Nyhetsbrev

Skaffa fördelar genom att registrera dig för nyhetsbrevet!

Privacy Policy

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website and which rights arise for you via the data protection law. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy, located below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator, TravelTrex GmbH, Bonner Straße 484-486, 50968 Cologne, Germany. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site. All of your data is processed in accordance with the regulations of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

2. General information and mandatory information

Privacy Policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

TravelTrex GmbH, Bonner Str. 484-486, 50968 Köln

E-Mail: dataprotection@snowtrex.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email (dataprotection@snowtrex.com) making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by Art. 15 of the GDPR, you have the right, at any time, to be provided with information free of charge about any of your personal data that is stored, as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected in accordance with Art. 16 of the GDPR, as well as the right to have this data blocked or deleted in accordance with Art. 17 of the GDPR. Should you have further questions about this, or questions about the topic of personal data in general, you can contact our data protection officers at any time using the following address: dataprotection@snowtrex.com.

Data transfer to third countries

A transfer to entities in countries outside of the European Union takes place where necessary insofar as to execute the travel contract and to carry out the holiday, when it is required by law (in the event of tax reporting obligations, for example), or when you provide us with your consent.

Furthermore, a transfer to entities in third countries is provided in individual cases, where necessary, in order to pass on personal data to IT service providers or payment service providers in the U.S., or to another third country in order to ensure IT operations. This occurs in compliance with the European privacy policy standards.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company:

Tanja Busacker, Bonner Str. 484-486, 50968 Köln

Email: dataprotection@snowtrex.com

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser. These cookies allow us to recognize your browser the next time you visit our website. The cookies will remain saved on your terminal until you delete them.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Time of the server request
  • IP address
These data will generally not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

The processing of data (customer data and contract data)

We collect, process, and use personal data only when they are necessary for the explanation, content-related design, or changes of legal relationships (inventory data). This occurs in accordance with Art. 6, Section 1 (b) of the GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to the contract. We collect, process, and use personal data provided while making use of our website (usage data) only when they are necessary to allow the user to make use of the services or to invoice them.

Data transfer upon conclusion of a contract for services and digital content

We transfer personal data to third parties only when it is necessary in order to execute a contract, such as transferring data to lift offices or accommodations, as well as to Stripe, the payment solution provider (PSP) responsible for payment processing.

No further transfer of the data takes place unless you have expressly approved such a transfer. The transferring of your data to a third party e.g. for advertising purposes will not take place without your approval.

The basis for data processing is Art. 6, Section 1 (b) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.

5. Social media

Share content via plugins (Facebook, Google+1, Twitter, etc.)

The content on our pages can be shared on other social networks like Facebook, Twitter, or Google+. This page uses the eRecht24 Safe Sharing Tool. This tool establishes direct contact between the networks and users only after users click on one of these buttons.

This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, the Like, +1, and Share buttons for Facebook, Google+1, Twitter, etc. will display an information window in which the user can edit the text before it is sent.

Our users can share the content of this page on social networks without their providers creating profiles of users' surfing behavior.

Facebook plugins (Like & Share buttons)

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/?locale=en_US/.

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook's privacy policy at https://facebook.com/policy.php.

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

Twitter plugin

Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter's privacy policy, please go to https://twitter.com/privacy.

Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.

Google+ plugin

Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1'd a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.

Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.

Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users' +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.

Instagram plugin

Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.

For more information, see the Instagram Privacy Policy: https://instagram.com/about/legal/privacy/.

6. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) GDPR. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.

Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.

Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

For more information about Google AdWords and Google Conversion Tracking, see the Google Privacy Policy: https://www.google.com/policies/privacy/.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Facebook Pixel/Facebook Remarketing

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, should you be located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These allow the behaviour of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The Facebook pixel is immediately embedded via Facebook when visiting our website and can store a so-called “cookie” - a small file - on your device. When you subsequently log in to Facebook or visit Facebook while logged in, the visit to our website is noted in your profile. The data about you that is retrieved is anonymous to us, meaning we cannot make conclusions about the identity of the user. However, the data from Facebook is stored and processed so that a connection to the particular user profile is possible. The processing of data via Facebook occurs within the conditions of Facebook’s data use policy and cannot be influenced by us as a website operator. You will therefore find further information about the functionalities of the remarketing pixel and about the presentation of Facebook ads overall in the Facebook data use policy: https://www.facebook.com/policy.php.

The legal basis for the processing of the user’s personalised data is Art. 6 Sec. 1 lit. f GDPR.

