In the following you will find some information regarding the storage as well as the deletion of personal transaction data in our systems.
Provision of an API for the deletion of data within the framework of GDPR
Computop provides its own interface through which a merchant can automatically and easily delete personal data at the request of the end customer. Details can be found in the Computop Paygate Documentation.
Information for customers of Computop who instruct us with the deletion of personal data:
Please note that it is your legal responsibility as a customer, to examine, prior to instructing us with the deletion of personal data (which specifically means prior to the deletion of payment transactions), if legal or other reasons contradict the deletion. According to the current legal situation, Article 17 of the General Data Protection Regulation (GDPR), in particular, needs to be observed.
On the one hand, among other things, it needs to be assessed by you if personal data are any longer necessary in relation to the purposes for which they were collected or otherwise processed, or not (cf. Article 17 Section 1 lit. a GDPR).
In this context, it should be noted that it is your responsibility to verify if the transaction has already been settled or not (this applies, in particular, if you are using our “Extended Transaction Management” – ETM which partially extends existing reservations in an automated way. Furthermore, it needs to be assessed beforehand if follow-up actions are possibly to be expected for the respective transaction (e.g. chargebacks, refunds etc.), as after the deletion of a transaction, follow-up actions will not be possible anymore.
On the other hand, it needs to be assessed by you if statutory retention or deletion periods are possibly to be observed (e.g. after commercial or tax law or maybe other law applicable to you (cf. Article 17 Section 3 lit. b GDPR in conjunction with the respective applicable statutory provision) which, however, may also be upheld if the data which is relevant in this context is being stored at another place at your company (e.g. in another system, as data export or as hard copy). This usually also needs to be observed in general by you as a customer, independent from instructing us individually with the deletion, as the retention periods of the Computop Paygate are shorter than for example the retention periods of commercial or tax law.
In case you should be unsure if payment transactions can already be deleted, we recommend that you get in touch with your Data Protection Officer, Data Protection Department or another contact person with the appropriate expertise within your company in advance.
Regularly (in case a deletion will not be instructed individually beforehand), payment transactions will be deleted in the Computop Paygate within the following periods:
- Computop Paygate data base and Computop Analytics: Deletion of payment transactions after expiry of 12 months.
- Computop Reporter data base: Deletion of payment transactions after expiry of 24 months.
- Retention of backups of the data bases for a period (and deletion of these backups after expiry) of another 12 months.
Finally, we would like to point out that each payment transaction consists of a bundle of data types, while the data types vary from each other depending on the payment method or service used. When a deletion is being instructed, the largest part of the data from a transaction will be deleted, however, a few selected data types will be further retained in the Computop Paygate for the duration of the aforementioned regular retention periods, as those are further needed for Computop’s invoicing towards you as the customer, and the clarification of potentially arising questions regarding invoices (e.g. in the course of an auditing of accounts at your company), and to make a reporting towards you and the further displaying in the Computop Reporter possible (for the purpose of monthly and yearly comparisons of transactions and the comparison and examination of turnovers in your interest as the customer).