Data Privacy

Privacy STATEMENT   

For the website www.PAYBACK.GROUP of Loyalty Partner GmbH
(our privacy statement for PAYBACK.de can be found here)

DATA protection AT PAYBACK.GROUP

This Privacy Statement is to inform you about the processing of your personal data in connection with the PAYBACK.GROUP website.

Table of contents

  1. Party responsible for data protection
  2. Website operation
  3. Data processed by us
  4. Cookies and similar technologies
  5. Tracking tools for website analysis
  6. Third-party content
  7. Technical protective measures
  8. Use of additional service providers
  9. Storage duration
  10. Right of objection
  11. Your further rights
  12. Data Protection Officer

1. Party responsible for data protection

The party responsible for data protection for the operation of the PAYBACK.GROUP website is Loyalty Partner GmbH, Theresienhöhe 12, 80339 Munich, Germany. When terms such as “we” or “us” are used below, Loyalty Partner GmbH is meant.

2. Website operation

We process your personal data in order to provide you with the information available on this website. Insofar as you use services offered on the website (e.g. a search function or a contact form for requesting information), we only process the data you enter thereby in order to provide the desired service.

Unless otherwise stated in the following sections, the legal basis for the associated data processing is in each case Art. 6 para. 1 f) GDPR (balancing of interests – based on our interest in making this website available to Internet users).

3. Data processed by us

3.1 Data entered by you

For the above-mentioned purposes, we process your entries in website forms in particular. We process this data in order to handle and respond to your respective request.

3.2 Data collected automatically

In order to be able to display information suited to you on the website, we also process the following data:

  • The address of the page you accessed on our website.
  • The address of the web page you visited immediately prior (the so-called “referrer”).
  • The date and time of your visit.
  • Certain properties of your device that your browser automatically transmits to us, such as the operating system, the browser used and its window size.
  • The IP address of your device on the Internet.

4. Cookies and similar technologies

In addition, we use so-called cookies and similar technologies (collectively referred to below as “cookies”) in providing our website. We explain the use of cookies in general in the sections below. Specific information on individual cookies, including type, purpose, data processed, provider, and storage duration can be found in the cookie overview.

4.1 Basic information on cookies

Cookies are stored on your device according to your browser settings when you visit the web page and are also read out again if necessary. This storage generally takes place in a special memory location defined by your browser. Cookies are created either by us (first-party cookie) or by third-party providers determined by us (third-party cookie).

When you visit a web page, cookies interact with the pixels on that page. Pixels are transparent images that are inserted into a web page and are loaded when you visit it. We also use scripts, especially those based on the JavaScript language. By loading the pixel or script, we can record the visit to a web page. In addition, we use web storage (also called DOM storage). Web storage is a further development of cookie technology and also enables the local storage of data in a location determined by your browser.

We use various types of cookies:

  • Session cookies: These cookies are short-lived and are automatically deleted at the end of your browser session. The session usually ends by you closing the browser window. Session cookies primarily help us to recognize your browser within the session and thus to provide you with certain functions on the web pages, for example the shopping cart when redeeming rewards.
  • Persistent cookies: These cookies have a predefined expiration date and are automatically deleted when this date is reached. The time periods can range from minutes to several years. The cookies with the longest duration are those with which you can agree (opt-in) or disagree (opt-out) to the creation of cookies. This ensures that the settings defined in the respective browser remain valid as long as these cookies are not deleted manually.

4.2 Your possible cookie settings

On the one hand, you have the option to configure our website‘s use of cookies individually for your device in the cookie settings.

On the other hand, you may also choose in your browser whether cookies (especially third-party cookies) may be created at all, and if so, whether all cookies should be deleted at the end of the session without exception. You may also manually delete all or only certain cookies in your browser. In addition, you may configure many browsers to automatically delete data in web storage when you end the session. Alternatively, you may use your browser’s incognito mode.

If you only allow cookies in part or manually delete them before they expire, some features of our website may not be available or may be limited.

4.3 Categories and purposes of the cookies we use

Technically required cookies

These cookies are necessary for the functioning of our website. For example, they are used for navigation or to store your privacy settings. If you configure your browser to block these cookies, some areas of our website may no longer function.

To understand the functions provided by technically required cookies in more detail, please read the following sections of this Privacy Statement:

  • Section 5. Basic website functions
  • Section 8. Interest-based content
  • Section 9. Technical protective measures

You can find out which technically required cookies we use in the cookie overview.

