Welcome Back,
Champ!

Don't have a PEND account yet?

You can easily register here

Have you lost your verification email?

You can request another one here

Privacy-Compliance

Why You Should Disclose Payment Providers and Tools to Your Shop Customers

Today's e-commerce solutions make it fortunately easy for merchants to set up an online shop. Innovative tools like PEND ensure seamless integration with payment providers. But what exactly must I disclose to my customers? This article provides insight from the perspective of the EU GDPR, outlining what needs to be considered.

Customers must be informed about data transmission

As a rule, the shop owner is the controller, and thus the obligations of Article 13 GDPR apply to them. It’s important to note that the controller must specify all recipients or categories of recipients of the personal data (Article 13(1)(e) GDPR). A recipient is generally anyone, whether a data processor or another controller, to whom the controller discloses data. Therefore, whenever the shop owner collects data (e.g., during the ordering process) and transmits it to a third party, this triggers information obligations.

What does this mean for merchants in practice?

When a merchant transmits data to a payment provider, they are passing the data to a recipient. If the merchant uses a tool, then the tool provider also becomes a recipient of the data. Does a merchant now need to specify the exact recipients or are categories (such as “payment provider” or “tool provider”) sufficient? The wording of the GDPR is unclear and suggests that there is a choice. However, in connection with the right of access (Article 15 GDPR), the ECJ has ruled that, in case of doubt, the exact recipients must be named. To be on the safe side, merchants should specify the exact recipients, especially if they are based in the EEA and subject to the GDPR.

Other information obligations to keep in mind

Merchants must also observe the other information obligations under Article 13 GDPR. The information required by the GDPR should be present in every privacy policy. After all, the privacy policy is akin to a business card for data protection. If something is amiss here, it is immediately noticeable to outsiders. In extreme cases, this can make one vulnerable to legal challenges. Therefore, this topic deserves attention.

This guest article cannot replace comprehensive legal advice on data protection matters.

Guest article by Dr. Ermano Geuer, attorney AT/DE from Vienna.

GEUER Rechtsanwälte OG
Annagasse 8-10/2/09
1010 Vienna
www.geuer.at

Turn Your Shop into an E-Cash Cow

Fast integration, modern interface, and fair conditions.
With PEND, integrating and managing your payment methods becomes what it should have always been: routine. Sign up for free and see for yourself. 

But wait, there’s more!

More Benefits for You

Top Support

We offer quick targeted support from real people to get your business running smoothly again as fast as possible.

Top Documentation

Our comprehensive guides provide instructions, tips, and support for all processes and settings, so you always have the information you need at your fingertips.

Top Hosting

Safety & Power! We use Render.com hosting exclusively on European high-performance servers to ensure a stable & fast user experience.