Privacy Policy

Privacy Policy of IXOPAY

Privacy Policy

Table of contents

1. Introduction

2.         Which of your data do we collect, for which purposes and on which legal basis do we process it?

3.         Cookies

4.         Embedded services and content of third parties

5.         Is your data disclosed to recipients?

6.         How long do we keep your data?

7.         Your Rights under GDPR, and other Data Protection Laws

8.         Data security

9.         Amendments of our Privacy Policy

1. Introduction

1.1. This Privacy Policy provides transparent information about the processing of personal data by IXOPAY for visitors to our website www.ixopay.com (“Website”), and the related services, functions and content ("Online Services") as well as interactions on IXOPAY’s social media pages (e.g., LinkedIn, Facebook, X, “Social Media Sites”). We explain what personal data we collect, process, and use when you engage with our Online Services or social media sites. The Terms of Use for the Website are available via the link in the footer.

1.2. The legal entities processing personal data as autonomous controllers or as joint controllers under Art 26 GDPR are:

  • IXOPAY GmbH, Vorgartenstraße 206c, 1020 Vienna, Austria (“IXOPAY AT”),
  • IXOPAY, Inc., 333 E Main St #396, Lehi, Utah 84043, USA (“IXOPAY US”)

In this statement, we collectively refer to IXOPAY AT and IXOPAY US as “IXOPAY”, “we”, “us” or “our”, as the context provides. 

1.3. For the following activities relating to the provision and administration of the Website, IXOPAY AT and IXOPAY US act as joint controllers under Article 26 GDPR meaning both companies collaboratively determine the purposes and means of processing your personal data and share joint legal responsibility: 

Use of cookies and other targeting services (jointly "Cookies") that collect personal data to provide you with personalized content and advertisements and to analyze behavior of Website visitors and Online Services users like page visits, clicks and time spent on subpages of our Website (see sections 2.3 and 3 below),

Combined marketing activities and market research for IXOPAY services, namely drafting and distributing marketing materials, such as newsletters and recommendations, through multiple communication channels (see sections 2.3, 2.4 below).

Hereinafter, “Joint Controllers” means IXOPAY AT and IXOPAY US jointly considered when they process data as joint controllers. The essence of the Joint Controllers’ arrangement under Article 26 GDPR is available here.

1.4. The Joint Controllers also process personal data for recruitment activities and to assess job applications. This involves examining submitted documents, conducting interviews, and contacting references or performing background checks as required by local laws and regulations. These activities are exclusively governed by our Data Privacy Policy for Applicants.

1.5. When providing Online Services (see Section 2.5 below) and IXOPAY services, IXOPAY handles personal data according to client instructions, acting as a Processor. These processing activities are governed by a service-specific Data Processing Addendum and are not covered by this Privacy Policy. 

2.        Which of your data do we collect, for which purposes and on which legal basis do we process it?

2.1.       Contacting us

When you fill out the contact form or the qualification form on our Website or establish contact with us via e-mail or through other communication means, we process the data you voluntarily provide (name, email address, nature of the inquiry, subject, and content of your message as well as other fields completed in forms on our Website). This data is processed solely for handling your inquiry, getting in touch with you if desired, and providing you with the requested information. This data processing is necessary for the performance of a contract or to take steps prior to entering into a contract.

2.2.       Server log files

We collect and process the following data when you visit our Website and hence access the server containing the requested service (server log files): name of the accessed Website, file type, date and time of access, data volume, server status codes, processing time, browser and client type and version, operating system, IP address, and requesting provider. This data is generated automatically and is necessary for operating our Website, distributing web server requests, detecting and rectifying errors, and security purposes. If you contact us via the Contact Form, we also process connection data regarding source and target (network discovery or address, port numbers, protocol, e-mail address, e-mail subject, connecting server, protocol details, reputation data for spam filters, reverse DNS, obvious labelling, connected servers), authentication details and technical e-mail meta information. This data processing is necessary for our legitimate interest in operating error-free and secure Websites, and it is stored for a maximum of 15 days.

2.3.       Usage data

With your consent for Reporting Cookies, we collect and process the following data about your use and interaction with our Website: IP-address, internet browser, browser language, operating system, requested files, Java settings, screen resolution, color depth, interactions (visitor behavior, time, and duration) and referrer URL (meaning the internet site from which you visit us). 

