Seite

Seite (41)

Tuesday, 27 July 2021 11:16

Data Protection

1. PSA is the processor for your bank in connection with data processing for your debit card or credit card

PSA performs the role of central service provider (processor) on behalf of Austrian banks, thereby providing technical systems to support the issuing of cards, payment media for mobile phones (e.g. debit card mobile) and the processing of transactions.

If you have any questions concerning the processing of personal data in connection with your debit card or credit card (e.g. in connection with payments using debit cards and cash withdrawals), we ask you to contact your bank.

2. Who is responsible for data processing? Who can you turn to?

The organisation responsible for processing your data is:
PSA Payment Services Austria GmbH (‘PSA’)
Handelskai 92, Gate 2
1200 Vienna
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.psa.at/impressum

If you have any questions on data protection or wish to assert your rights, please email This email address is being protected from spambots. You need JavaScript enabled to view it. or write to PSA Payment Services Austria GmbH, z.H. Datenschutz, Handelskai 92, Gate 2, 1200 Vienna.

You can also contact our Data Security Officer by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or writing to PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna.

3. As the responsible entity, what data does PSA process, and for what purpose?

We only collect personal data required for the implementation and processing of our services, and data which you voluntarily provide to us. As the responsible entity, PSA processes the personal data of:

  1. Contracting partners and their employees in the context of the initiation and processing of contracts or the development and ongoing enhancement of payment solutions for the purpose of fulfilling specific contractual obligations;
    • Data processed: ‘name’, ‘contact details’, ‘customer data’
  • Legal basis: Fulfilment of contractual obligations (in accordance with article 6 subsection 1(b) of the GDPR) and legitimate interests (article 6 subsection 1(f) of the GDPR), namely the upholding of location-independent communications and the maintenance of business contacts.
  1. Participants in events organised by PSA and associated activities relating to the organisation of such events (forwarding of personalised invitations and correspondence with participants);
    • Data processed: ‘name’, ‘contact details’, ‘affiliated company’
  • Legal basis: legitimate interests (article 6 subsection 1(f) of the GDPR), namely information/event management and efficient internal and external communications in this regard.
  1. Persons recorded in the context of video surveillance at ATM machines operated by PSA for the purpose of collecting evidence of criminal offences or ensuring compliance with ordinances, whereby video surveillance footage will only be evaluated by official decree in case of an emergency;
    • Data processed: ‘role of the individual’, ‘image data’, ‘place and date of recording’, ‘card data’
  • Legal basis: Fulfilment of contractual obligations (article 6 subsection 1(b) of the GDPR), compliance with legal obligations (article 6 subsection 1(c) of the GDPR) and legitimate interests (article 6 subsection 1(f) of the GDPR), namely an interest in the prevention of theft, burglary, misuse of non-cash payment means and criminal property damage and the preservation of evidence to enforce legal claims and report to the police.
  1. Card data in the context of legal and supervisory obligations aimed at preventing money laundering and the financing of terrorism as well as fraud, and at facilitating reports to the Austrian Financial Intelligence Unit of the Criminal Intelligence Service (BKA) in certain suspected cases in line with article 16 of the FM-GwG (Financial Markets Anti-Money Laundering Act);
    • Data processed: ‘card data’, ‘transaction data’, ‘device data’
    • Legal basis: fulfilment of contractual obligations (in accordance with article 6 subsection 1(c) of the GDPR) and legitimate interests (article 6 subsection 1(f) of the GDPR), namely the prevention of money laundering, the financing of terrorism and fraud.
  2. Persons recorded in the context of video surveillance on the office premises of PSA with a view to protecting the properly of PSA as well as third-party data stored by PSA;
    • Data processed: ‘role of the individual’, ‘image data’, ‘place and date of recording’
    • Legal basis: legitimate interests (article 6 subsection 1(f) of the GDPR), namely the protection of property and data stored by PSA as well as the assertion and enforcement of claims under civil law.
       

