Privacy policy

1. Introduction

Below, we provide information on the processing of personal data when using GameCycle.

Personal data is any information relating to an identifiable natural person, e.g. name, email address or IP address.

1.1. Contact details

The data controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is GameCycle recommerce GmbH, Erkelenzdamm 11-13, 10999 Berlin, Germany, email: support@gamecycle.de. We are legally represented by Dr. Philipp Gattner and Marcel Erian.

Our data protection officer can be reached via an external service provider. You can contact us about data protection issues via the contact form
on our website.

1.2. Scope of data processing, processing purposes and legal bases

The scope of personal data processing, the processing purposes, and the underlying legal bases are explained in detail below. The following orders generally apply as possible legal bases for data processing:
  • Art. 6 para. 1 sentence 1 lit. a GDPR serves as our legal basis for processing operations for which we obtain consent.
  • Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. when a site visitor purchases a product from us or we perform a service for them. This legal basis also applies to processing that is necessary for pre-contractual measures, such as inquiries about our products or services.
  • Art. 6 para. 1 sentence 1 lit. c GDPR applies if we fulfill a legal obligation with the processing of personal data, as may be the case, for example, in tax law.
  • Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis if we can invoke legitimate interests for the processing of personal data, e.g. for cookies that are necessary for the technical operation of our website.
1.3. Data processing outside the European Economic Area (EEA)

If we transfer personal data to service providers or other third parties outside the EEA, the security of the data is guaranteed by adequacy decisions of the EU Commission pursuant to Art. 45 para. 3 GDPR, provided that such decisions exist, such as for countries such as Great Britain, Canada or Israel.

When personal data is transferred to service providers in the USA, the data transfer is based on an adequacy decision of the EU Commission, provided that the service provider is also certified according to the EU-US Data Privacy Framework.

In cases in which no adequacy decision of the EU Commission exists, the data transfer usually takes place on the basis of standard contractual clauses. These clauses adopted by the EU Commission are part of the contract with the respective service provider and guarantee an adequate level of protection for the transferred data in accordance with Art. 46 para. 2 lit. b GDPR.

Many service providers also offer additional contractual guarantees that protect the data beyond the standard contractual clauses. These include, for example, measures to encrypt the data or obligations of the service provider to inform data subjects if law enforcement authorities access the data.

1.4. Storage period

Unless expressly stated otherwise in this privacy policy, personal data at GameCycle will be deleted as soon as it is no longer required for its intended purpose (e.g. to fulfill legal or contractual warranty and guarantee rights) and there are no legal retention obligations to the contrary.

If data is not deleted because it is required for other legally permissible or ordered purposes, processing will be restricted. This means that the data is blocked and may not be used for other purposes.

This applies in particular to data in connection with purchase contracts. According to commercial and tax law regulations (§ 147 AO, § 257 HGB), there are retention obligations for certain periods (usually six or eight years after the end of the year in which the contract was concluded). During this time, the data is processed exclusively to fulfill legal audit obligations, e.g. by the tax authorities.
1.5. Rights of data subjects

Data subjects have the following rights against us with regard to their personal data:

  • Right to information,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability,
  • Right to withdraw consent at any time.
Data subjects have the right to lodge a complaint with a competent data protection supervisory authority about the processing of their personal data. Contact details of the supervisory authorities can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

1.6. Obligation to provide data

Customers, prospective customers, or other third parties are obligated to provide us only with the personal data that is required for initiating, conducting, or terminating a business relationship or other relationship, or the collection of which is legally required.

If this data is not provided, GameCycle can generally refuse to enter into a contract or provide services, or not continue an existing business relationship. Mandatory information on our website or in forms is clearly marked as such.
Mandatory information on our website or in forms is clearly marked as such.

1.7. No automated individual decision-making

GameCycle generally does not use fully automated decisions within the meaning of Art. 22 GDPR to establish or carry out a business relationship or other relationship. Should such a procedure be used in individual cases, we will inform you separately, insofar as this is required by law.

1.8. Contacting us

When you contact GameCycle, e.g. by email, contact form or telephone, the data you provide – including your entries, contact details (e.g. email address, telephone number), master data (e.g. name) and metadata (e.g. date and time) – will be stored in order to process and answer your request.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to answer inquiries in a structured and efficient manner.

