Imprint & Data Privacy

Trusted Shops AG
Colonius Carré
Subbelrather Straße 15c
50823 Cologne, Germany

Tel.: +49 (0) 221 – 77 53 66
Fax: + 49 (0) 221 – 7 75 36 89
E‑Mail: info@trustedshops.com

Executive Board with power of representation: Jean‑Marc Noël (Chairman), Michael Burdack

Chairman of the Supervisory Board:
Ulrich Hafenbradl

Registered at: Amtsgericht Cologne, HRB 113040
VAT ID No.: DE 812 947 877

Child Protection Officer pursuant to Sec. 7 of the German State Agreement on the Media Protection of Minors (JMStV):
Frieder Schelle, jugendschutz@trustedshops.de

Responsible for Content: Giulia Frede

c/o Trusted Shops AG
Subbelrather Straße 15c,
50823 Köln

Trusted Shops AG is registered in the Brokers’ Register under Register Number [D-B6MZ-QKA67-38] as a licensed insurance agent pursuant to Sec. 34d (1) of the German Industrial Code (GewO) (www.vermittlerregister.info). The competent licensing and supervisory authority is the Cologne Chamber of Industry and Commerce, Unter Sachsenhausen 10-26, 50667 Cologne, Germany (www.ihk-koeln.de). Trusted Shops AG is a member the Cologne Chamber of Industry and Commerce.

1. Data processing on the website
2. Data processing in the context of a business relationship with Trusted Shops
3. Data processing in connection with webinars and trade fair visits
4. Our presence on Social Media Platforms
5. E-mail newsletter and advertising contact
6. Community Cloud
7. Third Country Transfer
8. Contact possibilities and your rights
Right of objection

1.1 Access Data and Hosting

You can visit our website without providing any personal information. Every time you visit our website, the web server automatically saves a so-called server logfile which contains data like the name of the requested file, your IP address, date and time of the request, the amount of data transmitted and the requesting provider (all together “access data”), and documents your visit. For the purpose of a shorter loading time, we also use a Content Delivery Network ("CDN") service provider as a data processor by providing our web assets via the web servers of that CDN provider. Access data is also collected accordingly on the provider's web servers. We use a CDN provider located in the USA, but processing usually takes place in a region that is close to the access location. Therefore, when accessing from Europe, the data processing usually takes place in Europe.

The access data is evaluated exclusively for the purpose of ensuring the error-free functioning of the site and of improving our services. This is necessary for the protection of our legitimate interests in the proper presentation of our offer which are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.

This site is hosted on our behalf by our processor HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, US. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA. 

All data collected via the use of these websites or through the forms provided for the purposes described below is processed on the servers of the respective service provider. Processing on other servers only takes place as described within this privacy policy.

1.2 Cookies and Web Analytics

In order to make the user experience on our website attractive and to enable the use of certain functions, as well as to display suitable products or for market research, we use so-called cookies and other tools on various pages via which information is stored on, or retrieved from, your terminal device (hereinafter uniformly referred to as "cookies").

Cookies:

Cookies are small text files that are stored on your terminal device. We always use some cookies to be able to guarantee the basic functionality of our pages and the optimal presentation of our offers (essential/necessary cookies). Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit of our website (persistent cookies). We use both cookies of our own and some by third-party providers (so-called third-party cookies).


Consent Manager:

A detailed overview of the cookies and other tools and service providers we use, their purposes and storage periods, the legal basis for cookie use, and additional information can be found in our Consent Manager which you can also access by clicking on “Cookie settings” in the footer.

You can separately accept or reject individual or all cookies with the Consent Manager during your first visit to our website and at any time thereafter by placing a green check mark / cross next to the respective cookie, or respectively by removing it and saving the settings. These settings are saved in the local storage of your computer or mobile device. Therefore, settings must be made and saved anew in case the local storage of your device is deleted, or if you use a different device or browser. Please note that you may have to manually delete cookies that have already been set if you revoke your consent. Rejecting cookies might limit the functionality of our website.


Other Cookie Setting Options:

Alternatively, you can set your browser to inform you about the use of cookies on websites and let you accept them individually or refuse them for certain cases or in general. Each browser manages cookie settings differently. This is described in more detail in the help menu of each browser which also explains how you can change your cookie settings. You can find this menu for each browser at the following links:

• Microsoft Edge™
• Safari™  
• Chrome™ 
• Firefox™
• Opera™

In addition to deselecting cookies in the Cookie Manager, you can revoke any consent which you have given us to the use of cookies in accordance with Art. 6 (1) (a) GDPR at any time by sending a message to the contact indicated in our privacy policy.

