Imprint & Privacy Policy

Supplier identification and Privacy Policy

The organisation responsible for business.trustedshops.co.uk, www.trustedshops.co.uk, www.etrusted.com  as well as the Youtube Channel, the Twitter Profile and the Facebook fan page pursuant to Sec. 5 of the German Telemedia Act (TMG) is:

Trusted Shops GmbH
Colonius Carré
Subbelrather Straße 15c
50823 Cologne, Germany

Tel.: +49 (0)221 – 77 53 66
Fax: +49 (0)221 – 77 53 6 89
E-mail: info@trustedshops.co.uk

Registered in Cologne, HRB 32735
VAT ID No.: DE 812 947 877

Managing directors: Jean‑Marc Noël, Thomas Karst, Ulrich Hafen­bradl;
Edited by: Ulrich Hafen­bradl (responsible), Dr. Carsten Föhlisch

Child Protection Officer pursuant to Sec. 7 of the German State Agreement on the Media Protection of Minors (JMStV):
Frieder Schelle, jugendschutz@trustedshops.de

Trusted Shops GmbH is registered in the Brokers’ Register under Register Number [D-B6MZ-QKA67-38] as a licensed insurance agent pursuant to Sec. 34d (1) of the German Industrial Code (GewO) (www.vermittlerregister.info). The competent licensing and supervisory authority is the Cologne Chamber of Industry and Commerce, Unter Sachsenhausen 10-26, 50667 Cologne, Germany (www.ihk-koeln.de). Trusted Shops GmbH is a member the Cologne Chamber of Industry and Commerce.

Professional regulations governing insurance brokerage:
– Sec. 34d GewO
– Sec. 59 – 68 of the German Insurance Contract Act (VVG)
–  The German Insurance Brokerage Ordinance (VersVermV)

The professional regulations can be viewed and downloaded from www.gesetze-im-internet.de, the homepage operated by the German Federal Ministry of Justice together with juris GmbH.

Information on resolving disputes

Information on online dispute resolution pursuant to Article 14 (1) ODR Regulation: The European Commission provides a platform for online dispute resolutions (ODR) which can be accessed under www.ec.europa.eu/consumers/odr/. Consumers have the possibility to use this platform for resolving their disputes. We are ready to participate in extra-judicial dispute settlement proceedings before a consumer dispute resolution body.

Information on the resolution of disputes pursuant to section 214 VVG in conjunction with the VVG Regulation governing Conciliation Bodies

As an insurance broker, Trusted Shops GmbH is obliged by Sec. 214 VVG in conjunction with the VVG Regulation governing Conciliation Bodies to participate in dispute resolution procedures. The competent body is as follows:

Versicherungsombudsmann e.V.,
Postfach 080632, 10006 Berlin, Germany

Privacy Policy

Thank you for visiting our website. Below you will find extensive information about how we handle your data.

1. Communication via Email or contact form

We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such since in these cases we require the data for processing your message or for creating a customer account, and you cannot send the message without this information. The specific data that is collected is listed on the respective contact forms. We use the data provided by you to process your enquiries. The legal basis for the data processing is Art. 6 (1) (b) GDPR, insofar as your message is related to an existing or upcoming contract with you. If this is not the case, the legal basis is Art. 6 (1) (f) GDPR, as the processing is necessary to fulfil our legitimate interest in the proper processing of contact requests. In order to be able to properly allocate enquiries, the provision of personal data is necessary.

We have engaged service providers for the technical processing of your communication with us on our behalf. These service providers are based in the USA. Please refer to the information in the section Third Country Transfer regarding the associated risks. 

After complete processing of the communication, your data will be restricted for further processing and deleted after expiry of the applicable retention periods under tax and commercial law, unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

2. Access data and hosting

You can visit our website without providing any personal information. Every time you visit our website, the web server automatically saves a so-called server logfile which contains data like the name of the requested file, your IP address, date and time of the request, the amount of data transmitted and the requesting provider (all together “access data”), and documents your visit. For the purpose of a shorter loading time, we also use a Content Delivery Network (“CDN”) service provider as a data processor by providing our web assets via the web servers of that CDN provider. Access data is also collected accordingly on the provider’s web servers. We use a CDN provider located in the USA, but processing usually takes place in a region that is close to the access location. Therefore, when accessing from Europe, the data processing usually takes place in Europe.

