I. Controller, Scope
Payrails is a service provided by Payrails GmbH (hereinafter also referred to as “Provider”), acting as Controller in accordance with relevant data protection provisions. Please find the full company and contact details on the website.
The protection of personal data has the highest priority for us. We would therefore like to inform you about which data we collect when, and how we process your personal data. This privacy notice describes the collection and processing of personal data on the website www.payrails.com (hereinafter referred to as "Website").
II. General information about data processing
1. Purposes of processing
In principle, we only process the personal data ofUsers if this is necessary to provide a functional Website. With your consent, we may process additional data for general analytics purposes in order to improve our offering.
2. Legal basis for the processing of personal data
Most often we process personal data according to one of the following legal bases:
Whenever we collect the data subject’s consent to the processing of personal data, Art. 6 para. 1 a EU General Data Protection Regulation (GDPR) serves as the legal basis.
If the processing of personal data is necessary for compliance with a legal obligation which the Controller is subject to, Art. 6 para. 1 c GDPR serves as the legal basis.
contract or pre-contractual measures
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party and if such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1 f GDPR serves as the legal basis.
3. Data erasure and retention time
In principle and unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage is achieved. If the storage is based on your consent, personal data can be stored as long as you do not revoke such consent.
Furthermore, data may be stored if it is required byEuropean or national legal provisions, laws or regulations which we are subject to. Personal data will be blocked or deleted if the retention period set forth by the any such regulations expires, unless further storage is necessary for the conclusion or fulfilment of a contract.
4. Transfer to third countries
Unless otherwise stated, all data processing operations take place within the EU or the EEA countries.
Data processing operations carried out by third-party providers established outside the mentioned geographical area may be carried out in part or in full in the countries the respective providers are based in, in accordance with the relevant and applicable data protection regulations.
A transfer of personal data outside the EU or the EEA shall only take place on the basis of on an adequacy decision of the EuropeanCommission, or subject to appropriate safeguards, including but not limited to standard data protection clauses adopted by the European Commission.
III. Processing of personal data in general
When you access the Website we automatically collect data about your use. This includes in particular the accessed URL, access date and time, transferred data volume, http status code of the access reply, web browser type and operating system, HTTP referrer, as well as IP address. This information is not associated with your identity.
We collect and process such data to ensure Website operation and availability. In addition, it is used to analyse, store and evaluate information about User behaviour in an anonymous form and to continuously improve and further develop our service. We only store your IP address in the log files for a limited period of time, if this is necessary for security purposes.
These purposes constitute our legitimate interest, which justifies data processing pursuant to art. 6 par. 1 lit. f) GDPR.
VI. Personal data you provide voluntarily
Personal data processed when contacting us
If you contact us via the Website, we will only collect such data and information that you will provide when describing the reason for your request. The provision of personal data is not required to this end. Should any personal data be provided, it will only be used to process your request and reply to it.
If you contact us via the e-mail address specified on our website, you will provide the following personal data: name, e-mail address. This information will only be used to process your inquiry and reply to it.
These purposes constitute our legitimate interest, which justifies data processing pursuant to art. 6 par. 1 lit. f) GDPR. In some cases, the reason why you contact us may be a pre-contractual measure, in which case the legal basis for processing is art. 6 par. 1 lit. b) GDPR.
VII. Data Processors
In order to provide our services, we may cooperate with selected third-party providers who process data on our behalf (“Processors”). This may for instance be
- e-mail service providers
- recruitment managementproviders
- website creation and hosting provider
- CRM services
As far as legally required, we have entered into agreements pursuant to art. 28 GDPR with Processors processing your personal data on our behalf.