Your Posteo account credit is always added anonymously – regardless of whether you pay by bank transfer, PayPal, credit card or in cash. The data that we receive with payments is not connected to the email accounts. In 2009 we developed our own system with which we anonymise all payment processes. In 2015 we extended it, so that payments could continue to be processed anonymously despite new laws.
The Posteo Code System
Here's how it works:
For bank transfers and cash payments, anonymisation occurs with the help of our single-use code system. For PayPal and credit card payments, this is not necessary. The single-use codes with which we allocate your credit consist of eight characters. Each time you start a payment process, our system creates such a code. You receive the full eight characters of the code by email (image on the left). In our system, however, only the first five characters of the code are saved (image on the right).
Code as seen by the user (eight characters)
Code in the Posteo system (five digits)
The first five characters of the code represent your account.
The last three characters of the single-use code are the encoded result of a country determination.
Payment is allocated using the first five characters
When your payment arrives by bank transfer or in the post, our system automatically evaluates the first five characters, and can then allocate the payment to your account.
Tax is calculated using the last three characters
The encoded country determination in the last three characters is then also automatically evaluated, in order to calculate the correct value-added tax for the relevant EU country.
The evaluation process only takes a fraction of a second. If the code is validated, credit is added to your email account and the single-use code is deleted from our system. Once the code is deleted, it is no longer possible to tell which account you transferred funds for. Nor is it possible to tell which country a Posteo user lives in.
In our system: The code is deleted
In our accounting: Codes are not connected to email accounts
The last three characters in the single-use code are the encoded result of a country determination, which we are required to perform from the start of 2015 when you start a new payment process (see the "Kroatiengesetz" section). These three characters of the code contain the result of a Geo-IP determination and a browser region determination.
Our data-efficient solution
We do not save the result of this legally-required country determination (the last three digits of the code) in our system, because otherwise, a country would be viewable for your account until the payment was completed. Information specifying the country in which a user lives is user information (personal information) and could be asked for if Posteo receives a request for user information.
For this reason, you receive the result of the country determination in the form of the last three characters in the single-use code. Until your payment arrives with us, this stays exclusively with you: We do not possess the result of the country determination. Thus, despite the new legal situation, we can continue to work with data reduction and continue not to save any of your personal information.
It is not possible to manipulate the code: The first five characters act as a check of the last three with the help of a mathematical function, in order to prevent manipulation of the country determination. If the last three characters do not mathematically correspond to the first five, the payment code is "broken" – and we will send the payment back.
It is important that the information relating to country determination can not be manipulated, so that we can correctly pay value-added tax for the relevant country.
PayPal and credit card payments
PayPal and credit card payments are completed straight after starting a payment process. For this reason, use of a code system is not necessary here. The country determination information is evaluated immediately and does not need to be temporarily saved. Neither the PayPal and credit card payments nor the country information collected is connected with the email accounts.
The so-called "Kroatiengesetz" is the German implementation of an EU-regulation that came into effect on January 1st, 2015. It specifies that for electronic services, value-added tax must be paid in the EU country in which the user lives. Previously, the service provider’s headquarters (for Posteo, Germany) determined the tax location. We are now required to determine which EU country each payment comes from. All non-European countries are evaluated as "non-EU".
Maintaining data reduction
The new law was a challenge for us: To continue to fulfil our principle of data reduction as well as the legal requirements, we had to extend and alter our anonymous payment process. Despite the change in the law, we still do not save any of our customers’ user information. We are required to save information specifying which country a payment arrives from – and how much value-added tax is payable in the relevant EU country. This information is not saved in the email accounts, however. It is stored in the payment data, which is completely separate from the email accounts. Thus, value-added tax is correctly paid – and it remains impossible to tell which country the user of a particular Posteo account lives in.
How we are required to undertake country determination
The new EU regulation specifies that to determine a country, at least two attributes must be present which do not conflict. We can collect these attributes in various ways. Some of these, however, would have meant that we would have needed to save customers' user information in the email accounts.
