Privacy Policy

Wirecard AG and its subsidiaries (Wirecard Group) offer their customers products and services relating to electronic payment transactions. The objective is to allow companies and consumers worldwide to process electronic transactions safely and smoothly. Security and the protection of personal data is one of the most important aspects in the context of handling and processing of payments. This is why the Wirecard Group places particular emphasis on high data protection standards.

The following Privacy Policy describes which of the users’ personal data will be collected by Wirecard Bank AG within the framework of the internet presence provided, and how such data will be used. This is followed by General Information on Data Protection by Wirecard Bank AG.

1. Data controller

The data controller within the meaning of the German Data Protection Act (BDSG) is Wirecard Bank AG, Einsteinring 35, 85609 Aschheim, Germany (Wirecard).

2. General

Within this internet presence, we make available information on the services provided by Wirecard Group, as well as a contact form. Also, we offer our associated customers (Merchants) the option of logging into a restricted area where they can obtain information via various systems on the payments processed via the Wirecard Group companies.

Wirecard operates this internet presence in accordance with the provisions of the BDSG, the Telemedia Act (TMG) and all other provisions with relevance in the area of data protection law.

3. Cookies

Cookies are small text files which are stored locally in your internet browser's cache memory, in order to be able to recognise it. Wirecard uses cookies in some areas of its internet presence in order to make use of the site easier for users, and in order to be able to design it in a more customized manner. You can configure your web browser so that it informs you when cookies are stored, or to prevent the storage of cookies. Further information in this context can be found in the help function of your web browser. However, we would like to expressly make you aware of the facts that some parts of this internet presence may possibly no longer function faultlessly without cookies.

For further information on the cookies we use, please go to:

https://www.wirecard.com/privacy-protection/cookies/

4. Collection and processing of personal and other data during

visits to our internet presence

4.1 Anonymous use of the site

Usage of our website is possible without providing any personal data. Data collected automatically will always be anonymised prior to their storage and usage (in this context, see section 4.2 below).

4.2 Non-personal data collected automatically (logfile information)

When using this internet presence, so-called logfile information will be recorded - this being standard procedure on the internet. This non-personal information is transmitted automatically by your internet browser. This information includes in particular: IP address, accessed pages within the internet presence, date and time of the visit, cookies, used browser, operating system of the accessing computer, language setting and transferred data volume. The processing of the logfile information is done mainly in order to establish the connection, to ensure system security and for reasons of technical administration.

Also, logfile information is exclusively stored and analysed statistically in an anonymous form, in order to continuously improve this internet presence, to adjust it to the users' interests and to speed up the detection and/or elimination or bugs (in this context, see Section 5 below).

Wirecard shall store logfile information for security reasons (e.g. in order to clarify cases of abuse or fraud), for a maximum period of seven days, and shall then delete such information. Data which must be stored beyond that for reasons of evidence are excluded from the deletion up until the relevant incident has been clarified.

4.3. Collecting and processing our customer's personal data

Some of our internet presences offer registration and/or login options. In such cases, the following applies:

During registration, we will collect the personal data required for you to be able to use our offers as provided for in the contract, e.g. your name, e-mail address and company. We will mainly use such data to process inquiries, orders and contracts concluded with you. Your data will only be processed for other purposes if you have given your consent, or if this is permitted by law.

For the login into restricted areas, we collect and use the personal data required to identify you, such as member ID and password (partner programme) or alias/VR identifier and PIN (eBanking).

4.4. Usage and forwarding of personal data

Your personal data will only be used for the specified purposes, and only to the extent required in order to achieve these purposes. Data will only be forwarded to third parties - if at all - within the limits of the statutory provisions. The transmission of personal data to government agencies and authorities shall be carried out only within the framework of mandatory national law, or if the forwarding is required for purposes of legal or criminal prosecution in the event of abuse or fraud. Forwarding for other purposes - in particular address trading - is excluded.

5. Web analysis

In order to continuously improve this internet presence, to adapt it to the user's interests, and to speed up the detection and/or elimination of bugs, logfile information (for information on such data, please see Section 4 above) will be stored under a pseudonym in so-called usage profiles, and will be analysed statistically. Cookies are used for this purpose (for information on cookies, see Section 3 above). The IP address will only be stored and processed in an abbreviated form, namely without the last two blocks of numbers. The data collected will not be used to personally identify the user, and will not be merged with personal data relating to the bearer of the pseudonym, except if the user gives his/her expressed separate consent. Such data will not be forwarded to third parties. The data will be deleted as soon as storage is no longer required for purposes of web analysis.

