VIMpay App - as of 06th February 2024
This Privacy policy is available in both a detailed version (black font) and (if necessary) in a simpler version (green font) that is more understandable for children and young people.
If you have any questions about this Privacy policy, children and young people are welcome to contact us or their legal guardians.
The following information provides a simple overview of what happens to your personal data when you use our app. Personal data are any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.
In this section you will find out what happens to your personal information (name, email address, etc.) when you use our app.
The controller is the legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.). The data processing in the app is carried out by:
petaFuel GmbH
Clemensänger Ring 24
85356 Freising
Phone: 08161 4060-400
eMail: info@petafuel.de
together with:
PayCenter GmbH
Clemensänger Ring 24
85356 Freising
Phone: 08161 4060-300
eMail: info@PayCenter.de
The responsibility for the processing of your data (name, email address, etc.) is assumed by petaFuel GmbH together with PayCenter GmbH.
The PayCenter GmbH is the card-issuing e-money institution and offers registered users a prepaid Mastercard for use at all electronically linked Mastercard acceptance points.
The use of the VIMpay card is based on a contractual relationship between the user and PayCenter.
The Mastercard you receive from VIMpay is provided by PayCenter.
The petaFuel GmbH is publisher of the VIMpay app and is responsible for the technology, app development and account management. A contractual relationship regarding the use of the VIMpay card is exclusively between the cardholder and PayCenter.
petaFuel is not an issuing office directly commissioned by Mastercard, but merely forwards the customer's data to the authorised offices and acts as an intermediary between the user and the licensed issuing office (card-issuing e-money institution).
The company petaFuel is responsible for the technical side of the card.
Your data are collected by you providing it to us. This may be data that you enter during the registration process. In addition, other data are automatically collected by our IT systems when you visit the app. These are mainly technical data (e.g. app version, operating system or timestamp of the app call). These data are collected automatically as soon as you start the app.
There is information that you give us yourself, e.g. through your registration. We collect some technical data (e.g. app version, time of the app call) automatically as soon as you start the app.
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes:
Within the company, those bodies that need your data to fulfil our contractual and legal obligations will be given access to it. Service providers and vicarious agents employed by us may also receive data for these purposes if they comply with banking secrecy and our written data protection instructions. These are essentially companies from the categories listed below.
With regard to the transfer of data to recipients outside the e-money institution, it should first be noted that as an e-money institution we are obliged to maintain confidentiality about all customer-related facts and evaluations of which we become aware.
We may only provide information about you if this is required by law, if you have given your consent, if we are authorised to provide banking information and/or if commissioned processors guarantee compliance with banking secrecy and the provisions of the EU General Data Protection Regulation/Federal Data Protection Act. Under these conditions, recipients of personal data can be, for example:
We only provide the data to the bodies or persons who absolutely need them or are entitled to do so.
Data are only transferred to countries outside the EU or EEA (so-called third countries) if this is necessary for the execution of your orders (e.g. payment orders), is required by law (e.g. reporting obligations under tax law), you have given us your consent or within the framework of commissioned data processing. If service providers in third countries are used, they are obliged to provide suitable guarantees in accordance with Art. 46 GDPR.
This also includes the automatic data exchange within the framework of the Mastercard Automatic Billing Updater (ABU) database to minimise the rejection of card payments in the event of expiry or change of credit card data. The data is sent to:
Your data will be partially transferred to Mastercard in the USA
We use, among other things, tools from companies based in third countries that are not secure under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in third countries that are insecure in terms of data protection law.
We would like to remark that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. A data transfer to the USA is therefore permitted if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy statement.
You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. You also have the right to demand the correction, restriction or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
When you visit our app, your usage behaviour may be statistically analysed. This is mainly done with so-called analysis programs. The analysis of your usage behaviour is anonymous; the usage behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. For details, please refer to our data protection declaration under the heading "Analysis tools".
When you use our app, your behaviour in the app can be statistically analysed. It is anonymous and cannot be traced back to you. You can object to this analysis or not use certain tools.
Privacy
As the operator of this app, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. When you use this app, various personal data are collected. Personal data are data that can be used to identify you personally. This privacy statement explains what data we collect and how we use it. It also explains how and for what purpose this is done. We would like to point out that the transmission of data on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.
