Data privacy policy Nexi / NETS A/S

The payment processor of Schlosshotels & Herrenhäuser

Privacy Policy for the Nexi Payment Tool (NETS A/S)

If you are redirected to the Nexi payment tool (NETS A/S, Denmark) as part of your purchase of the Character Status, the following information applies to the processing of your personal data:

1. Data Controller and Processor

Controller for the purchase and choice of payment provider:
Schlosshotels & Herrenhäuser
(Contact details available in the imprint / main privacy policy)

Payment Provider (Processor or, where applicable, Joint Controller):
NETS A/S (formerly Nexi), Havnegade 39, 1058 Copenhagen, Denmark

2. Data Processed

The following data may be collected and processed during the payment transaction:

Order information: Upgrade type, booking reference, amount, currency
Payment details: Card number, expiration date, security code (CVV), cardholder name
Connection and log data: IP address, date and time of payment, browser and device details
Authentication data: One-time password (OTP), 3-D Secure tokens, or similar

3. Purpose and Legal Basis

Purpose: To process and complete the payment transaction you have requested; fraud prevention; fulfillment of legal obligations (e.g. anti-money laundering regulations).

Legal Basis: Art. 6 para. 1 lit. b GDPR (performance of a contract) and Art. 6 para. 1 lit. c GDPR (compliance with legal obligations).

4. Recipients and Data Transfers

Your payment data is processed by NETS A/S and may be transferred, if necessary, to card-issuing institutions (e.g. Mastercard, Visa), payment networks, fraud prevention services, and competent authorities.

We only receive a payment confirmation from NETS A/S – we never have access to your full card details.

5. Data Retention

NETS A/S will retain your data for as long as necessary to complete the payment, comply with legal retention periods (e.g. for financial and tax records), and protect against legal claims.

After that, your payment data will be deleted or anonymized.

6. Your Rights

You have the following rights under the GDPR:

Right of access to the personal data processed by NETS A/S (Art. 15 GDPR)
Right to rectification of inaccurate data (Art. 16 GDPR)
Right to erasure or restriction of processing (Art. 17, 18 GDPR), unless legal retention obligations apply
Right to object to processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)

To exercise your rights, please contact NETS A/S at: dataprotection@nets.eu or in writing at NETS A/S, Havnegade 39, 1058 København K, Denmark. For questions related to the overall process, you may also contact our data protection officer (see main privacy policy).

Newsletter

Stay connected and experience character.

Mandatory

Our partners