Imprint & Data Privacy

Imprint

Trusted Shops AG
Colonius Carré
Subbelrather Straße 15c
50823 Cologne, Germany

Tel.: +49 (0) 221 – 77 53 66
Fax: + 49 (0) 221 – 7 75 36 89
E‑Mail: info@trustedshops.com


Executive Board with power of representation: Jean‑Marc Noël (Chairman), Michael Burdack

Chairman of the Supervisory Board:
Ulrich Hafenbradl

Registered at: Amtsgericht Cologne, HRB 113040
VAT ID No.: DE 812 947 877

 

Child Protection Officer pursuant to Sec. 7 of the German State Agreement on the Media Protection of Minors (JMStV):
Frieder Schelle, jugendschutz@trustedshops.de

Responsible for Content: Giulia Frede

c/o Trusted Shops AG
Subbelrather Straße 15c,
50823 Köln

 

Trusted Shops AG is registered in the Brokers’ Register under Register Number [D-B6MZ-QKA67-38] as a licensed insurance agent pursuant to Sec. 34d (1) of the German Industrial Code (GewO) (www.vermittlerregister.info). The competent licensing and supervisory authority is the Cologne Chamber of Industry and Commerce, Unter Sachsenhausen 10-26, 50667 Cologne, Germany (www.ihk-koeln.de). Trusted Shops AG is a member the Cologne Chamber of Industry and Commerce.

Professional regulations governing insurance brokerage:
- Sec. 34d GewO
- Sec. 59 – 68 of the German Insurance Contract Act (VVG)
- The German Insurance Brokerage Ordinance (VersVermV)

The professional regulations can be viewed and downloaded from www.gesetze-im-internet.de, the homepage operated by the German Federal Ministry of Justice together with juris GmbH.

 

Information on resolving disputes

Information on online dispute resolution pursuant to Article 14 (1) ODR Regulation: The European Commission provides a platform for online dispute resolutions (ODR) which can be accessed under www.ec.europa.eu/consumers/odr/. Consumers have the possibility to use this platform for resolving their disputes. We are ready to participate in extra-judicial dispute settlement proceedings before a consumer dispute resolution body.

Information on the resolution of disputes pursuant to section 214 VVG in conjunction with the VVG Regulation governing Conciliation Bodies

As an insurance broker, Trusted Shops AG is obliged by Sec. 214 VVG in conjunction with the VVG Regulation governing Conciliation Bodies to participate in dispute resolution procedures. The competent body is as follows:
Versicherungsombudsmann e.V.,
Postfach 080632, 10006 Berlin, Germany

https://www.versicherungsombudsmann.de/

© Copyright 2022 - All contents, in particular texts, photographs and graphics are protected by copyright. All rights, including reproduction, publication, editing and translation, are reserved by Trusted Shops AG.

 

Privacy Policy

Thank you for visiting our website. Protection of your privacy is very important to us. Below you will find extensive information about how we handle your data.

illustration-information-gdpr-data-privay illustration-information-gdpr-data-privay

1. Communication via Email or Contact Form

We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such since in these cases we require the data for processing your message or for creating a customer account, and you cannot send the message without this information. The specific data that is collected is listed on the respective contact forms. We use the data provided by you to process your enquiries. The legal basis for the data processing is Art. 6 (1) (b) GDPR, insofar as your message is related to an existing or upcoming contract with you. If this is not the case, the legal basis is Art. 6 (1) (f) GDPR, as the processing is necessary to fulfil our legitimate interest in the proper processing of contact requests. In order to be able to properly allocate enquiries, the provision of personal data is necessary.

We have engaged service providers for the technical processing of your communication with us on our behalf. These service providers are based in the USA. Please refer to the information in the section Third Country Transfer regarding the associated risks. 

