly in order to establish the connection, to ensure system security and for reasons of technical administration.
Also, log file information is exclusively stored and analyzed statistically in an anonymous form, in order to continuously improve this website, to adjust it to the users' interests and to speed up the detection and/or elimination or bugs (see Section 4 below).
Wirecard shall store log file information for security reasons (e.g. in order to clarify cases of abuse or fraud), for a maximum period of seven days, and shall then delete such information. Data which must be stored beyond that period for reasons of evidence are excluded from the deletion until the relevant incident has been clarified.
Wirecard uses both cookies that process personal data and cookies that do not process personal data. In the latter case, processing is done anonymously and no conclusions on the identity of the user may be drawn. In the other case, Wirecard assures a transparent processing of personal data which is compliant with data protection requirements.
For further information on the cookies we use, go to https://www.wirecard.com/privacy-protection/cookies/.
3.4. Collecting and processing our customer's personal data
Some of our websites offer registration and/or login options. In such cases, the following applies:
During registration, we will collect personal data, which is required for your use of our offers as provided for in the contract, e.g. your name, e-mail address and company. We will primarily use such data to process inquiries, orders and contracts concluded with you. Your data will only be processed for other purposes if you have given your consent, or if such processing is permitted by legal provisions.
For the login into restricted areas (e.g. https://www.wirecard.at/haendlerlogin/), we collect and use the data required for your identification, such as user name and password.
3.5. Usage and forwarding of personal data
Your personal data will only be used for the specified purposes, and only to the extent required in order to achieve these purposes. Data will only be forwarded to third parties - if at all - within the limits of the respective statutory provisions. The transmission of personal data to government agencies and authorities shall be carried out only in line with mandatory national law, or if the forwarding is required for purposes of legal or criminal prosecution in the event of abuse or fraud. Forwarding for other purposes - in particular address trading - is excluded.
4. Web Analysis
In order to continuously improve this website, to adapt it to the users’ interests, and to speed up the detection and/or elimination of bugs, log file information (for information on such data, please see section above) are stored under a pseudonym in so-called usage profiles, and is analyzed statistically.
For this web analysis, Wirecard uses technologies from etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg (www.etracker.com) to collect and store data for marketing and optimization purposes. These data are used to create user profiles under a pseudonym. Cookies may be used for this purpose (for information on cookies, see section above). Cookies allow the recognition of the web browser. The IP address is only stored and processed in an abbreviated form, i.e. without the last two blocks of numbers. The data collected with etracker technologies will not be used to personally identify visitors of the website, and will not be merged with personal data relating to the bearer of the pseudonym without the explicit consent of the person concerned. Such data will not be forwarded to third parties. The data will be deleted as soon as storage is no longer required for purposes of web analysis. You may object to the collection and storage of data by etracker at any time with effect for the future under http://www.etracker.de/privacy?et=V23Jbb.
Data processing by etracker GmbH has been examined for data protection conformity and data security. The software complies with the requirements of the “Duesseldorfer Kreis” for the protection of personal data and with the respective European Union ePrivacy regulation. For further information relating to the protection of personal data by etracker GmbH, especially categories of visitor data and storage time, please go to http://www.etracker.com/de/datenschutz.html.
5. Collection and use of personal data
Wirecard processes payment information on behalf of her customers (merchants) as part of payment processing and related services (e.g. risk management). Particularly in its role as a data processor, Wirecard works through its affiliated customers towards compliance with the principle of data efficiency as defined under the German Data Protection Act.
The affiliated customer (merchant) concerned is considered accountable for processed payment data. Sensitive data in particular, such as credit card numbers and account details, are processed as part of payment processing. This data is encrypted and stored in the Wirecard databases in compliance with PCI DSS regulations.
The data processed on behalf of an affiliated customer (merchant) is utilized only for the purpose requested by this customer – e.g. payment processing and risk management. Depending on the contracted service, additional information such as IP geolocation data and credit reports may also be consulted.
Any and all data processed on behalf of a customer will be stored as specified by the customer and also deleted at the customer's request – at the latest, however, following expiry of the legal term. In the event that a customer requests removal of their data before expiry of this term, the data will usually be blocked instead of being deleted.
6. Forwarding of Personal Data to Service Providers
User data are not forwarded to third parties - in particular for the purposes of address trading.
Wirecard may employ service providers to collect and/or process data; for instance, a service provider may be assigned to provide technical support for the website, or to answer contact inquiries. Service providers will only act on behalf of, and according to instructions by, Wirecard (data processing).
7. Data Security
In order to protect stored personal data against accidental or unlawful manipulation, loss, destruction or unauthorized access, Wirecard implements adequate technical and organizational measures. Our security measures are optimized at regular intervals and in line with technological developments.
Wirecard only grants access to personal data to those staff members who require such personal data for their tasks and who are entitled to perform such processing of personal data. As a matter of principle, Wirecard does not transfer any personal data to third parties unless there is a specific legal obligation (e.g. legal proceedings in the event of abuse or fraud).
Personal data which Wirecard obtains from the website (e.g. via the contact form) are transmitted by means of a Digicert certificate (https://www.digicert.com/) and a highly secure encryption over the Internet. Furthermore, access to customer accounts is only possible after entering a personal password.
Wirecard transfers personal data that are collected during a payment process in the course of a transaction to the parties involved in the online transaction only to the extent necessary (e.g. online shop operator, merchant, payment service providers). The subsequent payment processing is carried out by licensed payment service providers (usually banks and credit card companies), which are authorized to perform the respective payment processing and which rely on the correspondingly secure systems.
In addition, when processing credit card details and account specific data, such data are always and exclusively stored in accordance with the rigid PCI DSS regulations („Payment Card Industry Data Security Standard“) in encrypted form and in a data base which can only be accessed by authorized staff. Wirecard uses firewalls to prevent unauthorized access to servers. Servers are located at a safe location to which only authorized staff has access. All staff members and all persons involved in the processing of data are bound to comply with all laws relating to data protection, and to treat personal data confidentially. We would like to point out, however, that unfortunately we cannot assure complete security for transmission of data over the Internet or for unauthorized access by third parties.
8. External Links
The contents of our sites are created with the greatest possible diligence. However, we are unable to assume any liability for the correctness, completeness and actuality of the contents.
Our offers sometimes contain links to external websites of third parties. Neither have we control over the contents of such third party websites nor are we able to assume any liability for the correctness of the contents. Full responsibility for contents offered on a linked site of any particular provider lies with the respective site operator.
9. Your Rights
You are guaranteed the right to anytime obtain access from the respective controller to data relating to you. Unless there is legal obligation to store personal data, you are guaranteed the right to obtain the erasure of such data or to object to the processing of these data. You also have the right to rectification of data, the right to restriction of processing and the right to data portability, as well as to lodge a complaint with the Austrian Data Protection Authority (Wickenburggasse 8-10, 1080 Wien, E-mail: email@example.com).
11. Questions regarding data protection