We take data protection very seriously. We treat your data confidentially and in accordance with the legal data protection regulations exactly as explained in this overview.
Revoking your consent to data processing
Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. To do so, simply send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
The processing of your data is only possible with your express consent. You can revoke your consent at any time.
Right of appeal to the competent supervisory Authority
In the event of a breach of data protection law, the data subject shall have a right of appeal to the competent supervisory Authority. The competent supervisory Authority in matters of data protection law is:
Bavarian State Office for Data Protection
Postfach 1349
91504 Ansbach
Tel.: 0981/180093-0
Fax: 0981/180093-800
poststelle@lda.bayern.de
https://www.lda.bayern.de
If you feel that your data are not being properly protected, you have the right to contact this Authority
TLS encryption
The App uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the App operator.
For your security, this site uses encryption.
Disclosure, restriction, deletion
You have the right at any time, within the framework of the applicable legal provisions, to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction, restriction or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of personal data.
We will give you information at any time about what data we use from you.
If you no longer want us to use your data, you are welcome to contact us.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a valid, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
If you want us to transfer your data to you or another company, let us know.
We have appointed a Data protection officer (DPO) for each of our companies. If you have any questions on the subject of data protection, the following contact options are available to you:
petaFuel GmbH
Data Protection Officer
Clemensänger Ring 24
85356 Freising
Phone: 08161 4060-400
eMail: datenschutz@petaFuel.de
PayCenter GmbH
Data Protection Officer
Clemensänger Ring 24
85356 Freising
Phone: 08161 4060-300
eMail: datenschutz@PayCenter.de
Users can register and create a user account. The data entered during registration will be used for the purposes of using the service.
We collect, process and use personal data only to the extent that they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, as well as on the basis of Art. 6 Para. 1 lit. c GDPR, which makes the processing necessary for the performance of a legal obligation to which the controller is subject. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to use the service or to bill him/her for it.
The data collected is used for the purpose of providing the service.
The collected customer data will be deleted after completion of the order or termination of the business relationship. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract if this does not contradict the statutory retention periods. These include the retention obligations under commercial and tax law: German Commercial Code (HGB), German Banking Act (KWG) and the German Anti-Money Laundering Act (GwG). The periods specified there are two to ten years. If data is retained as evidence, it is subject to the limitation periods of the German Civil Code (BGB) §§195ff. and can be up to 30 years, whereby the regular limitation period is three years.
IP addresses are deleted after 90 days at the latest.
This data is not submitted to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c GDPR.
It is also possible that your IP address is transmitted to the account-managing bank for security and fraud prevention purposes. This is done on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit f GDPR.
If a due diligence procedure (identification) is required for the registration in accordance with the Section 11 of the German Anti-Money Laundering Act (GwG), the personal data collected during identification will only be stored by the identifying company (Deutsche Post AG or IDnow GmbH) to the extent that this is necessary for the proper determination, settlement and evaluation as well as for the proof of the correctness of service fees (fee data). Furthermore, we use the data provided within the scope of the Postident procedure to compare the personal master data stored with us in our database for the purposes of the legally required legitimation.
The data recorded in your user account always belong to you. We only use your data for the intended purpose and confidentially and submit them on to third parties within the scope of the services you have requested.
If you have cancelled your user account, your data will be deleted completely.
If you wish to cancel your contract, please save your data before doing so.
All data that we are not required to keep by law will otherwise be automatically deleted.
In order to use the service, we may collect the following data from you:
petaFuel GmbH automatically collects and stores information from the app in so-called server log files. The following information is transmitted to us by the app:
These data will not be merged with other data sources.
The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the protection of legitimate interests. We use these data to operate and improve the app as well as for fraud prevention.
The data are automatically deleted after 90 days at the latest.
We automatically store information from the app. A consolidation of these data with other data sources is not carried out.
The app can request the following access rights, which are classified as critical. These access rights can be set individually and separately by the client
iOS
Android
In order to enable the use of the App, the App may request additional, non-critical permissions in addition to those listed here.
The app can request these access rights. You can set these access rights individually and separately.
