Introduction
The following information is intended to give you an overview of the processing of your personal data on our website https://getmy.anybill.de (hereinafter referred to as "website"). We also want to inform you about your rights under the data protection laws. The processing of your personal data by us is always in accordance with the General Data Protection Regulation (hereinafter referred to as "GDPR") and all applicable country-specific data protection regulations.
1 Responsibility
Responisble in the sense of the GDPR is:
techreach GmbH
Franz-Mayer-Straße 1
93053 Regensburg
Telefon: +49 941 7508 9008
E-Mail: datenschutz@anybill.de
2 Data Protection Officer
You can reach our data protection officer as follows:
Niklas Hanitsch
secjur GmbH
Steinhöft 9
20459 Hamburg
Phone: +49 40 228 599 520
E-mail: dsb@secjur.com
You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection and the exercise of your rights.
3 Provision of the Website
3.1 General information
When using our website for informational purposes only, we only collect data that your browser transmits to our server (in so-called "server log files"). Our server collects a series of general data and information with each page request. This general data and information is stored in the server log files. The following information is collected:
3.2 Purpose of the processing
When using this general data and information, we do not draw any conclusions about your person. The purposes pursued by us include in particular:
3.3 Legal basis
The legal basis for data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR. We have an overriding legitimate interest in being able to offer our service in a technically flawless manner.
3.4 Storage period
The log files are stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes will be retained until the matter has been finally clarified.
4 Digital retrieval of a cash receipt
4.1 General information
You have the option to retrieve a digital receipt on our site. For this purpose, we collect all the information that we need to provide to you in order to fulfill our obligation to issue receipts. Instead of a paper receipt, these data categories are made available in the form of a digital receipt on our site. You have the option of using a QR code to receive the receipt as a PDF, send it to your email address or add it to a supported app. In addition, we process the receipt data to improve our products and services. On the basis of the pure receipt data, we are not able to establish a personal reference in the sense of the GDPR. The cash receipt data include:
If you paid for your purchase electronically, the following data is also processed:
If you send the receipt to your e-mail address, we also process your e-mail address.
4.2 Purpose oft he processing
The purpose of the processing is to provide a digital cash receipt.
4.3 Legal basis
The legal basis for the processing of your personal data is the fulfillment of the contract and the implementation of pre-contractual measures according to Art. 6 (1) (b) GDPR as well as our legitimate interest according to Art. 6 (1) (f) GDPR. We have a legitimate interest in being able to offer our services in a technically flawless manner and to improve our products and services.
4.4 Storage period
We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected. Please note that personal data of you in the context of merchant payment receipts, which are created by the payment service provider of the merchant at the checkout in case of a card payment, must be stored for 10 years due to legal requirements of the German Commercial Code and the German Fiscal Code.
5 Use of third party services
We use third-party services on our website. In doing so, we transmit data to third countries. These are countries outside the European Union. We only transfer data to third countries in which there is an adequate level of data protection or appropriate guarantees as defined in Art. 44-49 GDPR are in place. You have the right to request a copy of the appropriate safeguards we have put in place.
5.1 Microsoft Azure
We use Microsoft Azure.
5.2 Datadog
We use Datadog.
6 Passing on the e-mail address to merchants
6.1 General information
You have the option to sign up for email communication with a merchant (e.g. newsletter) when you receive your receipt via the website. Personal data processed in this process is your e-mail address. As soon as you opt in for e-mail communication with a merchant and consent to the processing, the privacy policy of the respective merchant applies.
6.2 Purpose of the processing
The purpose of the processing is the transfer of the e-mail address to the merchants.
6.3 Legal basis
The legal basis for the data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. This consent can be given by clicking a checkbox below the entry of the e-mail address on the website after receiving the digital receipt.
6.4 Storage period
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the case of newsletters, this is the case if you revoke your consent to the processing of personal data to receive newsletters from merchants, for example by using the opt-out function. The merchants are instructed in the event of a revocation to delete your e-mail address.
7 Joint controllers
Insofar as we are joint controllers pursuant to Art. 26 GDPR with other companies within the scope of the provision of a digital cash receipt, we jointly determine the purposes and means of data processing for the following processing operations:
Within the scope of joint responsibility, you can assert your rights as a data subject (8. Your rights) both against us and against the respective other company. You can find out whether we are jointly responsible with a particular company in the data protection notices in the context of the relevant cooperation (e.g. in the privacy policy of an app that we offer jointly with another company).
8 Your rights
8.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data relating to you is being processed.
8.2 Information (Art. 15 GDPR)
You have the right to receive information from us at any time and free of charge about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.
8.3 Rectification (Art. 16 GDPR)
You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request that incomplete personal data be completed, taking into account the purposes of the processing.
8.4 Erasure (Art. 17 GDPR)
You have the right to demand that we erasure the personal data concerning you without delay if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
8.5 Restriction of processing (Art. 18 GDPR)
You have the right to demand that we restrict processing if one of the legal requirements is met.
8.6 Data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance from us, to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
In addition, when exercising your right to data portability pursuant to Article 20 (1) GDPR, you have the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
8.7 Objection (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of data processing in the public interest pursuant to Article 6 (1) (e) GDPR or on the basis of our legitimate interest pursuant to Article 6 (1) (f) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
In individual cases, we process personal data in order to carry out direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
8.8 Revocation of consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
8.9 Complaint to a supervisory authority
You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.
9 Up-to-dateness and changes of the data protection notice
This data protection notice is currently valid and has the following status: July 2023.
If we continue to develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.