After complete processing of the communication, your data will be restricted for further processing and deleted after expiry of the applicable retention periods under tax and commercial law, unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

Back to top

2. Access Data and Hosting

You can visit our website without providing any personal information. Every time you visit our website, the web server automatically saves a so-called server logfile which contains data like the name of the requested file, your IP address, date and time of the request, the amount of data transmitted and the requesting provider (all together “access data”), and documents your visit. For the purpose of a shorter loading time, we also use a Content Delivery Network ("CDN") service provider as a data processor by providing our web assets via the web servers of that CDN provider. Access data is also collected accordingly on the provider's web servers. We use a CDN provider located in the USA, but processing usually takes place in a region that is close to the access location. Therefore, when accessing from Europe, the data processing usually takes place in Europe.

The access data is evaluated exclusively for the purpose of ensuring the error-free functioning of the site and of improving our services. This is necessary for the protection of our legitimate interests in the proper presentation of our offer which are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.

This site is hosted on our behalf by our processor HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, US. In order to provide appropriate safeguards, Hubspot and we have agreed on standard data protection clauses issued by the EU Commission in accordance with Art. 46 (2) (c) GDPR. Please also refer to the section on Third Country Transfer.

All data collected via the use of these websites or through the forms provided for the purposes described below is processed on the servers of the respective service provider. Processing on other servers only takes place as described within this privacy policy.

Back to top

3. Data Collection and Use in the Context of the Trusted Shops Membership for Shops

Registration for the Trusted Shops Membership for Online Shops

Only persons acting in their professional capacity as a business or a self-employed professional may apply for a Trusted Shops membership for online retailers. Personal data you voluntarily share with us when contacting us or registering for our services is collected for the purpose of contractual performance in accordance with Art. 6 (1) (b) GDPR.

Personal data of people who are not contractual partners themselves or are not intended to become such (e.g. employees or people of contact) are processed on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest in this context is to ensure the proper, efficient and personal processing of the request and the business relation.
The personal data that we process in the context of a membership includes in particular:

  • Last name, first name
  • Company
  • (Email) address, telephone number
  • Occupation of the contact person
  • Professional qualification, if applicable
  • Other business information
  • Communication data (e.g. e-mail communication or notes on telephone conversations).

The purpose of the processing derives from the General Membership Terms, as well as any potential supplementary agreements or other contracts applicable between Trusted Shops and the member shop. Business communication, answering queries or forwarding complaints from customers of the shop, e.g. within the framework of the Trusted Shops guarantee, in particular make it necessary to process personal data.

In addition, the calculation of the individual contractual fees according to the price list requires the specification of the online shop's turnover. In this case, the legal basis for the data processing is Art. 6 (1) (b) GDPR.

After the contract has been completely processed and performed, your data will be restricted for further processing and deleted after expiry of the applicable retention periods under tax and commercial law, unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.


Use of Salesforce

In order to help you integrate Trusted Shops elements into your website, to optimise our product offers for you and to manage customers and contracts, we use the Service Cloud and the Marketing Cloud provided by

Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany,
a subsidiary of Salesforce.com Inc, The Landmark @ One Marketing, Suite 300, San Francisco, CA 94105, USA.

Salesforce Marketing Cloud is a user database management service. The data is processed in Ireland and the USA.
Salesforce.com has certified these services under the EU-US Privacy Shield. For more information about the Salesforce Marketing Cloud and Service and the information we process, please visit Salesforce' Privacy Policy. We have also agreed on standard data protection clauses as issued by the EU Commission to ensure an adequate level of data protection

Salesforce’s functions allow us to analyse your use of the Trusted Shops products, platforms, and advertising materials, e.g. via cookie tracking or the creation of pseudonymised user profiles for advertising and analytical purposes.

We collect and process personal and behavioural data (e.g. product usage data). Overall, Salesforce only provides us with access to specific personal data for marketing purposes if you are logged into our site. Generally, you provide us with this data when placing your order as well as in the context of the business relation between you and Trusted Shops. Hence, we collect only data that is necessary for achieving the respective contractual purpose. This data is meant to be subsequently enriched with data collected through Salesforce, Inc.