With your consent for Marketing Cookies, we process information on certain activities on our Website, such as contacting us (Conversions). If you access our website via an advertising system (e.g., Google Ads), we learn from which campaign you came to us. You can withdraw your consent at any time via the "Cookie Settings" or through your browser settings with effect for the future.

The usage data is collected through Google Analytics (see section 3.5 below). We use this usage data for web analysis, improvements of our Website, and increasing usability. 

2.4.       Newsletter

Based on your consent we process the personal data that you voluntarily provide during registration for the newsletter (email address and possibly your name) for sending email newsletters about our current projects, marketing, and product information, and for measuring your reading habits. Our newsletters contain a mechanism to measure your reading habits (if and when opened, links clicked), which helps us adjust our content accordingly. You can withdraw your consent to receive our newsletter at any time via email to [email protected] or through the unsubscribe link in our newsletters.

2.5.       Registration and User Account

​​When you register on our Website and have a user account for our Online Services, we process the following personal data: title, name, company, email address, address, telephone number, IP address, VAT number, and access data. This data is processed solely for operating your account and billing our services. This processing is necessary for the performance of a contract or to take steps at your request before entering into a contract. Further information on our data processing in the context of the business relationship is available in our “Privacy Policy for Contracting Parties.” The actual provision of the service (particularly, maintaining id.ixolit.com)  is carried out on your behalf, in our role as a processor.

2.6. Social Media

The Joint Controllers operate accounts on the below social networks for combined marketing purposes.

Facebook (Meta)

On the IXOPAY Facebook page, the Joint Controllers process information about your activities, such as likes, posts or comments, and receive aggregate (anonymous) statistics generated by Facebook and logged on Facebook servers when people interact with pages and their associated content (Facebook Page Insights). 

When processing personal data on our Facebook Pages as part of Facebook Page Insights, we are joint controllers with Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This means that Facebook and we jointly determine the purposes and means of this processing. 

We receive anonymous statistics from Facebook about how people interact with our Facebook pages and the content associated with them. We have no influence on how Facebook processes your data. The creation of page insights by Facebook may be based on the processing of personal data. According to its own information, Facebook processes, among other things, information about what content you view or how you interact with that content. The information actually collected by Facebook depends on whether and how you use Facebook products. 

Facebook assumes all obligations under the GDPR for the processing of Insights data, including fulfilling the right of access to data processing and the right to erasure. If you exercise your data subject rights regarding Insights data with us, we are contractually obligated to forward all relevant information regarding such requests to Facebook within 7 days.

For more information about Facebook Page Insights and our shared responsibility for data processing with Facebook, please visit Facebook Page Insights and the Facebook Privacy Policy.

LinkedIn

On the IXOPAY LinkedIn page, the Joint Controllers process information about your activities, such as likes, posts or comments. In addition, we receive aggregate (anonymous) statistics generated by LinkedIn and logged on LinkedIn servers when people interact with pages and their associated content (LinkedIn Page Insights). We also use the marketing offer "LinkedIn Ads" to address specific target groups.

When processing personal data on our LinkedIn pages as part of LinkedIn Page Insights, we are joint controllers with LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). This means that LinkedIn and we jointly determine the purposes and means of this processing. 

LinkedIn assumes all obligations under the GDPR for the processing of Insights data, including the fulfillment of the right of access to data processing and the right to erasure. If you exercise your data subject rights regarding Insights data with us, we are contractually obligated to forward all relevant information regarding such requests to LinkedIn within 3 days.

For more information about LinkedIn Page Insights and our joint responsibility for data processing with LinkedIn, please visit LinkedIn Page Insights and the LinkedIn Privacy Policy. 

X

On the IXOPAY X page, the Joint Controllers process information about your activities, such as likes, posts or comments. For more information about X, please visit the X Privacy Policy.

3.        Cookies

3.1.    General Information 

Cookies are files transmitted from our web server to your web browser and are stored on your device for later retrieval. Through such cookies, our Website can store important data to provide you with our services and to make the use of our Website more comfortable for you. You are not required to consent to the use of reporting or marketing cookies to use the Website.

3.2.    Types of Cookies

Session Cookies: are temporary cookies valid for the duration of your visit and are erased automatically thereafter.

Persistent Cookies: stay on your device and are not erased automatically when you close your browser. Persistent cookies improve your user experience by customizing the Website to your needs and optimizing loading time.

An overview of all purposes of session and persistent cookies, and options to enable or disable cookies are available in our "Cookie Settings" tool (cf Section 3.4).  