With your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR, which you grant via our cookie banner, you can also use our live chat and the call function on the website in addition to contacting us. Cookies and similar technologies are used for this purpose.

You can revoke your consent at any time by adjusting your settings in the cookie banner. The revocation of consent does not affect the legality of the processing that took place before the revocation.

If you contact GameCycle by telephone or via the call function on our website, individual calls may be recorded. This is done exclusively with your express consent in accordance with Art. 6 para. 1 lit. a GDPR (opt-in procedure).

Consent to the call recording is given before the start of the call via the website or during the call through corresponding interaction (e.g. pressing a button).

Recorded calls are used exclusively for quality assurance and for internal improvement of our customer service and are automatically deleted after 30 days.

You can withdraw your consent at any time. The withdrawal does not affect the lawfulness of the processing that took place before the withdrawal.

If a user decides to submit a rating on the contact with our customer service after their request has been processed, we process the information they provide and the associated case ID on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to optimize our customer service.

The employee whose performance was rated then automatically receives a system-generated email summarizing the results of the customer satisfaction survey.

GameCycle uses the CRM system "Zendesk" from the provider Zendesk, Inc., USA, on the basis of our legitimate interests in order to process user inquiries efficiently and quickly.

We also use our own internal services to manage customer relationships. The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in managing customer data clearly and processing user inquiries efficiently and quickly.
1.9. Competitions

GameCycle occasionally offers competitions via the website or in other ways. The personal data collected for this purpose will only be used to determine and notify the winners. This data will then be deleted.

If competitions are only offered to existing customers, we only process the name to determine the winners and the contact details for notification.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR, as our legitimate interest lies in conducting competitions to acquire customers or to interact with our existing customers.

1.10. Customer surveys

From time to time, GameCycle conducts customer surveys in order to get to know our customers and their wishes better. Only the data requested in each case is processed.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR, as our legitimate interest lies in better understanding our customers and their needs. After the survey results have been evaluated, the data collected will be deleted.

1.11. Investigation and prosecution of criminal offenses

For the purpose of prosecuting criminal offenses, we may, in individual cases and only with legitimate interest, forward the data required for the investigations to the responsible investigative authorities or other bodies involved in the investigation upon request.

The legal basis for this is our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR and Recital 47 GDPR, according to which the processing of personal data is permissible to the extent that it is absolutely necessary to prevent or investigate criminal offenses.

The internal processing of personal data for the purposes of fraud detection is also based on the same legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR and Recital 47 GDPR.

1.12. Data evaluation for analysis and marketing purposes

GameCycle evaluates pseudonymized usage profiles for analysis and marketing purposes and may rely on the support of processors.

The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR, as our legitimate interest lies in getting to know our customers and their needs better and optimizing our offer.

2. Newsletter

GameCycle reserves the right to inform customers who have already used our services or purchased goods from time to time by email or other electronic means about offers that are similar to those they have purchased in the past. In addition, satisfaction may be requested after a purchase, provided there is no objection.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with § 7 para. 3 UWG. Our legitimate interest lies in direct advertising (Recital 47 GDPR) and in getting to know our customers and their wishes better.

Customers can object to the use of their email address for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic rates – for example via an unsubscribe link in every email or via the contact form on our website.

Interested parties have the opportunity to subscribe to a free newsletter from GameCycle. Newsletters, emails and other electronic notifications with advertising information are only sent with the consent of the recipients or on the basis of legal permission.

The data provided when registering for the newsletter will only be processed for sending the newsletter. Registration takes place by selecting the corresponding field on our website, by ticking a box in a paper form or by another clear action with which consent to data processing is given.
On the basis of the recipients' consent (Art. 6 para. 1 sentence 1 lit. a GDPR), we measure the opening and click rate of our newsletters in order to analyze which content is particularly relevant for our recipients.

We send the above-mentioned messages with the Salesforce tool from the provider salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich (privacy policy: https://www.salesforce.com/company/privacy/).

3. Data processing on our website

3.1. Note for website visitors from Germany

Our website stores information in the end devices of website visitors (e.g. cookies) or accesses information that is already stored in the end devices (e.g. IP addresses). Which information is processed in detail is described in the following sections.

