Trusted Shops AG
Subbelrather Straße 15c
50823 Cologne, Germany
Tel.: +49 (0)221 – 77 53 66
Fax: +49 (0)221 – 77 53 6 89
Executive Board with power of representation:
Jean-Marc Noël (Chairman), Michael Burdack
Chairman of the Supervisory Board:
Registered at: Amtsgericht Cologne, HRB 113040
VAT ID No.: DE812947877
Child Protection Officer pursuant to Sec. 7 of the German State Agreement on the Media Protection of Minors (JMStV):
Frieder Schelle, firstname.lastname@example.org
Responsible for Content: Christoph Winter
c/o Trusted Shops AG
Subbelrather Straße 15c,
Trusted Shops AG is registered in the Brokers’ Register under Register Number [D-B6MZ-QKA67-38] as a licensed insurance agent pursuant to Sec. 34d (1) of the German Industrial Code (GewO) (www.vermittlerregister.info). The competent licensing and supervisory authority is the Cologne Chamber of Industry and Commerce, Unter Sachsenhausen 10-26, 50667 Cologne, Germany (www.ihk-koeln.de). Trusted Shops AG is a member the Cologne Chamber of Industry and Commerce.
Professional regulations governing insurance brokerage:
– Sec. 34d GewO
– Sec. 59 – 68 of the German Insurance Contract Act (VVG)
– The German Insurance Brokerage Ordinance (VersVermV)
The professional regulations can be viewed and downloaded from www.gesetze-im-internet.de, the homepage operated by the German Federal Ministry of Justice together with juris GmbH.
Information on resolving disputes
Information on online dispute resolution pursuant to Article 14 (1) ODR Regulation: The European Commission provides a platform for online dispute resolutions (ODR) which can be accessed under www.ec.europa.eu/consumers/odr/. Consumers have the possibility to use this platform for resolving their disputes. We are ready to participate in extra-judicial dispute settlement proceedings before a consumer dispute resolution body.
Information on the resolution of disputes pursuant to section 214 VVG in conjunction with the VVG Regulation governing Conciliation Bodies
As an insurance broker, Trusted Shops AG is obliged by Sec. 214 VVG in conjunction with the VVG Regulation governing Conciliation Bodies to participate in dispute resolution procedures. The competent body is as follows:
Postfach 080632, 10006 Berlin, Germany
© Copyright 2022 – All contents, in particular texts, photographs and graphics are protected by copyright. All rights, including reproduction, publication, editing and translation, are reserved by Trusted Shops AG.
Thank you for visiting our website. Below you will find extensive information about how we handle your data.
1. Communication via Email or contact form
We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such since in these cases we require the data for processing your message or for creating a customer account, and you cannot send the message without this information. The specific data that is collected is listed on the respective contact forms. We use the data provided by you to process your enquiries. The legal basis for the data processing is Art. 6 (1) (b) GDPR, insofar as your message is related to an existing or upcoming contract with you. If this is not the case, the legal basis is Art. 6 (1) (f) GDPR, as the processing is necessary to fulfil our legitimate interest in the proper processing of contact requests. In order to be able to properly allocate enquiries, the provision of personal data is necessary.
We have engaged service providers for the technical processing of your communication with us on our behalf. These service providers are based in the USA. Please refer to the information in the section Third Country Transfer regarding the associated risks.
2. Access data and hosting
You can visit our website without providing any personal information. Every time you visit our website, the web server automatically saves a so-called server logfile which contains data like the name of the requested file, your IP address, date and time of the request, the amount of data transmitted and the requesting provider (all together “access data”), and documents your visit. For the purpose of a shorter loading time, we also use a Content Delivery Network (“CDN”) service provider as a data processor by providing our web assets via the web servers of that CDN provider. Access data is also collected accordingly on the provider’s web servers. We use a CDN provider located in the USA, but processing usually takes place in a region that is close to the access location. Therefore, when accessing from Europe, the data processing usually takes place in Europe.
The access data is evaluated exclusively for the purpose of ensuring the error-free functioning of the site and of improving our services. This is necessary for the protection of our legitimate interests in the proper presentation of our offer which are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.
This site is hosted on our behalf by our processor Amazon Web Services (AWS), 410 Terry Avenue North, Seattle WA 98109-5210, USA. In order to provide appropriate safeguards, AWS and we have agreed on standard data protection clauses issued by the EU Commission in accordance with Art. 46 (2) (c) GDPR. Please also refer to the section on Third Country Transfer.
3. Data collection and Use in the Context of the Trusted Shops products
Registration for Trusted Shops Basic or PLUS for buyers
Registration for Trusted Shops membership for online shops
Information on the processing of personal data in connection with the Trusted Shops membership for online shops can be found in the data protection information here.
Application for a position with Trusted Shops
Information on the processing of personal data in the context of applying for a job with Trusted Shops is linked in the job advertisement.
4. Recipients of Personal Data
We use a payment service provider based in a country outside the European Union. The transfer of personal data to this company only takes place as far as necessary for fulfilling the contract.