3.3.        Google Tag Manager 

Our Website uses the "Google Tag Manager" to implement and manage the Google Reporting and Marketing services into our Website according to your Cookie Settings. No cookies are set, nor do we process personal data in this context.

3.4.    Cookie Settings

You can accept or reject individual or all types of cookies that are not strictly necessary easily via our "Cookie Settings" tool, which also includes details on the types of cookies we use on this Website.

Most internet browsers accept cookies by default, but you can adjust your settings to control the placement and storage of cookies:

Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Chrome: https://support.google.com/chrome/answer/95647?hl=en 

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

In addition, you can deactivate cookies via Your Online Choices. This process will ask your device for an ID-Tag of an "opt-out-cookie" preventing data to be linked/associated with your device. Note that this process does not remove the opt-out-cookie; it must remain on your device for the opt out to work successfully, recognizing your opt-out. You will need to repeat this process on each internet browser you use and if you delete all cookie data from your device. Nonetheless, the use of Your Online Choices does not guarantee that no third parties use cookies through our Website. 

3.5.       Third Party Cookies 

If you have consented to Reporting Cookies, we use the following:

Google Analytics

Google Analytics collects, analyzes, and reports on website traffic and user behavior. Google Analytics, a service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland ("Google"), typically transmits information generated through Google Analytics Cookies to Google servers in the United States, where it is stored.

Pseudonymized user profiles can be generated from the processed data, and Google may share this data with third parties acting on its behalf or as required by law. Both Google and government authorities might have access to this data. Under the current data processing arrangements, Google is contractually committed to transferring personal data outside the EU in compliance with GDPR requirements.

If you have not consented, we use Google Analytics only with activated IP anonymization, which truncates IP addresses before storage or processing. To our knowledge, the IP address transmitted from your browser is not merged with other data by Google.

In addition to configuration of our 'Cookie Settings' tool, you can prevent the use of Google Analytics by downloading and installing the browser plug-in available at: Google Opt-Out. Google may link usage data with other data about you, such as search history, personal accounts, usage data from other devices, and any other data that Google processes about you as a user. More information about the data usage by Google, settings and objection options is available at: Google Privacy & Terms.

Microsoft Clarity

Clarity is a web analytics service of Microsoft Ireland, Operations One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland ("Microsoft"). Clarity uses cookies and a tracking code to analyze the use of our Website. The information collected is transmitted to and stored by Microsoft and may be used for Microsoft advertising.

The information generated by the Microsoft Clarity cookie about your use of the Website may be transmitted to and stored on servers in the United States, and both Microsoft and government authorities may have access to that data. Microsoft employs various mechanisms, including standard contractual clauses, to protect your rights when transferring data to third countries.

More information about data usage by Microsoft, settings and objection options is available at: Microsoft Privacy Statement.

Dealfront

Dealfront is a web analytics service of Dealfront Group GmbH, Durlacher Allee 73, D-76131 Karlsruhe, Germany, to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated at the company level, with no reference to natural persons. IP address anonymization erases the last part of the IP address, making it anonymous. Connected to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source, and session duration). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (e.g., LinkedIn). For more information, refer to Dealfront's Privacy Notice and Privacy Center

If you have consented to Marketing Cookies, we use the following:

Google Ads

Cookies linked to the online marketing service "Google Ads" (formerly "Google Adwords"). The information collected allows us to access statistics and determine the total number of users who clicked on our advertisements or were directed to our Online Presence through a Google search or the Google Display Network. Google Ads also uses advertising functions of the Google Analytics service, based on user consent given to Google, to place advertisements to target groups provided by Google.

You can object to Google regarding these processing activities by using the Google Ads Opt-Out. For more general information about data use for marketing purposes by Google, please refer to the Google Privacy Policy.

Conversion Cookies

Conversion Tracker of Google Ads and Microsoft Advertising. This allows us to assess the advertisement efficiency (so-called 'conversion') across our Websites and on websites of our marketing- & advertising partners. 

Google Ads: For further information on Google Conversion-Tracking please see Google Ads Help.

Microsoft Advertising: The Universal Event Tracking (UET) Cookie collects your IP address and contains a global unique identifier assigned to your browser, and/or an identifier assigned to a user (as long as it is authenticated through their Microsoft account). Microsoft does not resell this data to third parties or share it with other advertisers. More information on data processing by Microsoft at: Microsoft Privacy Statement.  

Wistia

Video hosting platform provided by Wistia, Inc., 17 Tudor Street, Cambridge, MA 02139, USA, to embed videos on our Website. Wistia collects and analyzes data related to video performance and user interaction.

