GDPR Compliance

Note: Click here for the German version.
Bitte hier klicken, um auf die deutsche DSGVO Seite zu gelangen.

GDPR, or the General Data Protection Regulation, is at the top of everyone’s mind. It represents perhaps the single most significant movement to protect individuals’ data in history, applying to any organization that holds or uses data on people inside the EU, regardless of how big they are or where are they based. But what is GDPR, and how does it affect how your data is handled?

 

As a valued partner of LaterPay, we wanted to take this opportunity to address any questions that you might have around GDPR, its implementation, and the impact it might have on your business with LaterPay.

 

We will continue to update this factsheet as more information becomes available. In the meantime, if you have any questions that are not addressed below, please do not hesitate to contact us at privacy@laterpay.net.

What is GDPR?

  • On May 25, 2018 the General Data Protection Regulation went into effect with the aim of strengthening individuals’ data protection rights and providing coherent legislation across the European Union’s member states.
  • GDPR applies to the processing of personal data of all EU residents, independent from where the data controller or processor is established.

Is LaterPay GDPR compliant?

  • LaterPay is determined to ensure full compliance with GDPR rules and regulations. As a company that is headquartered in Germany, we have always treated personal data very carefully and have maintained a high level of data protection.
  • LaterPay has set up a regulatory program where a dedicated LaterPay team is working with an external data privacy consultancy to ensure continuing GDPR compliance.
  • This means that LaterPay has documented and investigated all processing activities related to our collection, storage and processing of personal data and we have taken organizational measures to close identified gaps ahead of GDPR enforcement.
  • We have entered into Data Processing Agreements (DPAs) with all LaterPay service providers to make sure that they maintain adequate data privacy standards.
  • In terms of data storage, LaterPay uses Amazon Web Services (AWS) for operational data storage. Amazon has a number of data protection certifications, including CSA and ISO 27001. Data is stored in the USA for web.uselaterpay.com and Germany for www.laterpay.net.

What do LaterPay merchants need to do?

  • LaterPay merchants of course need to make sure that their own business operations, i.e. everything outside of LaterPay, are GDPR compliant.
  • We have, however, prepared the LaterPay process for GDPR compliance, i.e. the purchase and payment process as well as the user management, which we handle directly.
  • This applies to LaterPay merchants in the EU as well as in the U.S.
  • Please note, that LaterPay only processes data where a legal basis for such processing is given and we only store data as long as it is required for the purpose it was collected, provided that there are no legal obligations to store said data further.
  • LaterPay merchants are advised to incorporate into their respective privacy policy information to the effect that users who make use of the LaterPay service on their site will be redirected to the LaterPay website and that any data processing will be governed by LaterPay’s privacy policy.
  • LaterPay is, of course, also working to make sure that all our merchants’ personal data is similarly handled in a GDPR-compliant manner.
  • Please note that LaterPay does not act as a data processor on behalf merchants who sell content through LaterPay. Once users agree to make a purchase and payment, which is processed by LaterPay, they enter into a direct contractual relationship with LaterPay for this processing and agree to LaterPay’s privacy policy. A data processing agreement (DPA) with LaterPay is, therefore, not necessary and cannot be issued by us.