With the help of the Facebook pixel, it is possible for Facebook to assign the visitors of our website to a target group for the presentation of Facebook ads. Therefore, we use the Facebook pixel in order to show our Facebook ads only to Facebook users who have shown an interest in our Internet offers. That means that with the help of the Facebook pixel, we ensure that our Facebook ads correspond with the potential interests of the user and do not come across as annoying. With the help of the Facebook pixel, we can also comprehend the effectiveness of the Facebook advertisements for statistical and marketing purposes in that we see whether or not a user was redirected to our website after clicking on a Facebook advertisement.

You can refuse the collection of your data from the Facebook pixel and the use of your data for the presentation of Facebook ads. You can view the Facebook-specific page about this and learn more about the settings for user-based advertisements: https://www.facebook.com/settings?tab=ads or refuse via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, meaning that they will be applied to all devices, such as desktop computers or mobile devices.

You can also deactivate the “Custom Audiences” remarketing function for advertisements in the settings via https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook in order to do this.

WhatsApp Service

On our website, you have the chance to sign up for the sending of news and information about all content and themes of our website via the ”WhatsApp“ messaging service, and to also use this method to come to us directly with questions.

By sending us a message, you agree, in accordance with Art. 6 Sec. 1 (a) GDPR, that the sender uses your personal data (e.g. first and last name, telephone number, messenger ID, profile picture, messages) for the direct communication and data processing necessary for the usage of the respectively selected messenger. For the use of this service, an existing messaging account for the respective provider is required. The messenger provider responsible is WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. The privacy policy can be found at https://www.whatsapp.com/legal/#privacy-policy.

We provide this service via MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, who we have commissioned to implement the sending of messages.

WhatsApp receives personal data (particularly metadata from communication) that will be processed on servers in countries outside of the EU (USA, for example) where no adequate level of data protection is guaranteed. However, WhatsApp Inc. is certified under the Privacy Shield Agreement and thereby offer a guarantee that the European privacy policy will be adhered to. Further information contains the aforementioned privacy policy from WhatsApp. The sender has neither specific knowledge nor influence on the data processing effected by the respective provider.

The sending of messages occurs via one of the WhatsApp accounts that we have created. When you sign up for our WhatsApp messaging service via our website as per the instructions displayed, MessengerPeople receives the data stored with WhatsApp like your user name, your telephone number (only when signing up via WhatsApp), details about your device, all messages that have been sent by the service, as well as information about which messages you have read and clicked on. You have the choice to cancel the sending of WhatsApp messages via MessengerPeople at any time by sending “STOP” as a message to the WhatsApp account that you have previously used to order the messaging service. You can even request that MessengerPeople delete all of the aforementioned data by sending “DELETE ALL DATA” as a message to the corresponding WhatsApp messenger account.

Information about the usage and service of the MessengerPeople news services can also be found with every order of your preferred news. Furthermore, extensive information about the use of personal data via MessengerPeople can also be found in the MessengerPeople privacy policy notes at https://www.messengerpeople.com/privacy/.

Dynamic

The Dynamic Tracking System serves to determine the performance of different advertising channels. When visiting our website, data from your browser are collected for statistical evaluation and subsequently sent to the technical and statistical service provider, Dynamic 1001 GmbH, Im Mediapark 8A, 50670 Cologne, Germany. The collection of the data occurs through a single pixel, of which is integrated into all common online shops. When coming into contact with Dynamic servers, information, such as the operating system, the type of Internet browser utilised, the corresponding advertising material, the referrer, and the IP address, will be anonymously stored. The IP address will only be used for internal allocation purposes and will not be shared with third parties. In order to correctly execute commission management for advertising partners, data, such as the online booking number and order value of a successful booking, will be transmitted to Dynamic 1001 GmbH.

Cookies are used to collect data, of which contain an identification value that is created by the Dynamic Tracking System. Should you not want storage to occur, you can deactivate the cookies on your own by changing the settings in your browser.

Should you wish to object to the storage of your anonymously collected visitor data, you can do so at https://dynamic-tracking.com/Datenschutz.aspx?td=E64D8A6004E35875650135366B29E484&cn=3 so that it is no longer collected in the future. The current privacy policy of Dynamic 1001 GmbH can be found at https://www.dynamic1001.com/Datenschutz.aspx.

TradeTracker

We are registered with our website as an advertiser with the affiliate network TradeTracker. This is an affiliate marketing platform which allows website operators (publishers) to display advertisements from third parties on their websites. Payment occurs based on performance, and in the case of TravelTrex, based on commission. TradeTracker cookies will be placed on the visitor’s computer in order to correctly document sales.