Unless you provide cookie consent, Wistia operates in Privacy Mode, meaning no tracking or cookies are used. For more information see Wistia Privacy; for Wistia’s Privacy Mode, please visit Wistia Player Privacy Mode.

Salesforce

Salesforce cookies, including the Account Management trackers, provided by Salesforce, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. Uses cookies to enhance user experience and track interactions for account management purposes. These cookies help us manage customer relationships and analyze engagement. More information about Salesforce's data usage and privacy practices can be found at: Salesforce Cookie Information.

6Sense

Web analytics and predictive intelligence service provided by 6sense Insights, Inc., located at 450 Mission Street, Suite 201, San Francisco, CA 94105, USA. 6sense employs cookies to collect data and analyze user interactions on our Website to identify company visits, understand user intent, and enhance account-based marketing efforts.

6sense matches IP addresses with company accounts, enabling us to detect potential business opportunities. This data is processed to create detailed company profiles and predict buying intent. More information on 6sense's data processing practices and privacy settings is available at: 6sense Privacy.

Salesloft

We use Salesloft cookies, provided by Salesloft, Inc., located at 1180 West Peachtree Street NW, Suite 2400, Atlanta, GA 30309, USA. Salesloft employs cookies to enhance user experience, manage customer relationships, and analyze engagement by tracking interactions and collecting data. These cookies help us improve website functionality, measure performance, and deliver personalized content and advertisements. For more information on Salesloft's data processing practices and privacy settings, please visit: Salesloft Cookie Policy.

ZoomInfo

We use ZoomInfo cookies, provided by ZoomInfo Technologies LLC, located at 805 Broadway Street, Suite 900, Vancouver, WA 98660, USA. ZoomInfo employs cookies to enhance user experience, manage customer relationships, and analyze engagement by tracking interactions and collecting data. These cookies help us improve the functionality of the Website, measure performance, and deliver personalized content and advertisements. For more information see: ZoomInfo Privacy Policy and refer to the ZoomInfo Trust Center.

4.        Embedded services and content of third parties

On our Website, we use further services and content from third-party providers to incorporate their content and services based on our legitimate interests in providing, optimizing, and economically operating our Website. 

Google Fonts for fonts used on our Website and Google Maps for maps services. More information: Google Privacy and Google Fonts FAQs. The scope of processing by Google depends on your Google Activity Controls.

Wistia: For embedded videos and webinars. More information: Wistia Privacy.

Content Delivery Network (CDN) and DDOS-Protection (Distributed Denial of Service-Service) of Cloudflare, Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. More information: Cloudflare Privacy Policy.

Embedding these services requires third parties to receive your IP address to send the requested content to the right browser (in addition to any activities under the “Cookies” section above). Therefore, transmitting the IP address is necessary for displaying such content and for the use of the embedded services.

5.        Is your data disclosed to recipients?

5.1.        To the extent necessary, we disclose your personal data to recipients as stated in this Privacy Policy and to the following categories of recipients:

Employees, freelancers, independent contractors, advisors or other authorized personnel of IXOPAY AT or IXOPAY US acting as individual controllers or as joint controllers, and IXOPAY group members.

Public authorities as required by, or to comply with, applicable law, regulation, court or tribunal processes, or other statutory requirements;

(Sub-)Processors operating on our behalf, such as IT-service providers and/or providers of data hosting solutions or similar services, providers of tools and software solutions that support us in the provision of our Website and the performance of our Online Services (including providers of cookie, trackers and marketing tools set forth in section 3 “Cookies” above, as well as marketing agencies, communication service providers), 

5.2.    Processing of your data or using services of third parties in a third country (i.e., outside the European Economic Area (EEA) and not being recognized by the European Commission as having an adequate level of protection) is only carried out to the extent necessary and in accordance with the GDPR. 

Therefore, your personal data will be transferred to third countries only if and as long as the data is protected by appropriate safeguards, you have consented to the data transfer, or the transfer is necessary for the performance of a contract or due to a legal obligation. We have implemented suitable and appropriate safeguards to ensure that the transfer of your data to the respective third country complies with data protection requirements (e.g., by concluding approved EU-Standard Contractual Clauses and necessary supplementary measures). Upon your request, we will provide you with a copy of such suitable safeguards, provided that we process or have your data processed in third countries or transfer data to third countries.

