Privacy

Privacy Policy for the Processing of Personal Data Related to the Use of “viacash”

Above all, the protection of data also means protecting your privacy. We, the Cash Payment Solutions GmbH (hereinafter referred to as “CPS”), respect your privacy, which is why we committed ourselves to protect and safeguard it. To achieve this goal, we strictly observe legal regulations when processing your personal data. Our handling of personal data is based on this principle.

To learn more about our approach to handling your personal data, please read the following information carefully and take note of it.
In particular, the following provides an overview of the way personal data is processed when using this website (Section 1) and also when using the “viacash” product (Section 2). Finally, we would like to inform you regarding a few general points on data protection (Point 3) that apply to both our website and the product.

1. Data processing when using the website

The contact person and data controller for processing your personal data when you visit this website in accordance with the basic EU General Data Protection Regulation (GDPR) is

Cash Payment Solutions GmbH
Wallstr. 14a
10179 Berlin
Germany
Tel.: +49 30 – 346 46 16 – 00
Fax: +49 30 – 346 46 16 – 01
Email: security@viacash.com (PGP-Key)

If you have any questions regarding data protection when using our website, please do not hesitate to contact our data protection officer. He can be reached at the above postal and email address (first line: “For the attention of the data protection officer”)

1.1 Accessing our website/access data

Every time you use our website, we collect the access data that your browser automatically transmits in order to make your website visit possible. The access data includes in particular:

• the IP address of the requesting device,
• the date and time of the request
• the address of the called website and the website from which it was called,
• information about the browser and operating system used,
• online identifiers (e.g. device IDs, session IDs).

It is necessary to process this access data in order to enable the website visit and to guarantee the constant functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above; this is done to compile statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices accessing our site increases) and to maintain our website in an administrative sense. The legal basis is Art. 6 (1) (1) (b) GDPR.

The information stored in the log files is stored for 14 days and archived after subsequent anonymisation.

1.2 Contact

You have various possibilities to contact us. These include the general contact form or contact options for business customers. We process data in this relation exclusively for the purpose of communication with you. The legal basis is Art. 6 (1) (b) GDPR.
The data we process when you use the contact forms will be stored for 30 days after your request has been fully processed; this is done for allocation reasons in case you have any queries about our answer/processing and will be automatically deleted at the end of the 30 days, unless we still need your request to fulfil contractual or legal obligations (see section “Storage period”).

1.3 Applications

You can use the email address jobs@viacash and use the contact form in our career section to send us your application. The purpose of data processing is the selection of applicants for employment.
The legal basis for processing your application documents is Art. 6 (1) (1) (b) and Art. 88 (1) GDPR in conjunction with Section 26 (1) (1) of the German Federal Data Protection Act (BDSG).

1.4. Use of our own cookies

For some of our services, it is necessary for us to use cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or download viruses onto your computer. Rather, the main purpose of our cookies is to provide a website that is tailored to your needs and to make the use of our services as time-saving as possible.

Most browsers are set to accept cookies by default. However, you can set your browser to refuse cookies or only save them after your prior consent. If you refuse cookies, our website may not function entirely smoothly for you.
We use our own cookies in particular

• to save your language settings,
• to note that information placed on our website has been displayed, so that it will not be displayed again the next time you visit the website.

We use cookies to make the use of our website more comfortable and individual for you. These services are based on our aforementioned legitimate interests; the legal basis is Art. 6 (1) (1) (f) GDPR. We also use cookies and similar technologies (e.g. web beacons) from partners for analysis purposes. These are described in more detail in the following sections.

2. Data Processing when using the “viacash” Product

“viacash” offers many possibilities: for example, it allows you to shop online, pay bills or do your banking. Depending on the area of application and the type of processing, the legal responsibility for data protection may lie with our partners or with us:

When entering mobile phone numbers in the web portal “viacash.com” to request barcodes for cash payments via retail outlets, the contact person and data controller for processing your personal data within the meaning of the GDPR is Cash Payment Solutions GmbH, Wallstr. 14a, 10179 Berlin, Germany. CPS acts in this respect in its own name and under its own responsibility. This also applies to the entry of email addresses and mobile phone numbers, which you must provide to some of your contractual partners for the use of “viacash” on a separate checkout page. CPS also acts in its own name if the email address and mobile phone numbers are transferred to CPS by the contractual partners in order for you to receive the cash payment slip or pay-out slip, unless the contractual partner is explicitly the controller (CPS is then a so-called contract data processor).

