Privacy Protection

DATA PRIVACY STATEMENT

In the following, we would like to inform you about the processing of personal data during a visit on our websites, and, in particular, provide you with the information laid down in Articles 13 and 14 of the EU General Data Protection Regulation (GDPR).

1. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER AND THE CONTROLLER'S REPRESENTATIVE

Computop Wirtschaftsinformatik GmbH
Schwarzenbergstraße 4
96050 Bamberg, Germany

Phone +49 (0)951.98009-0
Fax +49 (0)951.98009-20
info(at)computop.com 

Represented by the managing directors:
Frank Arnoldt, Ralf Gladis, Stephan Kück

2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

Computop has appointed an external data protection officer. However, in case you should have data privacy related questions or requests, please always primarily contact Computop directly at:

legal(at)computop.com. 

This way, your request can be answered the quickest and most direct. Computop has also employed in-house staff with the necessary expertise in data protection law. In case of need, the external data protection officer will be consulted.

The contact details of Computop’s external data protection officer are:

DPO Service GmbH,
Bethmannstraße 50-54,
60311 Frankfurt am Main, Germany

Datenschutz(at)DPOservice.de

The DPO Service GmbH is a corporation, founded by the law firm Baker & McKenzie for the purpose to be able to offer the appointment of an external data protection officer as a service.

 

3. DATA PROCESSING OPERATIONS, PURPOSES OF THE PROCESSING AND LEGAL BASIS OF THE PROCESSING


On our websites, data is processed for the following purposes, to the following extent and on the following legal bases:

3.1 Web server logs

During your visit our websites, the web server (meaning the server on which our websites are located) automatically collects certain data about your visit on our websites. These include, for example, your IP address, date and time of your visit, the website you visited before, the sites on our website you looked at and your activities performed there, the amount of data transmitted, the duration of data transmission, the operating system used by you, the browser used by you, details on your internet provider as well as details on cookies potentially set by our website.

This information will, on one hand, be used in cases of a system misuse in order to investigate, in collaboration with your internet provider and/or the responsible authorities, who is the author of this misuse.

Furthermore, the web server logs are being used for analyzing the user behavior on our websites in order to optimize our websites, as well as for analyzing if a user has become aware of Computop via an advertisement on the internet. In this context, the services Google Analytics and Google Adwords are being used which we’ll explain in detail in the section „Recipients of personal data“. There you will also find information about your options to object in this context.

Web server logs will only be stored together with other personal data of the user in cases where this is necessary for the respective purpose. This shall, in particular, apply to the following cases: Provided that some of our websites require a log-in, in this context the user name of the respective user will be stored together with the web server logs in order to be able to facilitate and trace the log-in. Moreover, storage of web server logs together with other personal data may be necessary in cases in which our websites require the submission of electronic consents. Furthermore, storage of other personal data together with web server logs takes place for the purpose of technical steering of payment transactions via the Computop Paygate. Details are described in the section „Data processing in the Computop Paygate”.

Legal basis: Article 6 Section 1 Sentence 1 lit. f GDPR or, for the data processing in the Computop Paygate, Article 6 Section 1 Sentence 1 lit. b GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR: Investigation of potential system misuses, analysis of user behavior for the purpose of optimizing our website, analysis if users have become aware of Computop via advertisements on the internet, facilitation and traceability of log-ins, documentation of potentially given electronic consents.

3.2 Cookies

Some of our websites are using so-called cookies. Cookies are small text files which are stored on your device in the directory of the browser being used as soon as you visit the respective website. They serve the purpose to make our website more user-friendly and more effective. Our own websites are only using so-called „session cookies“ which are automatically being deleted as soon as you close your browser.

However, during your visit on our websites, also cookies by third parties may potentially be placed which may possibly be persistent cookies that are not deleted after you have closed your browser, but which may help to recognize you as a visitor at a later time. The purpose of such cookies is analyzing the user behavior on our websites in order to optimize our websites, as well as analyzing if a user has become aware of Computop via an advertisement on the internet. In this context, we are using the services Google Analytics and Google Adwords which we’ll explain in detail in the section „Recipients of personal data“.


