Privacy Policy

Privacy Policy of IXOPAY

Privacy Policy

Table of contents

  1. General
  2. Which of your data do we collect, for which purposes and on which legal basis do we process it?
  3. Cookies
  4. Additional embedded services and contents of third parties
  5. Is your data transmitted to third parties?
  6. Retention period
  7. Your Rights under Data Protection Law
  8. Data security
  9. Amendments of our Privacy Policy 

1. General

1.1. It is of utmost importance for us to protect your personal data. We therefore comply with the applicable data protection provisions, in particular the General Data Protection Regulation ("GDPR"), the Austrian Data Protection Act ("DSG") and the Telecommunications Act ("TKG") concerning the protection, lawful processing and confidentiality of personal data as well as data security.

1.2. This Privacy Policy explains to you the nature, scope and purposes of the processing of your personal data on our , "Websitewww.ixopay.com along with the related services, functions and contents (jointly "Online Services") and the data processing on the Social Media sites of IXOPAY which refer to this Privacy Policy. In the following, we particularly inform you on which personal data we collect, process and use when you use our Online Services or Social Media sites. The Terms of Use for the Website are available via the link in the footer.

1.3. Controller of the processing is IXOPAY GmbH, Vorgartenstraße 206c, 1020 Vienna, FN 451099g, Commercial Court Vienna ("IXOPAY", "we", "us").

1.4.  For further information on the controller of the processing with regard to the Social Media Sites of IXOPAY, please see Section 2.6. of this Privacy Policy.

2. Which of your data do we collect, for which purposes and on which legal basis do we process it?

2.1. Contacting us

When you fill out the contact form or the qualification form on our Website or establish contact with us via e-mail or through other communication means, we process the data you voluntarily provided us with in the aforementioned media (name, e-mail address, nature of the enquiry respectively the subject of your message and the content of your message, as well as other fields in the aforementioned forms on our Website).

We process the data provided within the course of contacting us solely for processing your enquiry, to get in contact with you if desired and to provide you with the requested information. This data processing is therefore necessary for the performance of a contract or in order to take steps prior to entering into a contract.

2.2. Server log files

We collect and process the following data when you visit our Website and use our Online Services, that is – technically speaking – when you access the respective server containing the specifically requested service (so called server log files): name of the accessed Website, file (e.g. html, JPG, PNG), date and time of access, transmitted quantity of data, server status codes, processing time, browser and client type alongside the version, your operating system, referrer URL (the previously visited Website or external site), IP-address and the requesting provider, reverse DNS; if you contact us via the Contact Form, we also process connection data regarding source and target (network discovery or address, port numbers, protocol, e-mail address, e-mail subject, connecting server, protocol details, reputation data for spam filters, reverse DNS, obvious labelling, connected servers), authentication details and technical e-mail meta information.

This data is generated automatically through our servers when you use our Website and is necessary so that we can provide you with our Online Services. We therefore process server log files solely to be able to operate our Website and the connected services, to distribute web server requests in our server pool, for detection and rectification of errors as well as for security reasons (for clarification of abusive and fraudulent activities or unauthorised attempts to access), for a maximum duration of 15 days. Thus, this data processing activity is necessary to ensure our legitimate interests in operating error-free and secure Websites and Online Services.

2.3. Usage data

Provided that you consent to Reporting Cookies, we collect and process the following data about your use and interaction with our Website: IP-address of your device, used internet browser, browser language, operating system, downloaded files/product information, screen resolution, colour depth, surfing behavior (date, time and duration) as well as the internet site from which you have visited us (referrer URL). Provided that you consent to Marketing Cookies, we process information on whether you conduct certain activities on our Website like e.g. contacting us (Conversions). If you access our website via an advertising system (e.g. Google Ads), we also learn from which advertising campaign you came to us. You can withdraw your consent at any time via the "Cookie Settings" or through your browser settings (see point 3.4 below) with effect for the future and free of charge.