4. What are the sources of such data?

  1. Personal data of contracting partners and their employees is collected in the context of the initiation and processing of contracts (‘name’, ‘contact details’, ‘customer data’).
  2. In the context of participation in events organised by PSA, the personal data of event participants is collected through notification by the respective organisation (e.g. bank) at which the person is employed (‘name’, ‘contact details’, ‘affiliated company’).
  3. Personal data in the context of video surveillance at ATM machines operated by PSA is collected at the actual ATMs (‘role of the individual’, ‘image data’, ‘place and date of recording’, ‘card data’).
  4. Personal data in the context of fulfilling legal and supervisory obligations is collected via the actual ATM or device (‘card data’, ‘transaction data’, ‘device data’).
  5. Personal data in the context of video surveillance on the office premises is collected in the actual offices of PSA (‘role of the individual’, ‘image data’, ‘place and date of recording’).

5. Processor

Processor

The processor commissioned by PSA processes your data where necessary to perform their specific services. PSA contractually obliges its processors to uphold the confidentiality and security of all personal data. At present, PSA uses the following processor:

  • Antares NetlogiX Netzwerkberatung GmbH

We have taken suitable technical and organisational steps to protect your personal data. In particular, these measures include provisions to guard against unauthorised access of any kind to your personal data alongside controls on data entry, processing and availability.

MS Teams

PSA offers the option of communicating via Microsoft Teams, a video conferencing tool supplied by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland (‘Microsoft Ireland’).

When you use Microsoft Teams, it is possible that personal data may be transmitted to the USA. In order to comply with the requirements of article 46ff of the GDPR, Microsoft Ireland has concluded standard data protection clauses with group sub-processors headquartered in third countries.

For more information on data processing in connection with the use of Microsoft Teams and the Data Protection Addendum agreed between ourselves and Microsoft, please visit:

https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

Using Microsoft Teams is not a requirement for communicating with PSA. As an alternative, PSA offers personal meetings and telephone conferences. Where Microsoft Teams is used for communication, Microsoft Ireland will act as processor. For this reason, data is processed on the basis of the fulfilment of contractual obligations (article 6 subsection 1(b) of the GDPR).

Recipient

Owing to legal obligations aimed at detecting criminal offences, preventing money laundering and the financing of terrorism and combating fraud, data is sent to the following recipients:

  • Law enforcement agencies/courts
  • Austrian Financial Intelligence Unit of the Criminal Intelligence Service (BKA).

6. For how long is personal data stored?

  • Contract processing: 15 years
  • Events: 15 years
  • Video surveillance at ATM machines: 90 days
  • Legal obligation in accordance with the FM-GwG (Financial Markets Anti-Money Laundering Act): 10 years
  • Video surveillance on office premises: 72 hours

7. As an affected person, what are my rights?

We would like to remind you that in the first instance, questions concerning rights in connection with the processing of personal data linked to your debit card or credit card should be addressed to your bank as your contractual partner and the entity responsible for data processing.

At all times, you have the right to be informed of the data we store; you also have the right to the rectification or deletion of such data, and to restrict or object to the processing thereof (where data is processed on the basis of a public interest or to uphold a legitimate interest). Furthermore, you have the right to data portability in accordance with the requirements of data protection law.

To this end, please email This email address is being protected from spambots. You need JavaScript enabled to view it. or write to PSA Payment Services Austria GmbH, z.H. Datenschutz, Handelskai 92, Gate 2, 1200 Vienna.

In the unlikely event that your right to the lawful processing of your data is breached in spite of our duty to process your data in line with legal requirements, please contact us by post or email as shown above so that we can address your concerns.

You also have the right to lodge a complaint with the Austrian data protection authority (Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna) or another data supervisory authority within the European Union (especially in the place where you live or work).

8. Am I obliged to supply data?

Although you are not legally obliged to supply us with data, we may be unable to provide services for you if you decline to provide us with your data.

Where data processing is performed with your consent, you may permanently revoke your consent at any time. To do so, please email This email address is being protected from spambots. You need JavaScript enabled to view it. or write to PSA Payment Services Austria GmbH, z.H. Datenschutz, Handelskai 92, Gate 2, 1200 Vienna. However, please note that without your consent, we are unable to provide services.

9. Information on automated decision-making, including profiling

PSA does not process personal data as part of automated decision-making processes; no profiling is performed. 

10. Updating of data protection information

Owing to rapid developments in technology, legislation and case law, it may be necessary to amend this privacy policy from time to time. For this reason, please be sure to refer to the current version on our web site.

