PRIVACY POLICY

Responsible for data processing:

Ferenc Fagyas
Rottner Security UK Limited
42 Essex Street
London WC2R 3JF
United Kingdom

Email: support@safes.co.uk

Phone: +44 01234376767

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about the handling of your data. The processing of your data is based on the GDPR and in accordance with § 96 Para. 3 TKG.

1. Access Data and Hosting

You can visit our websites without providing any personal information. Every time a website is accessed, the web server automatically only stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of the retrieval, the amount of data transferred, and the requesting provider (access data) and documents the retrieval. This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site as well as improving our offer. This serves to protect our overriding legitimate interests in the correct presentation of our offer in the context of a balance of interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. All access data is deleted at the latest seven days after the end of your visit to the site.

1.1 Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in the forms provided on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

1.2 Content Delivery Network

To ensure shorter loading times, we use a so-called Content Delivery Network ("CDN") for some offers. With this service, large media files are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers operate on our behalf as part of processing. Our service providers are based and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission. If you have any questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

2. Data Processing for Contract Handling and Contact

2.1 Data Processing for Contract Handling

For the purpose of contract processing (including inquiries and handling of any existing warranty and performance disruption claims as well as any statutory update obligations) in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because we need the data in these cases for contract processing, and we cannot process your order without them. The data collected is evident from the respective input forms. Further information on the processing of your data, especially on the transfer to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After the contract has been fully processed, your data will be restricted for further processing and deleted after the expiration of the tax and commercial retention periods in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

2.2 Customer Account

If you have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening a customer account and storing your data for further future orders on our website. The deletion of your customer account is possible at any time and can be done either by a message to the contact option described in this privacy policy or via a designated function in the customer account. After the deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

2.3 Contact

In the context of customer communication, we collect personal data to process your inquiries in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR if you voluntarily provide us with this data when contacting us (e.g., via contact form or email). Mandatory fields are marked as such because we need the data in these cases to process your contact. The data collected is evident from the respective input forms. After your inquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

3. Data Processing for Shipping Purposes

To fulfil the contract according to Art. 6 Para. 1 S. 1 lit. b GDPR, we pass on your data to the shipping service provider responsible for the delivery, as far as this is necessary for the delivery of ordered goods. The same applies to the transfer of data to our manufacturers or wholesalers in cases where they handle the shipment for us (drop shipping). These are considered shipping service providers in the sense of this privacy policy.

Data Transfer to Shipping Service Providers for Shipping Notification Purposes

If you have given us your explicit consent during or after your order, we will pass on your email address and phone number to the selected shipping service provider based on this consent according to Art. 6 Para. 1 S. 1 lit. a GDPR, so that they can contact you before delivery for the purpose of delivery notification or coordination.

You can revoke your consent at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

Rhenus Logistics c/o ROTTNER, Warehouse 3, Darwin Road, Willowbrook Industrial Estate, Corby, NN17 5XZ

4. Data Processing for Payment Processing

In handling payments in our online shop, we work with the following partners: technical service providers, credit institutions, payment service providers.

4.1 Data Processing for Transaction Handling

Depending on the selected payment method, we pass on the data necessary for processing the payment transaction to our technical service providers, who act as processors on our behalf, or to the commissioned credit institutions or the selected payment service provider, as far as this is necessary for processing the payment. This serves to fulfil the contract according to Art. 6 Para. 1 S. 1 lit. b GDPR. In part, the payment service providers collect the necessary data for processing the payment themselves, e.g., on their own website or through a technical integration in the order process. In this respect, the privacy policy of the respective payment service provider applies.

If you have any questions about our partners for payment processing and the basis of our cooperation with them, please contact the contact option described in this privacy policy.

4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes

We may pass on additional data to our service providers, which they use together with the data necessary for processing the payment as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, handling contested payments, support of accounting). This serves to protect our overriding legitimate interests in safeguarding against fraud and efficient payment management in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

4.3 Identity and Credit Check When Selecting Klarna Payment Services

When you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"), we request your consent according to Art. 6 Para. 1 S. 1 lit. a GDPR to transmit the data necessary for processing the payment and an identity and credit check to Klarna. In Germany, the credit agencies mentioned in Klarna's privacy policy may be used for identity and credit checks. Klarna uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the contact option described in this privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke your consent to this use of personal data at any time by contacting Klarna.

