Remember to include the privacy policy in your Trustbadge!

The General Data Protection Regulation will be obligatory for all online shops from 25.05.2018. Add the relevant passages for your Trusted Shops membership to your privacy policy.

When?

The GDPR came into force on 25th May, 2016. It will be applicable from 25th May, 2018.

What does it change?

As user of our products, you are obliged to declare in your privacy policy that the trustbadge integrated in your website is third party content.

What has to be done?

Trusted Shops has prepared a template for your privacy policy which specifically refers to the Trustbadge.

Update privacy policy now

Copy the text which is suitable for your Trusted Shops product usage into your privacy policy.

Version: trustmark with reviews

Integration of the Trusted Shops Trustbadge

We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops products to customers after placing an order.

This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.

Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.

Version: trustmark without reviews

Integration of the Trusted Shops Trustbadge

We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops membership to customers after placing an order.

This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.

Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.

Version: reviews without trustmark

Integration of the Trusted Shops Trustbadge

We have integrated the Trusted Shops Trustbadge on this website in order to display the reviews collected using the Trusted Shops system.

This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit.

Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.

FAQ about the General Data Protection Regulation (GDPR) and Trusted Shops products

Like all European companies, Trusted Shops is already working on implementing the requirements of the GDPR in our activities. In addition to re-working the directory of processing activities and other documentation, this also includes adjusting the data protection statements on websites and updating training for employees regarding the GDPR.

With the start of the GDPR and in conjunction with the corresponding changes in the statutory requirements, Trusted Shops will offer online shops which use Trusted Shops products the option to conclude a contract on data processing.

Currently, we’re working on creating a standard draft which we will give to interested customers before the GDPR comes into effect. Please understand that due to the number of Trusted Shops customers and the transition phase, Trusted Shops cannot o er individual contract drafts to all customers to check and agree to.

Of course, the draft offered by Trusted Shops will comply with legal provisions and will consider the interests of our customers to an appropriate degree.

As the change in the law means that the information obligations of website operators increase, an online shop must, in the future, declare in their data protection statement when - as a result of consent from the buyer or as part of a data processing agreement with Trusted Shops - they are transferring personal data to Trusted Shops or allow Trusted Shops to collect such data on the online shop’s website.

The information in the data protection statement should describe the collection and processing of data and name the categories of data collected. Trusted Shops GmbH should be expressly named as the online shop’s data processor. In addition, the data protection statement should explain the purpose of the processing as well as the legal basis for the processing. If consent for the transfer of personal data to Trusted Shops is given, then the right of withdrawal or, if necessary, the right of objection must be stated.

A. An online shop which uses Trusted Shops products via the API offered:

If an online shop uses Trusted Shops products using the Trusted Shops API, the buyer’s personal data that is transferred to Trusted Shops and the time it will be transferred depend on the individual settings of the API.

Therefore, it is not possible to make any conclusive statement on what data is transferred between the online shop and Trusted Shops when a Trusted Shops API is used. Details on the APIs offered by Trusted Shops are available at api.trustedshops.com.

Please note that transferring personal data of buyers to Trusted Shops via the API needs prior consent from the person concerned as this is a case of transferring personal data for marketing purposes. The online shop is therefore obliged to obtain the appropriate consent in advance.


B. An online shop which has integrated the Trustbadge:

a. Data transfer when visiting an online shop with an integrated Trustbadge

Same as to opening a website, retrieving a Trustbadge that is integrated into an online shop via a browser client (that means simultaneously with opening the website) automatically produces a webserver log entry. As it is a standard format, this includes information on the browser client (date, time, referrer, IP address of the client, user agent...). This data is usage data which accumulates in any data transfer on the internet. In particular, the inclusion of any third-party content involves transfer of this data.

Trusted Shops does not use this usage data to create a usage profile and no conclusion on the website visitor is made. This data is used only to guarantee operation without disruption.

In addition, visiting a shop page which has the Trustbadge incorporated does not result in any personal data (e.g. name, e-mail address etc.) being transferred to us automatically or being stored.

b. Data transfer when placing an order in an online shop

If the buyer does not them self use Trusted Shops products, only the order number is transmitted to Trusted Shops when the Trustbadge is integrated. This is for verifying later guarantees or reviews.