There is no translation available.

EBICS ist ein internetbasierter Kommunikationsstandard für einen multibankfähigen elektronischen Datenaustausch zur standardisierten Abwicklung von Zahlungsverkehrsaufträgen und Kontoinformationen zwischen Unternehmen und Banken.

Die EBICS SCRL mit Sitz in Brüssel (siehe www.ebics.org)  ist für die Weiterentwicklung des Standards in einem europäischen Kontext verantwortlich und  hält auch die Namensrechte am Standard.

Die Mitglieder der EBICS SCRL sind

  • die Spitzenverbände der deutschen Kreditwirtschaft, die im DK (Deutsche Kreditwirtschaft) zusammengeschlossen sind
  • die CFONB (Comité Français d’Organisation et de Normalisation Bancaire) für die französischen Banken
  • die SIX (Swiss Infrastructure and Exchange) für die Schweizer Banken
  • die PSA (Payment Services Austria) für Österreich.

Die aktuelle EBICS-Spezifikation in der Version 3.0 strebt mit dem gemeinsamen Business Transaction Format (BTF) im Interesse einer weitgehenden Harmonisierung eine Vereinheitlichung der entstandenen nationalen Dialekte an. Im Bereich der Signaturen hat man das proprietäre Format der selbstsignierten Zertifikate durch den X509 Standard ersetzt.

EBICS bietet

  • einen länderübergreifenden multibankfähigen EB-Standard,
  • moderne Technologie und internationalen Standards wie XML, https, TLS, ZIP,
  • höchste Sicherheit durch Ende zu Ende Verschlüsselung auf Transport- und Applikationsebene,
  • orts- und zeitunabhängige Autorisierung durch verteilte Unterschrift (EDS),
  • einen Zugangspunkt für alle Transaktionen (Überweisung, SEPA-Lastschriften, Kontoinformationen und vieles mehr) - ausgelegt auf Massengeschäft und große Datenträger,
  • Unterstützung der ISO20022 V. 2019 Formate (EPC, SWIFT, CPBR+)

Verfügbare Services

Die über EBICS grundsätzlich angebotenen Services finden Sie im Download-Bereich (https://zv.psa.at/de/download/ebics.html), der auch weitere Informationen zu EBICS in Österreich enthält. Zusammengefasst können Sie folgende Services nutzen:

  • Übermittlung von Überweisungen in und außerhalb des SEPA-Raumes
  • Übermittlung von SEPA-Lastschriften
  • Abfrage aktueller Konto- und Statusinformationen
  • Abfrage aktueller Kurse (Devisen & Valuten)
  • Abfrage von Retourdatenträgern
  • Dislozierte Unterschriften

Detailinformationen und bilateral angebotene Services finden Sie unter BTF-Mapping im Downloadbereich.

Allgemeine Informationen zu den Electronic Banking Produkten der Banken und Sektoren finden Sie auf den nachstehenden Webseiten oder direkt über die Kontaktstellen des jeweiligen kontoführenden Kreditinstituts.

Der österreichische Multi Bank Standard wird in den bestehenden Versionen 7.0 und 6.0 eingefroren und nicht weiterentwickelt. Zukünftige Zahlungsverkehrsformate für den SEPA-Raum und für SWIFT-Überweisungen werden daher auch nicht mehr in MBS sondern über EBICS angeboten werden.

Eine möglichst einfache Migration von MBS auf EBICS wird den Umstieg für Kunden, die neue Formate und Funktionen nutzen wollen, wesentlich erleichtern. Nähere Informationen dazu werden von den teilnehmenden Banken und Sektoren zeitgerecht an ihre Kunden kommuniziert.

Österreichweit gültige Informationen über die Nutzung von EBICS in Österreich und Vorkehrungen für einen Umstieg von MBS werden auch an dieser Stelle veröffentlicht werden.

Wednesday, 23 May 2018 13:17

Hinweise gemäß Artikel 13 DSGVO

There is no translation available.

Tuesday, 29 August 2017 13:31

Instant Credit Transfer

This type of credit transfer can be performed either through an online banking platform or by using a smartphone app. Compared with a traditional credit transfer which is usually being processed at the beneficiary in the next bank working day, in the case of an instant credit transfer the amount is credited within ten seconds. The Instant Credit Transfer is available around the clock, seven days a week, 365 days a year.