The purpose of this data processing is, on the one hand, the contractual performance in the sense of Art. 6 (1) (b) GDPR, and, on the other hand, to protect our legitimate interest in the optimised presentation of our offers and in direct advertising which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

Back to top

4. Recipients of Personal Data

Postal/parcel delivery

If you have ordered goods which must be sent to you or are to receive a letter from us per post, we will transfer the data required for the fulfilment of the contract to the shipping company commissioned with the delivery in accordance with Art. 6 (1) (b) GDPR if this is necessary for the delivery. Depending on which payment service provider you select in the order process, we may transfer the payment data which was collected for the purpose of processing the payment to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us, or to the selected payment service. Some of the payment service providers also collect this data on their own, e.g. if you create an account there. In this case, you must log in to the respective service provider’s platform with your access data during the ordering process. In this context, the privacy policy of the respective provider applies.

We use a payment service provider based in a country outside the European Union. The transfer of personal data to this company only takes place as far as necessary for fulfilling the contract.


Use of payment service providers


For the processing of payments, we use the following service providers who act as separate data controllers:

- Payment by direct debit: Direct debit payments are processed by GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom, with processing taking place exclusively at the GoCardless SAS, 23-25 Avenue Mac-Mahon, Paris, 75017, France. You can find information on data protection at GoCardless here.

- Payment by credit card: Credit card payments are processed by Stripe Payments Europe, Ltd, One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland. This may also involve the transfer of personal data to the USA. To ensure an appropriate level of data protection, Stripe uses standard data protection clauses. You can find more information on data protection at Stripe here.

- Payment via PayPal: If you are registered with PayPal, you can also make the payment via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg. The agreements between you and PayPal apply. More information on data protection at PayPal can be found here.


Use of processors


In order to display our website and to provide our services, we use various service providers as data processors. They process personal data on our behalf as instructed. We have concluded a contract with all service providers in accordance with Art. 28 GDPR. In particular, we use processors in the areas of hosting, email and newsletter dispatch as well as ticket management, customer relation management, subscription management and payment management.


Credit check when registering for the Trusted Shops membership for online retailers


We only transfer your address data to credit agencies before concluding a membership contract for the purpose of assessing the liability risk and, if necessary, your creditworthiness, if you are registering in pursuance of your professional activities as a business or a self-employed professional. The purpose of the data processing is the processing of the contractual relation pursuant to Art. 6 (1) (b) GDPR, and, pursuant to Art. 6 (1) (f) GDPR, the protection of our legitimate interests in reducing the risk of payment defaults. The credit check entails profiling in the sense of Art. 4 (4) GDPR, insofar as it concerns a natural person (e.g. sole traders). Automated decision-making is not involved in this process.

Depending on the country of your company’s headquarters, we transfer the personal data required for a credit assessment to the following company / -ies:

  • Verband der Vereine Creditreform e.V.
    Hellersbergstr. 12
    D-41460 Neuss
    Germany
  • Compagnie Française d'Assurance pour le Commerce Extérieur SA
    1, place Costes et Bellonte
    CS 20003
    92276 Bois-Colombes (Paris)
    France
  • Ellisphere, S.A.S.
    Immeuble via Verde,
    55 place Nelson Mandela,
    92000 Nanterre
    France
  • GraydonGo
    Hullenbergweg 2
    1101AA, Amsterdam Zuid-Oost
    Netherlands
  • Iberinform internacional, SAU
    Calle Raimundo Fernández Villaverde, 57 Bis
    Madrid 28003 (Madrid)
    Spain.
Appropriate measures will be observed to protect your rights, freedoms and legitimate interests. You are free to share your view and to challenge our decisions by contacting us anytime as described below.


Use of Legal Service Providers

If you fail to meet your payment obligations under a contract with us or in case of any other imminent legal dispute, we may engage legal service providers (lawyers, debt collection services, etc.). In this case, the transfer of personal data is necessary for the fulfilment of the contract and is also based on our legitimate interest in asserting our claims under civil law in accordance with Art. 6 (1) (f) GDPR. If and insofar as this constitutes a change of purpose, it falls under Section 24 (1) (2) of the German Federal Data Protection Act (BDSG).