The usage data is collected through the Service of "Google Analytics" and, in parts, "Microsoft Clarity" and "Leadfeeder" (see point 3.5 below). We use this usage data for (i) web analysis, (ii) improvements of our Online Services and our Website, (iii) increasing usability.

2.4. Newsletter

On the basis of your consent declaration (obtained through double opt-in process; after registration you receive an e-mail for confirmation of your registration) we process the personal data that you provided us with voluntarily in the course of the registration for the newsletter (your e-mail address and potentially your name) (i) for sending you e-mail newsletters about our current projects, marketing and product information as well as (ii) for measuring your reading habits of our newsletter.

Reading habits: Our newsletters contain a mechanism for measuring your reading habits. With that we can determine whether our newsletter is opened, when it is opened and what links are clicked. These statistical evaluations are serving solely the detection of the reading habits of our newsletter recipients and to adjust our contents accordingly.

You can withdraw your consent to the receipt of our newsletter at any time (via e-mail to [email protected] or through the unsubscribe link in our e-mail newsletters) with effect for the future and free of charge. After receipt of your withdrawal, we will cease sending any e-mail newsletters immediately and erase your personal data from the mailing list.

2.5. Registration and User Account

When you are registered on our Website and have a user account for the use of our Online Services, we process the following personal data: title, name, company, e-mail address, address, telephone number, IP address, VAT number as well as your access data.

We process the data of your user account solely for operating your account, the provision of our Online Services as well as for the billing of our services. This data processing is therefore necessary for the performance of a contract or in order to take steps prior to entering into a contract. You will find further information on our data processing in the context of the business relation in our “Privacy Policy for Contracting Parties” when registering.

2.6. Social Media

Facebook (Meta Platforms)

We operate an IXOPAY Facebook page. The controller for the processing is IXOPAY GmbH. There, we process information about your activities, such as likes, posts or comments. In addition, we receive aggregate (anonymous) statistics generated by Facebook and logged on Facebook servers when people interact with pages and their associated content (Facebook Page Insights).

When processing personal data on our Facebook Pages as part of Facebook Page Insights, we are joint controllers with Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This means that Facebook and we jointly determine the purposes and means of this processing. 

We receive anonymous statistics from Facebook about how people interact with our pages and the content associated with them. We have no influence on how Facebook processes your data. The creation of page insights by Facebook may be based on the processing of personal data. According to its own information, Facebook processes, among other things, information about what content you view or how you interact with that content. The information actually collected by Facebook depends on whether and how you use Facebook products. 

Facebook assumes all obligations under the GDPR for the processing of Insights data, including fulfilling the right of access to data processing and the right to erasure. If you exercise your data subject rights regarding Insights data with us, we are contractually obligated to forward all relevant information regarding such requests to Facebook within 7 days.

For more information about Facebook Page Insights and our shared responsibility for data processing with Facebook, please click here: https://www.facebook.com/legal/terms/page_controller_addendum 

You can find out more information about data use by Facebook (Meta Platforms) as well as setting and objection options on the Facebook (Meta Platforms) websites: https://www.facebook.com/privacy/policy

LinkedIn

We operate an IXOPAY LinkedIn page. The controller for the processing is IXOPAY GmbH. There, we process information about your activities, such as likes, posts or comments. In addition, we receive aggregate (anonymous) statistics generated by LinkedIn and logged on LinkedIn servers when people interact with pages and their associated content (LinkedIn Page Insights). We also use the marketing offer "LinkedIn Ads" to address specific target groups.

When processing personal data on our LinkedIn pages as part of LinkedIn Page Insights, we are joint controllers with LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). This means that LinkedIn and we jointly determine the purposes and means of this processing. 

LinkedIn assumes all obligations under the GDPR for the processing of Insights data, including the fulfillment of the right of access to data processing and the right to erasure. If you exercise your data subject rights regarding Insights data with us, we are contractually obligated to forward all relevant information regarding such requests to LinkedIn within 3 days.