6.        How long do we keep your data?

6.1.    We store your personal data for no longer than is necessary for the purposes for which the personal data are processed. Depending on the respective legal basis this generally means

for as long as it is required to perform our contractual obligations; 

when processed based on legitimate interest, for as long as they are not overridden by the interests or fundamental rights and freedoms of the data subject; 

when processed based on consent, for as long as the consent is not withdrawn and the purposes is not fulfilled; or

for as long as necessary to comply with statutory provisions, particularly according to legal retention periods (which is typically 7 years).

6.2.    In further detail: 

Server log files: stored for up to 15 days.

Usage data: stored according to Cookie Settings until you withdraw your consent.

Newsletter data: stored until you withdraw your consent.

User account data: stored until the end of your client relationship or as per legal retention periods.

In addition, we will retain your data as long as legal claims arising from our relationship are enforceable. This retention will occur only if litigation becomes apparent or until the final resolution of an incident or court proceedings. Such processing is based on our legitimate interests in establishing, exercising, or defending legal claims.

7.        Your Rights under GDPR, and other Data Protection Laws

7.1.    You have the right to access your personal data that is being processed by us (Art 15 GDPR). Apart from that, you have the right to rectification of inaccurate or incomplete data (Art 16 GDPR). You have a right to erasure if (i) your personal data is no longer necessary for the purposes for which we have collected it, (ii) you withdraw your consent and there is no other legal basis for processing by us (cf. Section 3), (iii) you object to the processing and there are no overriding legitimate grounds for the processing (except in the case of processing for direct marketing purposes), (iv) your personal data has been unlawfully processed or (v) for compliance with our legal obligations (Art 17 GDPR). Additionally, you have the right to restriction of processing (Art 18 GDPR) as well as the right to data portability concerning the data you have provided us with (Art 20 GDPR).

7.2.       We may process your data on the basis of legitimate interests (in particular cf. Section 2.2) in which case you have the right to object. In the case you object to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing of this data which override your interests, rights and freedoms (weighing of interests) or for the establishment, exercise or defense of legal claims.

In particular, you may object at any time to the processing of your data for the purposes of direct marketing by us. In the case of such an objection, we will no longer process your personal data for these purposes (no weighing of interests).

7.3.    Additionally, you have the right to withdraw your consent at any time with effect for the future.

7.4.    Finally, you have the right to lodge a complaint with the responsible supervisory authority (Art 77 GDPR).

7.5.    Additional information for California Residents:

This section is only applicable to California consumers for purposes of compliance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “California Privacy Laws”). In the previous twelve (12) month period, we have collected, used, and shared certain personal data of California consumers solely for business purposes and strictly in the manner described within this Privacy Policy. California consumers have the right to request access, correction, and deletion to and of their personal data, opt out of the sale of their personal data, opt out of the sharing of their personal data, and not be discriminated against for exercising the rights afforded to them under California privacy laws. In the event of such a request from a California consumer, we will provide all relevant information about our collection, use, and sharing of your personal data.

All requests should include appropriate information to allow us to verify your identity, such as your name, email address, and company name. If we cannot verify your identity, we may request information to allow us to complete the validation process. Personal data provided to us for the purpose of identifying you will be used solely for that purpose.

We do not sell personal data of any California consumers and we do not discriminate against California consumers for exercising their privacy rights.

7.6.    Contacting us:

If you have questions regarding this policy, or wish to exercise any of the data protection rights outlined above, feel free to contact IXOPAY at:

[email protected] or IXOPAY GmbH, Privacy Department, Vorgartenstrasse 206c, 1st floor, A-1020 Vienna, Austria.

Our Data Protection Officer can be reached at [email protected] or IXOPAY GmbH, Attn: Legal Department, Vorgartenstraße 206c, 1st floor, A-1020 Vienna, Austria.

The EU Representative of IXOPAY, Inc. is: The Document Warehouse, Document Park, Castle Road, Sittingbourne, Kent, ME10 3JP, +44 (0)208 092 4555, [email protected].

8.        Data security

Information security is critical to our business. We implement appropriate technical and organisational security measures, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons pursuant to Art 32 GDPR and other applicable Data Protection Laws.

For further information on how we ensure that we maintain appropriate technical and organizational measures, please see our Security & Trust page.

9.        Amendments of our Privacy Policy

We will amend our Privacy Policy as necessary to reflect changes to the legal landscape as well as the development of our Online Services and the internet. Amendments will be published on our Website, so you should visit this Privacy Policy regularly to stay informed about the current status.

Version: 01.10.2024