The storage of and access to information on users' end devices is based on the following provisions:

  • If this storage or access is absolutely necessary so that we can provide the service of our website expressly requested by website visitors (e.g. to carry out a chatbot used by the website visitor or to ensure the IT security of our website), it takes place on the basis of § 25 para. 2 no. 2 of the Telecommunications-Digital Services-Data Protection Act (TDDDG).
  • Otherwise, this storage or access takes place on the basis of the consent of the website visitors (§ 25 para. 1 TDDDG).
The downstream data processing takes place in accordance with the following sections and on the basis of the provisions of the GDPR.

3.2. Informational use of the website

When using our website for purely informational purposes, i.e. when site visitors do not transmit any separate information, GameCycle collects the personal data that the browser automatically transmits to our server. This serves to ensure the stability and security of our website.

This data is:
  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.
This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 30 days.

3.3. Web hosting and provision of the website

Our website is hosted via Amazon AWS. The provider is Amazon Web Services EMEA Sàrl, Luxembourg. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data, within the EU.

It is our legitimate interest to provide a website, so that the legal basis of the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
We use the Content Delivery Network Cloudfront (Amazon AWS) for our website. The provider is Amazon Web Services, Inc., P.O. Box 81226 Seattle, WA 98108-1226 USA. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication or contact data in the USA. Further information can be found in the provider's privacy policy at https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

We have a legitimate interest in using sufficient storage and delivery capacities in order to guarantee an optimal data throughput even in the event of large load peaks. The legal basis of the described data processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR.

The legal basis for the transfer of personal data to countries outside the EEA are standard contractual clauses. The security of the data transferred to third countries is guaranteed by the standard data protection clauses issued in accordance with Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which GameCycle has agreed with the respective provider.
3.4. Reviews

Site visitors can leave reviews about our products on the GameCycle website. Reviews are published under the first name and the first letter of the last name. Users also have the option of uploading their own photos of the purchased product.

In addition to the data entered, we also process meta and communication data. GameCycle has a legitimate interest in receiving feedback on our offers. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

3.5. Customer account

Visitors to the GameCycle website can create a customer account. The data requested is processed to fulfill the respective user agreement. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR.

Unless there are any statutory retention rights or obligations, the data will be deleted when users delete their customer account.

The following data, among other things, is processed as part of a customer account:
  • The data you provide as part of a purchase and sale, as well as related details, e.g.:
  • The data generated in connection with your use of our services, e.g.:
GameCycle uses the Postmark service, provided by ActiveCampaign, LLC, USA, to manage and send transaction emails (e.g. order and shipping confirmations, reminders).

To enable sending, the email address stored in the customer account is transmitted to the provider. Processing takes place to fulfill contractual obligations in accordance with Art. 6 Para. 1 lit. b GDPR.

GameCycle has concluded a contract with the provider with EU standard contractual clauses. These oblige the provider to process user data exclusively in accordance with our instructions and to comply with the EU data protection level.

Using the email address used for the purchase process, GameCycle automatically checks whether an order processing account already exists in the system. If this is the case, the stored data is merged into a uniform order processing account.

The legal basis for this processing is Art. 6 Para. 1 lit. f GDPR. This is based on our legitimate interest, as multiple accounts of one person burden the storage capacities and could significantly impair the efficiency of fraud detection and necessary follow-up work on purchases.

In addition, the uniform data storage corresponds to the principle of data minimization in accordance with Art. 5 Para. 1 lit. c GDPR. If you do not want such a merger, please contact our customer service before making another purchase.

When paying via PayPal Express or when purchasing via a marketplace used by GameCycle (e.g. eBay, Amazon), an order processing account is created for the user in our backend system on the basis of Art. 6 Para. 1 lit. b GDPR in order to process the order.

The account is created automatically after the purchase is completed on the marketplace or at the time the payment is released in the PayPal account. The data transmitted to us by the marketplace or PayPal is used for the account creation. The data transmission also takes place on the basis of Art. 6 Para. 1 lit. b GDPR.

When paying via PayPal Express, it is possible to access the order processing account afterwards. This is only possible if the user voluntarily assigns a personal password.