For more information about LinkedIn Page Insights and our joint responsibility for data processing with LinkedIn, please click here: https://legal.linkedin.com/pages-joint-controller-addendum 

You can find out more information about data use by LinkedIn, as well as setting and objection options, on LinkedIn's websites: ​​https://www.linkedin.com/legal/privacy-policy

Twitter

We operate an IXOPAY Twitter page. The controller of the processing is IXOPAY GmbH. There, we process information about your activities, such as likes, posts or comments. In addition, we receive aggregate (anonymous) statistics generated by Twitter (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland) and logged on Twitter servers when people interact with pages and their associated content (Twitter Page Insights).

For more information about LinkedIn Page Insights and our joint responsibility for data processing with LinkedIn, please click here: https://twitter.com/de/privacy

3. Cookies

3.1. Cookies are files that are transmitted from our web server to your web browser and are stored on your device for later retrieval. Through such cookies, our Website can store important data to provide you with our services and to make the use of our Website more comfortable for you. You are not required to consent to the use of reporting or marketing cookies to use the Website.

3.2. Most of the cookies that are used by us are so called "session cookies". These temporary cookies make a conformable use of our Website possible for you. Session cookies are valid for the duration of your specific visit of our Website only and are erased automatically thereafter. Moreover, we also use "persistent cookies" that stay on your device and are not erased automatically when you close your browser. You can erase these cookies yourself at any time. Persistent cookies are particularly used to improve your user experience by customising the Website to your personal needs and thus to optimise the loading time accordingly. Please find an overview of all purposes of session cookies and persistent cookies, and options to enable or disable cookies in our tool "Cookie Settings" (cf Section 3.4).   

3.3. Google Tag Manager: Our Website uses the "Google Tag Manager" to implement and manage the Google Reporting and Marketing services into our Website according to your Cookie Settings. No cookies are set nor do we process personal data in this context.

3.4. Cookie Settings

You can accept or reject individual or all types of cookies that are not strictly necessary easily via our tool "Cookie Settings". Thereunder, we also inform you on the types of cookies we use on this Website.

Please also note: Most internet browsers accept cookies by default. You can adjust your internet browser settings so that cookies are only placed with your explicit consent, are generally rejected or stored cookies are removed. In order to do so, please follow the instructions provided by your respective internet browser’s producer:

In addition, you can deactivate cookies via http://www.youronlinechoices.eu. This process will ask your computer for an ID-Tag of an "opt-out-cookie" preventing data to be linked/associated with your computer. Please note that this process does not remove the opt-out-cookie – it must remain on your computer for the opt out to work successfully, ie. to recognize the user's opt-out. You will need to follow the same process on every different internet browser you use on the same and/or different computers as well as in case you remove all cookie data from your device. Nonetheless, the use of Your Online Choices does not guarantee that no third parties use cookies through our Website. 

3.5. Third Party Cookies

Google Analytics

If you have consented to the use of Reporting Cookies, we use "Google Analytics", a web analysis service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Irland ("Google") on our Website. The information generated through the Google Analytics Cookie about the use of the Website are usually transmitted to the servers of Google in the United States of America and stored there.

Google will use this information to evaluate the usage of our Website by the users, to assemble reports about the activities on our Website and to deliver to us further services connected to the use of the Website. In doing so, pseudonymised user profiles of users can be generated from the processed data. Google will also potentially transmit the data to third parties if legally required or third parties process the data on behalf of Google.

Both Google and government authorities might have access to this data. Google is contractually committed under the current data processing arrangements to a procedure that enables the transfer of personal data outside the EU in accordance with the requirements of the GDPR.

If you have not given your consent, we use Google Analytics only with activated IP anonymization. This means that IP addresses are truncated by Google as soon as data is collected by Google Analytics, before any storage or processing takes place. To our knowledge, the IP address transmitted from your browser is not merged with other data of Google.