The access data is evaluated exclusively for the purpose of ensuring the error-free functioning of the site and of improving our services. This is necessary for the protection of our legitimate interests in the proper presentation of our offer which are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. All access data will be deleted no later than seven days after the end of your visit to the site.


This site is hosted on our behalf by our processor Amazon Web Services (AWS), 410 Terry Avenue North, Seattle WA 98109-5210, USA. In order to provide appropriate safeguards, AWS and we have agreed on standard data protection clauses issued by the EU Commission in accordance with Art. 46 (2) (c) GDPR. Please also refer to the section on Third Country Transfer.

All data collected via the use of these websites or through the forms provided for the purposes described below is processed on the servers of the respective service provider. Processing on other servers only takes place as described within this privacy policy.

3. Data collection and Use in the Context of the Trusted Shops products

Registration for Trusted Shops Basic or PLUS for buyers

Only persons acting in their professional capacity as a business or a self-employed professional may apply for a Trusted Information on the processing of personal data in the context of the use of our various services is available when you register for the services, for example as an appendix to the terms of use.

Registration for Trusted Shops membership for online shops

Information on the processing of personal data in connection with the Trusted Shops membership for online shops can be found in the data protection information here.

Application for a position with Trusted Shops

Information on the processing of personal data in the context of applying for a job with Trusted Shops is linked in the job advertisement.

4. Recipients of Personal Data

Postal/parcel delivery

If you have ordered goods which must be sent to you or are to receive a letter from us per post, we will transfer the data required for the fulfilment of the contract to the shipping company commissioned with the delivery in accordance with Art. 6 (1) (b) GDPR if this is necessary for the delivery. Depending on which payment service provider you select in the order process, we may transfer the payment data which was collected for the purpose of processing the payment to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us, or to the selected payment service. Some of the payment service providers also collect this data on their own, e.g. if you create an account there. In this case, you must log in to the respective service provider’s platform with your access data during the ordering process. In this context, the privacy policy of the respective provider applies.

We use a payment service provider based in a country outside the European Union. The transfer of personal data to this company only takes place as far as necessary for fulfilling the contract.

Use of payment service providers
For the processing of payments, we use the following service providers who act as separate data controllers:

– Payment by direct debit: Direct debit payments are processed by GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom, with processing taking place exclusively at the GoCardless SAS, 23-25 Avenue Mac-Mahon, Paris, 75017, France. You can find information on data protection at GoCardless here.

– Payment by credit card: Credit card payments are processed by Stripe Payments Europe, Ltd, One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland. This may also involve the transfer of personal data to the USA. To ensure an appropriate level of data protection, Stripe uses standard data protection clauses. You can find more information on data protection at Stripe here.

– Payment via PayPal: If you are registered with PayPal, you can also make the payment via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg. The agreements between you and PayPal apply. More information on data protection at PayPal can be found here.

Use of processors

In order to display our website and to provide our services, we use various service providers as data processors. They process personal data on our behalf as instructed. We have concluded a contract with all service providers in accordance with Art. 28 GDPR. In particular, we use processors in the areas of hosting, email and newsletter dispatch as well as ticket management, customer relation management, subscription management and payment management.

Use of Legal Service Providers

If you fail to meet your payment obligations under a contract with us or in case of any other imminent legal dispute, we may engage legal service providers (lawyers, debt collection services, etc.). In this case, the transfer of personal data is necessary for the fulfilment of the contract and is also based on our legitimate interest in asserting our claims under civil law in accordance with Art. 6 (1) (f) GDPR. If and insofar as this constitutes a change of purpose, it falls under Section 24 (1) (2) of the German Federal Data Protection Act (BDSG).

5. E-mail Newsletter and Postal Advertising

E-mail Advertising and Newsletter Registration
If you register for one of our newsletters or provide your data in order to download a document from our website free of charge, or our Facebook or LinkedIn pages, we use this data, or data separately provided by you, for regularly sending you our email newsletter with your consent pursuant to Art. 6 (1) (a) GDPR.

