1. Preamble/General Information – Data processing in connection with your debit card or credit card as a processor for your bank
PSA takes on the role of the central service provider (processor) for Austrian banks and provides the technical systems for issuing cards and payment media on mobile phones (debit card mobile) and for processing transactions.
If you have any questions about the processing of personal data in connection with your debit card or credit card (e.g. as part of the issuing support for the debit cards and cash withdrawals), please contact your bank.
2. Who is responsible for data processing and who can you contact?
The party responsible for the processing of your data is
PSA Payment Services Austria GmbH (“PSA”)
If you have any questions, you can contact the Data Protection Officer by e-mail at firstname.lastname@example.org or by post at PSA Payment Services Austria GmbH, c/o Data Protection, Rennweg 46-50, 1030 Vienna.
3. What data does PSA process as the responsible party?
We only collect the personal data necessary to perform and process our services or that you have voluntarily provided to us. As the responsible party, PSA processes personal data from:
4. What sources does this data come from?
5. For what purposes and on what legal basis is the data processed?
PSA processes personal data
to fulfill legal obligations (Art 6 Para 1 lit c GDPR)
to protect legitimate interests (Art 6 Para 1 lit f GDPR) through
to fulfill contractual obligations (Art 6 Para 1 lit b GDPR);
within the scope of consent (Art 6 Para 1 lit a GDPR)
A given consent can be revoked at any time effective for the future. To do so, contact us by e-mail at email@example.com or by post at PSA Payment Services Austria GmbH, c/o Data Protection, Rennweg 46-50, 1030 Vienna.
Data processing or data transmissions that are necessary to fulfill the contract cannot be revoked.
6. Data transmission
Within PSA, only those employees will receive your data who require it to fulfill their contractual, legal and regulatory obligations as well as legitimate interests.
Processors commissioned by PSA (these are in particular IT service providers, payroll processors, etc.) will only process your data if they need it to perform their respective services. PSA contractually obligates its service providers to guarantee the confidentiality and security of personal data. If there is a legal or regulatory obligation, public bodies and institutions (e.g. courts, Austrian Financial Market Authority) may also receive your personal data.
If necessary, personal data will also be transmitted to bodies that pursue the prevention and/or clarification of payment card fraud in order to protect payment transactions from fraud and to ensure the security of the transaction and Austrian payment transactions.
We have taken the appropriate technical and organizational measures to protect your personal data. These measures include, in particular, measures to protect against unauthorized access to your personal data, as well as input, order processor and availability monitoring.
7. How long is personal data stored?
Your personal data will be processed by PSA as long as PSA is obligated to do so according to legal retention and documentation obligations as outlined in the Payment Services Act (ZaDiG), the Business Code (UGB), the Federal Tax Code (BAO), the Banking Act (BWG), and the Financial Market Money Laundering Act (FM-GwG). In special cases (e.g. in the event of ongoing warranty obligations) data will be kept until the end of the statute of limitations or the time at which the case has been resolved.
8. What rights do I have as a data subject?
We would like to point out once again that rights and questions in connection with the processing of personal data on your debit card or credit card should primarily be directed to your bank as your contractual partner and party responsible for the data processing.
You have the right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to processing and a right to data portability in accordance with the requirements of the GDPR.
To do so, contact us by e-mail at firstname.lastname@example.org or by post at PSA Payment Services Austria GmbH, c/o Data Protection, Rennweg 46-50, 1030 Vienna. You can address complaints to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
9. Am I obligated to provide data?
In order to block cards, prevent fraud, fulfill legal obligations or process a contractual relationship, it is necessary to process personal data. If you do not provide us with this data, it will generally not be possible to process a transaction or block a card.
To clarify, we want to state that you are not obligated to provide your consent to data processing with regard to data that is not relevant or that is not required by law and/or regulation.
10 Information about automated decision making including profiling
PSA does not process personal data in automated decision-making processes.
11. 11. Updating data protection information
This data protection information can be updated without prior notice to reflect legal changes or changes in the processes of processing personal data. In the event of a change, PSA will inform you with a notice on the website.
12. Information on the use of the PSA website (web analysis)
Our websites use Google Analytics, a web analytics service provided by Google Ireland Ltd (“Google”). Google Analytics uses “cookies”, text files that are saved on your computer and enable an analysis of your use of the website. We process your data on the basis of our overriding legitimate interest in order to create easy-to-use website access statistics in a cost-effective manner.
The information generated by the cookie about your use of our websites is transmitted to Google servers in the USA and stored there. Our websites use the IP anonymization option offered by Google Analytics. Google will not combine the IP address transmitted by your browser as part of Google Analytics with other data. We do not save any of your data that is collected in connection with Google Analytics.
You can prevent the storage of cookies by setting your browser software accordingly. In this case you may not be able to use all of the functions of our website to their full extent.