4.4 Instalment Payment Option

When selecting the payment method "instalment purchase" and granting the necessary data protection consent according to Art. 6 Para. 1 S. 1 lit. a GDPR, personal data (first name, last name, address, email, phone number, date of birth, IP address, gender) together with the data required for transaction processing (items, invoice amount, due dates, total amount, invoice number, taxes, currency, order date, and order time) will be transmitted to our partner Klarna Bank AB German Branch, Sveavägen 46, 111 34 Stockholm, Sweden, for the purpose of processing this payment method.

To verify the identity or creditworthiness of the customer, our partner may conduct inquiries and obtain information from publicly accessible databases and credit agencies. The providers from whom inquiries and possibly creditworthiness information is obtained, based on mathematical-statistical methods, as well as further details on the processing of your data after transmission to our partner Klarna Bank AB German Branch, can be found in their privacy policy here: Klarna Privacy Policy.

The information received about the statistical probability of a payment default is used by our partner Klarna for a balanced decision on the establishment, execution, or termination of the contractual relationship. You have the opportunity to present your point of view and contest the decision by contacting our partner Klarna. The consent to data transfer granted during the order process can be revoked at any time, without giving reasons, with effect for the future.

5. Email Advertising

Sending Review Requests by Email

If you have given us your explicit consent during or after your order according to Art. 6 Para. 1 S. 1 lit. a GDPR, we will use your email address to request a review of your order via the rating system we use. This consent can be revoked at any time by sending a message to the contact option described in this privacy policy or via a designated link in the review request.

Review requests may also be sent by our service provider - Trustpilot, London, 5th Floor, The Minster Building, 21 Mincing Lane, EC3R 7AG, United Kingdom. We receive status information from Trustpilot about the review request (e.g., whether the review request was sent and whether it was received). This is done in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR to fulfil our legitimate interest in obtaining information about the review invitations, to make improvements based on this, and to fulfil the legitimate interest of Trusted Shops in providing this service.

For sending review requests and collecting and displaying review or status information, we are jointly responsible with Trustpilot. For data protection questions and to assert your rights, please preferably contact Trustpilot, whose contact options can be found here. More information on data protection can be found at the following link here. Regardless, you can always contact us using the contact option described in this privacy policy. Your inquiry will then be forwarded to the other responsible party, if necessary, for answering.

6. Cookies and Other Technologies

6.1 General Information

To make the visit to our website attractive and enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser the next time you visit (persistent cookies).

Protection of Privacy on Devices

Use of Necessary Technologies for Online Services

When using our online offerings, we employ essential technologies to provide the expressly requested tele media service. The storage of information on your device or access to information already stored on your device does not require your consent in these cases.

Use of Non-Essential Functions

For non-essential functions, the storage of information on your device or access to information already stored on your device requires your consent. Please note that without your consent, some parts of the website may not be fully usable. Any consents you provide will remain in effect until you adjust or reset the settings on your device.

Further Data Processing via Cookies and Other Technologies

Essential Technologies

We use technologies necessary for certain website functions (e.g., shopping cart functionality). These technologies collect and process your IP address, visit time, device and browser information, and information about your use of our website (e.g., cart contents). This serves our overriding legitimate interest in optimizing our offerings in accordance with Art. 6(1)(f) of the GDPR.

Technologies for Legal Obligations and Marketing

We also use technologies to fulfil legal obligations (e.g., to prove consent to the processing of your personal data) and for web analysis and online marketing. Further information, including the legal basis for data processing, can be found in the subsequent sections of this privacy policy.

Cookie Settings

You can find the cookie settings for your browser via the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

Types of Cookies

Functional Cookies

These cookies are used for specific functionalities of our website, such as suggesting a better navigation flow or providing personalized and relevant information (e.g., interest-based ads).

Necessary Cookies

These cookies are essential for operating our website. They enable you to log into the customer area or add items to the shopping cart.

Analytical/Performance Cookies

These cookies collect anonymized data about user behaviour on our website. We use this data to improve website functionality and offer you interesting deals.