In case you do not want to allow the placement of cookies, you have the option to deactivate the acceptance of cookies in your browser. In this case, you will still have access to the largest part of our websites; however, it may happen that you will not be able to fully use all functions of our websites.

Legal basis: Article 6 Section 1 Sentence 1 lit. f GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR: More user-friendly and more effective design of our website.

3.3 Contact via email or a contact form

Our websites provide you with the opportunity to contact us via the email addresses available on our website or via various contact forms. The personal data you are disclosing to us in this context will be processed for correspondence with you and for the purpose for which you have provided us with the data.

Legal basis: Depending on the content of the request, different legal bases may be applicable, in particular Article 6 Section 1 Sentence 1 lit. b, c or f GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR: Making it possible to contact us via email or a contact form.

3.4 Service Agreements, Online-Shop and Boarding-Forms

If you chose to enter into a service agreement with us or place an order in our online-shop, personal data you are providing in this context will be processed for the purpose of the conclusion and performance of the agreement with the company on behalf of which you are acting, or, in exceptional cases, the agreement with you personally, as well as for the purpose of communication with you and the company on behalf of which you are acting. The same shall apply if you are being lead to our boarding-form subsequent to a placement of an order in our online-shop or have been provided with a link to our boarding-form subsequent to the conclusion of an agreement whithout using our online-shop and are providing information there. Our boarding-forms serve to select single services after the placement of an order or the conclusion of a service agreement, or the adjustment of single services ordered (e.g. ordered bundles which subsequently need to be customized to the individual needs of the client) as well as the configuration of the connection to the Computop Paygate in general. Information which is being submitted within these boarding-forms also serve the performance of the agreement with you or the company on behalf of which you are acting.
Legal basis: Legal basis, in case you are acting on behalf of a company, is Article 6 Section 1 Sentence 1 lit. f GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR: Conclusion and performance of the agreement between Computop and the company on behalf of which you are acting. If, in an exceptional case, the conlusion of an agreement between Computop and you personally is being concerned, legal basis is Article 6 Section 1 Sentence 1 lit. b GDPR.

3.5 Data processing in the Computop Paygate

As its central service, Computop offers to merchants and other bodies (merchants and other bodies will hereninafter be called „clients“) the connection to the Computop Paygate, a payment platform developed and operated by Computop which facilitates the technical steering of payment transactions from different channels, e.g. for payments on the internet or in online shops (e-commerce), for payments by using mobile devices such as smartphones or tablets, e.g. by way of in-app-payments (m-commerce) or for payments via POS-terminals (point-of-sale terminals, e.g. in cash desk surroundings, via mobile terminals or at machines). Technically being steered are such payments which are made by payers to our clients who are connected to the Computop Paygate. The Computop Paygate currently offers more than 335 national and international payment methods and acquirer connections, e.g. credit cards, debit cards, e-wallet systems (e.g. PayPal), direct debiting, online bank transfer, advance payment, purchase on account, instalment payments and much more. Furthermore, the Computop Paygate supports several fraud prevention methods. Through the modules Computop Analytics and Computop Reporter, Computop’s clients have access to the data relevant for them from the payments technically steered on their behalf, and they are provided with tools for the analysis of payments from all channels and payment methods as well as for the optimisation of turnovers (e.g. through visualized status reports, reviews and comparisons). If a person (e.g. a customer) is making a payment towards one of our clients (e.g. in an online shop), he or she will, during the payment process, potentially be forwarded to a payment form hosted by Computop (the so-called Hosted Payment Page). The Computop Paygate with its modules Computop Reporter and Computop Analytics as well as the component Hosted Payment Page, as described above, will hereinafter collectively be referred to as „Computop Paygate“.

