EVO takes the protection of personal data and thus your privacy very seriously. At this point we would like to inform you how EVO protects your data and what it means for you when you use our customizable services. In order to guarantee the greatest possible protection of your privacy we comply with the provisions of the EU General Data Protection Regulation (GDPR) and the relevant laws of the Member States.
1. Name and address of the controller
The responsible body and service provider is EVO Payments International s.r.o. (hereinafter referred to as "EVO"). You can contact us by e-mail to: GDPR@revopayments.cz or in writing to: EVO Payments International s.r.o., with offices located at Hvezdova 1716/2b, Nusle, 140 00 Prague 4, Czech Republic.
2. Name and address of the data protection officer
Our data protection officer is Michael Shea. You can also contact our data protection officer at any time with any questions concerning data protection.
3. Scope of application
4. Principles of data processing
Personal data is all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that cannot be used to identify you (or only with disproportionate effort), e.g. by anonymizing the information, is no personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be erased as soon as the purpose of the processing has been achieved and no legally prescribed retention obligations must be observed.
If we process your personal data for the provision of certain offers, we will inform you subsequently about the specific processes, the scope and purpose of data processing, the legal basis for the processing and the corresponding storage period.
5. Use of service providers for the processing of personal data / processing of data in countries outside the European Economic Area
The data and information provided in the context of the contractual relationship will be processed within the 'EVO Payments International' group with its affiliated corporations for the management of merchants. Considering this, contractual regulations or other approved instruments provide sufficient guarantees for protecting your personal data adequately.
Service providers in countries such as the USA or other countries outside the European Union are subject to a data protection law that does not generally protect personal data to the same extent, as in the Member States of the European Union. As far as your data are processed in a country which does not provide an adequate level of data protection such as the European Union does, we ensure the adequate protection of your personal data with contractual regulations or other approved instruments.
6. Various processing operations
6.1 Provision and use of the Website
6.1.1 Nature and scope of data processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is stored temporarily in a so-called log file. When you use our website, we collect the following data that is technically necessary for us to provide you with access to our website and to ensure its stability and security:
6.1.2 Period of storage
As soon as the data is no longer required for providing the website, it will be erased. The collection of data for the provision of the website and the storage of data in log files is necessary for the performance of the website. Consequently, the user cannot object processing in this respect. Further storage may take place in individual cases if this is prescribed by law.
6.1.3 Legal basis
Art. 6 para. 1 lit. f GDPR serves as the legal basis for the aforementioned data processing. The processing of the aforementioned data is necessary for the provision of a website and thus serves as a legitimate interest of our company.
6.2 Contact form
6.2.1 Nature and scope of data processing
If you would like to contact us online, we will ask for your name and email address. You can also enter your company’s name, your telephone number and send us a message containing your issues.
It is your free decision whether you provide us with this data or not. However, without this information we are not able to answer your contact request.
6.2.2 Period of storage
The period of storage of the abovementioned data depends on the circumstances under which you established contact with us. However, we will erase your personal data collected via the contact form as soon as your request has been processed and the relevant facts have been finally clarified. Further storage may take place in individual cases if applicable law requires this.
6.2.3 Legal basis
If you use the contact form in order to take steps prior to entering into a contract with us, the processing of the aforementioned data is necessary and thus in accordance with Art. 6 para. 1 lit. b GDPR.
If you use the contact form for purposes other than taking steps to entering into a contract the lawfulness of data collection is based on Art. 6 Para. 1 lit. f GDPR, since there is a similar interest in establishing contact and communication between you and us as well as a legitimate interest of EVO Payments International s.r.o. in processing the aforementioned data in order to be able to process your request.
6.3. Customer portal
6.3.1 Nature and scope of data processing
On our website we offer you the opportunity to register by providing your personal data. With the processed data we create an personalized user account for you, with which we make certain contents and services accessible to you. When you visit the website in the future, you can log in conveniently with your user name and password of your choice. We process your e-mail address so that we can send you new access data in case you forget it.
The following overview shows you in detail which of your personal data (authorized representatives 1 and 2, contact persons 1 and 2) we process during registration:
6.3.2 Period of Storage
As soon as the registration on our website is cancelled or modified, the data processed during the registration process will be erased. Further storage may take place in individual cases if it is required by law.
6.3.3 Legal basis
Pursuant to Art. 6 para. 1 lit. b GDPR, the processing of the aforementioned personal data serves in order to take steps prior to entering into a contract with EVO Payments International s.r.o.
6.4 Data processing of applicants
6.4.1 Nature and scope of data processing
If you would like to apply online, we need some personal data in terms of processing your application. The following application data is therefore collected and processed within the scope of the online application:
6.4.2 Period of storage
The data collected for the purpose of the application procedure will be stored for a duration of maximum 6 months after the end of the application procedure.
6.4.3 Legal basis
The collection and use of personal data of our users regularly only takes place after the user’s consent. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.
However, you have the right to withdraw your consent on the processing of your personal data at any time without giving reasons by e-mail to GDPR@revopayments.cz or by post to with offices located at Hvezdova 1716/2b, Nusle, 140 00 Prague 4, Czech Republic.
7.1 Nature and scope of data processing
We use many types of cookies on our websites, the different types and functions will be explained in more detail below.
On our website we use transient cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session-ID. This makes it possible for you to assign different requests of your browser to a shared session and we are able to recognize your device during subsequent website visits.
Furthermore, we use persistent cookies on our website. Persistent cookies are cookies that are stored in your browser for a prolonged period of time and transfer information to us. The respective duration of storage differs depending on the cookie. You can erase persistent cookies independently in your browser settings.
