Privacy Policy

Thank you for visiting our website. Protection of your privacy is very important to us. Below you will find extensive information about how we handle your data. This privacy policy applies to the present website and as well as to the Facebook fan page, the Twitter channel, the Xing profile, the YouTube channel and the Instagram channel. Information and contact details for the responsible person can be found in the imprint.

1. Communication via Email, Contact Form or Phone

We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such since in these cases we require the data for processing your message or for creating a customer account, and you cannot send the message without this information. The specific data that is collected is listed on the respective contact forms. We use the data provided by you to process your enquiries. The legal basis for the data processing is Art. 6 (1) (b) GDPR, insofar as your message is related to an existing or upcoming contract with you. If this is not the case, the legal basis is Art. 6 (1) (f) GDPR, as the processing is necessary to fulfil our legitimate interest in the proper processing of contact requests. In order to be able to properly allocate enquiries, the provision of personal data is necessary.

We have engaged service providers for the technical processing of your communication with us on our behalf. These service providers are based in the USA. Please refer to the information in the section Third Country Transfer regarding the associated risks.

After complete processing of the communication, your data will be restricted for further processing and deleted after expiry of the applicable retention periods under tax and commercial law, unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

2. Access Data and Hosting

You can visit our website without providing any personal information. Every time you visit our website, the web server automatically saves a so-called server logfile which contains data like the name of the requested file, your IP address, date and time of the request, the amount of data transmitted and the requesting provider (all together “access data”), and documents your visit.

The access data is evaluated exclusively for the purpose of ensuring the error-free functioning of the site and of improving our services. This is necessary for the protection of our legitimate interests in the proper presentation of our offer which are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.

Hosting services through a third party provider

This site is hosted on our behalf by our processor HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, US. In order to provide appropriate safeguards, Hubspot and we have agreed on standard data protection clauses issued by the EU Commission in accordance with Art. 46 (2) (c) GDPR. Please also refer to the section on Third Country Transfer.

All data collected via the use of these websites or through the forms provided for the purposes described below is processed on the servers of the respective service provider. Processing on other servers only takes place as described within this privacy policy.

3.Data Collection and Use in the Context of the Trusted ShopsProducts

Information on the processing of personal data in the context of the use of our various services is available when you register for the services, for example as an appendix to the terms of use.

4. Third Country Transfer

In this section, we inform you about the processing of personal data related to you in third countries for which there is no adequacy decision adopted by the EU Commission.

Trusted Shops uses a variety of service providers. Many of them use servers in third countries, i.e. outside the EU or the EEA. This also includes the USA. The transfer of personal data associated with this must be carried out in accordance with Art. 44 et seq. GDPR. In July 2020, the ECJ ruled that the Privacy-Shield Agreement between the EU and the USA can no longer be used to transfer personal data to the USA. This means that the sectoral adequacy decision of the EU Commission has been revoked.

However, the Privacy Shield as such and the associated self-certification will remain in place. This means that US companies that have self-certified and registered with the U.S. Department of Commerce's International Trade Administration (see overview at https://www.privacyshield.gov/list) will continue to act in compliance with the Privacy Shield rules, which will ensure a good level of data protection to the greatest extent possible.

In addition, Trusted Shops obliges service providers who process personal data in a third country to comply with the standard data protection clauses issued by the EU Commission which are still valid. Where possible, we also agree on additional guarantees to ensure that adequate data protection is guaranteed in the USA or other third countries.

For some service providers there are also binding corporate rules, which ensure that European data protection standards are observed within the company.

Despite all contractual and technical measures, it is possible that the level of data protection in the third country may not be the same as in the EU. In such cases we will ask you, if necessary, as part of cookie consent, in (contact) forms or in the case of other registrations and notifications, for your consent under Art. 49 (1) (a) GDPR to transfer your personal data to a third country. This applies in particular to the transfer of data to the USA. In the USA, authorities and intelligence services may have the right and the capability to access your personal data without our knowledge as the data exporter or yours as the data subject, and without you having sufficient legal means to prevent or take action against such access.

By clicking on “Cookie settings” in the footer of this website, you can open the Cookie Manager and find detailed information about all the service providers from third countries that we use, such as the exact countries of residence of the individual service providers, the specific legal basis and the purpose of the data transfer, the duration of the data storage, etc.


5. Cookies and Tracking

In order to make the user experience on our website attractive and to enable the use of certain functions, as well as to display suitable products or for market research, we use so-called cookies and other tools on various pages via which information is stored on, or retrieved from, your terminal device (hereinafter uniformly referred to as "cookies").

Cookies:

Cookies are small text files that are stored on your terminal device. We always use some cookies to be able to guarantee the basic functionality of our pages and the optimal presentation of our offers (essential/necessary cookies). Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit of our website (persistent cookies). We use both cookies of our own and some by third-party providers (so-called third-party cookies).