Computop provides its clients with a connection to the Computop Paygate by way of a data processing on behalf of the Controller according to Article 28 GDPR. Provided, you are connected to the Computop Paygate as a client, you have the possibility to request from us the legally required data processing agreement according to Article 28 GDPR including a description of Computop’s technical and organizational after Article 32 GDPR. In this regard, please contact: legal(at)computop.com.

For the data processing in the Computop Paygate, Computop has taken technical and organizational measures on a very high security-level. Computop is certified after the Data Security Standard of the Payment Card Industry (PCI-DSS) and in this context periodically undergoes strict external audits of its technical and organizational measures. For details, we refer to the very extensive catalogue of assessment criteria of the PCI Data Security Standard which is in its most recent version available on the website of the PCI Security Standards Council (https://www.pcisecuritystandards.org). This catalogue of assessment criteria clearly demonstrates in which comprehensive manner the technical and organizational measures at regularly being certified at Computop.

During data processing in the Computop Paygate, independent web server logs are being written which are kept separately from the general web server logs. All data bases of the payment division and, therefore, also the corresponding web server logs are, in accordance with the requirements of the PCI-DSS, being located in a separate and highly encrypted area of our servers. Web server logs from the Computop Paygate will only be stored together with other personal data of the user in cases where this is necessary for the respective purpose. This applies, in particular, to the following cases: Provided that during the data processing a log-in is required (in particular for Computop Analytics and Computop Reporter), in this context the user name of the respective user will be stored together with the web server logs in order to be able to facilitate and trace the log-in. Furthermore, the web server logs of the Computop Paygate contain the name of the specific service which is being used. Moreover, storage of web server logs together with other personal data is also necessary for the purpose of technical steering of payment transactions via the Computop Paygate. The data from the web server logs are, in this context, stored in the single payment transactions together with the other data of a payment, in order to be able to technically steer the payments on behalf of the respective client and also to ensure the subsequent traceability. In addition, follow-up actions such as chargebacks or credits are made possible that way. Depending on what a client has specifically ordered at Computop, some data from the web server logs may also be used for the purpose of fraud prevention within the extent permitted by law.

In the Computop Paygate’s modules Computop Analytics and Computop Reporter which allow clients access to the payment transactions processed on their behalf, session cookies are being placed. The functioning of session cookies and your options to object in this context are being explained in the section „Cookies“.

On the payment form (Hosted Payment Page), on the other hand, as a standard no cookies are being placed. However, Computop’s clients have the possibility to adapt the payment form according to their needs or use their own payment form. Thus, it is possible that the adapted payment page may potentially place cookies. The responsibility for adapted payment pages always lies with the client to whom the payment was made; in this regard, we refer you to the data privacy statement of the respective client. In general, the following applies: The data privacy statement of our respective client applies as long as the payer is, before initiating a payment, still on the client’s websites (e.g. in an online shop or in the shopping basket there) or on a potentially used own payment form of the client. Computop’s data privacy statement will not apply until the point in time when the payer actually changes from the client’s website to Computop’s websites (to the payment form there, the Hosted Payment Page) and the payer has received from Computop′s client a notice according to Section 13 Subsection 5 of the German Telemedia Act (TMA) concerning the redirection from one service provider in the meaning of the TMA to another service provider in the meaning of the TMA. As a summary, this means that for the payment form, depending on the respective setup, either the client’s data privacy statement or Computop’s data privacy statement may apply.

Analyses of user behavior are not being performed in the Computop Paygate, its modules Computop Analytics and Computop Reporter as well as on the payment form (Hosted Payment Page).

Legal basis: For the technical steering of payment transactions on behalf of clients, the legal basis is Article 6 Section 1 Sentence 1 lit. b GDPR in conjunction with Article 28 GDPR; apart from that, e.g. regarding the placement of cookies, the legal basis is Article 6 Section 1 Sentence 1 lit. f GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR (with regard to to cookies): More user-friendly and more effective design of our website.

