en
Subscribe for early access
en
Subscribe for early access

Privacy Policy for KlimaPay

Last Updated: 30/01/2025

1. Introduction

KlimaPay ("we," "us," or "our") is committed to protecting the privacy and security of your personal data in compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. This Privacy Policy outlines the types of personal data we collect, how we process, use, and share this data, and the rights you have regarding your data.

By using the KlimaPay app ("the App") and related services, you consent to the collection, processing, and use of your personal data as described in this Privacy Policy. If you have any questions or concerns regarding this policy, please contact us at info@klimapay.com.

2. Responsible Entity

Data Controller:
KlimaPay
Freiberg, Sachsen, 09599, Germany
Email: info@klimapay.com

For privacy-related inquiries, you may contact us at the email address provided above.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person ("data subject").

  • Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, or disclosure.

  • Data Subject: The individual to whom the personal data relates.

  • Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of their personal data.

4. Categories of Personal Data Collected

We collect and process the following categories of personal data:

4.1 Identity Data

  • Full name

  • Email address

  • Username

  • Date of birth (if required for age verification or compliance with legal obligations)

4.2 Contact Data

  • Email address

  • Phone number (optional, for account recovery or notifications)

4.3 Technical Data

  • IP address

  • Device type (e.g., smartphone, tablet)

  • Operating system (e.g., iOS, Android)

  • Browser type and version

  • Unique device identifiers (e.g., IMEI, MAC address)

4.4 Location Data

  • Geolocation information (collected only with your explicit consent for location-based services, such as finding nearby pickup or delivery points). We use Google Maps services to provide location-based features within the App. Your location data may be processed by Google in accordance with their Privacy Policy, available at https://policies.google.com/privacy.

4.5 Usage Data

  • Activity logs (e.g., pages visited, features used)

  • Transaction history (e.g., payments made, carbon offsets purchased)

  • Interaction data (e.g., clicks, time spent on the App)

4.6 Payment Data

  • Payment method (e.g., credit card, PayPal)

  • Transaction details (e.g., amount, date, time)
    Note: Payment data is processed securely via Stripe (see Section 7).

4.7 Sensitive Data

  • Health-related data (if voluntarily provided for carbon offset calculations, e.g., daily commute distance)

  • Biometric data (if using biometric authentication, such as fingerprint or facial recognition)

5. Legal Bases for Processing Personal Data

We process your personal data based on the following legal grounds under the GDPR:

Purpose Legal Basis

App functionality Contractual necessity (Art. 6(1)(b))

Fraud prevention Legitimate interest (Art. 6(1)(f))

Location-based services Explicit consent (Art. 6(1)(a))

Analytics & improvement Consent (Art. 6(1)(a))

Payment processing Contractual necessity (Art. 6(1)(b))

Marketing & newsletters Consent (Art. 6(1)(a))

6. Data Retention Periods
6.1 We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required by law.

Data Type Retention Period

a)Identity & Contact Data Until account deletion or 3 years of inactivity

b)Location Data 7 days (unless required for legal purposes)

c)Transaction Data 3 years (for tax compliance)

d)Analytics Data 2 years (anonymized after 30 days)

7. Payment Processing & Stripe Legal Matters
7.1 Payment Processing

All payment transactions in KlimaPay are processed through Stripe, a secure third-party payment gateway. Stripe handles all payment details, including credit card processing, fraud detection, and transaction validation. KlimaPAY does not store or process your payment details directly.

For more details on Stripe’s security and compliance policies, visit: https://stripe.com/privacy.

7.2 Stripe Legal Matters

Stripe is currently facing legal proceedings related to payment processing policies and merchant disputes. While these matters do not affect KlimaPay’s services directly, we continuously monitor Stripe’s compliance and regulatory standing to ensure the safety of user transactions. Any impact on payment processing will be promptly communicated to our users.

8. Data Sharing and Recipients
8.1 Third-Party Processors

  • Payment processors: Stripe (for payment transactions)

  • Cloud hosting providers: Amazon Web Services (AWS) or Google Cloud (for data storage)

  • Analytics providers: Google Analytics (for anonymized usage data)

  • Mapping Services: Google Maps (for location-based services)

8.2 Legal Obligations

We may disclose your data to law enforcement, regulatory authorities, or courts if required by law or to protect our legal rights.

8.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner. We will notify you of any such change and ensure your data remains protected under this Privacy Policy.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), such as the United States. We ensure that all international data transfers comply with GDPR requirements, including:

  • Standard Contractual Clauses (SCCs): For transfers to non-EEA countries.

  • Adequacy Decisions: For transfers to countries with adequate data protection laws (e.g., Japan, Canada).

10. Security Measures

We implement the following security measures to protect your data:

  • Encryption: SSL/TLS for data in transit; AES-256 for stored data.

  • Access Controls: Role-based permissions for staff.

  • Audits: Annual security assessments and penetration testing.

  • Data Minimization: We only collect data necessary for the App’s functionality.

11. Your Rights Under GDPR and CCPA

Under GDPR and CCPA, you have the following rights:

  • Access: Request a copy of your personal data.

  • Correction: Request correction of inaccurate or incomplete data.

  • Deletion: Request deletion of your data (subject to legal obligations).

  • Restriction: Request restriction of processing under certain conditions.

  • Data Portability: Request a copy of your data in a machine-readable format.

  • Withdraw Consent: Withdraw consent for processing (e.g., for location tracking).

  • Lodge Complaints: File a complaint with a supervisory authority (e.g., the German Federal Data Protection Authority).

To exercise your rights, contact us at info@klimapay.com.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes via the App or email.

13. Contact Us

For questions, concerns, or to exercise your rights, contact us at: Email: info@klimapay.com


info@klimapay.com

© 2024. All rights reserved.

Sponsors

Imprint

Privacy Policy

Terms & Conditions