These cookies enable us to analyze the use of the website and improve its performance and functionality. For example, information is collected on how visitors use our website, which pages are accessed most frequently, or whether error messages are displayed on certain pages.
We also use these cookies for marketing and social media purposes. Cookies in advertising (third party providers) allow us to show you various offers that match your interests. With the help of such cookies, the web activities of users can be recorded over a prolonged period. You may recognize the cookies on various devices you use.
The following third party providers receive personal data via cookies integrated on our website:
Furthermore, certain cookies allow us to connect to your social networks and share content from our website within your networks.
7.2 Legal basis
7.2.1 Period of storage
As soon as the data transmitted to us via the cookies is no longer necessary for the purposes described above (cf. 7.1), this information will be erased. Further storage may take place in individual cases if this is required by law.
7.2.2 Configuration of browser settings
Most browsers are set to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may not be able to use all functions of our website if cookies are deactivated in your browser settings on our website. You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is also possible to set your browser so that it informs you before cookies are saved. Since the different browsers can differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options.
If you would like a comprehensive overview of the access by third parties to your Internet browser, we recommend that you install specially developed plug-ins.
8. Use of Google Analytics within this website
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so called "cookies", which are text files placed on your computer, to help you analyze how the website is used. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
This website automatically anonymizes your IP address; your Google IP address within the European Union or in signatory states to the Agreement on the European Economic Area will be reduced before it is stored. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data from Google.
We also use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can disable it using the Ads Preferences Manager www.google.com/settings/ads.
9. Google Remarketing
Our website uses the remarketing function of Google Inc. "("Google"). This function is generally used to present personalized advertisements that is part of Google's advertising network to website users. To enable this, cookies are stored on your computer. When you visit our website and then visit a website that is part of the Google advertising network, you may be exposed to advertising from EVO Payments International s.r.o.
According to its own statements, Google does not collect any personal data in this process. However, if you do not wish to use Google's remarketing feature, you can always deactivate it by making the appropriate settings at www.google.com/settings/ads.
10. Google Ad Words
The data controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads in both Google's search engine results and the Google Advertising Network. Google AdWords allows an advertiser to define certain keywords in advance, which are used to display an ad in Google's search engine results only if the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are spread to topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.
The operator of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying personalized advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If a person concerned enters our website via a Google ad, a so-called Conversion-Cookie is stored on the information technology system of the person concerned by Google. The subject of cookies has already been explained above. A Conversion-Cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not expired yet, the Conversion-Cookie is used to determine whether certain sub-pages, such as the shopping basket of an online shop system, have been accessed on our website. The Conversion-Cookie enables both us and Google to track whether a person who has accessed our website via an AdWords-Ad has generated revenue, i.e. has completed or cancelled a purchase of goods.
The data and information collected through the use of the Conversion-Cookie is used by Google to generate user statistics for our website. These statistics are used by us to determine the total number of users who have been referred to us via AdWords-Ads, i.e. to determine the success or failure of the respective AdWords-Ad and to optimize our AdWords-Ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the person concerned.
The Conversion-Cookie is used to store personal information, such as the websites visited by the person concerned. Personal data, including the IP address of the internet connection used by the person concerned, is therefore transferred to Google in the United States of America each time they visit our website. The personal data is stored by Google in the United States of America. Google may transfer the personal data collected via the technical process to third parties.
The person concerned can block the setting of cookies through our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently block the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a Conversion-Cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be erased at any time via the Internet browser or other software programs.
Furthermore, the person concerned has the possibility to object to personalized advertising by Google. To do this, the person concerned must access the www.google.de/settings/ads link from each of the Internet browsers they use and change the required settings there.
11. Rights of data subjects
The GDPR provides the following rights for you as a data subject with regard to the processing of personal data:
11.1 Right of access
According to Art. 15 GDPR you can request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored, the existence of a right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory Authority, where the personal data are not collected from the data subject, any available information as to their source, the existence of automated decision-making, including profiling and, where applicable, meaningful information on their details.
11.2 Right to rectification
According to Art. 16 GDPR you can immediately demand without undue delay the rectification of inaccurate personal data concerning stored with us.
11.3 Right to erasure
According to Art. 17 GDPR you have the right to obtain the erasure of your personal data stored with us, as far as processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public Interest or for the establishment, exercise or defence of legal claims.
11.4 Right to object
In accordance with Art. 18 GDPR, you have the right to obtain from the controller restriction of processing if you dispute the accuracy of the personal data is contested, the processing is unlawful, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims. You also have the right according to Art. 18 GDPR if you have filed an objection against the processing in accordance with Art. 21 GDPR.
11.5 Right to data portability
According to Art. 20 GDPR, you have the right to receive the personal data provided by you to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
11.6 Right to withdraw
According to Art. 7 para. 3 GDPR you have the right to withdraw your consent to us at any time. As a result, we may no longer continue the processing of data based on this consent in the future.
11.7 Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. Usually you can contact the supervisory authority of your habitual residence, your place of work or our company headquarters.
Our website contains so-called hyperlinks to websites of other providers. If these hyperlinks are activated, you will be redirected from our website directly to the website of the other provider. You can recognize this, among other things, by the change of the URL. We cannot take responsibility for the confidential handling of your data on these third party websites, as we have no influence on whether these companies comply with the data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on their websites.
13. Data security and safety regulations
We commit ourselves to protect your privacy and to treat your personal data confidentially. In order to avoid manipulation, loss or misuse of your data stored with us, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress. This includes the use of established encryption methods (SSL or TLS). However, we would like to point out that due to the structure of the internet, it is possible that the regulations of data protection and the above-mentioned security measures may not be complied with by other persons or institutions for which we are not responsible. In particular, unencrypted data - e.g. if transferred by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.