PRIVACY POLICY
________________________________________
Last updated on 17th September 2025
This privacy policy aims to inform you about the processing of your personal data by Smart Payment Association e.V. (hereinafter referred to as "SPA," "we," or "us"). To comply with current legal requirements or to reflect changes in our services, it may be necessary to adjust this privacy policy in whole or in part.
Processing of Personal Data on Websites and for Marketing Communication
Data Controller
The data controller under the GDPR for the processing of your personal data is Smart Payment Association e.V., Prinzregentenstraße 161, 81677 Munich, Germany,
Type and Source of Personal Data
When you contact SPA, we collect personal data from you. This data is typically provided directly by you, for example, when you register for a newsletter or an event or submit an inquiry to us.
This may include your name, surname, business title, email address, the company you work for and your country of residence.
Purposes and Legal Basis for Data Processing
We process your personal data for different purposes depending on the nature of your interaction with us:
Fulfillment of Contractual Obligations (Art. 6(1)(b) GDPR):
We process personal data to fulfill obligations within our membership organization or to carry out pre-membership measures. This includes responding to inquiries as part of member and partner relationship management.
Based on Consent (Art. 6(1)(a) GDPR):
We process data based on the consent you have provided. This includes sending newsletters or other promotional materials and responding to contact inquiries.
When you visit our websites or access communications sent by us, cookies and other similar technologies may be used to make our offerings more user-friendly, tailor them to your preferences, or manage SPA advertisements on third-party websites.
Detailed information can be found in our Cookie Policy.
We process data to optimize our online marketing activities, including:
• Email marketing (newsletters, informational emails, and automated mailings, e.g., for providing downloads)
• Reporting (e.g., traffic sources, access, etc.)
• Contact management (e.g., user segmentation & CRM)
• Landing pages and contact forms
This information may be used to contact website visitors and determine which SPA services may interest them. All collected information is used solely to optimize our marketing efforts.
If you register for a conference or event, we collect information necessary for your participation and the organization of such events.
You can withdraw your consent at any time with future effect.
Legitimate Interests (Art. 6(1)(f) GDPR):
We also process personal data to protect the legitimate interests of SPA and, if applicable, third parties. Processing is carried out only with due consideration of your interests. This includes, for example, analyzing pseudonymized website usage to optimize our websites.
Where the use of personal data is not necessary, we use anonymous information or pseudonyms wherever possible.
Disclosure of Data to Third Parties and Data Transfers
Your personal data will not be shared with third parties unless you have consented to such sharing or it is permitted by applicable law, for example, if it is necessary to fulfill a contract with you.
If we have your consent, we may also share your data with other companies, such as partners who help us optimize our content or better tailor our offerings to your needs.
Protection of Children's Privacy
SPA recognizes the need to adequately protect the privacy of children and/or users under 18 years of age ("minors"). Our website is not directed at minors. SPA does not intend to target minors with its website and does not knowingly collect personal data from minors without parental or guardian consent.
Security
SPA employs technical and organizational security measures (including access, availability, and input controls, encryption methods, and measures to protect media containing personal data, as well as the use of qualified personnel responsible for data security) to ensure that the personal data you provide is protected against unauthorized, accidental, or intentional manipulation, damage, loss, deletion, or unauthorized access, processing, or disclosure. Our security measures are continuously updated and adapted to the current state of knowledge. Due to the nature of the internet, information transmission may not always be completely secure. Therefore, we cannot guarantee the security of your personal data during transmission over the internet to our website. However, once we receive your personal data, we will take appropriate technical and organizational measures to protect it.
Links to Other Websites
Our website may contain links to other websites that are not owned or operated by SPA. SPA has no control over the content or privacy policies of these websites and assumes no responsibility for them.
Data Protection Rights
You can contact us at any time to exercise your data protection rights.