When providing personal data (in particular name, address, email address, mobile phone number) for carrying out checks under money laundering law, the contact person and data controller for processing your personal data within the meaning of the GDPR is GRENKE BANK AG, Neuer Markt 2, 76532 Baden-Baden, Germany (“GRENKE BANK”).
In this case, CPS acts as a contract data processor. This also applies in the case of bank details, which you can enter at the web portal “viacash.com” in order to receive a repayment to your account using “viacash”. If CPS is responsible, you can contact our data protection officer at any time. He can be reached at the above postal address and at the email address: security@viacash.com (first line: “For the attention of the data protection officer”)

If GRENKE BANK is responsible, you can contact us at any time at datenschutz@grenkebank.de (keyword: “For the attention of “viacash”). If your contractual partner is responsible, please refer to its Privacy Policy to find out its data protection officer’s contact details. If you are not sure of your correct contact with regard to data protection, please contact CPS and we will forward your request, if necessary.

2.1 Use of “viacash”

When using “viacash”, personal data is entered (in particular email address, mobile phone numbers and account details) and processed by your contractual partner (online shop or other company at which you have made your purchase/order and at which you have chosen the “viacash” payment method), GRENKE BANK and us in compliance with the data protection laws in every case. Your data will only be processed to the extent necessary for the implementation of the “viacash” payment method, for the purpose of sending you information by SMS and/or email in accordance with the descriptions below or to comply with regulatory provisions, and in particular money laundering regulations.

• In order to receive a payment slip via email for the “viacash” payment method, your email address is required. CPS will then send you the “viacash” payment slip (“payment slip”) or pay-out slip (“pay-out slip”) to the email address provided. The legal basis is Art. 6 (1) (1) (b) GDPR.

• Your mobile phone number is required if you would like to receive a barcode as an SMS instead of presenting a (also printable) payment slip or pay-out slip at a viacash partner’s retail checkout. If you enter your mobile phone number on the order process checkout page in the appropriate input mask and click on the field “SEND SMS”, or if you click on “Code via text message”, your mobile number will be sent to CPS. The legal basis is Art. 6 (1) (1) (b) GDPR.

• CPS and/or GRENKE BANK will also use your email address and mobile phone number to statistically record the frequency and manner of “viacash” usage in connection with an evaluation of the total use of “viacash” for market research purposes and for creating product information tailored to your needs (if you request this, see next section), whereby these statistical results are only used by CPS and/or GRENKE BANK, and not by other third parties. The legal basis is Art. 6 (1) (1) (f) GDPR, based on the aforementioned interests of CPS and GRENKE BANK

• In the event that you have agreed to receive individually tailored product information from CPS by checking the corresponding box on the checkout page, CPS will save the mobile phone number and email address you enter on the checkout page and will also use it in future to send you information and offers via SMS and/or email about CPS and its products as well as those of third parties with whom CPS maintains a business relationship (cooperation partners), which is individually tailored to you and your interests. To this end, CPS will evaluate and analyse the data it receives from the online shop or another company from which you have made purchases or ordered services and paid for with “viacash”; this may include information regarding i) the “viacash” transaction ii) the online shop or other company or iii) at which retailer you redeemed your payment slip at what time. It is made clear that CPS will never transfer your mobile phone number and email address to these or any other third parties, except to comply with regulatory provisions, and in particular money laundering regulations. The legal basis for this is Art. 6 (1) (1) (f) GDPR.

• CPS may also transfer your mobile phone number and/or email address to GRENKE BANK for compliance with money laundering regulations. The legal basis is Art. 6 (1) (1) (b) GDPR.

• Your bank details are required if you have chosen the option of bank transfer for the refund of an amount paid via “viacash”. For this purpose, CPS will share your bank details with GRENKE BANK so that GRENKE BANK can carry out the transfer to you. The legal basis is Art. 6 (1) (1) (b) GDPR.

2.2 Transfer of data when using “viacash”

CPS will transfer your personal data that is stored by the contractual partner (in particular name, address, email address, mobile phone number) to GRENKE BANK at their request. GRENKE BANK is entitled to this requirement insofar as it is necessary to fulfil its regulatory obligations, in particular obligations under money laundering law.

To dispatch “viacash” payment slips or pay-out slips and send information, CPS works with the email service provider The Rocket Science Group, LLC675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308, USA (“The Rocket Science Group”) and Mailjet GmbH, c/o Workrepublic, Berliner Allee 26, 40212 Düsseldorf, Deutschland (“Mailjet”). Mailjet uses only European data centres, while The Rocket Science Group has servers in the USA. In the event the personal data is transferred to the US, The Rocket Science Group has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework. Further information on data protection can be found in the Privacy Policy of The Rocket Science Group and the Security & Privacy information of Mailjet.
To dispatch “viacash” payment slips or pay-out slips and send information, CPS works with the email service provider Michael Kloppe, Uhlandstraße 11, Insingen (“Kloppe Media”) and CM Telecom Germany GmbH, Mainfrankenpark 53, 97337 Dettelbach, Deutschland (“CM Telecom”). Kloppe Media and CM Telecom only use European data centres. Further information on data protection can be found in the Privacy Policy of Kloppe Media and the Privacy Policy of CM Telecom.

