Data protection at PAYBACK

Privacy and security are guaranteed even with PAYBACK payment cards: The handling of all financial data also running alone on the responsibility of the banks. PAYBACK is only informed of the number of points to be credited.

PAYBACK holds the data provided by the member on the registration form 
in addition to information on

• the partners from which purchases were made
• the dates on which purchases were made
• the sales generated by the card
• details from certain partners on items purchased in terms of product group (electrical goods, gourmet foods, etc…)

Online via PAYBACK.de:

• Day / Time
• Turnover or basket height per order
• Cancellation (full / partial cancellation)
• Number of items per basket
• Partial categories (e.g. book / non book)
• Whether the customer has purchased directly from the PAYBACK.de at each online shop or whether this occurs in the cookie period of validity (14 days)

PAYBACK issues extensive information on this both at registration (general terms and conditions: “Information on Data Protection”) and online. In addition, flyers on data and data protection are available in partner stores. All customers are free to submit a written, telephone or online request for a list of the data stored by PAYBACK at any time. Customers can also e-mail queries to the Payback data protection officer via PAYBACK.de.

Like PAYBACK, each company has address details of customers who were issued with their PAYBACK card by that particular company (e.g. REWE has address details for customers who obtained their card from REWE). In addition, these companies each have product data for purchases made from their own company. However, these addresses are not available to other partners, nor do the other partners have access to any additional data on these customers. Only in special cases, if the customer specifically consent, data can be passed to a PAYBACK partner companies.

Partners are only allowed to use and analyse data pertaining to their own customers.

We select certain customer groups for partners  (e.g. all members of the postcode 8...). These addresses are transmitted to a letter shop, there linked with the texts, sent and then deleted. Selected records are generally not made available to the commissioning company. The partner will only receive information on the number of selected addresses.

Mailshots are always carried out via PAYBACK in its role as a central trust centre – no members’ addresses are passed on within the partner network (partners receive only data pertaining to customers who obtained cards from them). If a member gives the appropriate permission at the point of registration, he/she will also receive mailshots with information and offers relating to other partner companies.

PAYBACK holds the data provided by the member on the registration form 
in addition to information on

• the partners from which purchases were made
• the dates on which purchases were made
• the sales generated by the card
• details from certain partners on items purchased in terms of product group (electrical goods, gourmet foods, etc…)

Online via PAYBACK.de:

• Day / Time
• Turnover or basket height per order
• Cancellation (full / partial cancellation)
• Number of items per basket
• Partial categories (e.g. book / non book)
• Whether the customer has purchased directly from the PAYBACK.de at each online shop or whether this occurs in the cookie period of validity (14 days)

During electronic transfer, customer data is encrypted using the internationally recognised security standard 128 Bit-SSL which is also employed by banks. A security architecture featuring several firewalls ensures the process is protected.

No, our task is to make customers aware of offers from companies that are of interest to them – and to do so at sensible and appropriate intervals.

During electronic transfer, customer data is encrypted using the internationally recognised security standard 128 Bit-SSL which is also employed by banks. A security architecture featuring several firewalls ensures the process is protected.

PAYBACK stores the personal data obtained from registration and use of the PAYBACK card only in data centres in Germany. Furthermore, the data security measures employed at these data centres are certified according to internationally recognised standards (e.g. ISO 27001) and are subject to PAYBACK’s own continuous checks.