Rights of data subjects under Articles 15–21 GDPR:
- Right of access to your personal data stored by us (Art. 15 GDPR);
- Right to rectification of inaccurate or incomplete personal data stored by us (Art. 16 GDPR);
- Right to erasure of your personal data stored by us, provided there is no legal basis for processing under applicable law and statutory retention obligations do not prevent deletion (Art. 17 GDPR);
- Right to restriction of processing if deletion is not possible due to conflicting reasons (Art. 18 GDPR);
- Right to data portability, i.e., the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (Art. 20 GDPR);
- Right to withdraw consent with future effect (Art. 7 GDPR);
- Right to object to the processing of your personal data, where processing is based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR).
If you believe that the processing of your personal data does not comply with data protection regulations, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). A list of data protection authorities in Germany can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
The supervisory authority responsible for SPA is the Bavarian State Office for Data Protection Supervision (www.lda.bayern.de).
Contact information
________________________________________
Editor and contact information
This website is managed by Smart Payment Association e.V, Smart Payment Association e.V. PO Box 800729, D-81607 Munich, Germany.
Commercial Register:Amtsgericht Munich VR 18989
VAT Registration Number:DE262904711
Management Board: Andreas Strobel, Alain Martin, Jacques Doucerain and Paul Meinhardt.
The publishing director is the Management Board.
Information on the web host
SCALEWAY S.A.S
BP 438 F-75366 Paris Cedex 08
www.scaleway.com
Information on design & webmastering
MAGIRIS
16 avenue de Paris, 78000 Versailles (France)
www.magiris.fr
________________________________________
Cookie Policy & Other Trackers
This policy explains how Smart Payment Association (“we”, “us”) uses cookies and similar technologies on smartpaymentassociation.com. “Cookies” here is used broadly to include any technology that reads or writes information on your device (e.g., HTTP cookies, local storage, web beacons/pixel tags, scripts, and fingerprinting). For information about how we process personal data more generally, see our Privacy Policy.
1. Your Choices
On your first visit, you are offered a choice to Accept all, Reject all, or Customise your preferences by category. You can change your choices at any time via the “Cookie preferences” link (usually in the footer) or using the button below.
________________________________________
Categories & Services Used
1. Necessary (essential)
These trackers are required for the site to function (e.g., security, load balancing, consent logging). They are always active and do not require your consent.
2. Analytics
- Google Analytics 4 (gtag.js) — Provider: Google Ireland Ltd.
Purpose: audience measurement and site usage statistics.
Legal basis: consent.
Data: pseudonymous identifiers, device/browser information, page interactions.
Retention: according to Google’s defaults/configuration.
More info: About data on partner sites • Google Privacy Policy
We enable Google Consent Mode v2 so that, before consent, only limited, cookieless pings may be sent and no Analytics cookies are stored. GA4 loads only after you consent to the “Analytics” category.
3. Media
- YouTube embedded player — Provider: Google Ireland Ltd.
Purpose: display and play embedded videos.
Legal basis: consent.
Data: IP address, device/browser identifiers, playback and interaction events, approximate location.
More info: About data on partner sites • Google Privacy Policy
Videos are blocked until you consent to the “Media” category. Where possible we use YouTube’s Privacy-Enhanced Mode (youtube-nocookie.com
), but YouTube may still set cookies or collect data when you press Play.
4. Marketing
- LinkedIn Insight Tag — Provider: LinkedIn Ireland Unlimited Company
Purpose: conversion measurement and remarketing on LinkedIn services.
Legal basis: consent.
More info: Privacy • Cookies • Ad controls - Meta (Facebook) Pixel — Provider: Meta Platforms Ireland Ltd.
Purpose: conversion measurement and remarketing on Meta services.
Legal basis: consent.
More info: Privacy • Cookies
International Transfers
Some providers may process data outside the EEA (e.g., in the United States). Where applicable, such transfers rely on appropriate safeguards (e.g., adequacy decisions or standard contractual clauses). See the provider’s documentation for details.
________________________________________
How to Control Cookies in Your Browser
You can also configure your browser to block or delete cookies. Doing so may impact site functionality. See instructions from your browser provider (e.g., Chrome, Firefox, Safari, Edge).