Please note that disabling cookies may limit your access to some features of our website.

Back to top

2.1 Contact and communication

a) Communication via email or contact form

We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such since in these cases we require the data for processing your message or for creating a customer account, and you cannot send the message without this information. The specific data that is collected is listed on the respective contact forms. We use the data provided by you to process your enquiries. The legal basis for the data processing is Art. 6 (1) (b) GDPR, insofar as your message is related to an existing or upcoming contract with you. If this is not the case, the legal basis is Art. 6 (1) (f) GDPR, as the processing is necessary to fulfil our legitimate interest in the proper processing of contact requests. In order to be able to properly allocate enquiries, the provision of personal data is necessary.

We have engaged service providers for the technical processing of your communication with us on our behalf. These service providers are based in the USA. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA. 

After complete processing of the communication, your data will be restricted for further processing and deleted after expiry of the applicable retention periods under tax and commercial law, unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

b) Contacting us by telephone

In the case of telephone contact, we process the personal data that you provide to us as well as those that are automatically transmitted, for example your telephone number. Depending on the request, it may be necessary for your contact person to make notes in the CRM system in order to document the content of the call. This serves effective and efficient customer care. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. The telephone conversation between you and your contact person may be overheard by a supervisor or trainer for training purposes. A recording does not take place.

c) Microsoft Booking

We offer you the possibility to book an appointment with us via our homepage or via a link sent to you using the Microsoft Booking tool.

When booking the appointment, various data are collected. The scope of the mandatory data is noted in the booking tool. Your name and e-mail address are always required. You can also use a pseudonym instead of your name. If you wish us to contact you by telephone, you must also provide your telephone number, otherwise the appointment will take place via Microsoft Teams. Further information may be necessary for certain appointments or may be provided on a voluntary basis. In addition, technical data such as your IP address and browser information are collected.

We use the data you provide to confirm the appointment, to process your enquiries and to make the appointment. The purpose of the processing is to plan and keep appointments with you. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as your contact request is in connection with an existing or upcoming contract with you. Otherwise, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. The processing is necessary to fulfil our legitimate interest in the proper processing of contact requests, appointment allocation and appointment booking.

We use service providers to process your enquiries within the scope of processing personal data on your behalf. These service providers are also based in third countries, in particular in the USA. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed for the USA here.

After the appointment has been completed, your data will be restricted for further processing and, if relevant, deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

d) Microsoft Teams

We use Microsoft Teams to hold online meetings (telephone/video conferences) with you. Alternatively, you can contact us by phone call. If you want to use the option of an online meeting with us via Microsoft Teams, you can decide whether you want to use the Microsoft Teams app for this. If this is not the case, you can also open Microsoft Teams via the browser without installing an app. If you choose to participate via the browser solution or download the app via Microsoft's website, please note that Microsoft is responsible for collecting data via these pages.

When you use Microsoft Teams, various data are processed. The amount of data processed depends on the information you provide before and during participation in an online meeting, as well as on how you participate in the meeting.

The following data will be used when participating in an online meeting: Specified user name, your e-mail address, if set by you, your profile picture, language selection. In addition, so-called metadata are recorded, such as date, time, meeting ID, location. In addition, you can participate in the meeting with or without video and with or without sound and also use the chat function and send text or files via this. If you use these functions, image and sound files as well as the data sent via the chat function will be processed. In principle, meetings are not recorded. However, should this be the case, you will be informed of this in advance and asked for your consent.

The purpose of the data processing is to conduct online meetings and, if necessary, to exchange data via the chat function.

The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as your contact request is related to an existing or upcoming contract with you. Otherwise, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. The processing is necessary to fulfil our legitimate interest in a good contact with us as well as a simple and personal exchange with you.

Personal data processed in connection with participation in an online meeting will not be disclosed to third parties unless it has been transferred for the purpose of disclosure. We use service providers to carry out the online meetings as part of a processing of personal data on behalf. These service providers are based in the USA. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed for the USA here.

2.2 Trusted Shops Membership for Online Shops

a) Registration
Only persons acting in their professional capacity as a business or a self-employed professional may apply for a Trusted Shops membership for online retailers. Personal data you voluntarily share with us when contacting us or registering for our services is collected for the purpose of contractual performance in accordance with Art. 6 (1) (b) GDPR.