The legal basis for the use of technically required cookies is § 15 para. 1 of the German Telemedia Act (TMG).

Comfort cookies

These cookies allow us to make the use of our website more comfortable for you. For example, the display settings you have made are saved using these cookies.

To understand the functions provided by comfort cookies in more detail, please read the descriptions in the cookie settings.

You can find out which comfort cookies we use in the cookie overview.

The legal basis for the use of comfort cookies is § 15 para. 3 of the German Telemedia Act (TMG) in conjunction with Art. 7 GDPR. You may revoke your consent to the use of comfort cookies at any time via the cookie settings.

Statistics cookies

We use these cookies to improve our website continually. They help us answer questions about which pages are the most popular, which are the least used, and how visitors navigate the site.

To understand the functions provided by statistics cookies in more detail, please read the following section of this Privacy Statement:

  • Section 7. Website analysis

You can find out which statistics cookies we use in the cookie overview.

The legal basis for the use of statistics cookies is § 15 para. 3 of the German Telemedia Act (TMG) in conjunction with Art. 7 GDPR. You may revoke your consent to the use of statistics cookies at any time via the cookie settings.

Personalization cookies

These cookies may be created by us and our advertising partners in order to show you ads based on your interests on other websites as well.

If you refuse these cookies, you will receive non-personalized advertising that is thus less relevant for you.

To understand the functions provided by personalization cookies in more detail, please read the following sections of this Privacy Statement:

  • Section 9. Advertising from third parties
  • Section 10.2 YouTube videos

You can find out exactly which cookies we use here in the cookie settings.

The legal basis for the use of personalization cookies is § 15 para. 3 of the German Telemedia Act (TMG) in conjunction with Article 7 GDPR. You may revoke your consent to the use of personalization cookies at any time via the cookie settings.

5. Tracking tools for website analysis

5.1 General information

Our intention is to design our web pages in the best way possible. In order to do so, we use so-called “tracking” tools to improve our online offers. The tracking tools enable us to measure the use of our online offers and the effectiveness of our online advertising. With the help of the tracking tools, we collect the following information in particular:

  • Which links do online users click on other websites in order to get to loyaltypartner.com?
  • Which of our pages are visited when, how often, and in what order?
  • What information are users of our website looking for?
  • Which links or offers do the users of our website click on?

With this information, we compile statistics that help us answer the following questions:

  • Which pages are particularly attractive to users of our website?
  • Which products are our (potential) customers most interested in?
  • What offers should we make to our (potential) customers?

5.2 Collection and evaluation of pseudonymous data

For this we use the automatically collected data mentioned in Section 3.2. above in particular. The data is only stored under a pseudonym (i.e. a random identification number). We could theoretically link such pseudonymous data with other data that identifies you as a person (e.g., name, address, etc.). However, we deliberately do not make such a link.

5.3 Adobe Analytics

We use “Adobe Analytics” from the service provider Adobe as a pseudonymous tracking tool. Insofar as this service provider receives data in the process, it always takes place under our control. Adobe uses the collected information exclusively on our behalf for the above-mentioned purposes. The data processing takes place in an Adobe data center within the European Union.

5.4 Right of objection

You may opt out of data collection by Adobe Analytics. To do so, click on the link https://smetrics.payback.de/optout.html?locale=de_DE and select the “Opt out” option. This will create a so-called “opt-out cookie” for Adobe Analytics in your browser. This cookie does not contain any values suitable for tracking; it only allows your opt-out to be recognized so that tracking no longer occurs. The “opt-out cookie” only works for the browser you used to click on the link above.

 5.5 Legal basis

The legal basis for the processing of pseudonymous data described in this Section 5.1 and 5.2 is Art. 6 para. 1 f) GDPR (balancing of interests – based on our interest in understanding the interests of our website users). The legal basis for the use of Adobe Analytics is § 15 para. 3 of the German Telemedia Act (TMG) in conjunction with Art. 7 GDPR (consent).

6. Third-party content

6.1 General information

The Internet thrives on connections. For this reason, you will find not only our own content on our website. We have also integrated various third-party content that improves either our website’s technical functionality or the attractiveness of its content. When you access one of our pages with such third-party content, your browser establishes a direct connection to the servers of the respective provider and retrieves the content there in order to display it to you.

6.2 Google Fonts

In order to display various texts on this website in the fastest, most data-economical and visually improved manner, we use fonts from Google Fonts.

