1. Introduction

Thank you for visiting our website. We take data protection very seriously and strive to protect your personal data on our website.

By personal data we mean all data about the personal and factual circumstances of a natural person. Personal data collected on our website will only be used for our own purposes.

2. Responsible Body

Responsible body within the meaning of Art. 4 No. 7 DS-GVO:

NTC Aktiengesellschaft
Schuetzenstrasse 21
96047 Bamberg

Phone : +49 (0)951 – 974 354 03
E-Mail: office@paypense.com

Represented by the Executive Board:

Christopher Hecht

3. Legal bases for data processing

The legal basis for our data processing within the framework of the EU General Data Protection Regulation results from Art. 6 DS-GVO. In detail, depending on the situation in which we process your data, different legal bases may arise.


If your consent has been obtained for the processing of personal data, Article 6 I a) GDPR is the legal basis for data processing. A given consent can be revoked at any time with effect for the future.


When processing personal data collected to fulfill a contract to which you are a party, Article 6 I b) GDPR is the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Legal obligation

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 I c) GDPR serves as the legal basis.

Vital Interests

In the event that vital interests of you or another natural person require the processing of personal data, Article 6 I d) GDPR is the legal basis.

Legitimate interest

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, Article 6 I f) GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the conduct of our business.

4. Data subject rights

As part of our data processing, your personal data will be processed. You are entitled to the rights from the third chapter of the GDPR towards our company.

you have

  • in accordance with Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing in necessary- to exercise the right to freedom of expression and information; – to fulfill a legal obligation; – for reasons of public interest or – to assert, exercise or defend legal claims;
  • in accordance with Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing in necessary- to exercise the right to freedom of expression and information; – to fulfill a legal obligation; – for reasons of public interest or – to assert, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as – the correctness of the data is disputed by you; – the processing is unlawful but you oppose its erasure; – we no longer need the data, but you need them to assert, exercise or defend legal claims or – you have objected to the processing in accordance with Art. 21 GDPR
  • in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
  • according to Art. 77 GDPR the right to complain to a supervisory authority. Usually, you can contact the supervisory authority of your usual place of residence or work or of our company headquarters.

You can assert your rights against us at any time by contacting us at the following address: NTC AG, Schützenstrasse 21, 96047 Bamberg, office@paypense.com.

5. Web Server Logs

When using our website, the connection information is stored in the server log files.

This information includes:

  • IP address of the system used to call up
  • Browser information such as operating system used and screen resolution
  • Website called up
  • Originating website
  • Time of call up

The web server logs are processed for security purposes only.

We only use the log data for statistical evaluations for the purpose of operation, security and optimization of the offer. However, we reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on specific indications.

6. Cookies

This website uses cookies. Cookies are text files that are stored on your end device. Cookies can be read, transferred and changed by the website when the website is accessed. We only use cookies with random, pseudonymous identification numbers. These identification numbers are used to evaluate your usage behavior on our website. At no time is the usage profile assigned to the name of a natural person. If you use special functions (e.g. the shopping cart or “stay logged in”) on our website, cookies are also used for these functions.

It is possible at any time to object to the setting of cookies by making the relevant change in the browser’s settings. Set cookies can be deleted.

It is emphasized that when deactivating cookies not all of the functions of our website may be fully available.
The exact functions of the cookies can be found in the more detailed information in this data protection declaration.

Note: If you delete your cookies, the deactivation cookie of the respective service will also be deleted and you may have to reactivate it the next time you visit.

Change privacy settings
History of privacy settings
Revoke consents

7. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full.

You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install http://tools.google.com/dlpage/gaoptout?hl=de.”

The legal basis for our data collection with the Google Analytics software is your consent in accordance with Art. 6 Para. 1 a) DS-GVO, which you can revoke at any time with effect for the future using the procedure described above.

Your data will be automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.

Further information on Google Analytics and data protection can be found on the website: https://policies.google.com/privacy?hl=en

8. Google Maps

For better illustration, we include a map on our website provided by Google Inc. via the Google Maps API. If you display the map, a connection to the Google server will be established, in which, among other things, the IP address will be transmitted to Google. Google can evaluate the use of the Google Maps function by the website visitor.

Furthermore, Google has the option of writing and reading cookies. These cookies may be Google user cookies that are directly linked to your person. For more information about Google Maps, see Google’s privacy policy and terms of use: https://policies.google.com/privacy?hl=de


WPML is a multilingual system for WordPress websites. The cookies store the language of the user and can redirect the user to the version of the website that matches with the language of the browser of the user.