Targeting Cookies

These cookies track your visit to our website, including the pages you visited and the links you clicked. We use this information to tailor our website and the advertisements you see to your interests.

Third-Party Cookies

Cookies from some of our advertising partners help make our online offerings and website more interesting for you. These temporary cookies are stored on your hard drive during your visit and are automatically deleted after a specified period. Partner company cookies are generally deleted after a few days or up to 24 months, but in some cases, they may persist for several years. These cookies do not contain personal data and collect data under a pseudonym, which is never merged with your personal data.

Consent Withdrawal

If you have consented to the use of technologies as per Art. 6(1)(a) of the GDPR, you can withdraw your consent at any time by messaging the contact provided in the privacy policy. Alternatively, you can visit the following link: https://www.safepro24.com/datenschutz. Rejecting cookies may limit the functionality of our website.

6.2 Consent Management Platform (CMP)

We use a consent management service on our website to inform you about the cookies and other technologies we use, and to obtain, manage, and document your consent for the processing of your personal data via these technologies. This is required under Art. 6(1)(c) of the GDPR to prove your consent to the processing of your personal data as required by Art. 7(1) of the GDPR. The CMP is provided by CookieYes Limited, which processes your data on our behalf.

After you submit your cookie consent on our website, the web server stores the following data: IP address, device information, browser information, set language, the accessed website or its URL, the date and time of your consent, and your consent behaviour.

7. Use of Third-Party Technologies

7.1 Google Services

We use technologies provided by Google Ireland Ltd. Information automatically collected by Google technologies about your use of our website is usually transmitted to a Google LLC server in the USA and stored there. Data processing is based on agreements between co-controllers under Art. 26 GDPR. Further details about Google’s data processing can be found in Google's privacy notices..

Our service providers may be located and/or use servers in countries outside the EU and EEA. For these countries, no adequacy decision by the European Commission exists. Our collaboration with them is based on standard data protection clauses issued by the European Commission.

Google Analytics

For the purpose of website analysis, data (IP address, time of visit, device and browser information, as well as information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU for location data derivation and then immediately deleted before the traffic is forwarded to further Google servers for processing. The data processing is based on an agreement for order processing by Google.

For optimized marketing of our website, we have activated data sharing settings for "Google products and services." This allows Google to access and subsequently use the data collected and processed by Google Analytics to improve Google services. Data sharing with Google under these settings is based on an additional agreement between controllers. We have no influence on the subsequent data processing by Google.

Through the Google Analytics extension feature, Google Signals, cross-device tracking is enabled. If your internet-enabled devices are linked to your Google account and you have activated the "personalized advertising" setting in your Google account, Google can create reports on your usage behaviours (especially cross-device user numbers) even when you switch your end device. No personal data processing by us takes place; we only receive statistics based on Google Signals.

If you do not consent to the use of Google Analytics according to Art. 6 para. 1 sentence 1 lit. a GDPR, no cookies will be stored on or read from your device. The data processing described in the previous paragraphs does not take place. To fill gaps in web analysis through behavioural and conversion modelling, pings with data (User-Agent, information about your consent behaviours, screen resolution, IP address) are sent to Google.

Google Ads

For advertising purposes in Google search results and on third-party websites, a Google Remarketing Cookie is set when you visit our website. This cookie automatically collects and processes data (IP address, time of visit, device and browser information, and information about your use of our website) using a pseudonymous CookieID, enabling interest-based advertising based on the pages you visit. Further data processing only takes place if you have activated the "personalized advertising" setting in your Google account. If you are logged into Google during your visit to our website, Google uses your data along with Google Analytics data to create and define target audience lists for cross-device remarketing.

To analyse websites and track events, we measure your subsequent user behaviours via Google Ads Conversion Tracking when you arrive at our website through a Google Ads advertisement. Cookies may be used, and data (IP address, time of visit, device and browser information, and information about your use of our website based on specified events, such as visiting a webpage or subscribing to a newsletter) may be collected from which usage profiles are created using pseudonyms.

If you do not consent to the use of Google Ads according to Art. 6 para. 1 sentence 1 lit. a GDPR, no cookies will be stored on or read from your device. The data processing described in the previous paragraphs does not take place. To fill gaps in web analysis through behavioural and conversion modelling, pings with data (User-Agent, information about your consent behaviour, screen resolution, IP address, page URL, information about ad clicks in URL parameters) are sent to Google. Your IP address is used to derive the IP country.