The newsletter is sent on our behalf by service providers to whom we transfer your email address for this purpose.
You can unsubscribe from the newsletter at any time either by sending a message to the contact described below or via the respective link provided in each newsletter mail. After you have unsubscribed, we will delete your email address unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

Email Advertising and Registration for the Personalised Newsletter

If you register for one of our personalised newsletters, we use your data, or data separately provided by you, for regularly sending you our personalised email newsletter with your consent pursuant to Art. 6 (1) (a) GDPR. The newsletter with tips & tricks from the world of ecommerce, events, competitions and our products, members and partners is aimed at your specific interests and provides you with relevant information on the respective topics.

By registering to receive the personalised newsletter, you also agree that we can track and evaluate your click behaviour (which links you click and open) within the newsletter. This is done by linking the information about your click behaviour with your personal user profile in our internal customer administration system. This link makes it possible to evaluate the aforementioned information precisely in relation to your person and your presumed interests in order to improve the personalisation of the newsletter. We evaluate this information with your consent pursuant to Art. 6 (1) (a) GDPR.

You can unsubscribe from the newsletter at any time either by sending a message to the contact described below or via the respective link provided in each newsletter mail. After you have unsubscribed, we will delete your email address unless you have explicitly consented to further use of your data, or we have reserved the right to do so, where permissible by law, in which case we shall inform you thereof in this privacy policy.

Email Advertising without Newsletter Registration and Your Right to object

If we receive your email address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for other products from our range similar to those you have already purchased by email in accordance with Section 7 (3) of the German Fair Competition Act (UWG). This serves the protection of our legitimate interests in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

The newsletter is sent on our behalf by service providers to whom we transfer your email address for this purpose.

You can object to this use of your email address at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.

Postal Advertising and Your Right to object

Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves the protection of our legitimate interest in the promotional communication with our customers that are overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.

Such promotional mailing is processed on our behalf by a service provider to whom we transfer your data.

You can object to the storage and use of your data for this purpose at any time by sending a message to the contact described below or via the respective link provided in each newsletter mail.

6. Third Country Transfer

In this section, we inform you about the processing of personal data related to you in third countries for which there is no adequacy decision adopted by the EU Commission.

Trusted Shops uses a variety of service providers. Many of them use servers in third countries, i.e. outside the EU or the EEA. This also includes the USA. The transfer of personal data associated with this must be carried out in accordance with Art. 44 et seq. GDPR. In July 2020, the ECJ ruled that the Privacy-Shield Agreement between the EU and the USA can no longer be used to transfer personal data to the USA. This means that the sectoral adequacy decision of the EU Commission has been revoked.

However, the Privacy Shield as such and the associated self-certification will remain in place. This means that US companies that have self-certified and registered with the U.S. Department of Commerce’s International Trade Administration (see overview at https://www.privacyshield.gov/list) will continue to act in compliance with the Privacy Shield rules, which will ensure a good level of data protection to the greatest extent possible.

In addition, Trusted Shops obliges service providers who process personal data in a third country to comply with the standard data protection clauses issued by the EU Commission which are still valid. Where possible, we also agree on additional guarantees to ensure that adequate data protection is guaranteed in the USA or other third countries.

For some service providers there are also binding corporate rules, which ensure that European data protection standards are observed within the company.

Despite all contractual and technical measures, it is possible that the level of data protection in the third country may not be the same as in the EU. In such cases we will ask you, if necessary, as part of cookie consent, in (contact) forms or in the case of other registrations and notifications, for your consent under Art. 49 (1) (a) GDPR to transfer your personal data to a third country. This applies in particular to the transfer of data to the USA. In the USA, authorities and intelligence services may have the right and the capability to access your personal data without our knowledge as the data exporter or yours as the data subject, and without you having sufficient legal means to prevent or take action against such access.

By clicking on “Cookie settings” in the footer of this website, you can open the Cookie Manager and find detailed information about all the service providers from third countries that we use, such as the exact countries of residence of the individual service providers, the specific legal basis and the purpose of the data transfer, the duration of the data storage, etc.