These cookies correspond with the currently valid privacy policy. The cookies used by TradeTracker will be accepted by an Internet browser’s standard settings. Should you prefer not to save these cookies, please deactivate the option to accept cookies from the relevant domains in your Internet browser. TradeTracker tracking cookies register the ID of the intermediary partner, the partly anonymous IP address of the visitor (reduced by the last octet), as well as the sequence number of the advertising material that the visitor has clicked on (banner, text link, etc.), all of which are necessary in order to settle commission payments.

The operating company of TradeTracker is TradeTracker Nederland B.V., 1327 GA Almere, Netherlands. The applicable privacy policy of TradeTracker can be found at https://tradetracker.com/de/privacy-policy/.

Voucher deals from Sovendus GmbH

When selecting a voucher deal that currently interests you after completing your travel booking, we will pseudonymize and encode the hash value of your e-mail address and IP address and transfer these to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Art. 6 Sec.1 f GDPR). The pseudonymized hash value of the e-mail address will be used by Sovendus when considering a possible existing opposition to advertisements (Art. 21 Sec.3, Art. 6 Sec.1 c GDPR). The IP address will be used solely for data security purposes and, as a general rule, will be anonymized after seven days (Art. 6 Sec.1 f GDPR). Furthermore, we will transfer a pseudonymized order number, order value with currency, session ID, voucher code, and time stamp to Sovendus for billing purposes (Art. 6 Sec.1 f GDPR). Should you be interested in a voucher deal from Sovendus after completing your travel booking and therefore click on the voucher banner that is exclusively displayed at that time, and should there be no opposition to advertisements present, we will transfer your encrypted title, name, and e-mail address to Sovendus in preparation for the voucher (Art. 6 Sec.1 b, f GDPR).

For more information about the processing of your data via Sovendus, please refer to the online data protection notices at https://www.sovendus.de/en/privacy_policy/.

Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated into this website in order to display the Trusted Shops seal of excellence and collective ratings, where applicable, as well as to display offers for Trusted Shops products to buyers after completing an order.

This serves to safeguard our predominantly legitimate interests in the optimal marketing of our product on the basis of the balancing of interests. The Trustbadge and the associated advertised services are offers of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln.

When using the Trustbadge, the web server automatically saves a so-called “server logfile“, of which contains, for example, your IP address, the date and time of usage, transferred data volume, and the requested provider (access data), and of which documents the usage. These access data will not be evaluated and will be automatically overwritten seven days after the end of your visit to the website at the latest.

Further personal data will only be transferred to Trusted Shops providing you have decided to make use of one of the Trusted Shops products after completing an order, or providing you have already been registered. In this case, the contractual agreement between you and Trusted Shops applies.

7. Newsletter

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

E-mail distribution via Episerver (form. Optivo)

Newsletter

With the following information, we will be informing you about the content of our newsletter as well as the sign up process, distribution process, statistical analysis process, and your right to objection. By subscribing to our newsletter, you agree to reception and the aforementioned processes.

Content of the Newsletter

We only send newsletters and e-mails with advertising information (hereafter “newsletter“) with the consent of the recipient or with legal permission. Insofar as the content of a newsletter is concretely described in the context of an application for the newsletter, these are decisive for the consent of the user. Besides that, our newsletters contain information about our products, offers, deals, and company.

Double-Opt-In and Recording

Signing up for our newsletter occurs via a so-called “Double-Opt-In” procedure. This means that once you finish signing up, you will receive an e-mail which prompts you to confirm your registration. This confirmation is mandatory in order to prevent others from signing up with third-party e-mail addresses. Newsletter registrations will be recorded in order to demonstrate the corresponding legal requirements for the registration process. This includes the storage of both the registration and confirmation times, as well as the IP address. Changes to your data that is saved with your service provider will also be recorded.

Service Provider

The sending of the newsletter occurs via Episerver Campain, an e-mail marketing software from the provider Episerver GmbH, Wallstraße 16, 10179 Berlin. The privacy policy of the service provider can be found here: https://www.episerver.com/legal/privacy-statement/.

Furthermore, Episerver can, according to its own information, use this data in a pseudonymous form, i.e. without a user being assigned to it, in order to optimise or improve their own services, such as technical optimisation for the distribution and presentation of the newsletter, or to use it for statistical purposes. However, Episerver does not use the data of newsletter recipients to contact them directly or to share with third parties.

Registration Data

In order to sign up for the newsletter, you only have to provide us with your e-mail address. You also have the option to provide your first and last name as well as your preferred title. These entries will solely be used for the personalisation of your newsletter, in which we adjust the content of the newsletter to fit the interests of the reader.

