WEAT Electronic Datenservice GmbH | BaFin-autorisierte Payment Solutions

Privacy Policy for WEAT Electronic Datenservice GmbH

WEAT Electronic Datenservice GmbH ("we", "our", or "us") operates an advanced fintech platform, offering payment services such as acquiring and money transfer solutions. We are authorized as a payment institution under ZAG by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin-ID: 10154928). Your privacy is of paramount importance to us, and we are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws applicable in Germany and the European Union. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you use our online platform and services.

1. Data Controller

The data controller responsible for the processing of your personal data is:

WEAT Electronic Datenservice GmbH
[Company Post Address in Düsseldorf, Germany]

2. Information We Collect

We collect different types of information in connection with our services, including:

Explicitly submitted data: Information you voluntarily provide when you interact with our online platform, such as when you fill out our contact form for business inquiries. This may include your name, company name, email address, phone number, and a description of your inquiry.
Usage data: Information automatically collected when you access and use our site, such as your IP address, browser type, operating system, referral URLs, pages viewed, and the dates/times of your visits. This helps us understand how our platform is used and to improve its functionality.
Technical and security data: In the context of our payment services (acquiring, money transfer), we may process transaction data, KYC (Know Your Customer) information, and AML (Anti-Money Laundering) related data to comply with legal and regulatory obligations. This data is collected and processed with the highest security standards.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Performance of a contract or to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR): For processing your business inquiries and providing our payment services.
Compliance with a legal obligation (Art. 6(1)(c) GDPR): To fulfill our legal duties as a payment institution under ZAG, including KYC, AML checks, and other regulatory requirements.
Legitimate interests (Art. 6(1)(f) GDPR): To improve our platform, ensure its security, analyze usage patterns, and for direct marketing purposes (where permitted by law and within your reasonable expectations). We always balance our legitimate interests against your rights and freedoms.
Your consent (Art. 6(1)(a) GDPR): In specific cases where we ask for your consent, such as for certain marketing activities or non-essential cookies. You have the right to withdraw your consent at any time.

4. How We Use Your Information

We use the collected information for various purposes:

To respond to your business inquiries and requests made through our contact form.
To provide, operate, and maintain our payment services (acquiring, money transfer).
To process transactions and manage your accounts.
To enhance the security of our online platform and prevent fraud.
To comply with legal and regulatory obligations, including anti-money laundering and combating the financing of terrorism (AML/CFT) regulations.
To analyze usage and improve the functionality and user experience of our services.
To communicate with you about updates, promotional offers, and news related to our services, where you have consented or where there is a legitimate interest.

5. Disclosure of Your Information

We may share your personal data with third parties in the following circumstances:

Service Providers: We may engage trusted third-party companies and individuals to perform services on our behalf, such as IT infrastructure providers, payment processors, and analytics providers. These third parties will have access to your data only as necessary to perform their functions and are contractually bound to protect it according to this Privacy Policy.
Legal Compliance and Protection: We may disclose your information where required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), particularly related to our regulatory obligations as a BaFin-authorized payment institution. This includes responding to law enforcement requests.
Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as part of the business transaction. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

We ensure that all data transfers outside the EU/EEA are conducted in compliance with Chapter V of the GDPR, primarily through reliance on standard contractual clauses or adequacy decisions by the European Commission.

6. Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption (e.g., SSL/TLS), access controls, regular security audits, and staff training. Given our role as a payment institution, we adhere to strict industry standards and regulatory requirements for data security. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. This typically means we keep data for the duration of your relationship with us and for a statutory period thereafter as required by German commercial and tax law (e.g., 6 or 10 years). For data related to our payment services, specific regulatory retention periods apply.

8. Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

The right to access: You have the right to request copies of your personal data.
The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
The right to erasure ("right to be forgotten"): You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to withdraw consent: Where our processing is based on your consent, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.

9. Supervisory Authority

If you have a complaint about our handling of your personal data, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. In Germany, the relevant authority for data protection is:

The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
[Post Address of LDI NRW]

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

WEAT Electronic Datenservice GmbH
[Company Post Address in Düsseldorf, Germany]