Personal data of people who are not contractual partners themselves or are not intended to become such (e.g. employees or people of contact) are processed on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest in this context is to ensure the proper, efficient and personal processing of the request and the business relation.
The personal data that we process in the context of a membership includes in particular:

• Last name, first name
• Company
• (Email) address, telephone number
• Occupation of the contact person
• Professional qualification, if applicable
• Other business information
• Communication data (e.g. e-mail communication or notes on telephone conversations).

The purpose of the processing derives from the General Membership Terms, as well as any potential supplementary agreements or other contracts applicable between Trusted Shops and the member shop. Business communication, answering queries or forwarding complaints from customers of the shop, e.g. within the framework of the Trusted Shops guarantee, in particular make it necessary to process personal data.

In addition, the calculation of the individual contractual fees according to the price list requires the specification of the online shop's turnover. In this case, the legal basis for the data processing is Art. 6 (1) (b) GDPR.

After the contract has been completely processed and performed, your data will be restricted for further processing and deleted after expiry of the applicable retention periods under tax and commercial law, unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

b) Credit check when registering for the Trusted Shops membership for online retailers

We only transfer your address data to credit agencies before concluding a membership contract for the purpose of assessing the liability risk and, if necessary, your creditworthiness, if you are registering in pursuance of your professional activities as a business or a self-employed professional. The purpose of the data processing is the processing of the contractual relation pursuant to Art. 6 (1) (b) GDPR, and, pursuant to Art. 6 (1) (f) GDPR, the protection of our legitimate interests in reducing the risk of payment defaults. The credit check entails profiling in the sense of Art. 4 (4) GDPR, insofar as it concerns a natural person (e.g. sole traders). Automated decision-making is not involved in this process.

Depending on the country of your company’s headquarters, we transfer the personal data required for a credit assessment to the following company / -ies:

• Verband der Vereine Creditreform e.V.
  Hellersbergstr. 12
  D-41460 Neuss
  Germany
• Compagnie Française d'Assurance pour le Commerce Extérieur SA
  1, place Costes et Bellonte
  CS 20003
  92276 Bois-Colombes (Paris)
  France
• Ellisphere, S.A.S.
  Immeuble via Verde,
  55 place Nelson Mandela,
  92000 Nanterre
  France
• GraydonGo
  Hullenbergweg 2
  1101AA, Amsterdam Zuid-Oost
  Netherlands
• Iberinform internacional, SAU
  Calle Raimundo Fernández Villaverde, 57 Bis
  Madrid 28003 (Madrid)
  Spain.

Appropriate measures will be observed to protect your rights, freedoms and legitimate interests. You are free to share your view and to challenge our decisions by contacting us anytime as described below.

 c) Payment processing

For the processing of payments, we use the following service providers who act as separate data controllers:

- Payment by direct debit: Direct debit payments are processed by GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom, with processing taking place exclusively at the GoCardless SAS, 23-25 Avenue Mac-Mahon, Paris, 75017, France. You can find information on data protection at GoCardless here.

- Payment by credit card: Credit card payments are processed by Stripe Payments Europe, Ltd, One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland. This may also involve the transfer of personal data to the USA. To ensure an appropriate level of data protection, Stripe uses standard data protection clauses. You can find more information on data protection at Stripe here.

- Payment via PayPal: If you are registered with PayPal, you can also make the payment via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg. The agreements between you and PayPal apply. More information on data protection at PayPal can be found here.

d) Customer Relationship Management 

In order to help you integrate Trusted Shops elements into your website, to optimise our product offers for you and to manage customers and contracts, we use the Service Cloud and the Marketing Cloud provided by

Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany,
a subsidiary of Salesforce.com Inc, The Landmark @ One Marketing, Suite 300, San Francisco, CA 94105, USA.

Salesforce Marketing Cloud is a user database management service. The data is processed in Ireland and the USA. For more information about the Salesforce Marketing Cloud and Service and the information we process, please visit Salesforce' Privacy Policy. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA. Insofar as we process HR data with Salesforce, the data is processed in the USA on the basis of the Standard Data Protection Clauses agreed between Salesforce and us.

Salesforce’s functions allow us to analyse your use of the Trusted Shops products, platforms, and advertising materials, e.g. via cookie tracking or the creation of pseudonymised user profiles for advertising and analytical purposes.