In addition to configuration of our 'Cookie Settings' tool, you can prevent the general use of Google Analytics by downloading and installing the browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout. Google might link the usage data with other data about you, such as search history, personal accounts, usage data from other devices, and any other data that Google processes about you as a user. More information about the data usage by Google, settings and objection options are available on the websites of Google: https://www.google.com/intl/en/policies/privacy/partners

Microsoft Clarity

If you have consented to the use of Reporting Cookies, we use the "Clarity", a web analytics service of Microsoft Ireland, Operations One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland ("Microsoft"). Clarity uses cookies and a so-called tracking code, which enable us to analyse the use of our Website. The information collected is transmitted to and stored by Microsoft, and can be used for Microsoft advertising.

The information generated by the Microsoft Clarity cookie about your use of the website may be transmitted to and stored by servers in the United States, and both Microsoft and government authorities may have access to that data. Microsoft uses a number of mechanisms to protect your rights when transferring data to third countries, including standard contractual clauses.

More Information about the data usage by Microsoft, settings and objection options are available on the websites of Microsoft: https://privacy.microsoft.com/en-us/privacystatement.

Dealfront

If you have consented to the use of Reporting Cookies, we use "Dealfront", a web analytics service of Dealfront Group GmbH, Durlacher Allee 73, D-76131 Karlsruhe, Germany, to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated on the company level (no reference to natural persons). IP address anonymization erases the last part of the IP address, thereby making the IP anonymous. Via a connection to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn). Please see further information on Dealfront's Privacy Notice and Privacy Center

Google Ads 

If you have consented to the use of Marketing Cookies, we use cookies linked to the online marketing service "Google Ads" (formerly: "Google Adwords"). Through the information collected, we can access statistics and find out the total number of users that have clicked on our advertisements or that were forwarded to a Website of our Online Presence through a Google search or through the Google Display Network.

On our behalf, Google Ads furthermore uses advertising functions of the Google Analytics service, on the basis of consent given by the individual user to Google, to place advertisements to target groups provided by Google.

You can object to Google regarding these processing activities by using the Opt-out service provided by Google: https://adssettings.google.com/authenticated. Please find more general information about data use for marketing purposes by Google through the data protection notice of Google under https://www.google.com/policies/privacy/partners/

Conversion-Cookies

If you have consented to the use of Marketing Cookies, we use the Conversion Tracker of the services Google Ads and Microsoft Advertising. This allows us to obtain information to assess the advertisement efficiency (so-called 'conversion') across our Websites and on websites of our marketing- & advertising partners. 

Google Ads: For further information of Google regarding Conversion-Tracking please see https://support.google.com/google-ads/answer/1722022

Microsoft Advertising: The Universal Event Tracking (UET) Cookie collects your IP address, and contains a global unique identifier assigned to your browser, and/or an identifier assigned to a user as long as it authenticated through their Microsoft account. Microsoft states that it does not resell this data to third parties or share it with other advertisers. You can find more information on data processing by Microsoft at https://privacy.microsoft.com/en-us/privacystatement

4. Additional embedded services and contents of third parties

Within our Online Services, we use further services and contents of third party providers to incorporate their contents and services on the basis of our legitimate interests in the provision, optimisation and economical operation of our Online Services. This requires that the third parties providing said content receive the IP address of the user, as otherwise they are not able to send the requested contents to the right browser. The IP address is therefore necessary for the display of these contents and the use of the embedded services.

Specifically, we use the following services and contents of third parties in our Online Services:

5. Is your data transmitted to third parties?

5.1. To the extent necessary, we transmit your personal data to recipients as stated in this Privacy Policy and we provide your personal data to the following service providers (acting as “processors”) that support us in the performance of our Online Services:

  • IT-service providers and/or providers of data hosting solutions or similar services;
  • Other service providers, providers of tools and software solutions that support us with the performance of our services as well and operate on our behalf (including providers of marketing tools, marketing agencies, communication service providers).

All our processors have been contractually bound to process your data only on our behalf and on the basis of our instructions so that we can provide you with our Online Services.

