. 5. Data Share. Who gets my data?Other than the processing listed above, your personal data will only be shared with your consent. Within TapTapp, only those who need access to your data to fulfill our contractual and legal obligations will also receive access to it. With the express consent to this data protection declaration, you give us consent to share your data as specified in section 2 d) - g) with the respective card provider or the respective partner company. 6. Data Transmission. Will data be transmitted to a third party country or an international organization?Data transmission to sites in states outside of the European Union (so-called third-party states) occurs provided that it is required to execute your orders,it is legally prescribed,within the scope of order data processing or you have given us your consent.If there are service providers in a third party state, they are additionally obligated to the written instructions through the agreement of the EU standard contract clauses or certification under the Privacy Shield to comply with the data protection level in Europe. 7. Data Storage. How long will my data be saved?We process and save your personal data as long as it is required to fulfill our contractual and legal obligations. It must be considered that our business relationship is a continuing obligation that exists for years.If the data is no longer required to fulfill contractual or legal obligations, it will be deleted regularly unless the limited further processing is required to preserve evidence within the scope of statutory limitation periods. According to §§ 195ff. of the Civil Code (BGB), these limitation periods can amount to up to 30 years, whereby the regular limitation period is 3 years. 8. Data protection rights. What data protection rights do I have?Every affected person has the right to information according to article 15 GDPR, the right to correction according to article 16 GDPR, the right to deletion according to article 17 GDPR, the right to limit processing according to article 18 GDPR, the right to opposition from article 21 GDPR as well as the right to data transmission from article 20 GDPR. With the right to information and deletion, the restrictions according to §§ 34 and 35 GDPR apply. Furthermore, there is a right to lodge a complaint to a responsible data protection supervisory authority (article 77 GDPR in connection with § 19 GDPR).You can opt out of the granted consent for the processing of your personal data. 9. Obligation to me. Is there an obligation to me providing data?Within the scope of our business relationship, you have to provide personal data that is required for the beginning and execution of a business relationship and the fulfillment of the affiliated contractual obligations or for the collection of which we are legally obligated to. Without this data, we are normally not able to complete the contract with you or execute it. 10. Automated decision. What type of automated decision-making exists?We do not use fully automatic decision-making in accordance with article 22 GDPR. 11. There is no data profiling.
13. How do we protect visitor information?
Our platform is thoroughly scanned on a regular basis for security holes, known and unknown vulnerabilities in order to make our platform as safe as possible.
All of our systems are encrypted, both at transfer and at rest with popular and proprietary encryption algorithms, exceeding the current security standard of digital wallets.
Your personal information is contained behind secured networks and is only accessible by a stricly limited number of persons who have special access rights to such systems, and are required to keep the information confidential. Note all direct access to Cards systems is strictly audited, recorded and logged. Highly sensitive information, as defined by our strict internal secret security policy, is not accessible by anyone at Cards. In addition, all sensitive/credit/transactional information you supply is encrypted via Secure Socket Layer (SSL) technology at transfer, alongside with other proprietary encryption techniques.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
14. Third Party Disclosure
Do we disclose the information we collect to Third Parties?Cards discloses analytical/identification information to Card Issuers which issued the digital cards you have in your digital Cards account. We do not disclose any information to Card Issuers of cards you do not have in your account. Please note that Cards Issuers usually already have your personal information which you supplied to them upon issuing of their card. Some of your data from section 2 are processed in an automated manner (so-called profiling) with the objective of designing the app to meet demands or to be able to inform you in the app about products and offers from our partners. This permits us communication and advertising as needed in the app including market and opinion research on the basis of anonymous data.