PAYBACK
Data protection
TÜV Approved
Millions of people in Germany collect PAYBACK points every day and enjoy the benefits that the bonus program offers them in their everyday lives. And they are right to trust that their data will be handled seriously. After all, data protection is a top priority at market leader PAYBACK - as confirmed by TÜV Saarland e.V.'s seal of approval.
On the registration form, on the Internet and through flyers in the branches of the partner companies, customers are provided with detailed and comprehensible information about the program and data protection. Questions on the subject can be directed to me at any time: datenschutz@payback.de.
1. Data protection compliant
PAYBACK has TÜV-certified data protection and handles the data collected through participation in the PAYBACK program responsibly and in accordance with the requirements of the German Federal Data Protection Act (BDSG).
2. No address trading
PAYBACK does not trade in addresses. This means that there is no sale or trading of customer addresses or customer data. All personal data remains with PAYBACK or the card-issuing company.
3. High IT security
Among other things, PAYBACK ensures that customer data is secure by means of a security architecture with several firewalls, a clear rights structure - who is allowed to access which data - and specifically defined interfaces to partner companies. When data is transmitted electronically, it is encrypted using the internationally recognized SSL security standard.
4. Cancelable at any time
PAYBACK provides an uncomplicated cancellation option that can be used at any time.
Requests by Mail
Dr. Robert Selk
Data Protection Officer
PAYBACK GmbH
Theresienhöhe 12
80339 München
Further informationen:
PAYBACK.de/datenschutz
Most important Questions about data protection
Privacy and security are guaranteed even with PAYBACK payment cards: The handling of all financial data also running alone on the responsibility of the banks. PAYBACK is only informed of the number of points to be credited.
PAYBACK holds the data provided by the member on the registration form
in addition to information on
- the partners from which purchases were made
- the dates on which purchases were made
- the sales generated by the card
- details from certain partners on items purchased in terms of product group (electrical goods, gourmet foods, etc…)
Online via PAYBACK.de:
- Day / Time
- Turnover or basket height per order
- Cancellation (full / partial cancellation)
- Number of items per basket
- Partial categories (e.g. book / non book)
- Whether the customer has purchased directly from the PAYBACK.de at each online shop or whether this occurs in the cookie period of validity (14 days)
PAYBACK issues extensive information on this both at registration (general terms and conditions: “Information on Data Protection”) and online. In addition, flyers on data and data protection are available in partner stores. All customers are free to submit a written, telephone or online request for a list of the data stored by PAYBACK at any time. Customers can also e-mail queries to the Payback data protection officer via PAYBACK.de.
Like PAYBACK, each company has address details of customers who were issued with their PAYBACK card by that particular company (e.g. REWE has address details for customers who obtained their card from REWE). In addition, these companies each have product data for purchases made from their own company. However, these addresses are not available to other partners, nor do the other partners have access to any additional data on these customers. Only in special cases, if the customer specifically consent, data can be passed to a PAYBACK partner companies.
Partners are only allowed to use and analyse data pertaining to their own customers.
We select certain customer groups for partners (e.g. all members of the postcode 8...). These addresses are transmitted to a letter shop, there linked with the texts, sent and then deleted. Selected records are generally not made available to the commissioning company. The partner will only receive information on the number of selected addresses.
Mailshots are always carried out via PAYBACK in its role as a central trust centre – no members’ addresses are passed on within the partner network (partners receive only data pertaining to customers who obtained cards from them). If a member gives the appropriate permission at the point of registration, he/she will also receive mailshots with information and offers relating to other partner companies.
During electronic transfer, customer data is encrypted using the internationally recognised security standard 128 Bit-SSL which is also employed by banks. A security architecture featuring several firewalls ensures the process is protected.
No, our task is to make customers aware of offers from companies that are of interest to them – and to do so at sensible and appropriate intervals.
PAYBACK stores the personal data obtained from registration and use of the PAYBACK card only in data centres in Germany. Furthermore, the data security measures employed at these data centres are certified according to internationally recognised standards (e.g. ISO 27001) and are subject to PAYBACK’s own continuous checks.