Back to top

5. Email Newsletter and Postal Advertising

Email Advertising and Newsletter Registration

If you register for one of our newsletters or provide your data in order to download a document from our website free of charge, or our Facebook or LinkedIn pages, we use this data, or data separately provided by you, for regularly sending you our email newsletter with your consent pursuant to Art. 6 (1) (a) GDPR.

The newsletter is sent on our behalf by service providers to whom we transfer your email address for this purpose.
You can unsubscribe from the newsletter at any time either by sending a message to the contact described below or via the respective link provided in each newsletter mail. After you have unsubscribed, we will delete your email address unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.


Email Advertising and Registration for the Personalised Newsletter

If you register for one of our personalised newsletters, we use your data, or data separately provided by you, for regularly sending you our personalised email newsletter with your consent pursuant to Art. 6 (1) (a) GDPR. The newsletter with tips & tricks from the world of ecommerce, events, competitions and our products, members and partners is aimed at your specific interests and provides you with relevant information on the respective topics.

By registering to receive the personalised newsletter, you also agree that we can track and evaluate your click behaviour (which links you click and open) within the newsletter. This is done by linking the information about your click behaviour with your personal user profile in our internal customer administration system. This link makes it possible to evaluate the aforementioned information precisely in relation to your person and your presumed interests in order to improve the personalisation of the newsletter. We evaluate this information with your consent pursuant to Art. 6 (1) (a) GDPR.

You can unsubscribe from the newsletter at any time either by sending a message to the contact described below or via the respective link provided in each newsletter mail. After you have unsubscribed, we will delete your email address unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

Back to top


Email Advertising without Newsletter Registration and Your Right to object


If we receive your email address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for other products from our range similar to those you have already purchased by email in accordance with Section 7 (3) of the German Fair Competition Act (UWG). This serves the protection of our legitimate interests in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

The newsletter is sent on our behalf by service providers to whom we transfer your email address for this purpose.

You can object to this use of your email address at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.

Postal Advertising and Your Right to object

Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves the protection of our legitimate interest in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

Such promotional mailing is processed on our behalf by a service provider to whom we transfer your data.

You can object to the storage and use of your data for this purpose at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.

Back to top

6. Integration of the Trusted Shops Trustbadge

In order to display the reviews we have collected through our Review System, the Trusted Shops Trustbadge is integrated on some of our websites.

Pursuant to Art. 6 (1) (f) GDPR, this serves the protection of our legitimate interest in the optimised marketing of our offers, this legitimate interest being overriding in the process of balancing of interests. The Trustbadge and the services advertised through it are offered by Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany.

When the Trustbadge is displayed, the web server automatically saves a server log file, which records the retrieval and therefore contains e.g. your IP address, date and time of the retrieval, transferred data volume and the access provider (access data). Some access data is stored in a security database for the analysis of security anomalies. The log files are automatically deleted 90 days after creation at the latest.

Back to top

7. Third Country Transfer

In this section, we inform you about the processing of personal data related to you in third countries for which there is no adequacy decision adopted by the EU Commission.

Trusted Shops uses a variety of service providers. Many of them use servers in third countries, i.e. outside the EU or the EEA. This also includes the USA. The transfer of personal data associated with this must be carried out in accordance with Art. 44 et seq. GDPR. In July 2020, the ECJ ruled that the Privacy-Shield Agreement between the EU and the USA can no longer be used to transfer personal data to the USA. This means that the sectoral adequacy decision of the EU Commission has been revoked.

However, the Privacy Shield as such and the associated self-certification will remain in place. This means that US companies that have self-certified and registered with the U.S. Department of Commerce's International Trade Administration (see overview at https://www.privacyshield.gov/list) will continue to act in compliance with the Privacy Shield rules, which will ensure a good level of data protection to the greatest extent possible.