The provider of Google Fonts for users in the European Economic Area and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The fonts are loaded by your web browser directly into a local cache on your device in order to be able to use them for display on our website and possibly on other websites. If your web browser does not support Google Fonts or access to Google Fonts is prevented, your browser will attempt to display the text in a standard font.

Google’s privacy policy explains how Google uses and processes data.

Google also provides more information about Google Fonts.

6.3 Legal basis

The legal basis for the integration of third-party content described in this Section 6 is Art. 6 para. 1 f) GDPR (balancing of interests – based on our interest in being able to present attractive content to the users of our website in a technically efficient manner).

7. Technical protective measures

7.1 General information

We use various tools to detect and eliminate technical faults on our website. Other tools help us to detect and defend against possible attacks on our website.

For this purpose, we use the automatically collected data mentioned above in Section 3.3 in pseudonymized form, among other things. However, we will attempt to identify you personally if your device has been identified as the source of a technical fault or an attack on our website.

7.2 PerimeterX

One of the technologies we use is provided by the U.S. company PerimeterX, Inc., 181 2nd Ave, Suite #600, San Mateo, California 94401, USA. This technology checks whether our website is being accessed by a human or in an automated manner. The purpose is to detect attempted fraud and prevent attacks on our website.

For this purpose, we route your access request through a server of the PerimeterX service at the beginning of your visit to our website and sometimes during your session. This service collects the following categories of data:

  • Mouse movements, click targets and speed
  • Keystroke speed
  • Browser used and other information (e.g. browser type and version, screen resolution, language, plugins installed, time and date)
  • Device identifiers
  • HTTP request headers sent by your browser when you visit pages on the Loyalty Partner website
  • The IP address of your device
  • Location of the device based on the IP address

PerimeterX operates its servers in the USA, i.e. in a third country outside the EU. The PerimeterX service processes your data on this server for verification. There is currently no decision by the EU Commission that the USA generally provides an adequate level of protection. However, we have established suitable guarantees for the protection of your data at PerimeterX by concluding a data protection agreement (standard data protection clauses) with PerimeterX specified by the EU Commission for such cases.

More information on how PerimeterX works is available.

 7.3 reCaptcha

So-called “captchas” are a further security feature of our website that determines whether a human or a computer is creating a certain input. “Captcha” stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”

We use the “reCAPTCHA” service from Google for this purpose.

The provider for users in the European Economic Area and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our website, we transmit information about your access to the reCAPTCHA service, which checks whether you are a human or a computer using the following information in particular:

  • The IP address of your device
  • Referrer (address of the Loyalty Partner web page where the captcha is used)
  • Information on the browser you are using (e.g. browser type and version, screen resolution, language, plugins installed, time and date)
  • Your Google account if you are registered and logged in to Google
  • Your surfing behavior on websites
  • Your input behavior (e.g. your mouse movements on the reCAPTCHA areas)
  • If applicable, your answers to small tests that require you to identify pictures

For more information, see Google’s privacy policy and the terms of use of the Google services.

7.4 Legal basis

The legal basis for the data processing described in this Section is Art. 6 (1) f) GDPR (balancing of interests – based on Loyalty Partner’s interest in preventing website malfunctions due to attacks and/or technical faults).

8. Use of additional service providers

In operating our website, we commission other external service providers with data processing (e.g. data centers). To the extent necessary, these service providers also process personal data. We carefully select and monitor the service providers. They process the data exclusively in accordance with our instructions and are also bound by this Privacy Statement.

9. Storage duration

Data entered by you according to Section 3.1 above will be deleted at the latest after the expiry of any retention periods under commercial and tax law after 6 years. Automatically collected data as defined in Section 3.2 will be deleted or anonymized after 3 years at the latest.

10. Right of objection

Insofar as Loyalty Partner GmbH processes your data in accordance with the sections above on the basis of the balancing of interests, you have a right of objection if the legal requirements are met.

11. Your further rights

Upon request, we will inform you whether and which data we have stored about you. Insofar as the legal requirements are met, you have the right to have this data corrected, blocked or deleted.

Further, you have the right to receive from us the data you provided to us concerning you in a structured, common and machine-readable format; you may transfer this data or have it transferred to other entities.

You also have a right of appeal to the competent supervisory authority for data protection.

12. Data Protection Officer

For all questions on the topic of data protection at Loyalty Partner GmbH, you may contact our Data Protection Officer: Loyalty Partner Data Protection Officer, Theresienhöhe 12, 80339 Munich; email: datenschutz@payback.de

Status: 04/2021