We collect and process personal and behavioural data (e.g. product usage data). Overall, Salesforce only provides us with access to specific personal data for marketing purposes if you are logged into our site. Generally, you provide us with this data when placing your order as well as in the context of the business relation between you and Trusted Shops. Hence, we collect only data that is necessary for achieving the respective contractual purpose. This data is meant to be subsequently enriched with data collected through Salesforce, Inc.

The purpose of this data processing is, on the one hand, the contractual performance in the sense of Art. 6 (1) (b) GDPR, and, on the other hand, to protect our legitimate interest in the optimised presentation of our offers and in direct advertising which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

e) Use of the Control Center

The eTrusted Control Center is the central administration point for the use of your Trusted Shops products. Personal data is processed as part of the use of the Control Center. This includes in particular

Surname, first name
company name
(e-mail) address, telephone number
user data
Usage data (IP address, time of login, etc.)
The data is processed in order to offer you the technical possibilities to make configurations in connection with the use of Trusted Shops products. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR i.V.m. Art. 6 para. 1 sentence 1 lit. f GDPR. In addition, we process the data to ensure trouble-free operation and further development of the products. Personal data may also be used for marketing purposes, for example to offer you suitable products. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR.

3.1 Participation in webinars

We offer webinars on a regular basis, either free of charge or as a contractual service as part of our products. These are conducted via the GoTo-Webinar tool. "GoToWebinar" is a service of LogMeIn, Inc. which is based in the USA. Please note the information on "Third Country Transfer" in the section of the same name in this privacy policy. We use LogMeIn, Inc. as a processor.

If you access the website of "GoToWebinar", the "GoTo-Webinar" provider is responsible for the data processing on there. However, accessing the website is only necessary to download the software for using "GoToWebinar". You can also use "GoToWebinar" by inserting the respective meeting ID and potential additional access data for the meeting directly in the "GoToWebinar" app.

If you cannot or wish to not use the "GoToWebinar" app, the basic functions can also be used via the browser version, which you can also find on the "GoToWebinar" website.

Various types of data are processed when using "GoToWebinar". The exact extent of the processed data also depends on the data you provide before or during participation in a webinar.

The following personal data is subject to processing:

• User details: first name, last name, phone number (optional), email address, password (unless "single sign-on" is used), profile picture (optional), company department (optional)
  
  
• Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
  
  
• In case of recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
  
  
• In case of dial-in via phone: information on the incoming and outgoing call number, country name, start and end time. If necessary, additional connection data such as the IP address of the device may be stored.
  
  
• Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in a webinar. In such cases, the text entries you make are processed in order to display them in the webinar and, if necessary, to log them. In order to enable audio and video rendition, the data produced from your terminal device’s microphone(s) and/or camera(s) will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone at any time via the respective "GoToWebinar" functions.

In order to participate in a webinar or to enter the "meeting room", you must at the very least indicate your name.

Extent of Processing

We use "GoToWebinar" to conduct webinars. If we are about to record a webinar, we will inform you of it in a transparent manner and well in advance as well as ask your consent as far as the recording affects, i.e. includes you. Recordings will include audio and video. An on-going recording will also be accordingly displayed to you in the "GoToWebinar App.

If necessary, we may log the chat content in order to log the webinar’s results. However, this is mostly not the case. For the purposes of recording and following up on webinars, the questions asked by webinar participants may also be processed.

If you are a registered “GoToWebinar” user, webinar reports (containing: meeting metadata, telephone dial-in data, questions and answers in webinars, results of the webinar’s survey function) may be stored by "GoToWebinar" for up to one month.


Legal Basis for the Data Processing

The legal basis for the data processing in the context of using “GoToWebinar” is Art. 6 (1) (f) GDPR. Our legitimate overriding interest in these cases is the effective conduct of webinars.

Apart from this, the legal basis for the data processing associated with the conduct of the webinar itself is Art. 6 (1) (b) GDPR, insofar as the webinar is conducted as part of a contractual relation.

If a recording of the webinar is made, the legal basis for this is your consent in the sense of Art. 6 (1) (a) GDPR.


Data Erasure

We erase personal data when further storage is not necessary. In particular, the storage may be necessary if the data is still needed in order to provide the contractually agreed services as well as to asses or to defend against claims arising from statutory warranties or contractual guarantees. Where statutory retention periods apply, data can only be erased after these periods have expired.