2.3 Storage period for “viacash”

In the event that you have entered your email address and/or mobile phone number when ordering goods and services, your email address and/or mobile phone number will be stored by CPS for a period of two years after purchase and receipt of the goods; this is done to make it possible to create a corresponding personal reference in the event of a possible return of goods to the seller and refund of the purchase price via “viacash”.
If the seller or service provider does not have the right to return the ordered goods or services, your email address and/or mobile phone number associated with the order will be deleted immediately after the payment form has been redeemed or cancelled. The same applies to redeemed or cancelled pay-out slips.

2.4 Analysis of usage data for “viacash”

We would also like to point out that we compile statistics on the usage behaviour of our email notifications. This is done with the help of small graphics embedded in the messages (called pixels). If you do not want your usage behaviour to be analysed, you can deactivate graphics in your email program by default.
For more information, see the instructions for Microsoft Outlook as well as Mozilla Thunderbird. In this case, however, messages will not be displayed in their entirety and you may not be able to use all functions.

3. General information

The following information applies both to data processing on the website and to the use of the “viacash” product.

3.1 Storage duration

In principle, we only store personal data for as long as necessary to fulfil the contractual or statutory obligations for which we have collected the data. After this period has ended, we delete the data immediately, unless we need to store the data until the end of the statutory limitation period for purposes of evidence for civil law claims or due to statutory retention obligations.

3.2 Transfer of data

The data we collect will only transferred if:

• you have given your express consent pursuant to Art. 6 (1) (1) (a) GDPR,
• the transfer pursuant to Art. 6 (1) (1) (f) GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have a prevailing legitimate interest in not disclosing your data,
• we are obligated to the transfer pursuant to Art. 6 (1) (1) (c) GDPR, or
• it is legally permissible and pursuant to Art. 6 (1) (1) (b) GDPR is required for the processing of contractual relationships with you or for carrying out contractual measures.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this data protection declaration, this may include in particular consulting firms. If we transfer data to our service providers, they may only use the data to fulfil their tasks. We have carefully selected and commissioned these service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are regularly checked by us. In addition, data may be transferred in connection with official inquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.

3.3 Your rights

You have at any time the right to request information about the processing of your personal data. In accordance with this information provision, we will explain our data processing to you and provide an overview of the personal data concerning you that we store. If any of your personal data is incorrect or out of date, you have the right to have this data rectified. You may also request that your data be deleted. If, in exceptional cases, deletion is not possible due to other legal regulations, the data will be blocked so that it is only available for this legal purpose. You can also have the processing of your data restricted, e.g. if you believe that the data is incorrect. You also have the right to data portability, i.e. you can request a digital copy of the personal data that you have provided.
To exercise your rights as described here, you can always contact the controller at the contact details above. This also applies if you wish to receive copies of guarantees that prove an adequate level of data protection.
In addition, you have the right to object to data processing based on Art. 6 (1) (e) or (f) GDPR. Finally, you have the right to complain to the competent data protection supervisory authority. You may exercise this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged breach. The responsible supervisory authority for Berlin, the headquarters of CPS is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.

3.4 Right to revocation and objection

Under Art. 7 (2) GDPR, you have the right to revoke the consent you have previously given to us at any time. This will prevent us from continuing the data processing based on this consent with future effect. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. If we process your personal data on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR and cite reasons stemming from your particular situation and which in your opinion indicate that you have predominating interests that are worthy of protection.

If you object to data processing for direct marketing purposes, you have a general right of objection, which we will implement without you having to provide reasons.

If you would like to exercise your right of revocation or objection, please send an indication of this in any form to the contact details listed above.

3.5. Data security

We employ up-to-date technical measures to ensure data security, in particular to protect your personal data from dangers during data transfers and to prevent it from becoming known by third parties. These are adapted accordingly to the current state of the art.
To secure the personal data you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

3.6 Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Google Analytics uses cookies, text files that are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about the use of this website by the site visitor is transferred to a Google server in the USA and stored there. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR. However, if IP anonymisation is activated on this website, your IP address will be abridged in advance by Google within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and abbreviated there. IP anonymisation is active on this website. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website and internet usage.

The IP address provided by your browser in the context of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that you may not be able to fully utilise all the functions of this website in this case. In addition, you may prevent Google from transmitting and processing the data (including your IP address) generated by the cookie and your use of the website (including your IP address) by clicking on the link below and downloading and installing the available browser plugin: https://tools.google.com/dlpage/gaoptout?hl=en

As an alternative to the browser plugin or for browsers on mobile devices, you can click the following link to set an opt-out cookie; this will prevent Google Analytics from collecting any further data when using this website (this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click on this link again): Disable Google Analytics

3.7 Changes to the Privacy Policy

We may update this Privacy Policy from time to time, for example when we adapt our website or when legal or regulatory requirements change.