Navigation

Privacy policy ePayBayern

1. Purpose and legal basis for processing data

The purpose of data processing is to comply with the public services assigned to us by legislature. In particular, people shall be enabled to make payments to the Free State of Bavaria in order to settle possible claims.

Unless stated otherwise below, the legal basis for processing your personal data arises from Article 6 (1) (c) and (e) GDPR (DSGVO) in conjunction with Article 4 (1) Bavarian Data Protection Act (BayDSG). Accordingly, we are allowed to process the data necessary to conform to any given duties.

2. Data controller

AddressLandesamt für Finanzen
- Zentralabteilung -
Rosenbachpalais
Residenzplatz 3
97070 Würzburg
Phone number+49 931 4504-6770
Email address

3. Data protection officer

AddressLandesamt für Finanzen
- Datenschutzbeauftragter -
Rosenbachpalais
Residenzplatz 3
97070 Würzburg
Phone number+49 931 4504-6767
Email address

4. Recipients of personal data

As far as your data is processed electronically and unless stated otherwise, the responsibility for the technical computing rests with
Landesamt für Digitalisierung, Breitband und Vermessung.

AddressLandesamt für Digitalisierung, Breitband und Vermessung
Alexandrastr. 4
80538 München
Email address

If necessary, your data will be transmitted to the competent supervisory authority and audit office to exercise their right of control.
If data is transmitted electronically, it can be forwarded to the State Office for IT Security (Landesamt für Sicherheit in der Informationstechnik) in order to ward off possible dangers. They are allowed to process the data considering Article 12 ff Bavarian E-Government Act (Bayerisches E-Government-Gesetz).
If a payment transaction is involved, your data is also transmitted to Staatsoberkasse Bayern in Landshut as well as to the respective payment service providers (see 11.).

5. Duration of the storage of personal data

We only store your personal data for the period required by law and as long as necessary to perform the respective tasks.

6. Electronic mail (email)

Any unencrypted information you email us can possibly be read by third parties while being transmitted. We are generally unable to check your identity and we do not know who is really behind an email address. Therefore, unencrypted emailing does not ensure legally secure communication. Like many email providers, we apply filters to block unwanted advertising (SPAM) which, in rare cases, wrongly rate regular emails as unwanted advertising and delete them. We automatically delete any emails containing harmful components (viruses).

If you wish to send us confidential information, we recommend to encrypt and sign the email to prevent it from being read or falsified en route by unauthorized persons, or to use the conventional postal services. Encrypted emails can be sent to us via S/MIME. Please send them to http://www.lff.bybn.de/das_landesamt/adressen/e_mail_kommunikation.aspx). You will find the certificates of the Bavarian administration at the address “directory.bayern.de” in the central LDAP directory of the Bavarian network of administration agencies. For more information on the Bavarian PKI management see http://www.pki.bayern.de (external link).

Please let us know whether and how we may reply to your enquiry via encrypted email and, if this is not possible, if you allow us to send you an unencrypted reply. If you cannot receive encrypted emails, please give us your postal address. We will then send you a letter in order to reply to your confidential message.

7. Right to information and further rights of data subjects

Upon request, we will inform you which data related to you personally we have stored so far. You may have rectified any incorrect data (Articles 15 and 16 DSGVO as well as Article 10 BayDSG). Insofar as the legal requirements are met, you can also request deletion or restriction of processing your data or object completely to the processing of data (Articles 17, 18 and 21 DSGVO). You may be entitled to data portability if you have agreed to your data being processed or if there is a data-processing contract and the data is processed using automated procedures (Article 20 DSGVO).

Should you make use of any of the rights mentioned above, a public authority has to verify whether the statutory requirements are met. If you have any questions as regards content or technology of the website, you can contact the person responsible for content and technology (see Legal Notice).

You also have the right to complain to the Bavarian State Commissioner for Data Protection. He can be contacted as follows:

Postal addressBayerischer Landesbeauftragter für den Datenschutz
Postfach 22 12 19
81541 München
Office addressBayerischer Landesbeauftragter für den Datenschutz
Wagmüllerstraße 18
80538 München
Phone number+49 89 212672-0
Email address
Internethttps://www.datenschutz-bayern.de

8. Technical implementation

Our web server is operated by Landesamt für Digitalisierung, Breitband und Vermessung. The personal data that you transmit to us while using our website are processed on our behalf by Landesamt für Digitalisierung, Breitband und Vermessung.