3.2 Contact data collection at trade fairs and events

During visits to trade fairs, we collect contact data from people who are interested in Trusted Shops and Trusted Shops products. The data is used to subsequently address the contacts by telephone or e-mail. On the one hand, this serves the fulfilment of pre-contractual measures in accordance with Art. 6 Para. 1 Sentence 1 lit. b GDPR, on the other hand, in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR, it serves the protection of our legitimate interests in an advertising approach. Insofar as this is necessary for contacting you, we will ask for your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR.

Back to top

Our presence on social networks and platforms serves to improve active communication with our customers and other interested parties. There we provide information on our products and ongoing special promotions.

When visiting our social media channels, your data may be automatically collected and stored for market research and advertising purposes. By using pseudonyms, so-called usage profiles are created from this data. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Generally, cookies on your end device are used for this purpose. Visitor behaviour and user interests are stored in these cookies. This serves the protection of our legitimate interest in the optimal presentation of our offers and the communication with customers and other interested parties which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. If you are asked for your consent (to agree) to data processing, for example via a checkbox, on the respective social media platform for consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.

In terms of certain data processing activities on our social media profiles on Facebook, we act as joint controllers alongside the platform operator in the sense of Art. 26 GDPR. The essential information on the agreement concluded between us and Facebook, and your associated rights can be found here.

In the case where certain social media platforms are headquartered in the U.S., an adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA. 

Please refer to the privacy policies of the individual social media providers linked below for detailed information on the processing and use of data by these providers on their pages, as well as on contact options, your rights as a data subject, and privacy settings or options, in particular opt-out options. Should you still require assistance in this regard, feel free to contact us.

• Facebook
• Google/ YouTube
• Twitter 
• Instagram 
• Pinterest 
• LinkedIn
• Xing 

Objection (Opt-Out) Settings:

• Facebook
• Google/ YouTube
• Twitter
• Instagram
• Pinterest
• LinkedIn
• Xing

5.1 Email Advertising and Newsletter Registration

If you register for one of our newsletters or provide your data in order to download a document from our website free of charge, or our Facebook or LinkedIn pages, we use this data, or data separately provided by you, for regularly sending you our email newsletter with your consent pursuant to Art. 6 (1) (a) GDPR.

The newsletter is sent on our behalf by service providers to whom we transfer your email address for this purpose.
You can unsubscribe from the newsletter at any time either by sending a message to the contact described below or via the respective link provided in each newsletter mail. After you have unsubscribed, we will delete your email address unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.


5.2 Email Advertising and Registration for the Personalised Newsletter

If you register for one of our personalised newsletters, we use your data, or data separately provided by you, for regularly sending you our personalised email newsletter with your consent pursuant to Art. 6 (1) (a) GDPR. The newsletter with tips & tricks from the world of ecommerce, events, competitions and our products, members and partners is aimed at your specific interests and provides you with relevant information on the respective topics.

By registering to receive the personalised newsletter, you also agree that we can track and evaluate your click behaviour (which links you click and open) within the newsletter. This is done by linking the information about your click behaviour with your personal user profile in our internal customer administration system. This link makes it possible to evaluate the aforementioned information precisely in relation to your person and your presumed interests in order to improve the personalisation of the newsletter. We evaluate this information with your consent pursuant to Art. 6 (1) (a) GDPR.

You can unsubscribe from the newsletter at any time either by sending a message to the contact described below or via the respective link provided in each newsletter mail. After you have unsubscribed, we will delete your email address unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

Back to top

5.3 Email Advertising without Newsletter Registration and Your Right to object

If we receive your email address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for other products from our range similar to those you have already purchased by email in accordance with Section 7 (3) of the German Fair Competition Act (UWG). This serves the protection of our legitimate interests in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

The newsletter is sent on our behalf by service providers to whom we transfer your email address for this purpose.

You can object to this use of your email address at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.

5.4 Postal Advertising and Your Right to object

Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves the protection of our legitimate interest in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

Such promotional mailing is processed on our behalf by a service provider to whom we transfer your data.

You can object to the storage and use of your data for this purpose at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.