Google Maps

For the visual representation of geographical information, Google Maps collects data about your use of the Maps functions, particularly the IP address and location data, which are transmitted to and processed by Google. We have no influence on this subsequent data processing.

Google reCAPTCHA

To protect against misuse of our web forms and spam by automated software (bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, and information about your use of our website) and analyses your use of our website through JavaScript and cookies. Additionally, other cookies stored in your browser by Google services are evaluated. No personal data from the respective form fields is read or stored.

Google Fonts

For the uniform presentation of content on our website, data (IP address, time of visit, device and browser information) is collected through the "Google Fonts" script code, transmitted to Google, and subsequently processed by Google. We have no influence on this subsequent data processing.

Google Tag Manager

The Google Tag Manager allows us to manage various codes and services on our website. In the implementation of individual tags, Google may process personal data (e.g., IP address, online identifiers including cookies). The data processing is based on an agreement for order processing by Google.

Using the Google Tag Manager, we can integrate various services/technologies. If you do not wish to use certain tracking services and have therefore deactivated them, the deactivation will remain for all affected tracking tags implemented via Google Tag Manager.

YouTube Video Plugin

For integrating third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube Video Plugin in the extended data protection mode we use, transmitted to Google, and subsequently processed by Google only when you play a video.

7.2 Use of Microsoft Services

We use the technologies provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”), as described below. The data processing is based on a joint controller agreement according to Article 26 GDPR. The information automatically collected by Microsoft technologies about your use of our website is generally transmitted to and stored on a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Further information about data processing by Microsoft can be found in Microsoft's privacy notices.

Our service providers are located and/or use servers in countries outside the EU and EEA, for which the European Commission has determined an adequate level of data protection by decision.

Our service providers are located and/or use servers in countries outside the EU and EEA for which there is no adequacy decision by the European Commission. Our cooperation with them is based on the European Commission's standard data protection clauses.

Microsoft Advertising

For advertising purposes in Bing, Yahoo, and MSN search results as well as on third-party websites, a Microsoft Advertising Remarketing Cookie is set when you visit our website. This cookie automatically collects and processes data (IP address, time of visit, device and browser information, and information about your use of our website) using a pseudonymous CookieID, enabling interest-based advertising based on the pages you visit.

To analyze websites and track events, we measure your subsequent user behavior via Microsoft Advertising Universal Event Tracking (UET) when you arrive at our website through a Microsoft Advertising advertisement. Cookies may be used, and data (IP address, time of visit, device and browser information, and information about your use of our website based on specified events, such as visiting a webpage or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms. If your internet-enabled devices are linked to your Microsoft account and you have not disabled the "Interest-Based Advertising" setting in your Microsoft account, Microsoft can create reports on user behavior (especially cross-device user numbers) even when you switch your end device, known as "Cross-Device Tracking." Personal data processing by us does not take place; we only receive statistics based on Microsoft UET.

7.3 Use of Facebook Services

Use of Facebook Pixel

We use Facebook Pixel within the framework of the technologies provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”), as described below. The Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, as well as information about your use of our website based on predefined events such as visiting a webpage or subscribing to a newsletter), from which usage profiles are created using pseudonyms. In the context of so-called advanced matching, additional information for matching purposes is hashed and stored, which can identify individuals (e.g., names, email addresses, and phone numbers). When you visit our website, a cookie is automatically set by Facebook Pixel, which enables the recognition of your browser upon visiting other websites through a pseudonymous CookieID. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activities and to provide other services related to website use, particularly personalized and group-based advertising.

The information automatically collected by Facebook (by Meta) technologies about your use of our website is generally transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Further information about data processing by Facebook can be found in the privacy notices of Facebook (by Meta). Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. The adequacy decision for the USA serves as the basis for third-country transmission, provided the respective service provider is certified. A certification is in place. Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: standard data protection clauses of the European Commission.

Facebook Analytics

Within the framework of Facebook Business Tools, statistics on visitor activities on our website are created from the data collected using Facebook Pixel about your use of our website. Data processing is based on an order processing agreement with Facebook (by Meta). The analysis serves the optimal presentation and marketing of our website.