3.6 Marketing activities

In cases we are contacting you for marketing purposes (e.g. via email, telephone or postal mail), you have the opportunity to object to the use of your data for marketing purposes at any time with effect for the future by sending an email to marketing(at)computop.com or, in case of marketing via an e-mail-newsletter, by clicking on the link included there for this purpose.

Legal basis: Legal bases for marketing activities can either be Article 6 Section 1 Sentence 1 lit. a GDPR or Section 7 of the German Act Against Unfair Competition.

3.7 Job applications

Moreover, you have the possibility to apply via email to the job offers that are  available on our website. Your personal data which you are providing us with in this context will be processed for the performance of the application process and, in case of a possible employment, for the performance of the employment relationship.

You have the option to use WhatsApp in order to address questions regarding job offers to the human resources department. At Computop, the use of WhatsApp is limited to the human resources department and takes place on a separate device which is exclusively being used for this purpose and on which solely contact data of applicants is being stored who are proactively contacting Computop via WhatsApp. Conversations which have been completed are immediately being deleted after their completion.

Legal basis: Article 6 Section 1 Sentence 1 lit. b GDPR or Article 88 GDPR in conjunction with Section 26 Subsection 1 Sentence 1 of the German Federal Data Protection Act of June 30, 2017 (FDPA-new).

4. RECIPIENTS OF PERSONAL DATA


Most of our websites are being located on Computop’s own servers, however, in some cases, we are making use of the services of third parties. In this context, we are complying with the strict statutory requirements and are designing the contractual relationships with the respective providers in accordance with the applicable statutory provisions on data protection.

4.1 Hosting of Computop’s Web Presence

Computop’s general web presence including the online-shop is externally being hosted by Amazon Web Services EMEA SARL, 5 Rue Plaetis, 2338 Luxembourg, Luxembourg and exclusively on servers in Frankfurt am Main. Computop has concluded the legally required data processing agreement after Article 28 GDPR with Amazon Web Services.
In addition, single web-forms on Computop’s web presence are externally being hosted by the provider JotForm.com. Computop has chosen the provider’s so called „EU Safe Mode“ for these hosting services where data is located in Europe, precisely in two data centers in Germany (Frankfurt am Main and Nuremberg). Direct contractual partner, however, is JotForm Inc., 111 Pine St. Suite 1815, San Francisco, CA 94111, USA, but JotForm guarantees that no data transfers to the US and to other countries outside of Europe as well as no data accesses from the US and from other countries outside of Europe are taking place. Computop has concluded a data processing agreement with JotForm which complies with the requirements of Article 28 GDPR and also contains the EU Standard Contractual Clauses (while for the EU Standard Contractual Clauses there is actually no scope of application left since data processing is exclusively taking place within Europe). The web-forms which are currently being hosted by the provider are our bording-forms for the boarding of clients following orders in the online-shop or following service agreements that have been made outside of the online-shop. Our boarding-forms serve the selection of single services after the placement of an order or the conclusion of a service agreement or the adjustment of single services ordered (e.g. for ordered bundles which subsequently need to be customized to the individual needs of the client) as well as the configuration of the connection to the Computop Paygate in general. Information which is being submitted in these forms merely concern the general contractual relationship with clients of Computop. The data processing in the Computop Paygate itself is, however, not concerned. The latter exclusively takes place on Computop-owned servers.
From external hosting generally excluded are the entire data processing in the Computop Paygate and therefore also all web-based parts of the Computop Paygate. These are certainly linked on the general web presence of Computop, but they are being located on Computop-owned servers. This particularly means that clients of Computop which arrive at a login page for their access to the Computop Paygate via the Computop website, are already staying on Computop-owned servers on the login page itself, which means already prior to logging-in.
Legal basis: Legal basis for the external hosting of the web presence are Article 6 Section 1 Sentence 1 lit. f GDPR in conjunction with Article 28 GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR: Economic considerations of Computop.