After the order processing account has been created, the user receives an email with the option of assigning a password. The password is processed on the basis of voluntary consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The password assignment can be revoked at any time without giving reasons. In this case, access to the order processing account is no longer possible.

3.6. Single Sign-On

Site visitors can log in to the GameCycle website using a single sign-on (SSO) procedure. This involves using login data already created for another provider. The prerequisite is that the site visitor is registered with the respective provider.

If a site visitor uses the SSO procedure, GameCycle receives information from the provider that the user is logged in, and the provider receives information that the SSO procedure is being used on our website. Depending on the user's settings with the provider, additional information may be provided.

The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. f GDPR, as it is in the legitimate interest of users to log in quickly and conveniently.

The providers of the procedure are:

  • Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
  • Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”)
  • PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L‑2449 Luxembourg
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
3.7. Buyback feature

Users can receive a reminder by email when it is time to resell purchased media. Open and click rates are recorded to determine the effectiveness of the message.

We send the message with the Salesforce tool from salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich (privacy policy: https://www.salesforce.com/company/privacy/). The provider processes content, usage, meta/communication data and contact data in the USA.

The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. a GDPR. The processing takes place on the basis of the voluntary consent of the users.

The consent can be revoked at any time, e.g. by clicking on the corresponding link in the email or by sending a message to our email address given above. The processing of the data up to the time of revocation remains lawful even after a revocation.

3.8. Offer of goods

GameCycle offers the purchase and sale of goods via the website. The following data is processed as part of the purchase or sale:

  • Name
  • Email address,
  • Password,
  • Phone number (optional),
  • Delivery and billing address
  • Payment data (different depending on the payment method chosen)
The data is processed to fulfill the contract concluded with the respective user (Art. 6 Para. 1 S. 1 lit. b GDPR).

The email address is also processed on the basis of Art. 6 Para. 1 lit. c GDPR in conjunction with § 312i Para. 1 No. 3 BGB in order to be able to send an electronic order confirmation after a purchase. This data processing is required by law.

Insofar as the serial number or IMEI of the respective device is collected as part of a purchase, the processing takes place on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.

This legitimate interest serves to make the purchase process run smoothly, to prevent rejected devices from being offered for sale again, and to identify potential cases of fraud.

The purchase and sale is handled by our subsidiaries. These are the following companies:

  • GameCycle Services GmbH & Co. KG, Kanalstr. 139, 12357 Berlin (media sector)
  • GameCycle Services Sp. z o.o., Przemysłowa 8, 60‑023 Żerniki, Poland (electronics sector)
GameCycle uses various transport service providers for the transport of orders placed by customers, including:

To execute the transport and to ensure shipment tracking, including package announcements, GameCycle transmits the data belonging to an order to the respectively selected transport service provider.

The legal basis of the processing is Art. 6 Para. 1 S. 1 lit. b GDPR, as the transfer of the data is necessary for the fulfillment of the contract.

In the event of the loss of a device offered for sale by you during shipping, GameCycle also reserves the right to forward the serial number or IMEI of the device to the respective transport service provider. This serves to clarify potential cases of fraud. The legal basis for this transmission is our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.

Device insurance

As part of our cooperation with Evy Brokerage S.A.S. and Protect Re S.A.S., both at 38 rue des Mathurins, 75008 Paris, France (hereinafter “Evy”), GameCycle offers the option of taking out optional insurance products directly in the order process when purchasing selected devices.

For this purpose, GameCycle transmits personal data to Evy so that the insurance policy can be issued and the contract can be concluded.

The transmission only takes place if you actively decide on an insurance offer as part of the purchase. The legal basis is the execution of the insurance contract in accordance with Art. 6 Para. 1 lit. b GDPR.

In particular, the following data is transmitted:

  • Customer data: First name, last name, postal address, email address, date of birth
  • Contract/device data: IMEI or serial number, product name and ID, purchase price, purchase date and currency of the device to be insured, and the selected insurance package
Evy processes this data under its own data protection responsibility in accordance with Art. 4 No. 7 GDPR. Evy is solely responsible for further processing after transmission.

We are your contact for the processing of data by GameCycle. Evy is responsible for the processing by Evy itself. Please contact the company that processes the data or whose processing your request relates to.

