Wirecard Privacy Notice


Information by Wirecard Bank AG according to Article 13, 14 GDPR as part of the processing of credit card payments

To the extent that Wirecard Bank AG (“Wirecard”) processes credit card payments made by end customers of merchants within the scope of its business relationship with merchants, Wirecard collects, processes, and uses the following personal data:

Merchant´s personal data:

  • Merchant’s contact information, bank account information, accounting details (such as an overview of the merchant’s processed transactions).

End customer´s personal data:

  • Information about the merchant’s end customer (such as first and last name, address, e-mail address, date of birth, IP address);
  • Information about the payment card chosen and end customer payment information (such as credit card number, payment status);
  • Transaction information (such as product, item number, purchase price and similar information);
  • Information about the end customer´s device (such as set language);
  • Information on current and past transactions by the end customer, to the extent that Wirecard performs a credit check;
  • Creditworthiness information obtained from financial information service providers that provide insight into the creditworthiness of the merchant´s end customer (e.g. enforceable claims against the end customer).

The purposes of collection, storage, and processing of data lie in the fulfillment of of legal requirements and the contractual relationship with the merchant and payment processing for the payment type credit card and the associated assignment and collection of claims. This also constitutes the legal basis for collection and processing. Since Wirecard itself acts as an acquirer for payment cards of credit card organizations, it has an interest of its own in the collection and processing of these data and is thus a controller within the meaning of Article 4 (7) GDPR.

Within this scope, Wirecard transfers part of the end customer data to the respective credit card organization whose card the end customer selected for payment in order to process the payment. In this process, end customer data may also be transferred to recipients outside the EU and the EEA, since some credit card organizations or technical service providers are not based in the EU or EEA.

Pursuant to the GDPR, the end customers and the merchants, as the data subjects, have a right of access to and rectification and/or erasure of the personal data concerning them that Wirecard stores. They can also demand that processing be restricted and/or object to processing. Data subjects can assert these here.

The data subjects can contact the data protection supervisory authority in the event of complaints regarding the collection or processing of their personal data. If you need further information on this, you can contact Wirecard at the e-mail address stated above.

Wirecard stores personal data as long as is required to fulfill the purposes for which the data were collected or as long as is mandated by law, as the case may be. For those cases in which Wirecard is required to keep the data after fulfillment of the contract, for example based on money laundering or accounting laws, payment industry security regulations (e.g. PCI DSS) or to investigate cases of abuse, Wirecard stores the data only as long as is necessary and/or mandated by law for the specific purpose.

If the purpose of storage ceases to apply or a storage period mandated by law expires (e.g. five years for transaction data, based on money laundering provisions), the personal data are blocked or erased routinely and in accordance with the statutory provisions.

The Wirecard data protection officer can be reached at data.privacy@wirecard.com.