5.5 Satisfaction surveys

Trusted Shops occasionally conducts customer satisfaction surveys. These are either sent by email or displayed in the Control Center. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the continuous improvement of our products by involving our customers. The data processed as part of the satisfaction surveys includes in particular

Surname, first name

company name

(Email) address, telephone number

Activity of the contact person

Back to top

6.1 Registration as a Trusted Shops Affiliate Partner

The opportunity to register as a Sales Partner for our Partner Programme is offered only to commercial companies or sole proprietors. Personal data are collected and processed according to Article 6 (1) sentence 1 lit. b GDPR for the purpose of performing the contract if you voluntarily supply them to us when contacting us or during the registration or creation of a profile for our services. Mandatory fields are marked as such.

Upon contract completion, any further processing of your data will be restricted, and your data will be erased upon expiry of the retention periods applicable under tax or commercial law, unless you expressly consent to the further use of your data or we reserve the right to further use your data in the scope and manner permitted by law, of which we inform you in this notice.

6.2 Transfer of personal data of prospective customers

As part of acquiring prospective customers (so-called “leads” or “prospective customers”) under the Partner Programme, our Sales Partners transfer to us personal data of leads, amongst others. They are processed for the purpose of establishing contact and, possibly, initiating negotiations with the respective prospective customer according to Article 6 (1) sentence lit. a GDPR based on the prospective customer's express consent.

If after establishing contact and conducting possible contractual negotiations no contract is concluded between the prospective customer and Trusted Shops and no reopening of negotiations at a later time is requested, the data of the prospective customer will be erased at the prospective customer's request immediately or automatically no later than upon lapse of any applicable statutory retention periods (e.g. according to commercial or tax law).

Back to top

7.1 Use of processors

In order to display our website and to provide our services, we use various service providers as data processors. They process personal data on our behalf as instructed. We have concluded a contract with all service providers in accordance with Art. 28 GDPR. In particular, we use processors in the areas of hosting, email and newsletter dispatch as well as ticket management, customer relation management, subscription management and payment management.

7.2 Disclosure of data to third parties

We may disclose your personal data to third parties if we can demonstrate a legitimate interest in doing so, for example to defend legal claims or because we are legally obliged to do so, for example as part of an audit or official request. Data may be disclosed to the following parties in particular:

Tax consultants
auditors
lawyers
public authorities

7.3 Third country transfer

In this section, we inform you about the processing of personal data related to you in third countries for which there is no adequacy decision adopted by the EU Commission.

Trusted Shops uses a variety of service providers. Many of them use servers in third countries, i.e. outside the EU or the EEA. This also includes the USA. The transfer of personal data associated with this must be carried out in accordance with Art. 44 et seq. GDPR. For the U.S., an adequacy decision applies to all companies registered for the EU-U.S. Data Privacy Framework (DPF). In this case, the transfer of data is possible without further guarantees. If processing takes place in a third country without an adequacy decision or at a U.S. company that is not registered for the DPF, we agree on Standard Contractual Clauses with the data recipient to ensure an appropriate level of data protection. Where possible and necessary, we also agree on additional measures. If the level of data protection is not sufficient despite the agreed Standard Contractual Clauses and any additional measures taken, we will ask for your consent.

By clicking on “Cookie settings” in the footer of this website, you can open the Cookie Manager and find detailed information about all the service providers from third countries that we use, such as the exact countries of residence of the individual service providers, the specific legal basis and the purpose of the data transfer, the duration of the data storage, etc.

Back to top

As a data subject, you have the following rights:

• pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent described therein;
  
  
• pursuant to Art. 16 GDPR, you have the right to demand the immediate rectification of inaccurate or incomplete personal data stored by us;
  
  
• pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored with us, unless further processing is necessary:
  - in order to exercise the right of freedom of expression and information;
  - for the compliance with a legal obligation;
  - for reasons of public interest, or
  - for the establishment, exercise or defence of legal claims;
  
  
• pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as:
  - you are contesting the accuracy of the data;
  - the processing is unlawful, but you oppose the erasure of the data;
  - we no longer need the data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims, or
  - you have objected to the processing pursuant to Art. 21 GDPR;
  
  
• pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller;
  
  
• pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority . You can also contact the supervisory authority at your habitual residence or place of work, or at the place of our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, information on personal data concerning you, the restriction of data processing, the rectification or erasure of data, the revocation of given consent, or the objection to a specific use of data, please contact our company’s data protection officer.

Data Protection Officer
Subbelrather Str. 15c
50823 Cologne
privacy@trustedshops.com 

Back to top