Use of payment service providers
For the processing of payments, we use the following service providers who act as separate data controllers:
– Payment by direct debit: Direct debit payments are processed by GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom, with processing taking place exclusively at the GoCardless SAS, 23-25 Avenue Mac-Mahon, Paris, 75017, France. You can find information on data protection at GoCardless here.
– Payment by credit card: Credit card payments are processed by Stripe Payments Europe, Ltd, One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland. This may also involve the transfer of personal data to the USA. To ensure an appropriate level of data protection, Stripe uses standard data protection clauses. You can find more information on data protection at Stripe here.
– Payment via PayPal: If you are registered with PayPal, you can also make the payment via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg. The agreements between you and PayPal apply. More information on data protection at PayPal can be found here.
Use of processors
In order to display our website and to provide our services, we use various service providers as data processors. They process personal data on our behalf as instructed. We have concluded a contract with all service providers in accordance with Art. 28 GDPR. In particular, we use processors in the areas of hosting, email and newsletter dispatch as well as ticket management, customer relation management, subscription management and payment management.
Use of Legal Service Providers
If you fail to meet your payment obligations under a contract with us or in case of any other imminent legal dispute, we may engage legal service providers (lawyers, debt collection services, etc.). In this case, the transfer of personal data is necessary for the fulfilment of the contract and is also based on our legitimate interest in asserting our claims under civil law in accordance with Art. 6 (1) (f) GDPR. If and insofar as this constitutes a change of purpose, it falls under Section 24 (1) (2) of the German Federal Data Protection Act (BDSG).
5. E-mail Newsletter and Postal Advertising
Email Advertising and Registration for the Personalised Newsletter
If you register for one of our personalised newsletters, we use your data, or data separately provided by you, for regularly sending you our personalised email newsletter with your consent pursuant to Art. 6 (1) (a) GDPR. The newsletter with tips & tricks from the world of ecommerce, events, competitions and our products, members and partners is aimed at your specific interests and provides you with relevant information on the respective topics.
By registering to receive the personalised newsletter, you also agree that we can track and evaluate your click behaviour (which links you click and open) within the newsletter. This is done by linking the information about your click behaviour with your personal user profile in our internal customer administration system. This link makes it possible to evaluate the aforementioned information precisely in relation to your person and your presumed interests in order to improve the personalisation of the newsletter. We evaluate this information with your consent pursuant to Art. 6 (1) (a) GDPR.
Email Advertising without Newsletter Registration and Your Right to object
If we receive your email address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for other products from our range similar to those you have already purchased by email in accordance with Section 7 (3) of the German Fair Competition Act (UWG). This serves the protection of our legitimate interests in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.
The newsletter is sent on our behalf by service providers to whom we transfer your email address for this purpose.
You can object to this use of your email address at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.
Postal Advertising and Your Right to object
Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves the protection of our legitimate interest in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.
Such promotional mailing is processed on our behalf by a service provider to whom we transfer your data.
You can object to the storage and use of your data for this purpose at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.
6. Third Country Transfer
In this section, we inform you about the processing of personal data related to you in third countries for which there is no adequacy decision adopted by the EU Commission.
Trusted Shops uses a variety of service providers. Many of them use servers in third countries, i.e. outside the EU or the EEA. This also includes the USA. The transfer of personal data associated with this must be carried out in accordance with Art. 44 et seq. GDPR. In July 2020, the ECJ ruled that the Privacy-Shield Agreement between the EU and the USA can no longer be used to transfer personal data to the USA. This means that the sectoral adequacy decision of the EU Commission has been revoked.
However, the Privacy Shield as such and the associated self-certification will remain in place. This means that US companies that have self-certified and registered with the U.S. Department of Commerce’s International Trade Administration (see overview at https://www.privacyshield.gov/list) will continue to act in compliance with the Privacy Shield rules, which will ensure a good level of data protection to the greatest extent possible.
In addition, Trusted Shops obliges service providers who process personal data in a third country to comply with the standard data protection clauses issued by the EU Commission which are still valid. Where possible, we also agree on additional guarantees to ensure that adequate data protection is guaranteed in the USA or other third countries.
For some service providers there are also binding corporate rules, which ensure that European data protection standards are observed within the company.
Despite all contractual and technical measures, it is possible that the level of data protection in the third country may not be the same as in the EU. In such cases we will ask you, if necessary, as part of cookie consent, in (contact) forms or in the case of other registrations and notifications, for your consent under Art. 49 (1) (a) GDPR to transfer your personal data to a third country. This applies in particular to the transfer of data to the USA. In the USA, authorities and intelligence services may have the right and the capability to access your personal data without our knowledge as the data exporter or yours as the data subject, and without you having sufficient legal means to prevent or take action against such access.
By clicking on “Cookie settings” in the footer of this website, you can open the Cookie Manager and find detailed information about all the service providers from third countries that we use, such as the exact countries of residence of the individual service providers, the specific legal basis and the purpose of the data transfer, the duration of the data storage, etc.