In addition, Trusted Shops obliges service providers who process personal data in a third country to comply with the standard data protection clauses issued by the EU Commission which are still valid. Where possible, we also agree on additional guarantees to ensure that adequate data protection is guaranteed in the USA or other third countries.

For some service providers there are also binding corporate rules, which ensure that European data protection standards are observed within the company.

Despite all contractual and technical measures, it is possible that the level of data protection in the third country may not be the same as in the EU. In such cases we will ask you, if necessary, as part of cookie consent, in (contact) forms or in the case of other registrations and notifications, for your consent under Art. 49 (1) (a) GDPR to transfer your personal data to a third country. This applies in particular to the transfer of data to the USA. In the USA, authorities and intelligence services may have the right and the capability to access your personal data without our knowledge as the data exporter or yours as the data subject, and without you having sufficient legal means to prevent or take action against such access.

By clicking on “Cookie settings” in the footer of this website, you can open the Cookie Manager and find detailed information about all the service providers from third countries that we use, such as the exact countries of residence of the individual service providers, the specific legal basis and the purpose of the data transfer, the duration of the data storage, etc.

Back to top

8. Cookies and Web Analytics

In order to make the user experience on our website attractive and to enable the use of certain functions, as well as to display suitable products or for market research, we use so-called cookies and other tools on various pages via which information is stored on, or retrieved from, your terminal device (hereinafter uniformly referred to as "cookies").

Cookies:

Cookies are small text files that are stored on your terminal device. We always use some cookies to be able to guarantee the basic functionality of our pages and the optimal presentation of our offers (essential/necessary cookies). Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit of our website (persistent cookies). We use both cookies of our own and some by third-party providers (so-called third-party cookies).


Consent Manager:

A detailed overview of the cookies and other tools and service providers we use, their purposes and storage periods, the legal basis for cookie use, and additional information can be found in our Consent Manager which you can also access by clicking on “Cookie settings” in the footer.

You can separately accept or reject individual or all cookies with the Consent Manager during your first visit to our website and at any time thereafter by placing a green check mark / cross next to the respective cookie, or respectively by removing it and saving the settings. These settings are saved in the local storage of your computer or mobile device. Therefore, settings must be made and saved anew in case the local storage of your device is deleted, or if you use a different device or browser. Please note that you may have to manually delete cookies that have already been set if you revoke your consent. Rejecting cookies might limit the functionality of our website.


Other Cookie Setting Options:


Alternatively, you can set your browser to inform you about the use of cookies on websites and let you accept them individually or refuse them for certain cases or in general. Each browser manages cookie settings differently. This is described in more detail in the help menu of each browser which also explains how you can change your cookie settings. You can find this menu for each browser at the following links:

 

In addition to deselecting cookies in the Cookie Manager, you can revoke any consent which you have given us to the use of cookies in accordance with Art. 6 (1) (a) GDPR at any time by sending a message to the contact indicated in our privacy policy.

Please note that disabling cookies may limit your access to some features of our website.

Back to top

9. Social Media PlugIns

Use of the social plugins from Facebook, Google, Twitter, Instagram, Pinterest using the Shariff solution

Our websites use social buttons provided by different social media platforms.

In order to better protect your data when you visit our website, these buttons are not fully integrated into the page as plug-ins, but rather as simple HTML links. This ensures that webpages containing social buttons do not connect to the servers of the respective social media providers when they are opened.

If you click one of the buttons, the page of the respective service provider will be opened in a new browser window. There you can press the Like or Share button, for example. This might require you to log in to the respective platform first. You can find more information on how social media providers process personal data on their pages, e.g. the purpose and extent of the data collection, the subsequent processing and use of personal data as well as contact options, your rights as a data subject, and privacy settings or options, in these providers’ respective privacy policies:
Youtube Video Plugins

We have integrated content from the video platform Youtube on our website. This serves the protection of our legitimate interest in the optimal presentation of our offers which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.
Youtube is operated by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.co.uk).

As far as information is transmitted to, and stored by Google on servers located in the United States, the U.S. company Google LLC is certified under the EU-US Privacy Shield.