As of 21 November 2017 banks will be able to offer instant payment services to their customers. However, the participation is optional.

SEPA Instant Credit Transfer important features:

  • an alternative to cash payments;
  • unitary solution for the SEPA area;
  • is handled by using an online banking platform or a smartphone app;
  • the amount is transferred to the beneficiary within 10 seconds;
  • the standard maximum amount is EUR 100.000;
  • for EURO transactions;
  • no cut-off time, interbank clearing nearly in real-time;
  • uses basically the same elements of a classic credit transfer, e.g. the IBAN and BIC.
Friday, 04 August 2017 07:32

National law

  • BWG BGBl. Nr. 532/1993 - Bundesgesetz über das Bankwesen Bankwesengesetz
  • ZaDiG - Bundesgesetz über die Erbringung von Zahlungsdiensten Zahlungsdienstegesetz
  • BGBl. I Nr. 107/2010 - Bundesgesetz über die Ausgabe von E-Geld und die Aufnahme, Ausübung und Beaufsichtigung der Tätigkeit von E-Geld-Instituten E-Geldgesetz 2010
  • VZKG - Bundesgesetz über die Vergleichbarkeit von Entgelten für Verbraucherzahlungskonten, den Wechsel von Verbraucherzahlungskonten und den Zugang zu Verbraucherzahlungskonten mit grundlegenden Funktionen Verbraucherzahlungskontogesetz
  • FM-GwG - Bundesgesetz zur Verhinderung der Geldwäscherei und Terrorismusfinanzierung im Finanzmarkt Finanzmarkt-Geldwäschegesetz
  • WAG 2007 – Wertpapieraufsichtsgesetz WAG 2007
  • VKrG – Verbraucherkreditgesetz VKrG
  • KSchG – Konsumentenschutzgesetz KSchG
  • FernFinG - Fern-Finanzdienstleistungs-Gesetz FernFinG
  • VersVG - VersicherungsvertragsgesetzVerVG
  • VAG - Versicherungsaufsichtsgesetz 2016 VAG
Friday, 04 August 2017 07:31

EU

Friday, 04 August 2017 07:25

Law database

EU-Law



The European Union law is classified in primary and secondary legislation. The primary legislation represents the central legal source of all EU action and it essentially consists of the integration treaties concluded between the Member States of the European Union. The secondary legislation includes regulations, directives and decisions and derives from the principles and objectives set out in the treaties.

b) Primary legislation

The freedom of payment is regulated by Article 63 (2) Treaty on the Functioning of the European Union (TFEU). It is often seen as an attachment to the other single market freedoms. The freedom of payment is, however, a distinct freedom. It therefore covers, directly or indirectly, all payments connected with the exercise of different fundamental freedoms. The freedom of payment guarantees, for instance, that "the debtor who owes money for a delivery of goods or a service fulfils his contractual obligations voluntarily and without an unacceptable restriction and the creditor is free to receive such a payment" (Case C-412/97 ED [1999] ECR I-3845, paragraph 17).

Moreover, Art. 63 (2) TFEU prohibits restrictions of payment transactions not only between the EU Member States but also between the Member States and third countries. The scope of this freedom therefore extends beyond the territory of the European Union.

b) Secondary legislation

The legal basis for establishing an EU-wide internal market for payment transactions has already been created with the Payment Service Directive 2007/64/ EC (PSD), which has been implemented in the Austrian legislation by the Payment Services Act (ZaDiG) since 1 November 2009.

The PSD has mainly regulated the framework conditions, such as transparency requirements, the implementation period as well as the rights and obligations of payment service users and payment service providers.

Similar to the PSD, the Payments Accounts Directive 2014/92/EU (PAD) includes provisions on transparency with regard to the comparability of charges, the provision of exchange services within a Member State as well as provisions to facilitating cross-border payment and opening of accounts for consumers. The PAD is in force since 17.09.2014 and it has been transposed into national law by the Consumer Payments Act (VZKG) as of 18.09.2016.

