Privacy Policy

1. Data Protection at a Glance

General Remarks

The below information provide a simple overview of what we do with your personal data when you visit our website. Personal data means any data which can be used to identify you. For more information about data protection, please refer to our Privacy Policy below.

Data Collection on Our Website

Who is the controller of data collection on this website?
The website operator processes data on this website. For their contact details, please refer to the legal notice.

How do we collect your data?

Your data will be collected in two different ways: You may provide us with your data, such as by entering data into a contact form.
Another collection method lies in our IT systems automatically collecting other data when someone visits our website. These mainly include technical data (such as internet browsers, operating systems or time of website access). These data are automatically recorded once you visit our website.

For what purposes do we use your data?

Some data will be collected to guarantee flawless website provision; other data can be used to analyse your behaviour as a user.

What rights do you have in relation to your data?

You have the right to obtain non-paid access to information about the origin, recipients and purposes of your personal data which we store at any time. You may also request such data to be rectified, blocked or erased. In this regard and regarding further queries, please contact us using the address indicated in the legal notice. Finally, you have a right to lodge a complaint with competent supervisory authorities.

2. General Remarks and Required Information

Data Protection

The protection of your personal data is of utmost importance for the website operator. We treat your personal data as a secret and pursuant to both statutory data protection provisions and this Privacy Policy.
When you use this website, we collect different personal data; this Privacy Policy explains what data we collect and for what purposes we use them.
We inform you that data transmission on the internet (such as e-mail communication) may have certain security gaps; complete protection of data from third-party access is impossible.

Information on the Data Controller

The data controller for this website is

DutyPay GmbH
Pirmasenser Straße 1
67655 Kaiserslautern

Tel.: +49 (0)631 204 00 200
The data controller is a natural or legal person who solely or jointly with others resolves upon personal data (names, e-mail addresses or similar) processing purposes and means.

Revocation of Your Consent to Data Processing

Many data processing activities require your express consent, which you may revoke at any time by sending to us an informal notification by e-mail. The validity of data processing up to revocation shall not be affected by revocation.

Right to Lodge a Complaint with Competent Supervisory Authorities

In the event of data breaches, data subjects have a right to lodge a complaint with the competent supervisory authority which is, in the case of data protection matters, the Data Protection Officer of the German federal state in which our company is domiciled. For a list of data protection officers and their contact data, please refer to the following link:

Right to Data Portability

You have the right to request any data which we automatedly process based on your consent or for fulfilling a contract to be delivered to you or to any third parties in a machine-readable format. Only if this is technically feasible shall we transfer data directly to other controllers if so requested by you.

Right to Confirmation and Access

You have the right to request form us at any time a confirmation as to whether we process your personal data. If we do so, you may request from us non-paid access to information about the personal data which we stored in relation to you.

Right to Rectification

You have the right to request us to immediately rectify any inaccurate personal data relating to you. Under consideration of processing purposes, you may also request us to complete any incomplete personal data.

Right to Erasure (“Right to be Forgotten”)

Art. 17 of the GDPR grants you a right to request us to immediately erase personal data relating to you and we must immediately do so if any of the following applies:

  1. Personal data are no longer required for the purposes for which they were collected or processed in any other way
  2. Data subjects revoke their consents on which processing was based in terms of art. 6(1) point (a) or art. 9(2) point (a) and there is no other legal basis of processing
  3. Data subjects object to processing in terms of art. 21(1) and there are no prevailing legitimate interests for processing or data subjects object to processing in terms of art. 21(2)
  4. Personal data were illegally processed
  5. The erasure of the personal data is required to fulfil legal obligations under EU law or that of a member State to which the controller is subject
  6. Personal data were collected for information society services in terms of art. 8(1)

Right to Restriction of Processing

Art. 18 of the GDPR grants you the right to request us to restrict processing if any of the below requirements is met:

  1. Data subjects contest the accuracy of personal data, whereby restriction applies to a term enabling the controller to verify the accuracy of the personal data;
  2. Processing is unlawful and the data subject opposes personal data erasure, but instead requests the restriction of the use of the personal data;
  3. The controller no longer requires the personal data for the processing purposes, but the data subject still needs them for asserting, exercising or defending legal claims; or
  4. Data subjects objected to processing in terms of art. 21(1) pending the verification whether the controller’s legitimate interests prevail over those of the data subject

SSL and/or TLS Encryption

For security reasons and to protect transmission of private contents, such as orders or queries which you send to us as the website operator, this website uses SSL and/or TLS encryption. Encryption is indicated to you by the browser address line changing from “http://” to “https://” and the lock icon.
If SSL and/or TLS encryption is enabled, third parties are unable to read data which you transmit to us.

3. Data Protection Officer

Legally Required Data Protection Officer

We appointed a data protection officer for our company

Jana Meier
DutyPay GmbH
Pirmasenser Straße 1
67655 Kaiserslautern

Tel.: +49 (0)631 204 00 200

4. Data Collection on our Website


Some web pages use so-called cookies. Cookies cause no damage to your computer and contain no viruses, they only have the purpose of making our website more user-friendly, effective and secure. Cookies are small text files placed on your computer and stored by your browser. Most cookies we use are “session cookies”, which are automatically deleted after you left our website. Other cookies remain on your device until deleted by you. These cookies enable us to recognise your browser at the next visit.
You can change your browser settings to be informed about cookies being saved, allow only certain cookies, generally reject them or activate automatic cookie deletion when closing the browser. Cookie deactivation may restrict website functionality.
Cookies required for electronic communication processes or provision of functions requested by you (such as shopping cart functions) will be saved on the basis of art. 6(1) point (f) of the GDPR. The Website operator has a legitimate interest in storing cookies to provide their services free from technical problems and in the best way possible. If other cookies (such as cookies for surfing behaviour analyses) are stored, these are separately dealt with under the Privacy Policy.

Server Log Files

The website operator automatically collects and stores information automatically transferred by your browser in server log files, this information includes:

  • browser type/version;
  • operating system in use;
  • referrer URL;
  • host name of the accessing computer;
  • time of server query; and
  • IP address

These data will not be combined with other data sources.

This data processing is based on art. 6(1) point (f) of the GDPR, allowing for data processing to fulfil contracts or pre-contractual measures.

Contact Form

If you use the contact form for queries, data from the contact form, including contact data provided therein, will be stored to process the query and any subsequent queries in this regard. We will not disclose this data to third parties without your consent.
Hence, processing of any data entered into the contact form is exclusively based on your consent (art. 6(1) point (a) of the GDPR). You may revoke this consent at any time by submitting to us an informal notification by e-mail. The validity of data processing activities until the time of revocation shall not be affected by the revocation.
We store data which you entered into the contact form until you request their erasure, revoke your consent to such storage or until the data storage purposes ceases to exist (such as upon query processing completion). Compulsory legal provisions – particularly retention periods – shall not be affected by this.

5. Plug-Ins and Tools

Google Maps

Via an API, this website uses the Google Maps service offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.
For using Google Maps functions, it is necessary to store your IP address which will generally be transferred to and stored on Google servers based in the US. The website provider has no influence on such data transfer.
Google Maps is used in the interest of appealing online offer presentation and to enable users to easily find the locations indicated on our website. This is a legitimate interest in terms of art. 6(1) point (f) of the GDPR.
For more information on data use, please refer to the Google privacy policy at