We have activated extended data protection settings on the Youtube videos integrated in our site. This means that no information from website visitors is collected and stored by YouTube unless they play the video. You can find more information on the purpose and extent of the data collection, the subsequent processing and use of personal data by Youtube as well as contact options, your rights as a data subject, and privacy settings or options, in Google’s privacy policy .


Vimeo Video Plugins

We have integrated content from the video platform Vimeo on our website. This serves the protection of our legitimate interest in the optimal presentation of our offers which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.
Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA ("Vimeo").

The tracking tool Google Analytics is automatically active on Vimeo videos that are integrated on our site. We have no influence over the tracking settings or the analytics generated through them, and they are not visible to us. Additionally, by embedding Vimeo videos, website visitors are assigned a web beacon.

In order to prevent the use of Google Analytics tracking cookies, you may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address), and from processing this data by downloading and installing the browser plug-in available under this link.

You can find more information on the purpose and extent of the data collection, the subsequent processing and use of personal data by Youtube as well as contact options, your rights as a data subject, and privacy settings or options, in Vimeo’s privacy policy: https://vimeo.com/privacy 

Back to top

10. Our Presence on Social Media Platforms

Our presence on social networks and platforms serves to improve active communication with our customers and other interested parties. There we provide information on our products and ongoing special promotions.

When visiting our social media channels, your data may be automatically collected and stored for market research and advertising purposes. By using pseudonyms, so-called usage profiles are created from this data. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Generally, cookies on your end device are used for this purpose. Visitor behaviour and user interests are stored in these cookies. This serves the protection of our legitimate interest in the optimal presentation of our offers and the communication with customers and other interested parties which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. If you are asked for your consent (to agree) to data processing, for example via a checkbox, on the respective social media platform for consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.

In terms of certain data processing activities on our social media profiles on Facebook, we act as joint controllers alongside the platform operator in the sense of Art. 26 GDPR. The essential information on the agreement concluded between us and Facebook, and your associated rights can be found here.

In the case where certain social media platforms are headquartered in the U.S., they use standard data protection clauses issued by the EU Commission as a suitable guarantee to ensure an appropriate level of data protection.

Please refer to the privacy policies of the individual social media providers linked below for detailed information on the processing and use of data by these providers on their pages, as well as on contact options, your rights as a data subject, and privacy settings or options, in particular opt-out options. Should you still require assistance in this regard, feel free to contact us.


Objection (Opt-Out) Settings:



Back to top 

11. Participation in Webinars

We offer webinars on a regular basis, either free of charge or as a contractual service as part of our products. These are conducted via the GoTo-Webinar tool. "GoToWebinar" is a service of LogMeIn, Inc. which is based in the USA. Please note the information on "Third Country Transfer" in the section of the same name in this privacy policy. We use LogMeIn, Inc. as a processor.

If you access the website of "GoToWebinar", the "GoTo-Webinar" provider is responsible for the data processing on there. However, accessing the website is only necessary to download the software for using "GoToWebinar". You can also use "GoToWebinar" by inserting the respective meeting ID and potential additional access data for the meeting directly in the "GoToWebinar" app.

If you cannot or wish to not use the "GoToWebinar" app, the basic functions can also be used via the browser version, which you can also find on the "GoToWebinar" website.

Various types of data are processed when using "GoToWebinar". The exact extent of the processed data also depends on the data you provide before or during participation in a webinar.

The following personal data is subject to processing:

  • User details: first name, last name, phone number (optional), email address, password (unless "single sign-on" is used), profile picture (optional), company department (optional)

  • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.

  • In case of recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

  • In case of dial-in via phone: information on the incoming and outgoing call number, country name, start and end time. If necessary, additional connection data such as the IP address of the device may be stored.

  • Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in a webinar. In such cases, the text entries you make are processed in order to display them in the webinar and, if necessary, to log them. In order to enable audio and video rendition, the data produced from your terminal device’s microphone(s) and/or camera(s) will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone at any time via the respective "GoToWebinar" functions.