For the web analysis described above, Wirecard uses technologies by etracker GmbH, Erste Brunnenstr. 1, 20459 Hamburg (www.etracker.com). Data processing has been examined for data protection conformity and data safety by etracker GmbH. For further information on data protection by etracker GmbH, please go to http://www.etracker.com/de/datenschutz.html. You may object to the collection and storage of data by etracker at any time with effect for the future by using the following link.

6. Contact form

Wirecard will store the personal data provided by you when you send the completed form (e.g. name, address, telephone number, e-mail address) in its Customer Relationship Management System ("CRM System"). Wirecard will use such personal data

  • in order to process the offers and, if a contract is concluded, to process this contract;
  • in order to send the sender important information about this internet presence;
  • in order to support our internal business objectives, namely data analyses, revisions, the development of new products, improvement of this internet presence, improvement of our services, detection of usage trends and determination of the effectiveness of our advertising campaigns (only in an anonymous form);
  • in order to prevent and identify abuse or fraud.

The data collected via the contact form will not be forwarded to third parties.

7. Forwarding of personal data; involvement of service providers

User data will not be forwarded to third parties - in particular not for purposes of address trading.

Wirecard may use service providers to collect and/or process data; for instance, a service provider may be assigned to provide technical support for this internet presence, or to answer contact inquiries. Service providers will only work on behalf of, and under instructions by, Wirecard (so-called contract data processing).

8. Data safety

In order to protect the personal data against loss, falsification or disclosure to unauthorised third parties, we have taken adequate organisational, technical and administrative measures. When credit card information and account data are processed, the data will be stored in accordance with the strict PCI-DSS rules ("Payment Card Industry Data Security Standard"), only in an encrypted form and only in a data bank which can be accessed by authorised staff only. Wirecard uses firewalls in order to prevent unauthorised access to servers; the servers are located at a safe location to which only authorised staff have access. All staff members and all persons involved in the processing of data are subject to an obligation to comply with all laws relating to data protection, and to treat personal data confidentially. However, unfortunately, there is no guarantee that 100% safety can be ensured.

9. External links

This internet presence sometimes links to the sites of other providers in order to be able to provide the users with comprehensive information. Wirecard does not have any influence on the design of such sites, and is not responsible for the content offered there. The principles of this Policy do not apply to these external sites.

10. Information and correction rights

Wirecard will inform the user upon request of the data stored on him/her, their origin and their recipient, as well as the purpose of such storage. Should personal data be incorrect, the user has the right to request that Wirecard correct such data.

11. Changes to our Data Privacy Policy

We reserve the right to change and/or adapt our security and/or data protection measures in as far as this is necessary due to technical developments or changes in the law. In these cases, we shall also adjust the present information accordingly. Therefore, please always take note of updated versions of this Data Privacy Policy.

12. Issues relating to data protection

If you have any questions regarding the processing of your personal data or regarding data protection at Wirecard, please contact the following e-mail address: data.privacy (at) wirecard.com. You may also direct any suggestions or complaints to this address. 

General Information on Data Protection at Wirecard Bank AG

Collecting and processing personal data

When processing payments and providing related services (e.g. risk management), Wirecard Bank AG ("Wirecard") processes payment-specific data on behalf of its customers (Merchants). In its capacity as a contract data processor, Wirecard places particular focus on compliance by the Merchants with the principle of data economy as defined in the BDSG.

The data controller within the meaning of the BDSG for the processed payment data is the Merchant. During the processing of payments, particularly sensitive data such as credit card numbers and account data are being processed. The data are stored in the Wirecard data banks exclusively in accordance with the PCI-DSS rules, in encrypted form.

The data processed on behalf of the Merchants will be used exclusively for the purposes requested by the Merchants - such as payment processing and risk management. In this context, depending on the assigned service providers, other data from external sources - e.g. IP geolocation information or credit rating information - may be collected with about the Merchants' customers.

All data processed on behalf of the Merchants will be stored in accordance with the Merchants' instructions, and will be deleted upon their request, however, no later than upon expiry of the statutory deadlines. Should a Merchant's customer request deletion of his/her personal data prior to expiry of these deadlines, the deletion will usually be replaced by a blocking.

Forwarding personal data

Wirecard will only use the personal data for the purposes set out in the Merchant's assignment. In this context, data will only be forwarded to subcontractors of the Wirecard Group, within the framework of the processing of business transactions. For assigned purposes of verifying identities or preventing fraud, data may be forwarded to the corresponding service providers, such as credit rating agencies.

Data shall not be forwarded to other third parties - in particular not for address trading.

Revocation rights regarding the collection, processing and use of personal data

The Merchant's customers may revoke at any time with effect for the future a declaration of consent given previously regarding the collection, processing and use of personal data. The recipient of such revocation declaration is the Merchant. We would like to emphasise that in the event of a revocation, Wirecard may under certain circumstances no longer be able to provide the requested services.