We occasionally engage other companies to provide limited services on our behalf and for the purposes of the business. These companies may only process the personal data that are necessary for the provision of the respective service. These companies undertake to treat the data confidentially. The companies are expressly prohibited from using the information for other purposes. We have concluded an order processing contract with the following companies and we therefore disclose them personal data insofar as this is necessary:
We may have to pass on your data to third-party providers in order to provide our services. However, they are obliged to protect your data.
This app uses the Matomo web analytics service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, to analyse and regularly improve the use of our app. The statistics obtained enable us to improve our service and make it more interesting for you as a user.
As soon as the data are processed, Matomo generates reports for us so that we can react to them (layout changes, new content, etc.).
Matomo does not use cookies for this purpose.
Analysis is based solely on a device fingerprint.
Matomo is hosted on our own servers. There is no data transfer to InnoCraft Ltd at any time.
Matomo processes the following data for this purpose:
You can object to the storage and analysis of these data by Matomo at any time (via Security --> Improve app).
Retention period: up to 30 days
Legal basis: Art. 6 para. 1 lit. f GDPR
When contacting us (e.g. by contact form, email, telephone or via social media), the user's details are processed for the purpose of handling the contact enquiry and its processing pursuant to Art. 6 para. 1 lit. a GDPR (consent of the person concerned) and Art. 6 para. 1 lit. b GDPR (for the performance of a contract or pre-contractual measures). The user's details may be stored in a ticket system or comparable enquiry organisation.
Your personal data will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions, in particular retention periods under tax and commercial law, remain unaffected.
Basic automatic retention periods:
You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right of objection, the right to data portability and the right to lodge a complaint with the competent supervisory authority. Furthermore, you can demand the correction, deletion and, under certain circumstances, the restriction of the processing of your personal data.
When contacting us (e.g. via contact form, eMail, chat, telephone or via social media), your contact data will be stored for the purpose of answering the request. However, this data is also regularly deleted by us.
By agreeing to the storage and transmission of the error report in the app, you agree that your Homebanking Computer Interface (HBCI) data (e.g. account number and turnover) will be transmitted to petaFuel in encrypted form in order to be able to analyse and rectify errors occurring in the app. To protect your login from unauthorised access, the banking password is removed before transmission. An automated transmission of error reports with corresponding HBCI data does not take place. HBCI transactions are only stored locally within the app. When the app is deleted, the locally stored HBCI transactions are also deleted.
The transmission and storage is based on Art. 6 Para. 1 lit. a GDPR (consent of the data subject).
When you agree to the storage and transmission of the error report in the app, you agree that your data (e.g. account number and turnover) will be encrypted and transmitted to petaFuel in order to determine the error.
The VIMpay app offers a chat function that allows users to contact both the customer service and other VIMpay users.
In addition, VIMpay card functions can be used via the chat (e.g. sending money).
A list of all VIMpay card and chat functions can be found at www.vimpay.de/features (see also Privacy at a glance - What we use your data for).
The chat function for communication with customer service is permanently activated. It is not possible to deactivate it.
The chat function for communication with other VIMpay users is deactivated by default. In order to use it, it must first be activated.
By activating and using this chat function, the user agrees that
.Messages are automatically deleted on the server side after a certain period of time:
If a user wishes to deactivate the chat function after activation, an opt-out option is available in the app (not possible for the chat function with customer service!).
By opting out, the user agrees that all messages will be deleted on the server after the above-mentioned deadlines:
The messages will not be deleted from the user's smartphone, but must be deleted by the user himself/herself.
The storage of the chat messages is based on Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract).
For our chat we use Dialogflow, a service of Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Dialogflow is a conversational interface for websites, mobile apps, common communication platforms and IoT devices that enables interactions between users and businesses. Google Dialogflow is part of the Google Cloud Platform offered by Google. Your input will be processed by Google in accordance with Google's privacy policy before being routed to our servers.
„Dialogflow” uses machine learning to „understand” and respond to input. Dialogue questions or information entered are stored and used without personal reference for learning and training purposes and serve to improve the chat system.
For communication with Google Dialogflow, we only use our own IP address.
Accordingly, personal data are only transmitted to Google if you disclose personal data in the context of the chat (= chat messages).
The data processing is carried out on the basis of both Art. 6 para. 1 lit. f GDPR (“Legitimate interest”) and Art. 6 para. 1 lit. a GDPR (“Consent”). Before starting the chat, you agree to the transfer of your data to Google.