In order to participate in a webinar or to enter the "meeting room", you must at the very least indicate your name.

Extent of Processing

We use "GoToWebinar" to conduct webinars. If we are about to record a webinar, we will inform you of it in a transparent manner and well in advance as well as ask your consent as far as the recording affects, i.e. includes you. Recordings will include audio and video. An on-going recording will also be accordingly displayed to you in the "GoToWebinar App.

If necessary, we may log the chat content in order to log the webinar’s results. However, this is mostly not the case. For the purposes of recording and following up on webinars, the questions asked by webinar participants may also be processed.

If you are a registered “GoToWebinar” user, webinar reports (containing: meeting metadata, telephone dial-in data, questions and answers in webinars, results of the webinar’s survey function) may be stored by "GoToWebinar" for up to one month.


Legal Basis for the Data Processing

The legal basis for the data processing in the context of using “GoToWebinar” is Art. 6 (1) (f) GDPR. Our legitimate overriding interest in these cases is the effective conduct of webinars.

Apart from this, the legal basis for the data processing associated with the conduct of the webinar itself is Art. 6 (1) (b) GDPR, insofar as the webinar is conducted as part of a contractual relation.

If a recording of the webinar is made, the legal basis for this is your consent in the sense of Art. 6 (1) (a) GDPR.


Data Erasure


We erase personal data when further storage is not necessary. In particular, the storage may be necessary if the data is still needed in order to provide the contractually agreed services as well as to asses or to defend against claims arising from statutory warranties or contractual guarantees. Where statutory retention periods apply, data can only be erased after these periods have expired.

Back to top

12. Sending Review Invites per Email

We use your email address to send you a Review Invite by email if you have explicitly consented to this pursuant to Art. 6 (1) (a) GDPR during or after placing an order.

You can revoke your consent with effect for the future at any time by sending a message to the contact described below.

In other cases, Review Invites are sent as a service in return for free membership and thus as an integral part of the membership contract. In these cases, data processing is necessary for the fulfilment of the contract and is therefore based on Art. 6 (1) (a) GDPR.

Back to top

13. Contact possibilities and your rights

As a data subject, you have the following rights:

  • pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent described therein;

  • pursuant to Art. 16 GDPR, you have the right to demand the immediate rectification of inaccurate or incomplete personal data stored by us;

  • pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored with us, unless further processing is necessary:
    - in order to exercise the right of freedom of expression and information;
    - for the compliance with a legal obligation;
    - for reasons of public interest, or
    - for the establishment, exercise or defence of legal claims;

  • pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as:
    - you are contesting the accuracy of the data;
    - the processing is unlawful, but you oppose the erasure of the data;
    - we no longer need the data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims, or
    - you have objected to the processing pursuant to Art. 21 GDPR;

  • pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller;

  • pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority . You can also contact the supervisory authority at your habitual residence or place of work, or at the place of our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, information on personal data concerning you, the restriction of data processing, the rectification or erasure of data, the revocation of given consent, or the objection to a specific use of data, please contact our company’s data protection officer.

Data Protection Officer
Subbelrather Str. 15c
50823 Cologne
privacy@trustedshops.com 

Back to top

Right of objection

Insofar as we process personal data in any of the above described manners in order to protect our legitimate interests that are overriding in the process of balancing of interests, you can object to this processing with effect for the future. If the data is processed for direct marketing purposes, you can exercise this right at any time as described above. If the processing takes place for other purposes, you are only entitled to a right of objection as far as it is justified for reasons arising from your particular situation.

After exercising your right of objection, we will not process your personal data for these purposes anymore, unless we can provide and prove compelling legitimate reasons that the processing must proceed, which outweigh your interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims.This does not apply if the processing has taken place for direct marketing purposes. In this case, we will cease to process your personal data for this purpose.

Back to top

© 2024 Trusted Shops AG  |  Legal  |  Data protection  |  Cookie settings