1. Who is in charge of data processing, and whom can you contact?
The company in charge of processing your data is:
PSA Payment Services Austria GmbH (“PSA”)
Handelskai 92, Gate 2
1200 Vienna
https://www.psa.at/impressum
If you have any questions, you can contact the data protection officer by email at privacy@psa.at, or by post at PSA Payment Services Austria GmbH, c/o Data Protection Officer, Handelskai 92, Gate 2, 1200 Vienna.
2. As the controller, what data does PSA process, and for what purpose?
The only personal data collected are those that are required to perform and process our services, or those that you provide to us voluntarily. As controller, PSA processes the personal data of:
3. What sources do these data come from?
4. Data transfer
Processors contracted by PSA (e.g. IT service providers, etc.) process your data as needed to perform their respective services. PSA contractually obligates its processors to ensure the confidentiality and security of personal data. When required by a statutory or regulatory requirement, public bodies and institutions (e.g. courts, Austrian Financial Market Authority, Austrian National Bank) may be recipients of your personal data.
When necessary, PSA may also process and transfer personal data to bodies engaged in the prevention and/or investigation of payment card fraud in order to protect payment processes from fraud and to ensure the security of the transaction and of payment transactions in Austria.
We have taken appropriate technical and organisational measures to protect your personal data. In particular, these measures include actions to prevent unauthorised physical or digital access to your personal data, such as input controls, processor controls, and availability controls.
5. How long are personal data saved?
PSA processes your personal data for as long as it is required to do so by statutory retention and documentation requirements, as specified in ZaDiG 2018, the Austrian Commercial Code [Unternehmensgesetzbuch, UGB], the Austrian Federal Tax Code [Bundesabgabenordnung, BAO], the Austrian Banking Act [Bankwesengesetz, BWG] and the FM-GwG, among others. Under certain circumstances (e.g. in the case of ongoing warranty obligations), data are retained until the end of the limitation period or until the cessation of the relevant event.
6. What rights do I have as a data subject?
Please note once again that all rights and questions relating to the processing of personal data for your debit/Bankomat® card or credit card should primarily be addressed to your bank as your contractual partner and the controller for the data processing.
You have at any time a right to access, rectification, erasure or restriction of processing of your saved data, a right to object to processing (insofar as the data is processed on the basis of a public interest or to protect a legitimate interest), and a right to data portability in accordance with the provisions of the data protection law.
To exercise these rights, you can contact PSA by email at privacy@psa.at, or by post at PSA Payment Services Austria GmbH, c/o Data Protection Officer, Handelskai 92, Gate 2, 1200 Vienna. Complaints can be directed to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
7. Am I required to provide data?
You are not required by law to provide your data to us. However, if you do not provide us with your data, we may not be able to perform our services (e.g. card blocking) for you.
Insofar as the data processing is based on your consent, you can withdraw this consent at any time with future effect. To withdraw your consent, you can contact PSA by email at privacy@psa.at, or by post at PSA Payment Services Austria GmbH, c/o Data Protection Officer, Handelskai 92, Gate 2, 1200 Vienna. Without your consent, however, we may not be able to perform our services for you.
8. Information on automated decision-making, including profiling
PSA does not process any personal data in automated decision-making processes.
9. Updates to data privacy statement
This data privacy statement may be updated without prior notice in order to reflect changes to the law or changes to the procedures under which personal data is processed. PSA will announce any changes by means of a notice on its website.
10. Information on use of PSA’s website (web analytics)
To continuously improve our website and for the purposes of system performance, providing information about our service portfolio and optimising the user experience, the service provider for the PSA website automatically prepares server log files with information automatically provided by your browser.
11. For processing relating to your debit/Bankomat® card or credit card, PSA is a processor for your bank
For Austrian financial institutions, PSA acts as the central service provider (processor) which provides the technical systems for issuing cards, payment mediums on mobile phones (e.g. Bankomat®Karte mobil), or for processing transactions.
If you have questions about the processing of personal data in relation to your debit/Bankomat® card or credit card, e.g. in connection with Bankomat® card payments or cash withdrawals, please contact your bank.
12. Microsoft Teams
PSA offers its contractual partners the option to communicate via Microsoft Teams at its partners’ request. Microsoft Teams is a videoconferencing tool offered by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland and the Microsoft Corporation, One Microsoft Way Redmond, Washington 98052 (“Microsoft”).
Microsoft is based in the United States, and the data may be processed there. For more information about processing in connection with the use of Microsoft Teams and the standard contractual clauses signed by and between us and Microsoft, see www.microsoftvolumelicensing.com/DocumentSearch.aspx
Use of Microsoft Teams is not required to communicate with PSA. Our contractual partners can decide if they wish to make use of this option. As an alternative, PSA offers personal discussions and conference calls. If the contractual partner wishes to communicate via Microsoft Teams, PSA will accommodate this. As such, processing is performed on the basis of fulfilment of contractual obligations (Art. 6 (1) b GDPR).