Further information on the processing of personal data by Evy can be found in Evy's privacy policy, which is included in the information sheet for the insurance contract.
3.9. Purchase alert

We offer our customers the opportunity to set a purchase alert for all items we offer. If a purchase alert is set, the customer receives an email notification as soon as the desired item is available for purchase. For this purpose, we process the customer ID and the customer's email address to carry out a pre-contractual service within the meaning of Art. 6 Para. 1 lit. b. GDPR.

3.10. Friendship program

The prerequisite for participating in the friendship program is that you are a registered customer with GameCycle with at least one completed order.

If you meet these requirements, you can participate in the friendship program via our website and request an individual discount voucher. You can send this discount voucher to up to 5

Each customer may only open one customer account in the GameCycle online shop, both as an advertising and as a recruited customer. Each customer can only participate in the friendship program once in their role as advertiser or recruited person. In the event of violations, we reserve the right to close the customer accounts in question. Discount vouchers that were used in connection with illegally created customer accounts have no legal validity. GameCycle also reserves the right to reclaim benefits obtained through illegally used discount vouchers.

To register for the GameCycle friendship program, it is sufficient to provide your email address. Registration takes place using the double opt-in procedure, i.e. after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email addresses. The personal data collected as part of the friendship program will be processed on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Registrations are logged in order to be able to legally prove participation. This includes your email address, the time of allocation of the discount voucher, the number of previous uses of the voucher and the status of the vouchers that were issued to you after successfully recruiting a person.
The emails are sent as part of the friendship program via the provider Salesforce Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich. The personal data is processed exclusively for the purpose of carrying out the friendship program.

Based on the consent of the recipients (Art. 6 Para. 1 S. 1 lit. a GDPR), emails that are sent as part of the friendship program contain a pixel-sized file that can be used to determine when the email was opened, with which device it was opened and which email program was used. This information can technically be assigned to individual recipients. However, the aim is not to observe individual users, but to analyze reading habits in order to better adapt content for recipients.

3.11. Payment service provider

We use payment service providers to process payments, who are themselves data controllers within the meaning of Art. 4 No. 7 GDPR. Insofar as these receive personal and payment data transmitted by us in the order process, this takes place to fulfill the contract concluded with our customers (Art. 6 Para. 1 S. 1 lit. b GDPR).

These payment service providers are:

  • Klarna Bank AB (publ), Sweden (“Klarna on invoice” and “Klarna Pay Now”)
  • Mastercard Europe SA, Belgium
  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
  • Visa Europe Services Inc., United Kingdom
Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ, Netherlands – is used for payment processing and acts on the basis of a data processing agreement for GameCycle.

For payouts as part of purchases, if the payout method PayPal is selected, Hyperwallet, a service of PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg, is used. Processing takes place to fulfill contractual obligations in accordance with Art. 6 Para. 1 lit. b GDPR.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information on processing can be found in the privacy policy of the respective provider.
3.12. Technically necessary cookies

Our GameCycle website uses cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. They help to make the offer more user-friendly, effective and secure.

Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter “technically necessary cookies”), the legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR. We have a legitimate interest in providing customers and other site visitors with a functional website.

Specifically, we use technically necessary cookies for the following purposes:

  • Cookies that store the shopping cart and
  • Cookies that store log-in data
3.13. Third-party providers

3.13.1. Awin

We use Awin for affiliate marketing. The provider is AWIN AG, Landsberger Allee 104 BC, 10249 Berlin. Awin processes usage data (e.g. visited websites, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) within the EU.
The legal basis of the processing is Art. 6 Para. 1 S. 1 lit. a GDPR. The processing takes place on the basis of your consent. Data subjects can revoke their consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until the time of the revocation.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no legal storage obligations to the contrary. Further information can be found in the provider's privacy policy at https://www.awin.com/de/datenschutzerklarung
.

3.13.2. Datadog

The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR. The processing takes place on the basis of our legitimate interest in ensuring the stability, security and functionality of our applications and website.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no legal storage obligations. Further information is available in the provider's privacy policy at https://www.datadoghq.com/privacy/

The data is archived when the purpose for which it was collected no longer applies. All customer data archived in backups is stored separately and excluded from any further processing, unless this is required by law. Further information is available in the provider's privacy policy at https://www.datadoghq.com/legal/privacy/#sharing-of-information.