Facebook Ads (Ads Manager)

Through Facebook Ads, we advertise this website on Facebook (by Meta) as well as on other platforms. We determine the parameters of each advertising campaign. Facebook (by Meta) is responsible for the exact implementation, especially the decision about the placement of ads with individual users. Unless otherwise stated for the specific technologies, data processing is based on a joint controller agreement according to Article 26 GDPR. The joint responsibility is limited to data collection and its transmission to Meta Platforms Ireland. Subsequent data processing by Meta Platforms Ireland is not covered.

Based on the statistics created about visitor activities on our website using Facebook Pixel, we run group-based advertising on Facebook (by Meta) via Facebook Custom Audience by determining the characteristics of the respective target group. In the context of the advanced matching taking place to determine the respective target group (see above), Facebook (by Meta) acts as our order processor.

Based on the pseudonymous CookieID set by Facebook Pixel and the data collected about your usage behavior on our website, we run personalized advertising via Facebook Pixel Remarketing.

Through Facebook Pixel Conversions, we measure your subsequent user behavior for web analysis and event tracking when you reach our website via a Facebook Ads advertisement. Data processing is based on an order processing agreement with Facebook (by Meta).

7.4 Cookies and Technologies from Other Providers

Use of Hotjar for Web Analysis

For the purpose of website analysis, we use technologies from Hotjar Ltd., Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta ("Hotjar"). Data such as IP address, time of visit, device and browser information, and information about your use of our website are automatically collected and stored, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymized usage profiles will not be combined with personal data about the holder of the pseudonym without separate, explicit consent. Hotjar acts on our behalf.

Use of Vimeo Video Plugin for Embedding Third-Party Content

To embed third-party content, we use the video plugin from Vimeo Inc., 330 West 34th Street, 5th Floor, New York 10011, USA ("Vimeo"). Data such as IP address, time of visit, device and browser information are collected, transmitted to Vimeo, and subsequently processed by Vimeo. Data processing is based on a joint controller agreement according to Article 26 GDPR. The Vimeo video plugin automatically integrates Google Analytics. For the purpose of website analysis, data such as IP address, time of visit, device and browser information, and information about your use of our website are automatically collected and stored by Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our website is generally transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you visit our website from the EU, your IP address will be stored on a server located in the EU to derive location data and then immediately deleted before traffic is forwarded for processing to other Google servers. We have no influence on and no access to data processing by Vimeo, including the settings and results of Google Analytics.

Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has determined an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and EEA for which there is no adequacy decision by the European Commission. Our cooperation with them is based on the European Commission's standard data protection clauses.

8. Integration of the Trustpilot/Other Widgets

To display Trustpilot services (e.g., trust mark, collected reviews) and to offer Trustpilot products to buyers after an order, Trustpilot widgets are integrated into this website. This serves to protect our overriding legitimate interests in optimal marketing by enabling secure shopping according to Article 6(1)(f) GDPR. The Trustpilot badge and the services advertised with it are an offer from Trustpilot, London, 5th Floor, The Minster Building, 21 Mincing Lane, London EC3R 7AG, United Kingdom with whom we are jointly responsible under data protection law according to Article 26 GDPR. We inform you about the key contract contents under Article 26(2) GDPR within these data protection notices.

Within the framework of joint responsibility between us and Trustpilot, please contact Trustpilot for data protection queries and to exercise your rights using the contact details provided in the privacy information. However, you can always contact the controller of your choice. Your inquiry will then be forwarded to the other controller if necessary for a response.

8.1 Data Processing When Integrating the Trustbadge/Other Widgets

The Trustbadge is provided by a U.S.-based CDN (Content Delivery Network) provider. An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which is available here for the USA. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). More information can be found here. If service providers are not certified under the DPF, standard contractual clauses have been concluded as an appropriate safeguard.

When the Trustbadge is called up, the web server automatically stores a so-called server log file, which contains your IP address, date and time of retrieval, the amount of data transmitted, and the requesting provider (access data) and documents the retrieval. The IP address is anonymized immediately after collection, so the stored data cannot be associated with you. The anonymized data is used in particular for statistical purposes and error analysis.