4.2 Google Analytics: Analysis of user behavior for the purpose of optimizing our websites

On some of our websites, we are using the service „Google Analytics“ by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“) in order to be able to statistically evaluate the user behavior of the visitors of our websites and through this to be able to optimize our website accordingly. During your visit on our websites, a cookie is being placed on your device by Google Analytics which allows the analysis of your use of the website. The information generated by the cookie about your use of this website will usually be transferred to a Google server in the USA and be stored there. For our use of Google Analytics, we have activated the IP anonymisation, which means that your IP address will be will be abbreviated by Google within member states of the EU or EEA beforehand. Only in exceptional cases, the full IP address will be transmitted to a Google server in the USA and be abbreviated there. On behalf of the owner of this website, Google will use this information in order to evaluate your use of the website, to compile reports about the website activities and to render further services to the website owner associated with website use and internet use. Google will potentially also transfer this information to third parties, provided this is legally required or third parties are processing these data on behalf of Google. The IP address which in connection with Google Analytics is transmitted by your browser will not be merged with other Google data.

Further information on Google Analytics you will find on the websites of Google at www.google.com/intl/de/analytics/privacyoverview.html.

You can object to the use of this service by downloading and installing the extension for web browsers offered by Google for this purpose (so-called browser add-on or browser plug-in) at tools/google.com/dlpage/gaoptout through which data collection by Google Analytics and the processing of these data by Google can be disabled, or you have the option to deactivate the acceptance of cookies in your browser.

Legal basis: Article 6 Section 1 Sentence 1 lit. f GDPR in conjunction with Article 28 GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR: analysis of user behavior for the purpose of optimizing our website.

4.3. Google AdWords: Measuring the success of advertisements

In addition, we are using the service „Google Adwords” by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”) in order to win new visitors via Google advertisements and in order to be able to measure the success of these advertisements. For this purpose, we have defined some search keywords in Google AdWords which are tailored to the offers of our company. In case you enter one of these search keywords at Google, an advertisement from Computop may appear during a Google search. If you are entering our website via such a Google advertisement, a cookie is being placed on your device by Google AdWords. Through this cookie, the measurement of the success of our advertisements is made possible. You will find further information on Google AdWords on Google’s websites at support.google.com/adwords/.

You can object to the use of this service by choosing the corresponding settings at www.google.com/ads/preferences or by deactivating the acceptance of cookies in your browser.

Legal basis: Article 6 Section 1 Sentence 1 lit. f GDPR in conjunction with Article 28 GDPR. Legitimate interests of Computop according to Article 6 Section 1 Sentence 1 lit. f GDPR: Analysis if users have become aware of Computop via advertisements on the internet.

4.4 Social Bookmarks: Links to our social media profiles

Our websites also contain so-called social bookmarks. These are links to our profiles in various social media networks. The links are each marked with the logo of the respective network. They are not so-called social plug-ins („plug-ins“). As Computop places utmost importance to the protection of your privacy, we have consciously decided against the use of plug-ins but rather for the use of links. During your visit on our websites, no direct connection will be established to the servers of the respective network operator and thus no information as described above in section “web server logs” will be transferred to the web servers of the respective network operators. The operators of the social networks will not gain knowledge that you are visiting our websites. Anything else only applies in case you click on one of the links to the social networks. With the information your webserver automatically sends to the servers of the network operator, the network operator will be able to recognize that you visited our website before. In case you have an account at the respective social network and are currently logged in, the network operator will be able to connect this information with the information held in your account. For information on the further processing and use of the data by the respective network operator, as well as your corresponding rights and configuration options for the protection of your privacy, please consult the data privacy notices of the respective network operator.

Legal basis: No legal basis required since no data processing is taking place on the website of Computop when links are made available.