3.13.3. TrustedShops

The Trusted Shops widgets on this website are only displayed if you have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. They serve to display Trusted Shops services (e.g. quality seal, collected reviews) and to present Trusted Shops products for buyers after an order.

Within the framework of the joint responsibility between us and Trusted Shops, please contact Trusted Shops directly with data protection questions and to exercise your rights via the contact options specified in their data protection information: https://www.trustedshops.de/impressum-datenschutz/
. Regardless of this, you can contact the controller of your choice at any time. If necessary, your request will be forwarded to the other controller for a response.
Data processing when integrating the Trustbadge / other widgets

The Trustbadge is provided by a US CDN (Content Delivery Network) provider.

An adequate level of data protection is ensured by an adequacy decision of the EU Commission. Service providers from the USA are generally certified according to the EU-U.S. Data Privacy Framework (DPF).
Data processing when integrating the Trustbadge / other widgets

When the Trustbadge is accessed, the web server automatically stores a server log file containing information such as the IP address, date and time of access, the amount of data transferred, and the requesting provider. The IP address is anonymized immediately after collection, so that no personal data is stored. The anonymized data is used in particular for statistical purposes and error analysis.

An adequate level of data protection is ensured by an adequacy decision of the EU Commission. Service providers from the USA are generally certified according to the EU-U.S. Data Privacy Framework (DPF).
Data processing after order completion

If you have given your consent, the Trustbadge accesses order information (such as order total, order number and, if applicable, product purchased) stored in your terminal device and your e-mail address after your order has been completed. The e-mail address is hashed using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops together with the order information on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing takes place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered or do not give your consent to automatic recognition via the Trustbadge, you will subsequently have the opportunity to register manually for the use of the services or to take out insurance within the scope of your possibly already existing user contract.

For this purpose, the Trustbadge accesses the following information stored in your terminal device after completion of your order: order total, order number and e-mail address. This is necessary to be able to offer you buyer protection. Data is only transmitted to Trusted Shops when you actively decide to take out buyer protection by clicking on the corresponding button in the so-called Trustcard. If you decide to use the services, further processing will take place in accordance with the contractual agreement with Trusted Shops pursuant to Art. 6 para. 1 lit. b GDPR in order to complete your registration for buyer protection, secure the order and, if applicable, send you rating invitations by e-mail.
3.13.4. CookieScriptDie

We use CookieScript for consent management. The provider is Objectis Ltd., Žalgirio St. 88, LT-09303 Vilnius, Lithuania. The provider processes meta and communication data (e.g. device information, IP addresses) within the EU.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. c GDPR. Processing is necessary to fulfil a legal obligation to which we are subject.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no longer any statutory retention obligations. Further information can be found in the provider's privacy policy at https://cookie-script.com/privacy-policy.html

3.13.5. Criteo

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent. You can revoke your consent at any time, e.g. via the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until revocation.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no retention obligations to the contrary. Further information can be found in the provider's privacy policy.

The data is stored for a maximum of 13 months from the date of collection. Further information can be found in the provider's privacy policy at https://www.criteo.com/de/privacy/.

3.13.6. Adtriba

We use Adtriba for marketing automation and analysis. The provider is Adtriba GmbH, Veilchenweg 26b, 22529 Hamburg. Adtriba processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) within the EU. Based on this data, Adtriba creates cross-channel online marketing reports and enables us to carry out a detailed analysis of the customer journey.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent. You can revoke your consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing carried out up to that point.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no longer any statutory retention obligations. Further information can be found in the provider's privacy policy at https://www.adtriba.com/de/datenschutzhinweise.

3.13.7. Amplitude

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent. You can revoke your consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing up to the time of revocation.

Processing is based on your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest (Art. 6 para. 1 lit. f GDPR). Amplitude collects and analyzes your usage behavior, e.g. pages accessed, length of stay, approximate location and interactions (clicks, purchases). This serves to optimize our website and improve your user experience.

Amplitude enables us to recognize you as a visitor and create user profiles. If you have not given your consent, your visit can only be assigned using a device ID assigned by Amplitude, but no user profile will be created.