AddressLandesamt für Digitalisierung, Breitband und Vermessung
IT-Dienstleistungszentrum des Freistaats Bayern
St.-Martin-Straße 47
81541 München
Email address

If you are asked to give any personal or business data, we use it exclusively to send you the desired information or for the purpose given in the form. When transferring your data, it is protected against unauthorized access by using encrypting software (TLS).

9. Logging

If you visit these or any other web pages, your web browser transmits data to our web server. In order to allow your web browser to communicate with our web server during an active connection, the following data is recorded:

  • date and time of the request
  • name of the requested file/web page
  • web page which the file was requested from
  • access status (file transferred, file not found, etc.)
  • web browsers and operating system used
  • IP address of the requesting computer
  • transmitted data volume
We save this data in order to maintain technical security, in particular to ward off any attempts to attack our web server. After seven days at the latest, this data is anonymised by shortening the IP address at the domain level. That makes it impossible to relate to individual users.
In order to ward off possible dangers, this data is forwarded to the State Office for IT Security (Landesamt für Sicherheit in der Informationstechnik) considering Article 12 Bavarian E-Government Act (Bayerisches E-Government-Gesetz).

10. Cookies and active content

  1. Active components
    We use Javascript on our website. You can deactivate this function in your browser settings.
  2. Evaluation of user behaviour (webtracking systems, range measurement)
    We do not apply any programmes to evaluate user behaviour.
  3. Cookies
    This website uses session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the session. This enables us to recognise your computer when you return to our website. The session cookies are deleted automatically when you close your browser. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may then not be able to use all features of this website.

11. Use of personal data during payment transactions

If you wish to make payments via our website, you are required to provide us with the personal information needed to process the payment. All fields in the payment form must be completed. We use your data to complete the payment. Article 6 (1) (b) DSGVO allows us to pass on your payment data to our main bank. As our website uses “ePayService”, the digital payment procedure of the Free State of Bavaria, we transmit the necessary data to Staatsoberkasse Bayern in Landshut. If the payment deadline is not met, a receivable under public law will be recovered by the responsible tax office. In case of a receivable under private law, the responsible legal department at Landesamt für Finanzen will take legal action to enforce it. The required personal data will then be transmitted to the competent tax authority/legal department at Landesamt für Finanzen.

  1. Paying using PayPal
    1. If you decide to pay using the online payment service PayPal, your contact details will be transmitted to PayPal. PayPal is an offer of PayPal (Europe) S.à r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
    2. Personal information transmitted to PayPal is usually first name, last name, IP address, email address, or other information required for payment processing.
    3. The transmission of this data is necessary to process your PayPal payment, in particular to confirm your identity and to manage your payment. Legal basis is Article 6 (1) (b) GDPR.
    4. Please note: PayPal may pass on your personal data to service providers, subcontractors or other related companies if this is necessary to fulfil the contractual obligations arising from your payment order or if the personal data is to be processed on behalf of PayPal.
    5. Depending on the payment method selected via PayPal, e.g. invoice or direct debit, the personal data transmitted to PayPal will be forwarded to credit agencies. This is to check your identity and credit assessment with respect to your payment order. Please refer to PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full to learn which credit agencies are involved and which data is generally collected, processed, stored and passed on by PayPal.
  2. Paying by credit card
    If you choose to pay by credit card (e.g. VISA or MasterCard), we need your credit card details. If necessary for processing the payment, we pass this data on to our external service provider Telecash who saves it until the payment is concluded. See their privacy policy at https://www.telecash.de/datenschutz to get further information how Telecash handle your data.
  3. Paying by direct debit
    By choosing direct debit, you grant the Free State of Bavaria (Staatsoberkasse) the permit to debit your account. You will be asked to give the necessary details (your name and bank details) on the website of our service provider Telecash. Telecash will store this data along with the mandate reference number until the payment will be concluded. See their privacy policy at https://www.telecash.de/datenschutz to get further information how Telecash handle your data.