Consent Manager:

A detailed overview of the cookies and other tools and service providers we use, their purposes and storage periods, the legal basis for cookie use, and additional information can be found in our Consent Manager which you can also access by clicking on “Cookie settings” in the footer.

You can separately accept or reject individual or all cookies with the Consent Manager during your first visit to our website and at any time thereafter by placing a green check mark / cross next to the respective cookie, or respectively by removing it and saving the settings. These settings are saved in the local storage of your computer or mobile device. Therefore, settings must be made and saved anew in case the local storage of your device is deleted, or if you use a different device or browser. Please note that you may have to manually delete cookies that have already been set if you revoke your consent. Rejecting cookies might limit the functionality of our website.

Other Cookie Setting Options:

Alternatively, you can set your browser to inform you about the use of cookies on websites and let you accept them individually or refuse them for certain cases or in general. Each browser manages cookie settings differently. This is described in more detail in the help menu of each browser which also explains how you can change your cookie settings. You can find this menu for each browser at the following links:

In addition to deselecting cookies in the Cookie Manager, you can revoke any consent which you have given us to the use of cookies in accordance with Art. 6 (1) (a) GDPR at any time by sending a message to the contact indicated in our privacy policy.

Please note that disabling cookies may limit your access to some features of our website.


6. Our Presence on Social Media Platforms

Our presence on social networks and platforms serves to improve active communication with our customers and other interested parties. There we provide information on our products and ongoing special promotions.

When visiting our social media channels, your data may be automatically collected and stored for market research and advertising purposes. By using pseudonyms, so-called usage profiles are created from this data. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Generally, cookies on your end device are used for this purpose. Visitor behaviour and user interests are stored in these cookies. This serves the protection of our legitimate interest in the optimal presentation of our offers and the communication with customers and other interested parties which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. If you are asked for your consent (to agree) to data processing, for example via a checkbox, on the respective social media platform for consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.

In terms of certain data processing activities on our social media profiles on Facebook, we act as joint controllers alongside the platform operator in the sense of Art. 26 GDPR. The essential information on the agreement concluded between us and Facebook, and your associated rights can be found here.

In the case where certain social media platforms are headquartered in the U.S., they use standard data protection clauses issued by the EU Commission as a suitable guarantee to ensure an appropriate level of data protection.

Please refer to the privacy policies of the individual social media providers linked below for detailed information on the processing and use of data by these providers on their pages, as well as on contact options, your rights as a data subject, and privacy settings or options, in particular opt-out options. Should you still require assistance in this regard, feel free to contact us.

Facebook: https://www.facebook.com/about/privacy/

Google/ YouTube: https://policies.google.com/privacy?hl=en

Twitter: https://twitter.com/en/privacy

Instagram: https://help.instagram.com/519522125107875

Pinterest: https://about.pinterest.com/en/privacy-policy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Xing: https://privacy.xing.com/en

Objection (Opt-Out) Settings:

Facebook: https://www.facebook.com/settings?tab=ads

Google/ YouTube: https://policies.google.com/privacy?hl=en-US#infochoices

Twitter: https://twitter.com/personalization

Instagram: https://help.instagram.com/519522125107875

Pinterest: https://help.pinterest.com/en-gb/topics/privacy-safety-and-legal

LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing: https://privacy.xing.com/en/privacy-policy/what-rights-can-you-assert/right-to-object


7. Contact possibilities and your rights

As a data subject, you have the following rights:

  • pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent described therein;
  • pursuant to Art. 16 GDPR, you have the right to demand the immediate rectification of inaccurate or incomplete personal data stored by us;
  • pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored with us, unless further processing is necessary:
    - in order to exercise the right of freedom of expression and information;
    - for the compliance with a legal obligation;
    - for reasons of public interest, or
    - for the establishment, exercise or defence of legal claims;
  • pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as:
    - you are contesting the accuracy of the data;
    - the processing is unlawful, but you oppose the erasure of the data;
    - we no longer need the data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims, or
    - you have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller;
  • pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority . You can also contact the supervisory authority at your habitual residence or place of work, or at the place of our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, information on personal data concerning you, the restriction of data processing, the rectification or erasure of data, the revocation of given consent, or the objection to a specific use of data, please contact our company’s data protection officer.

Data Protection Officer
Subbelrather Str. 15c
50823 Cologne
privacy@trustedshops.com


Right of objection

Insofar as we process personal data in any of the above described manners in order to protect our legitimate interests that are overriding in the process of balancing of interests, you can object to this processing with effect for the future. If the data is processed for direct marketing purposes, you can exercise this right at any time as described above. If the processing takes place for other purposes, you are only entitled to a right of objection as far as it is justified for reasons arising from your particular situation.

After exercising your right of objection, we will not process your personal data for these purposes anymore, unless we can provide and prove compelling legitimate reasons that the processing must proceed, which outweigh your interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims.This does not apply if the processing has taken place for direct marketing purposes. In this case, we will cease to process your personal data for this purpose.