Repercussions of the Kroatiengesetz for PosteoRequirements:
- The requirement to determine the EU country in which a customer lives
- The requirement to pay value-added tax in the relevant EU country
- A change to the anonymous payment process: A country determination is encoded (tamper-proof) in the single-use codes.
- Customers are no longer issued invoices detailing tax paid. Instead, customers receive receipts.
Attributes used for country determination:
Implementation by Posteo
The first attribute is always transferred with the payments.
- For PayPal payments, the country entered with PayPal
- For bank transfers, the IBAN’s country code
- For cash payments by post, the postage stamp
Additional attributes that we have to retrieve in order to fulfil the legal requirements:
- The result of a Geo-IP determination at the beginning of a payment process. We only save the country code of the country determined (e.g. DE, FR, ES, etc).
We do not collect or save your IP address.
- The country setting in the user’s browser at the time of starting a payment process.
The result of the country determination is encoded in the single-use code that you receive by email.
When the payment is completed, this is held in our accounting (without connection to the email account – the process is described above).
Posteo payment methods
You can pay by bank transfer, cash, PayPal or with a credit card. Posteo credit is added in advance (prepaid). The minimum amount that can be added is 12 EUR, which generally represents one year's fees. Paying smaller amounts is not possible, because it requires too much administration. You can add a maximum of 60 EUR credit.
You can pay by bank transfer, cash, PayPal or with a credit card. Your Posteo credit is always added anonymously, regardless of which payment method you use. With Posteo, credit is added in advance (prepaid): The minimum amount to add is 12 EUR, which normally covers your fees for one year. Paying smaller amounts is not possible, because it requires too much administration. You can add a maximum of 60 EUR credit.
Credit card payment occurs using the payment provider stripe.com. We selected this provider as we are not required to transfer any personal data to the provider other than the credit card details (card number, expiry date, and CVC). In addition, we do not receive any personal details from stripe.com for the person paying. Thanks to SEPA (Single Euro Payments Area), payments within the EU are no more expensive than domestic transactions – normally they are free. From non-EU countries, considerable fees can sometimes be incurred. To pay from a country outside the EU, there are services that offer cheap transfers, for example, worldremit.com.
If you terminate your Posteo account, your remaining credit can be refunded. Remaining credit is paid back by bank transfer. PayPal payments made within the last 60 days can be reversed.
You receive a receipt from us for each payment. This receipt is a proof of payment for tax purposes. Receipts are delivered to you by email and can also be accessed via your account settings.
Changes from 2015
Value-added tax is no longer listed on the receipts (since January 1st, 2015). With the new value-added tax law (Kroatiengesetz) declared from the start of 2015, it would be possible to see which country a user lives in. We do not want to save any of our customers’ user information in the email accounts, and receipts are stored in the email account – we therefore no longer list value-added tax on the receipts, so that it is not possible to infer a user’s country of residence.
The data we save
In your email account
Our users' payment information and email accounts are kept strictly separate. When you add credit, the date and amount is merely noted in our system for your account, in order to be able to determine and display your balance. This information remains saved until an account is terminated and subsequently deleted.
In our accounting
With payment processes, the following information relevant to accounting is transmitted, which we are required to save.
We retain this information without connecting it to the users' email accounts.
Retrospectively connecting the data is impossible. For legal reasons, we need to save our
accounting data for 10 years. After this period, the data is deleted.
- For PayPal payments: The time and date of a payment, the amount, and the name of the payer
- For bank transfers: The date of a payment’s arrival, the amount, and the name of the payer
- For cash payments: The date and the total amount that arrived in cash
Tip: For some payment methods, more information may be transferred to us (such as account details, or with PayPal postal addresses). We save this, however, either only temporarily or not at all. Such information is not contained in our accounting.
About receipts and invoices
For every payment process, we generate a receipt (for the users) and an invoice with value-added tax (this remains with Posteo) to fulfil our legal and tax requirements. We are required to save receipts and invoices for 10 years. The receipts (which remain stored in the email accounts as long as the accounts still exist) contain no personal information. On the invoices for the taxation authorities, which can no longer be connected to any email account, is the result of the legally-required country determination for the relevant payment – and the amount of value-added tax for the relevant EU country.