Privacy Notice
The protection of your personal data is important to us at Serrala Group GmbH (henceforth referred to interchangeably as ” Serrala Group GmbH “, “we” or “us”), and we strictly adhere to the applicable privacy laws.
When using the Alevate Payments Business application (henceforth referred to as “Alevate Payments Business app”), personal data is collected at various points. Information is only collected when technically necessary or when required to perform the underlying services; if the processing of personal data is necessary and there is no legal basis for such processing, we will obtain your consent. The information is treated as strictly confidential and is used exclusively for the communicated purpose.
In this privacy notice, we would like to inform you about the nature, scope and purpose of the personal data we collect, use and process. In addition, this privacy notice informs you of your rights.
Privacy Notice for “Alevate Payments Business ” App
Version: 1.0, 13.11.2024
1. General Topics
The provider of the Alevate Payments Business app is Serrala Group GmbH with its registered office in Hamburg, Germany.
With the Alevate Payments Business app, you can conveniently control your company’s payments via iPhone. Payment orders, account overviews, statements and detailed information on each individual transaction are at your fingertips at any time and in any place.
The Alevate Payments Business app is an addition to the payment portal “Alevate Payments Business”, which is designed as a Web application, or an addition to your Alevate Payments Business Business software, which is hosted in the cloud. While using the app, account holder information and payment information is exchanged only between the payment portal and your mobile device (e.g., iPhone, Android device). Your personal data and the payment information is processed by Serrala Group GmbH for the purposes of performing the underlying services and operationalizing the Alevate Payments Business portal.
2. Type of Information
In the context of using the Alevate Payments Business app, we collect, retain and process the following information during regular use:
A. Contact details:
Name, surname and email address
B. Device ID
C. Financial Data (insofar as including or relating to personal data):
Time of communication between the mobile device and the payment portal and information on banks, accounts, payments, incoming and outgoing transactions, and information about beneficiary, amount, payment reason.
D. Crash log data
In addition to the above personal information, if your app crashes, an anonymized crash log report may be provided to Serrala by Google/Apple (no personal data is included in the crash logs sent to Serrala).
3. Use of Information
All information required for the functionality of the app is retained in the payment portal and in the app (encrypted on the smartphone) during the duration of the session. Communication between the app and the relevant payment portal is also encrypted.
4. Deletion Periods
Serrala Group GmbH processes and, where applicable, may store your personal data only for the time necessary to achieve the purposes for which it was collected, or as otherwise provided by law or regulation to which the controller is subject.
Once the purpose is achieved and the relevant retention period under applicable legislation expires, the personal data will be deleted in accordance with the relevant provisions.
5. Transfer of your Information to Third Parties
Personal data collected from you may be transferred to third parties involved in the provision of the service and be accessible to us and to your company for the purposes of providing and managing the payments portal.
Your personal data may be transferred to other entities of Serrala group, as well as to other entities involved in the provision of services; as the recipients may be located outside the European Economic Area, an international transfer of data may take place. In this case we will always ensure that the appropriate safeguards are in place, according to chapter V of the GDPR (namely by concluding Standard Contractual Clauses).
6. Technical Security
We continuously check and update our technical and organizational security measures to protect your information. The measures are intended to prevent unauthorized access, unlawful deletion or manipulation and the accidental loss of data in the best possible way.
7. Rights of Data Subjects
As a data subject under GDPR you have the right to access, correct, delete, restrict, and object to the use of your personal data, as well as the right to data portability and to withdraw consent. You can exercise your rights by contacting us at dataprotection@serrala.com. Data processed in connection with the Alevate Payments Business app is not used for automated decision-making or profiling.
The relevant supervisory authority for data protection is the Independent State Center for Data Protection (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (Postfach 71 16, 24171 Kiel).
8. Legal Basis of Processing
The processing of personal data, for the purposes of the Alevate Payments Business app, is necessary for the performance of a contract, such as in the case of processing operations necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Article 6(I)(b) GDPR. The same applies to processing operations required for the execution of pre-contractual measures, for example in cases of inquiries about our products or services.
Additionally, the processing of personal information is based on Art. 6(I)(f) GDPR, as the processing is necessary for the purposes of the legitimate interests pursued by us and by your company; such legal basis is accepted provided the data subject’s interests, fundamental rights and freedoms are not overridden. In this respect, Serrala’s legitimate interest is the performance of our business activities, namely the provision of the underlying services to our customers; such has been recognized under Recital 47(2) GDPR.
As indicated above, if Art. 6(I)(a) GDPR is our legal basis for a processing activity, we will obtain your consent for such specific purpose/activity, prior to such.
9. Responsible parties for processing of personal data
The responsible parties, within the terms of Art. 4(7) GDPR are, as applicable, Serrala Group GmbH and your company.
10. Contact
Please direct any inquiries, explanations and queries regarding data processing in the app by email to dataprotection@serrala.com or in writing to the address of Serrala Group GmbH, to the attention of “Data Protection Officer”.
If your inquiries, clarifications, and/or questions pertain to the processing of personal information included in the payment’s portal, please contact your company’s relevant point of contact. Please kindly note that requests sent to dataprotection@serrala.com, which concern the processing of personal information for which your company is responsible, in the terms of Art. 4(7) GDPR, will not be answered.