4.5 YouTube videos in extended data protection mode

On our websites, we are also integrating videos which are located on the platform YouTube by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA („YouTube”), an affiliate of Google LLC and represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”). These integrated videos are so-called plug-ins of the social network YouTube and thus small websites from YouTube within our websites. We are consciously integrating these YouTube videos in the so-called „extended data protection mode“. According to information provided by YouTube, this method of integration has the effect that YouTube does not initially place cookies when someone simply takes a look at Computop’s websites, and thus does not record the user behavior of the visitor of our website. Only from the time when the respective visitor clicks one of the videos, this may trigger further data processing operations by YouTube (such as the analysis of user behavior in order to personalize video recommendations) on which Computop has no influence. For further information on data protection at YouTube, we refer to YouTube′s data privacy statement at youtube.com/t/privacy_at_youtube.

Legal basis: No legal basis required since no data processing is taking place on the website of Computop before a video has been clicked.

5. DATA TRANSFERS TO COUNTRIES OUTSIDE THE EU OR THE EEA

 

If, in exceptional cases, e.g. associated with the use of third party services such as Google Analytics and Google AdWords (see above) we are transferring personal data in countries outside the EU or the EEA, we will comly with the strict statutory provisions on data protection in this context.

6. PERIOD OF STORAGE


The following criteria will apply for determining the period of storage of personal data which has been collected via our website:

6.1 Discontinuation of the purpose

Personal data are being stored as long as they are necessary for the fulfilment of the purposes for which they were collected or processed. They will be deleted as soon as the purpose ceases to exist.

6.2 Statutory retention periods (minimum retention periods determined by law)

Personal data may, even after the discontinuation of the purposes for which they have been collected or processed, still be stored if Computop has to comply with statutory retention periods. Statutory retention periods are minimum retention periods determined by law. In these cases, personal data will be deleted after the expiry of the statutory retention periods.

6.3 Statutory deletion periods (maximum retention periods determined by law)

Personal data will always be deleted in due time before the expiry of statutory deletion periods. Statutory deletion periods are maximum retention periods determined by law.

6.4 Longer retention in exceptional cases

In exceptional cases, personal data may in compliance with the applicable statutory provisions be retained for a longer period (e.g. if this is necessary for the establishment, exercise or defence of legal claims).

7. YOUR RIGHTS

 

In order to exercise your legal rights to access, rectification,erasure, restriction of processing, objecrtion and data portability, please contact

legal(at)computop.com.

You will have the aforementioned rights if the underlying statutory requirements are fulfilled.

You will have a right to objection, in particular

•    if the data processing is based on a consent,
•    if the admissibility of the data processing (including a potential profiling) is based on a weighing up of interests and there are reasons against the data processing arising out of your personal situation, or
•    if a data processing for direct marketing purposes or a profiling related to such marketing are being concerned.

Furthermore, you have the right to lodge a complaint with a responsible supervisory authority.

8. OTHER

Provided that, in the individual case, the provision of personal data is legally required or necessary for the performance of a contract with you, we will, in case of need, point that out to you during our communication with you, and we will also point out if you are obliged to provide the personal data or if this is optional, as well as which consequences a non-disclosure might have. It may happen, for example, that the non-disclosure of personal data will have the possible consequence that requests cannot be answered or only incompletely answered (e.g. in the context of exercising the rights of the data subject), or that the conclusion of a contract with Computop is not possible.
Computop will not process personal data collected or obtained via our websites for other purposes than those described in this data privacy statement, unless this is legally admissible and Computop complies with the applicable information obligations in this context.

Within this data privacy statement, we are providing you with information insofar as you yourself are not already having the necessary information (e.g. because the data processing was transparent to you because you have been entering the data into a contact form yourself).

9. VALIDITY OF THIS DATA PRIVACY STATEMENT

We reserve the right to modify this data privacy statement from time to time. For your visit on our websites, always the respective current version of the data privacy statement available there shall apply.

Latest update on this data privacy statement: December 11, 2018