Based on the data collected by Amplitude, we also evaluate the performance of our advertising channels using aggregated usage data. For this analysis, we use the service provider Adtriba GmbH, Veilchenweg 26b, 22529 Hamburg, which works for us on the basis of a data processing agreement.

We use Amplitude to record user sessions. This helps us to better understand the behavior of visitors and to optimize our website in a targeted manner.
We store this data until the purpose no longer applies. At Amplitude, the user logs are automatically deleted after 36 months.

Further information can be found at: https://amplitude.com/privacy
. You can object to data processing or revoke your consent for the future at any time in the cookie settings.

3.13.8. Pinterest Conversion Tag

We use the Pinterest Conversion Tag for conversion tracking. The provider is Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. e-mail addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the USA.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent. You can revoke your consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing up to the time of revocation.

The legal basis for the transfer to a country outside the EEA is the standard contractual clauses approved by the EU Commission. This ensures the security of the data transferred to the third country. The standard data protection clauses were issued in accordance with Art. 93 para. 2 GDPR and constitute a suitable guarantee measure in accordance with Art. 46 para. 2 lit. c GDPR, which we have contractually agreed with the respective provider.

The collected data will be deleted as soon as the purpose for which it was collected no longer applies and there are no longer any statutory retention obligations. Further information on data processing by Pinterest can be found in the provider's privacy policy.

3.13.9. Google Conversion Tag

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can revoke their consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until revocation.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent. Data subjects can revoke this consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing carried out up to that point.

The legal basis for the transfer to a third country (outside the EEA) is the standard contractual clauses adopted by the EU Commission. The security of the data transferred to the third country is guaranteed by these clauses in accordance with Art. 46 para. 2 lit. c GDPR, which we have agreed with the respective provider.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there is no statutory retention obligation. Further information can be found in the provider's privacy policy: Google Privacy Policy
and Google Tag Manager Support.
3.13.10. Meta Pixel

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can revoke their consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until revocation.

The processing of personal data via the Meta Pixel is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Data subjects can revoke their consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until revocation. Data collected via the Meta Pixel may be transferred to third countries, in particular to the USA. The security of the transfer is guaranteed by standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR. The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no statutory retention obligations. Further information can be found in Meta's privacy policy: https://www.facebook.com/about/privacy.
The transfer of personal data to a country outside the European Economic Area (EEA) is based on standard contractual clauses. These clauses were issued in accordance with the review procedure under Art. 93 para. 2 GDPR and ensure that the level of data protection in the processing of data in the third country corresponds to that of the EU (Art. 46 para. 2 lit. c GDPR). We have contractually agreed these standard data protection clauses with the respective provider.

The personal data will be deleted as soon as the purpose for which it was collected no longer applies and there are no statutory retention obligations. Further information on processing by the provider can be found in its privacy policy at: https://www.facebook.com/policy.php

3.13.11. TikTok

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent. Data subjects can revoke their consent at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until revocation.

The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country is guaranteed by standard data protection clauses agreed in accordance with Art. 46 para. 2 lit. c GDPR.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no retention obligations to the contrary. Further information can be found in the provider's privacy policy.

Exactly. The stored data will be deleted as soon as the purpose of the collection no longer applies and there are no statutory retention obligations. Detailed information on data processing by TikTok can be found here: TikTok Privacy Policy.

3.13.12. Reddit Conversion Pixel

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent, which you can revoke at any time by adjusting the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until revocation.

The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there is no statutory retention obligation. Further information can be found in the provider's privacy policy.

Exactly, the personal data processed via the Reddit Conversion Pixel will be deleted as soon as the purpose of the collection no longer applies and there is no retention obligation. Detailed information can be found in Reddit's privacy policy at: https://www.reddit.com/policies/privacy-policy.

3.13.13. Facebook Conversion API

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on your consent, which you can revoke at any time via the settings in the cookie banner. The revocation does not affect the lawfulness of the processing until revocation.

The data will be deleted as soon as the purpose for which it was collected no longer applies and there are no statutory retention obligations to the contrary. Further information can be found in the provider's privacy policy at https://www.facebook.com/policy.php.