Other data - in particular personal data - is only transmitted if Trusted Shops products for the buyer are actively used by the shop customer and they agree to the data transfer and/or have done so in the past for future purchases.

Only data which is necessary for using our products is collected. When using the Trusted Shops buyer protection with shop reviews, this data generally comprises the order date, order number, a customer number (if one exists), the order total, the currency, the expected delivery date (if needed), the payment method and the buyer’s e-mail address. When product reviews are integrated by the shop, the URL of the product and the product image, the product name, the product SKU, GTIN and MPN as well as the manufacturer are collected. If a review request is sent without the Trusted Shops’ buyer protection, only the order number and the e-mail address are needed. Trusted Shops does not collect further personal data of users in this way.

Whether the buyer is already registered for a particular product usage is checked automatically using a neutral parameter of the e-mail address hashed by a cryptographic one-way hash function (MD 5 procedure). Before being transferred, the e-mail address is converted into a hash value which cannot be decrypted by Trusted Shops. If there is no match, the parameter is discarded. The e-mail address is then only collected if the buyer has decided to use Trusted Shops products. The buyer’s e-mail address in plain writing or other data are not transferred as part of the automatic transfer.

The data received is only used for executing the contracts concluded and is stored internally for the duration of the mutual contract fulfilment. Afterwards, the data is then blocked from further use and is deleted for good after all commercial and tax law-related retention periods have passed.

If the buyer decides to not use Trusted Shops products for buyers and leaves the site, data is neither transmitted to Trusted Shops nor stored or processed by Trusted Shops.

A review request constitutes an advertisement

When sending an e-mail review request, conditions relating to data protection and competition law must be considered as sending such an e-mail is a way of using personal data for advertising purposes. The review request constitutes an advertisement.


Obtaining consent

As a result, sending a review request always requires getting express consent. Simply having the e-mail address is not sufficient. This is also the case if the e-mail address is passed on to a third party for them to send a review request. This is the case, for example, when using the Review Collector or the Automatic Collection by Trusted Shops. In the General Membership Conditions, Trusted Shops contractually obliges the online retailer to obtain effective consent. If data is transferred without obtaining consent beforehand, this is not just a contractual infringement by the online retailer; Trusted Shops can, in the event of any damages, obtain compensation from the online retailer.

Therefore, when activating the functionality, this pre-condition is expressly referred to.

An action by the customer is needed: This can a checkbox or a separate button for consent to receiving review request or it can be another action, e.g. filling in a field which is only needed for registering for a review request. Therefore, when activating the function, this condition is explicitly pointed out.


Scope

The scope of the consent and its consequences must be explicit: what data is passed on to whom, who uses it, for what purpose and do they use it regularly or just once etc. Should a third party send the review requests, the consent declaration must also include consent to pass on the e-mail address to third parties for the purposes of sending a review request. If the review request is sent by Trusted Shops, the online shop must obtain consent for the e-mail address to be given to Trusted Shops for the purposes of sending a review request.

In addition, it must also be made clear that the consent can be withdrawn at any time. The retailer must be able to prove that consent was obtained.


Consent can be given, for example, via a checkbox in the customer account:

Consent with checkbox:

[ ] After every purchase that I make, I would like to be sent an e-mail reminding me to submit a review and I agree that my e-mail address will be given to Trusted Shops GmbH for this purpose.

or (if the review request is sent by the online shop itself)

[ ] I would like to review my purchases. Please send me an e-mail for this after every purchase I make.


Obtaining consent in the log-in area or through a link in the order confirmation e-mail has the advantages that, in the first case, the e-mail address is confirmed and in the second case, only the owner of the e-mail address gets the link. In both cases, a so-called double opt-in as verification would be superfluous.


Review postcards

Enclosing a review postcard is fine. It could, for example, be a flyer with a quick link to the review profile. The stricter rules for e-mail advertising do not apply to this sending method.

In the case of personal contact, the customer can be asked to give feedback immediately. As no e-mail address is used for this, prior consent is not necessary.

e-trustedshops_black.svg



© 1999-2018 TRUSTED SHOPS GmbH.
DE FR NL PL ES IT