5.2. Processing of your data or using services of third parties in a so-called third country - i.e. outside the European Union (EU), respectively the European Economic Area (EEA) or when using services of third parties is only carried out to the extent necessary and in accordance with the GDPR. Therefore, your personal data may be transferred to third countries in particular if there is an adequate level of data protection in the third country, the data is protected by appropriate safeguards, you have consented to the data transfer or the transfer is necessary for the performance of a contract or due to a legal obligation. We have implemented suitable and appropriate safeguards to ensure that the transfer of your data to the respective third country complies with data protection requirements (eg. by concluding so-called "EU-Standard Contractual Clauses"). Upon your request, we will provide you with a copy of such suitable safeguards, provided that we process or have your data processed in third countries or transfer data to third countries.

6. Retention period

6.1. We store your personal data just as long as necessary for the purposes for which they are processed. Beyond that, we are potentially obligated to store your data for longer in accordance to legal retention periods.

6.2. Specifically, we store your data in connection with the establishment of contact with us in accordance with legal retention periods (inter alia § 132 BAO, § 212 UGB) for a time period of usually seven years.

6.3. Server log files are stored for a maximum time period of 15 days and are erased subsequently.

6.4. We store your usage data for the time period stated in Cookie Settings, but at the latest until you withdraw your consent (eg. by deleting cookies).

6.5.  If you are no client of us and have registered for our newsletter only, we store your data until you withdraw your consent.

6.6.  We store data in connection with your registration and your user account until the end of your client relationship with us, or respectively beyond that until the expiry of the respective legal retention periods (usually for a time period of seven years, see above).

6.7. Apart from that, we store your personal data for a time period beyond the above-mentioned, as long as legal claims out of the relationship between you and us are enforceable and only if such litigation becomes apparent, or respectively until the definitive settlement of an incident or court proceedings. Such processing is based on legitimate interests for the establishment, exercise or defence of legal claims.

7. Your Rights under applicable Data Protection Law

7.1. You have the right to access your personal data that is being processed by us (Art 15 GDPR). Apart from that, you have the right to rectification of inaccurate or incomplete data (Art 16 GDPR). You have a right to erasure if (i) your personal data is no longer necessary for the purposes for which we have collected it, (ii) you withdraw your consent and there is no other legal basis for processing by us (cf. Section 3), (iii) you object to the processing and there are no overriding legitimate grounds for the processing (except in the case of processing for direct marketing purposes), (iv) your personal data has been unlawfully processed or (v) for compliance with our legal obligations (Art 17 GDPR)be. Additionally, you have the right to restriction of processing (Art 18 GDPR) as well as the right to data portability concerning the data you have provided us with (Art 20 GDPR).

7.2. We may process your data on the basis of legitimate interests (in particular cf. Section 2.2) in which case you have the right to object. In the case you object to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing of this data which override your interests, rights and freedoms (weighing of interests) or for the establishment, exercise or defence of legal claims.

In particular, you may object at any time to the processing of your data for the purposes of direct marketing by us. In the case of such an objection, we will no longer process your personal data for these purposes (no weighing of interests).

7.3. Additionally, you have the right to withdraw your consent at any time with effect for the future.

7.4.  Finally, you have the right to lodge a complaint with the responsible supervisory authority (Art 77 GDPR).

7.5.  If you have questions relating to this or to make use of your data subject rights, please feel free to contact us at:

IXOPAY GmbH
Vorgartenstraße 206c, 1020 Vienna
[email protected]

8. Data security

We comply with appropriate technical and organisational security measures pursuant to Art 32 GDPR to, considering the risks, guarantee an appropriate data protection level, especially to protect your personal data against accidental or unlawful destruction, alteration or against loss and against unauthorised disclosure or unauthorised access.

9. Amendments of our Privacy Policy

Within the course of the development of our services and internet, we will amend our Privacy Policy regularly. We will publish amendments on our Website. Therefore, you should visit this Privacy Policy regularly to be informed about the current status.

Version: 29. February 2024