Performance Measurement

The newsletters receive a so-called “web-beacon“ - a pixel-sized file that is retrieved when opening a newsletter from the server of the service provider, Episerver. While being retrieved, technical information, such as browser and system information, as well as your IP address and the time of the retrieval, will be collected. This information is then used for the technical improvements of services based on technical data, or target groups and their reading behaviour based on the point of retrieval (which is determined with the help of the IP address) or access time. Determining whether or not the newsletter has been opened, when it was opened, and which links were clicked on are part of the statistical assessment. Due to technical reasons, this information can be assigned to individual newsletter recipients. However, neither we nor the service provider strive to monitor individual users. Instead, the results serve to illustrate the reading habits of our users and to help us adjust our content to their liking, or to send diverse content to our users based on their interests.

The sending of the newsletter, as well as performance measurement, occur based on the consent of the recipients as per Art. 6 Sec. 1 lit. a, Art. 7 GDPR in association with § 7 Sec. 2 No. 3 UWG, or rather based on the legal permission as per § 7 Sec. 3 UWG.

The recording of the registration process occurs based on our legitimate interests as per Art. 6 Sec. 1 lit. f GDPR and serves as proof of the consent to receive newsletters.

Online Activity and Data Management

In some cases, we direct newsletter recipients to the service provider’s websites. For example, our newsletter contains a link that newsletter recipients can use in order to view the newsletter online (should the newsletter not be displayed correctly in the e-mail). Another example would be that a newsletter recipient would like to change their data, such as their e-mail address. Likewise, the privacy policy of the service provider can only be accessed via their website. With that in mind, we would like to point out that the Episerver websites do use cookies, which will process your personalised data via the service provider, their partners, and other service providers (such as Google Analytics). We cannot influence this collection of your data. Further information can be found in the Episerver privacy policy. We would also like to mention the possibility to appeal the collection of data for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area).

Cancellation/Withdrawal

You can, at any time, cancel your subscription i.e. withdrawal your consent. A link to newsletter cancellation can be found in each newsletter. Furthermore, you can also unsubscribe from the newsletter directly on the website. After completing cancellation, all of your data, excluding your e-mail address, will be deleted. Your e-mail address will be specifically saved to a blocking list and will only be used for the sole purpose of making sure that we no longer send e-mails to your e-mail address.

Completion of a Contract regarding Contract Data Processing

We have entered into a contract with Episerver concerning contract data processing and fully implement the strict requirements of the German data protection authorities when using Episerver.

Legal basis

The processing of data is based on your consent (Art. 6 Abs. 1 a GDPR). You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

8. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.

9. Payment service providers

Sofortüberweisung

Our website accepts payments via Sofortüberweisung. The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.

Sofortüberweisung provides us with real-time payment confirmations, allowing us to begin fulfilling our end of our contract right away.

If you opt to pay using Sofortüberweisung, you will be submitting a PIN and a valid TAN to Sofort GmbH so that it can access your online banking account. Sofort GmbH will automatically check your account balance and perform the transfer to our account using the TAN you supply. It then sends an immediate transaction confirmation. After logging in, your income, the overdraft protection, and the availability of other accounts and their balances will be checked.

In addition to the PIN and TAN, the payment details you provide as well as personal information will be sent to Sofort GmbH. This personal information includes your name, address, telephone numbers, email address, IP address, and any other data required to process your payment. This data must be transferred to identify you securely and to prevent fraud.

Data is transmitted to Sofort GmbH based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GD (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Please refer to the payment with Sofortüberweisung links below: https://www.sofort.de/datenschutz.html and https://www.klarna.com/pay-now-with-direct-banking.

Stripe

Should you select a method of payment from the payment service provider, Stripe, the transaction will occur via the payment service provider, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, in that we transfer the information from your booking that was provided by you during the booking process (name, IP address, IBAN and BIC, as well as possible credit card details, invoice amount, and currency). The transferring of your data to the payment service provider, Stripe Payments Europe Ltd., occurs only for the purpose of processing payment. Further information about data protection with Stripe can be found at https://stripe.com/de/terms.

All data that is required in order to process payment will only be used by Stripe in order to carry out payment, and will be safely transferred via the SSL process. Stripe is certified in accordance with PCI DSS. Stripe transfers, processes, and stores personal data outside of the EU where necessary.

The transferring of your data to Stripe occurs based on Art. 6 Sec. 1 (a) GDPR (consent) and Art. 6 Sec. 1 (b) GDPR (processing in order to fulfil a contract). You have the choice to revoke your consent to having your data processed at any time. When revoking your consent, it does not affect the processing of previously collected data.