7. Cookies and Web Analytics

In order to make the user experience on our website attractive and to enable the use of certain functions, as well as to display suitable products or for market research, we use so-called cookies and other tools on various pages via which information is stored on, or retrieved from, your terminal device (hereinafter uniformly referred to as “cookies”).

Cookies:

Cookies are small text files that are stored on your terminal device. We always use some cookies to be able to guarantee the basic functionality of our pages and the optimal presentation of our offers (essential/necessary cookies). Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognise your browser on your next visit of our website (persistent cookies). We use both cookies of our own and some by third-party providers (so-called third-party cookies).


Consent Manager:

A detailed overview of the cookies and other tools and service providers we use, their purposes and storage periods, the legal basis for cookie use, and additional information can be found in our Consent Manager which you can also access by clicking on “Cookie settings” in the footer.

You can separately accept or reject individual or all cookies with the Consent Manager during your first visit to our website and at any time thereafter by placing a green check mark / cross next to the respective cookie, or respectively by removing it and saving the settings. These settings are saved in the local storage of your computer or mobile device. Therefore, settings must be made and saved anew in case the local storage of your device is deleted, or if you use a different device or browser. Please note that you may have to manually delete cookies that have already been set if you revoke your consent. Rejecting cookies might limit the functionality of our website.


Other Cookie Setting Options:


Alternatively, you can set your browser to inform you about the use of cookies on websites and let you accept them individually or refuse them for certain cases or in general. Each browser manages cookie settings differently. This is described in more detail in the help menu of each browser which also explains how you can change your cookie settings. You can find this menu for each browser at the following links:

In addition to deselecting cookies in the Cookie Manager, you can revoke any consent which you have given us to the use of cookies in accordance with Art. 6 (1) (a) GDPR at any time by sending a message to the contact indicated in our privacy policy.

Please note that disabling cookies may limit your access to some features of our website.

8. Social Media PlugIns

Use of the social plugins from Facebook, Google, Twitter, Instagram, Pinterest using the Shariff solution

Our websites use social buttons provided by different social media platforms.

In order to better protect your data when you visit our website, these buttons are not fully integrated into the page as plug-ins, but rather as simple HTML links. This ensures that webpages containing social buttons do not connect to the servers of the respective social media providers when they are opened.

If you click one of the buttons, the page of the respective service provider will be opened in a new browser window. There you can press the Like or Share button, for example. This might require you to log in to the respective platform first. You can find more information on how social media providers process personal data on their pages, e.g. the purpose and extent of the data collection, the subsequent processing and use of personal data as well as contact options, your rights as a data subject, and privacy settings or options, in these providers’ respective privacy policies:

https://www.facebook.com/policy.php 
https://twitter.com/privacy 
https://policies.google.com/privacy?hl=en
https://help.instagram.com/519522125107875 
https://about.pinterest.com/en/privacy-policy


Youtube Video Plugins


We have integrated content from the video platform Youtube on our website. This serves the protection of our legitimate interest in the optimal presentation of our offers which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.
Youtube is operated by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.co.uk).

As far as information is transmitted to, and stored by Google on servers located in the United States, the U.S. company Google LLC is certified under the EU-US Privacy Shield.

We have activated extended data protection settings on the Youtube videos integrated in our site. This means that no information from website visitors is collected and stored by YouTube unless they play the video. You can find more information on the purpose and extent of the data collection, the subsequent processing and use of personal data by Youtube as well as contact options, your rights as a data subject, and privacy settings or options, in Google’s privacy policy: https://policies.google.com/privacy?hl=en 


Vimeo Video Plugins


We have integrated content from the video platform Vimeo on our website. This serves the protection of our legitimate interest in the optimal presentation of our offers which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR.
Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”).

The tracking tool Google Analytics is automatically active on Vimeo videos that are integrated on our site. We have no influence over the tracking settings or the analytics generated through them, and they are not visible to us. Additionally, by embedding Vimeo videos, website visitors are assigned a web beacon.

In order to prevent the use of Google Analytics tracking cookies, you may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address), and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

You can find more information on the purpose and extent of the data collection, the subsequent processing and use of personal data by Youtube as well as contact options, your rights as a data subject, and privacy settings or options, in Vimeo’s privacy policy: https://vimeo.com/privacy 

9. Our online presence on social media platforms

Our presence on social networks and platforms serves to improve active communication with our customers and other interested parties. There we provide information on our products and ongoing special promotions.