10. CleanTalk Spam protection, AntiSpam and Firewall

CleanTalk is supposed to prevent access by attackers through a firewall and filters input in forms, e.g. comments, to prevent spam. Cookies are used to test whether cookies may be set, to collect information about the behavior of the visitor, e.g. from which website he was referred, number of page views, time of the first visit or time of the last visit, information about the device used by the user, e.g. whether JavaScript is allowed in the browser or the time zone of the user, and to assign a unique user ID to be able to recognize him in the firewall. The privacy policy of the provider can be found at: https://cleantalk.org/publicoffer#privacy

11. Real Cookie Banner

Real Cookie Banner asks website visitors for consent to set cookies and process personal data. For this purpose, a UUID (pseudonymous identification of the user) is assigned to each website visitor, which is valid until the cookie expires to store the consent. Cookies are used to test whether cookies can be set, to store reference to documented consent, to store which services from which service groups the visitor has consented to, and, if consent is obtained under the Transparency & Consent Framework (TCF), to store consent in TCF partners, purposes, special purposes, features and special features. As part of the obligation to disclose according to GDPR, the collected consent is fully documented. This includes, in addition to the services and service groups to which the visitor has consented, and if consent is obtained according to the TCF standard, to which TCF partners, purposes and features the visitor has consented, all cookie banner settings at the time of consent as well as the technical circumstances (e.g. size of the displayed area at the time of consent) and the user interactions (e.g. clicking on buttons) that led to consent. Consent is collected once per language.

Change privacy settings
History of privacy settings
Revoke consents

12. Contact

You have the option of contacting us via various communication channels.

For example, you have the option of using the contact form on our website to contact us, send us an email, call us or communicate with us via SMS.

You can use the contact form to send any data to us. The data is forwarded by e-mail from our web server to our company’s e-mail inbox. In this case, we only process your personal data as part of your contact request.

The same applies if you send us an e-mail or if you provide us with personal data during a telephone call.

The legal basis for processing is your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. Please note that in this case we may no longer be able to answer your contact request.

Please note that your information from the contact form may be stored in our Customer Relationship Management System (“CRM System”) or a comparable inquiry organization. As a CRM system we use Microsoft Dynamics.

13. Newsletter

If you have entered your e-mail address to register for a newsletter, we only use the data to send you information in accordance with the newsletter registration.

When you register for the newsletter, we save your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorized party.

The legal basis for sending the newsletter is your consent in accordance with Article 6 (1) (a) GDPR.

You can unsubscribe from the newsletter at any time using the unsubscribe link in every newsletter email.

We use Microsoft Dynamics CRM to send our newsletter and pass on your data to the service provider for sending the newsletter.

14. Login area

Insofar as data is collected as part of a user login, this is only used to provide the respective service. An evaluation only takes place to ensure comfortable and safe operation of the system.

15. Single-Sign-On Authentication

We use the single sign-on authentication method of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA on our website.

By using this service, users of our website have the opportunity to log in to our log-in area with their existing Microsoft user account. If users choose to use this authentication method, we will redirect users to the Microsoft login page, where they will be asked to enter their registration data.

The user is authenticated by Microsoft. After entering their registration data at Microsoft, the user is forwarded to a URL of us by Microsoft and Microsoft transmits the e-mail address of the user to us. If the e-mail address sent to us by Microsoft matches the e-mail address we have on file, we grant the user access to the log-in area.

The legal basis for data processing is the user’s consent in accordance with Article 6 Paragraph 1 lit. a) GDPR. Users have the right to revoke this at any time without giving reasons with effect for the future. If users no longer wish to use the single sign-on authentication process on our website, they simply have to delete the corresponding link within their Microsoft user account. If users would like to use our log-in area without the single sign-on authentication process, they must register accordingly on our website.

16. Service Providers and Third Country Transfers

We may pass on your data to service providers with whom we work and who process your personal data on our instructions. With all of our service providers who process your personal data on our instructions, we have concluded an additional agreement on order processing in accordance with Article 28 GDPR. The service providers may only process your data for the purposes previously defined by us and which you can see in this data protection declaration. In addition, all of our service providers are subject to appropriate confidentiality agreements.

In some cases it may happen that we transfer your personal data to a service provider that has its headquarters in a so-called third country, a country outside the EU/EEA. In these cases, we ensure that the requirements of the GDPR in accordance with Art. 44 et seq. GDPR for a transfer to a third country are met.

17. Duration of storage

We only store your personal data for as long as is necessary for the purpose for which the data was collected, unless statutory retention periods prevent deletion or you have given us your express consent to continue storing your personal data.

Insofar as certain data are subject to statutory retention periods, we store them until the relevant retention periods have expired.

If you give us your express consent to the further storage of this data for certain data, we will keep your data until you revoke your consent to us. The e-mail address office@paypense.com can be used for the revocation.

18. Security Measures

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR to protect your personal data.

19. Privacy Contact

As data protection officer we have appointed:

Sicoda GmbH
Peter Muehlemeier
Rochusstraße 198
53123 Bonn

You can reach our data protection officer at:

E-Mail: data-protection@paypense.com
Phone: +49 (0)228 – 286 140 60