7. Cookies and Web Analytics
In order to make the user experience on our website attractive and to enable the use of certain functions, as well as to display suitable products or for market research, we use so-called cookies and other tools on various pages via which information is stored on, or retrieved from, your terminal device (hereinafter uniformly referred to as “cookies”).
Cookies are small text files that are stored on your terminal device. We always use some cookies to be able to guarantee the basic functionality of our pages and the optimal presentation of our offers (essential/necessary cookies). Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit of our website (persistent cookies). We use both cookies of our own and some by third-party providers (so-called third-party cookies).
A detailed overview of the cookies and other tools and service providers we use, their purposes and storage periods, the legal basis for cookie use, and additional information can be found in our Consent Manager which you can also access by clicking on “Cookie settings” in the footer.
You can separately accept or reject individual or all cookies with the Consent Manager during your first visit to our website and at any time thereafter by placing a green check mark / cross next to the respective cookie, or respectively by removing it and saving the settings. These settings are saved in the local storage of your computer or mobile device. Therefore, settings must be made and saved anew in case the local storage of your device is deleted, or if you use a different device or browser. Please note that you may have to manually delete cookies that have already been set if you revoke your consent. Rejecting cookies might limit the functionality of our website.
Other Cookie Setting Options:
- Microsoft Edge™ – https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
- Safari™ – https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
- Chrome™ – https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Firefox™ – https://support.mozilla.org/de/products/firefox/protect-your-privacy/cookies
- Opera™ – https://help.opera.com/de/latest/web-preferences/#cookies
Please note that disabling cookies may limit your access to some features of our website.
8. Social Media PlugIns
9. Our online presence on social media platforms
Our presence on social networks and platforms serves to improve active communication with our customers and other interested parties. There we provide information on our products and ongoing special promotions.
When visiting our social media channels, your data may be automatically collected and stored for market research and advertising purposes. By using pseudonyms, so-called usage profiles are created from this data. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Generally, cookies on your end device are used for this purpose. Visitor behaviour and user interests are stored in these cookies. This serves the protection of our legitimate interest in the optimal presentation of our offers and the communication with customers and other interested parties which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. If you are asked for your consent (to agree) to data processing, for example via a checkbox, on the respective social media platform for consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.
In terms of certain data processing activities on our social media profiles on Facebook, we act as joint controllers alongside the platform operator in the sense of Art. 26 GDPR. The essential information on the agreement concluded between us and Facebook, and your associated rights can be found here.
In the case where certain social media platforms are headquartered in the U.S., they use standard data protection clauses issued by the EU Commission as a suitable guarantee to ensure an appropriate level of data protection.
Please refer to the privacy policies of the individual social media providers linked below for detailed information on the processing and use of data by these providers on their pages, as well as on contact options, your rights as a data subject, and privacy settings or options, in particular opt-out options. Should you still require assistance in this regard, feel free to contact us.
Google/ YouTube: https://policies.google.com/privacy?hl=en
Objection (Opt-Out) Settings:
Google/ YouTube: https://policies.google.com/privacy?hl=en-US#infochoices
10. Sending Review Invites via Email
We use your email address to send you a Review Invite by email if you have explicitly consented to this pursuant to Art. 6 (1) (a) GDPR during or after placing an order.
You can revoke your consent with effect for the future at any time by sending a message to the contact described below.
In other cases, Review Invites are sent as a service in return for free membership and thus as an integral part of the membership contract. In these cases, data processing is necessary for the fulfilment of the contract and is therefore based on Art. 6 (1) (a) GDPR.
11. Contact possibilities and your rights
As a data subject, you have the following rights:
- pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent described therein;
- pursuant to Art. 16 GDPR, you have the right to demand the immediate rectification of inaccurate or incomplete personal data stored by us;
- pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored with us, unless further processing is necessary:
– in order to exercise the right of freedom of expression and information;
– for the compliance with a legal obligation;
– for reasons of public interest, or
– for the establishment, exercise or defence of legal claims;
- pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as:
– you are contesting the accuracy of the data;
– the processing is unlawful, but you oppose the erasure of the data;
– we no longer need the data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims, or
– you have objected to the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller;
- pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority . You can also contact the supervisory authority at your habitual residence or place of work, or at the place of our company headquarters.
If you have any questions regarding the collection, processing or use of your personal data, information on personal data concerning you, the restriction of data processing, the rectification or erasure of data, the revocation of given consent, or the objection to a specific use of data, please contact our company’s data protection officer.
Data Protection Officer
Subbelrather Str. 15c
Right of objection
Insofar as we process personal data as described above in order to protect our legitimate interests that are overriding in the process of balancing of interests, you can object to this processing with effect for the future. If the data is processed for direct marketing purposes, you can exercise this right at any time as described above. If the processing takes place for other purposes, you are only entitled to a right of objection if there are reasons arising from your particular situation.
After exercising your right of objection, we will not process your personal data further for these purposes, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not process your personal data for this purpose.