When visiting our social media channels, your data may be automatically collected and stored for market research and advertising purposes. By using pseudonyms, so-called usage profiles are created from this data. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Generally, cookies on your end device are used for this purpose. Visitor behaviour and user interests are stored in these cookies. This serves the protection of our legitimate interest in the optimal presentation of our offers and the communication with customers and other interested parties which is overriding in the process of balancing of interests pursuant to Art. 6 (1) (f) GDPR. If you are asked for your consent (to agree) to data processing, for example via a checkbox, on the respective social media platform for consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.

In terms of certain data processing activities on our social media profiles on Facebook, we act as joint controllers alongside the platform operator in the sense of Art. 26 GDPR. The essential information on the agreement concluded between us and Facebook, and your associated rights can be found here.

In the case where certain social media platforms are headquartered in the U.S., they use standard data protection clauses issued by the EU Commission as a suitable guarantee to ensure an appropriate level of data protection.

Please refer to the privacy policies of the individual social media providers linked below for detailed information on the processing and use of data by these providers on their pages, as well as on contact options, your rights as a data subject, and privacy settings or options, in particular opt-out options. Should you still require assistance in this regard, feel free to contact us.

Facebook: https://www.facebook.com/about/privacy/ 
Google/ YouTube: https://policies.google.com/privacy?hl=en
Twitter: https://twitter.com/en/privacy 
Instagram: https://help.instagram.com/519522125107875 
Pinterest: https://about.pinterest.com/en/privacy-policy 
LinkedIn: https://www.linkedin.com/legal/privacy-policy 
Xing: https://privacy.xing.com/en 

Objection (Opt-Out) Settings:

Facebook: https://www.facebook.com/settings?tab=ads 
Google/ YouTube: https://policies.google.com/privacy?hl=en-US#infochoices  
Twitter: https://twitter.com/personalization 
Instagram: https://help.instagram.com/519522125107875 
Pinterest: https://help.pinterest.com/en-gb/topics/privacy-safety-and-legal 
LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 
Xing: https://privacy.xing.com/en/privacy-policy/what-rights-can-you-assert/right-to-object

10. Sending Review Invites via Email

We use your email address to send you a Review Invite by email if you have explicitly consented to this pursuant to Art. 6 (1) (a) GDPR during or after placing an order.

You can revoke your consent with effect for the future at any time by sending a message to the contact described below.

In other cases, Review Invites are sent as a service in return for free membership and thus as an integral part of the membership contract. In these cases, data processing is necessary for the fulfilment of the contract and is therefore based on Art. 6 (1) (a) GDPR.

11. Contact possibilities and your rights

As a data subject, you have the following rights:

  • pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent described therein;
  • pursuant to Art. 16 GDPR, you have the right to demand the immediate rectification of inaccurate or incomplete personal data stored by us;
  • pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored with us, unless further processing is necessary:
    – in order to exercise the right of freedom of expression and information;
    – for the compliance with a legal obligation;
    – for reasons of public interest, or
    – for the establishment, exercise or defence of legal claims;
  • pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as:
    – you are contesting the accuracy of the data;
    – the processing is unlawful, but you oppose the erasure of the data;
    – we no longer need the data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims, or
    – you have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller;
  • pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority . You can also contact the supervisory authority at your habitual residence or place of work, or at the place of our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, information on personal data concerning you, the restriction of data processing, the rectification or erasure of data, the revocation of given consent, or the objection to a specific use of data, please contact our company’s data protection officer.

Data Protection Officer
Subbelrather Str. 15c
50823 Cologne
privacy@trustedshops.com 

Right of objection

Insofar as we process personal data as described above in order to protect our legitimate interests that are overriding in the process of balancing of interests, you can object to this processing with effect for the future. If the data is processed for direct marketing purposes, you can exercise this right at any time as described above. If the processing takes place for other purposes, you are only entitled to a right of objection if there are reasons arising from your particular situation.

After exercising your right of objection, we will not process your personal data further for these purposes, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not process your personal data for this purpose.