Google relies on standard contractual clauses for the transfer of data outside the EEA in accordance with Art 28 of the GDPR.
The Google terms of use for Dialogflow data logging can be found here: Terms of Use
The Google privacy statement can be found here: Privacy Statement
When you use the chat, other users will see your name, your profile picture, your online status and all messages will be saved. If you no longer want to use the chat, you can deactivate it, but all messages will be deleted after a certain period of time.
For our chat, we use ChatGPT, a service provided by OpenAI OpCo, LLC, 3180 18th Street, San Francisco, CA 94110, USA.
ChatGPT is a conversational interface for websites, mobile apps, common communication platforms and IoT devices that enables interactions between users and businesses. Your input is processed by OpenAI in accordance with OpenAI's privacy policy before being routed to our servers.
Submission of data to OpenAI is subject to OpenAI's privacy policy.
Entered dialogue questions or statements will not be stored or used by OpenAI for learning or training purposes. These data are stored for a maximum of 30 days for abuse monitoring purposes and then deleted.
For communication with ChatGPT, we only use our own IP address.
Accordingly, personal data is only transmitted to OpenAI if you disclose personal data in the context of the chat (= chat messages).
The data processing is based on Art. 6 para. 1 lit. f GDPR (“Legitimate Interest”).
OpenAI relies on standard contractual clauses for the transfer of data outside the EEA in accordance with Art. 28 GDPR.
The OpenAI privacy statement can be found here: Privacy Statement.
By enabling and using Apple Pay, you agree that we may allow Mastercard to share data with Apple for payment processing.
The following information will be transmitted:
- Username
- PAN
- Expiry date
These data are encrypted and sent to Apple. Apple decrypts the data, identifies the card's payment network (Mastercard) and re-encrypts the data with a key that can only be decrypted by the payment network.
Apple retains anonymised transaction data, including the approximate amount of the purchase, the name of the app developer and the app, the approximate date and time, and whether the transaction was completed successfully.
The transfer of your data to Apple is based on Art. 6 para. 1 lit.b GDPR (processing for the performance of a contract).
If you choose Apple Pay, your data will be sent to Apple for payment processing.
By enabling and using the Google Pay widget, you consent to us enabling Mastercard to send data to Google LLC for payment processing.
The following information will be transmitted:
- Name
- Address
- Telephone number
- Sales data (e.g. dealer name, location, amount)
The transfer of your data to Google is based on Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract).
If you choose Google Pay, your data will be sent to Google for payment processing.
By activating and using the Swatch Pay widget, you consent to us enabling Mastercard to transfer data to Giesecke+Devrient GmbH (G&D) for payment processing.
The following data will be transmitted:
- Name
- Address
- Telephone number
- Turnover data (e.g. dealer name, location, amount)
The transfer of your data to G&D is based on Art. 6 Para. 1 lit. b GDPR (processing for the performance of a contract).
If you choose Swatch Pay, your data will be sent to Giesecke+Devrient GmbH for payment processing.
By activating and using the widget for Fidesmo Pay, you agree that we allow Mastercard to transfer data to Fidesmo AB for payment processing.
The following information will be transmitted:
- Name
- Address
- Telephone number
- Sales data (e.g. dealer name, location, amount)
The transfer of your data to Fidesmo AB is based on Art. 6 Para. 1 lit. b GDPR (processing for the performance of a contract).
If you choose Fidesmo Pay, your data will be sent to Fidesmo AB for payment processing.
By enabling and using the Click to Pay widget, you consent to our transferring data to Mastercard (Mastercard Inc., 2000 Purchase Street, Purchase, NY 10577, USA.) for payment processing purposes
The following data will be transmitted:
- Name
- Address
- Telephone number
- Card number (encrypted)
The transfer of your data to Mastercard is based on Art. 6 Para. 1 lit. b GDPR (processing for the performance of a contract).
Further information on data protection can be found in Mastercard's data protection conditions at https://www.mastercard.com/global/click-to-pay/de-de/privacy-notice.html#dataTransfer.
If you choose Click to Pay, your details will be sent to Mastercard for payment processing.