The PSD will be abrogated by the directive (EU) 2015/2366 (PSD 2) with effect from 13.01.2018. The PSD2 also refers, in accordance with a correspondence table in its Annex II, to numerous provisions of the PSD which repealed. The PSD2 is to be implemented in the Austrian law until 13.01.2018.

Due to several changes since the PSD came into force there was a need for a new regulation. The payment market has developed further in technical terms through additional payment services in the field of Internet payments. This change applies to payment initiation service providers (PISPs) and account information service providers (AISPs) which are now being regulated by the PSD2. Both the PISPs and AISPs are playing an important role in electronic commerce. They set up a software bridge between the merchant's website and the account servicing payment service providers (ASPSPs) online platform to trigger electronic payments via Internet or to retrieve account statements.

All data processing systems developed and implemented within the framework of PSD 2 must be subject to data protection. The PSD2 contains a central regulation on data protection, which allows data processing for the purpose of payment transactions exclusively by having the explicit consent of the payment service user (Art.94). In addition to that, there are in the PSD 2 also data protection provisions for the payment initiation service providers (Article 66 (2) (g)) as well as for the account information service providers (Article 67 (2) (f)).

Moreover, the General Data Protection Regulation 2016/679 (GDPR), which will come into force on 25.05.2018, was published within the EU Data Protection Reform on 04.05.2016. This means that data protection legislation is now being harmonized throughout the EU. The main purpose of the regulation is to protect natural persons in the processing of their personal data while ensuring the free movement of personal data (Article 1 (3)).

Furthermore, within the EU are currently established provisions which are relevant for the payment transactions in the field of money laundering, such as the Fourth EU Money Laundering Directive 2015/849/EU. This directive has been transposed into national law by the Financial-Money Laundering Act (FM-GwG) since 26.06.2017. The relevant provisions for the payment transactions are targeting not only the banks, but also among others e.g. attorneys as well as auditors, who have reporting obligations concerning potentially "suspicious transactions" performed by their clients.

The Money Transfer Regulation (EU) 2015/847 was adopted together with the Fourth Money Laundering Directive. It entered into force on 26.06.2015 and has been in force in Austria without any further implementation act since 26.06.2017. This regulation replaced the previous regulation (EC) 1781/2006, which was concentrated exclusively on the client data. According to the new legal act, the payment service providers are currently required to provide details on both the beneficiary of the transfer as well as information on the beneficiary.
Friday, 07 October 2016 09:10

Personalizing by charitable organizations

In addition to the standard payment slips there are also donation payment slips. This offers the possibility to fill in the date of birth of new donors and existing donors necessary to ensure that donations may be deducted. On this new donation slip a QR code does not make sense because it leaves insufficient space for the data to be collected.



Donation order for new donors
  • Purpose: The donation payment slip is used when the donor is completely unknown. This slip is available to the public (e.g., in bank foyers) or is widely distributed (e.g., newspaper insert, circulars, etc.)
  • Addressee: First time donor
  • Use: one time
  • What is to be pre-printed?
    • Organization name and IBAN
    • Optional: freely selected four-digit action code for the identification of the campaign / edition / ...
    • IMPORTANT: Insert an "X" to distinguish between action / campaign and post code. 
You can order the production templates for Austria here
Thursday, 30 July 2015 07:04

Imprint

Company PSA Payment Services Austria GmbH
Legal form Company with limited liability
Address Handelskai 92, Gate 2
  1200 Vienna
   
Telephone +43 1 717 18 0
Fax +43 1 717 18 900
E-mail office(at)psa.at
Website http://www.psa.at
   
Headquarters Vienna
Commercial court Commercial Court Vienna
Commercial register number FN370048p
VAT number ATU66782626
   
   
Chamber membership 1. Austrian Chamber of Commerce
  Federal Division, Information and Consulting
  Association of Financial Service Providers
  2. Austrian Chamber of Commerce
Section Business Consulting,
Accounting and Information Technology
Professional Branch IT Service
   
   

Trade authority
Applicable legislation
Link to the legislation

District Office of the 2nd/20th District
Commercial Code (GewO)
www.ris.bka.gv.at
There is no translation available.

 
 
 
 
Typ der Referenz Absicherung





check script in javascript
get it from page source code
Page 1 of 3
FaLang translation system by Faboba