8.2 Data Processing After Order Completion

After the order is completed, the Trustbadge accesses order information stored on your end device (order total, order number, and, if applicable, purchased product) as well as your email address. This is necessary to offer you the Trusted Shops services and to potentially automatically secure your order. For this purpose, your email address, hashed using a cryptological one-way function, is transmitted to Trusted Shops. The legal basis is Article 6(1)(f) GDPR.

This serves to check whether you are already registered for services with Trusted Shops and is therefore necessary to fulfill our and Trusted Shops' overriding legitimate interests in providing the buyer protection and transactional review services linked to the specific order in accordance with Article 6(1)(f) GDPR. If this is the case, further processing is carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will have the opportunity to do so afterwards. Further processing after registration is also based on the contractual agreement with Trusted Shops. If you do not register, all transmitted data will be automatically deleted by Trusted Shops, and personal reference will no longer be possible.

Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Article 6(1)(f) GDPR to ensure smooth operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which is available here for the USA and here for Israel. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). More information can be found here. If service providers are not certified under the DPF, standard contractual clauses have been concluded as an appropriate safeguard.

9. Social Media

Our Online Presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn

If you have given your consent to the respective social media operator pursuant to Article 6(1)(a) GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the aforementioned social media platforms. Using pseudonyms, usage profiles can be created from this data. These profiles can be used to display advertisements both within and outside the platforms that presumably match your interests. Typically, cookies are used for this purpose. Detailed information on data processing and usage by the respective social media operator, as well as contact information, your rights, and settings to protect your privacy, can be found in the privacy policies linked below. If you need assistance in this regard, you can contact us.

Facebook (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). Information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is generally transferred to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing during the visit to a Facebook (by Meta) fan page is based on an agreement between jointly responsible parties pursuant to Article 26 GDPR. More information (about Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country data transfers, provided that the respective service provider is certified. Certification is in place.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.

For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on the following safeguards: Standard contractual clauses of the European Commission.

Instagram (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). Information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is generally transferred to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing during the visit to an Instagram (by Meta) fan page is based on an agreement between jointly responsible parties pursuant to Article 26 GDPR. More information (about Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for third-country data transfers, provided that the respective service provider is certified. Certification is in place.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.

For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on the following safeguards: Standard contractual clauses of the European Commission.

YouTube

YouTube is a service offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information automatically collected by Google about your use of our online presence on YouTube is generally transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has determined an adequate level of data protection. Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard data protection clauses of the European Commission.

LinkedIn

LinkedIn is a service offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). Information automatically collected by LinkedIn about your use of our online presence on LinkedIn is generally transferred to and stored on a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: USA. The adequacy decision for the USA serves as the basis for third-country data transfers, provided that the respective service provider is certified. Until our service providers are certified, the data transfer will continue to be based on the following: Standard data protection clauses of the European Commission.

10. Contact Options and Your Rights

10.1 Your Rights

As a data subject, you have the following rights:

  • Right to Access (Art. 15 GDPR): You have the right to request information about your personal data processed by us to the extent specified therein.
  • Right to Rectification (Art. 16 GDPR): You have the right to demand the immediate correction of incorrect or the completion of your personal data stored by us.
  • Right to Erasure (Art. 17 GDPR): You have the right to demand the deletion of your personal data stored by us, unless further processing is necessary:
    • for exercising the right of freedom of expression and information;
    • for compliance with a legal obligation;
    • for reasons of public interest, or
    • for the establishment, exercise, or defense of legal claims.
  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to demand the restriction of the processing of your personal data to the extent that:
    • you contest the accuracy of the data;
    • the processing is unlawful, but you oppose its erasure;
    • we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
    • you have objected to processing pursuant to Art. 21 GDPR.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request its transmission to another controller.
  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority. You can typically contact the supervisory authority at your usual place of residence, workplace, or our company's registered office.

Right to Object

If we process personal data as explained above to protect our overriding legitimate interests within the framework of a balance of interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is for other purposes, you have a right to object only if there are reasons arising from your particular situation.

After you exercise your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

10.2 Contact Options 

For questions regarding the collection, processing, or use of your personal data, for information, correction, restriction, or deletion of data, as well as for revocation of consent given or objection against a specific data use, please contact us directly using the contact details provided in our legal notice.