By enabling and using the Garmin Pay widget, you consent to our transferring data to Garmin (Garmin Deutschland GmbH, Parkring 35, 85748 Garching) for payment processing purposes
The following data will be transmitted:
- Name
- Address
- Telephone number
- Card number (encrypted)
The transfer of your data to Garmin is based on Art. 6 Para. 1 lit. b GDPR (processing for the performance of a contract).
Further information on data protection can be found in Mastercard's data protection conditions at https://www.garmin.com/de-DE/privacy/garminpay/.
If you choose Garmin Pay, your details will be sent to Garmin for payment processing.
We use the service of our contractual partner transact Elektronische Zahlungssysteme GmbH, Fraunhoferstr. 10, 82152 Martinsried, for prepaid mobile phone top-ups. If you wish to use this service, we will send your mobile phone number to transact Elektronische Zahlungssysteme GmbH. The legal basis for this is Article 6 (1) (b) GDPR (processing for the purpose of fulfilling the contract).
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, X (formerly Twitter) etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. through like-buttons or advertising banners). When you visit our social media sites, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, these data are collected, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all processing procedures on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Our social media sites are intended to ensure the most comprehensive possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
When you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing processes triggered during this visit. You can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) in principle both against us and against the operator of the respective social media portal. Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options depend to a large extent on the corporate policy of the respective provider.
The data collected directly by us via the social media presence are deleted from our systems as soon as you request us to delete them, revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data that are stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection statement, see below).
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected are also transferred to the USA and other third countries.
We have concluded a joint processing Agreement (Controller Addendum) with Facebook. This Meta Platforms Ireland Limited agreement sets out the data processing operations for which we or Facebook are responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can find a contract supplement to this at https://www.facebook.com/legal/EU_data_transfer_addendum/update
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in:https://www.facebook.com/settings?tab=ads.
The data transfer to the USA is based on the Standard Contractual Clauses (SCC) of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For details, see Facebook's privacy statement: https://www.facebook.com/about/privacy/.
We use the social media and social networking service X (formerly Twitter). X functions are offered by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the data processing of persons living outside the USA.
You can adjust your X (Twitter) privacy settings yourself in your user account. To do so, click on the following link and log in: https://twitter.com/personalization.
The transfer of data to the USA is based on the Standard Contractual Clauses (SCC) of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
For details, see X's privacy statement: https://twitter.com/de/privacy.
We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
The transfer of data to the USA is based on the Standard Contractual Clauses (SCC) of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For details on how Instagram handles your personal data, see Instagram's privacy statement: https://help.instagram.com/519522125107875.
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how YouTube handles your personal data can be found in YouTube's data protection statement: https://policies.google.com/privacy?hl=de.
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on TikTok handles your personal data can be found in TikTok's privacy statement: https://www.tiktok.com/legal/privacy-policy?lang=de.
The transfer of data to non-secure third countries is based on the EU Commission's Standard Contractual Clauses (SCC). Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=de.
When using our app, we may contact you with push notifications about new promotions, vouchers and personal offers from VIMpay. For the further development of our offer and for statistical purposes, we record when and how often a push notification is opened. We collect this information pseudonymously. Of course, you can unsubscribe from push notifications at any time in the app settings. The sending of push notifications is based on our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.
The payment processing for VIMpay is carried out by the card-issuing e-money institute PayCenter GmbH, Clemensänger-Ring 24, 85356 Freising.
When you use the payment cards, the payment is processed by PayCenter.
If you use the credit card function, the payment data you enter will be transmitted to PayCenter for payment processing.
The transfer of your data to PayCenter is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option to withdraw your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
The payment processing for VIMpay is carried out by the card-issuing e-money institute PayCenter GmbH.
While our app is generally not directed to children under the age of 16, we strictly adhere to applicable laws for obtaining parental or guardian consent before collecting, using or disclosing information from children. We strongly recommend that parents take an active role in monitoring their children's online activities. If you believe that we have collected personal information from someone under the age of 16, please let us know via datenschutz@petafuel.de.
We reserve the right to amend this privacy statement at any time to the extent permitted by law. The current version can be found on the website under the link „Privacy Policy“
We are constantly working on improvements that may also have an impact on the data protection statement. However, we will never change it without informing you.