Informing customers, even when paying by credit or debit card

However, one important aspect is often overlooked. Personal data is also processed when paying by debit or credit card. The payment process e.g. Information about the customer and company, date and time of the transaction and of course the amount of the payment made are processed. All this information is then at least passed on to the buyer’s bank and used for further processing of the payment process.

Since the company allows the possibility to pay by debit or credit card, it is here responsible for the illustrated collection of data within the meaning of Art. 4 DSGVO.

The consequence of this is that the obligation to provide information about data processing according to Art. 13 and Art. 14 GDPR must also be carried out by the respective company. A reference of this obligation to the respective provider of the credit or debit card is not possible.

Especially in smaller shops such as bakeries or the kiosk around the corner, only cash is true. Nevertheless, payment with credit or debit cards is on the rise. Currently reinforced by the need to minimize the risk of infection by means of contactless payment.

The duty to provide information in accordance with Art. 13 and Art. 14 must also be observed when adapting business processes accordingly. Failure to do this can result in severe fines.

And a quick note at the end: All of this also applies to the use of modern payment methods such as Apple Pay.

Not sure whether your business processes are GDPR compliant? We audit your company or parts of it and initiate appropriate measures for you. Call us on 08505 919 27-0 or fill out our contact form.