Information on data protection
Use of this website may involve the processing of personal data. The following information will give you an overview of these processes to facilitate your understanding of them. To ensure fair processing, we would also like to inform you about your rights under the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
StyleRemains GmbH (hereinafter referred to as 'we' or 'us' or 'REBELLE') is responsible for data processing.
1. Point of contact
If you have any questions or suggestions about this information or would like to contact us to assert your legal rights, please direct your request to:
Tel.: +49 40 30 70 19 08
2. REBELLE business purpose and mode of operations
StyleRemains GmbH operates an international online marketplace for second-hand designer fashion and accessories under the REBELLE brand, where private and commercial users can buy and sell products.
REBELLE handles all aspects of online sales for sellers from item description and photography to secure storage and payment processing, packaging and shipping via logistics partners to marketing via various marketing channels. One important aspect of online sales (applicable to concierge sales) is the need to inform and advise prospective buyers about the items on offer.
For every sold product, buyers can rely on authenticity and quality testing performed by REBELLE experts. Furthermore, REBELLE facilitates communication between potential buyers and suppliers, in particular pertaining to price negotiations and offers.
Performing this service requires the processing of personal contact data such as names, addresses, email addresses and phone numbers. This information is required, for example, for the shipment of ordered goods or for notification purposes when articles have been reserved.
REBELLE actively supports both buyers and sellers, offering the following non-promotional email services for registered users:
- Sending notifications of price reductions for items in the shopping cart and on the wish list;
- Facilitating pricing inquiries from interested buyers for the purpose of price negotiations as support for the purchase of products;
- Conducting email correspondence in the event of payment problems and cancellations;
- Providing information about REBELLE as a support tool for first-time registered users.
- Notifying sellers about questions from prospective buyers
- Advising sellers about how they can improve chances of selling items
- Sending notifications about the filters/search agents we use.
REBELLE undertakes to support both buyers and sellers, offering the following phone services for registered users:
- Responding to questions about articles offered via the concierge service
- Providing support for payment issues
- Responding to questions about shipping and placing orders
3. Provision of general information on data processing
The use of this website may result in the processing of personal data. The term 'personal data' under data protection law refers to all information relating to a specific or identifiable person. IP addresses can also be considered personal data. Each device connected to the Internet is assigned an IP address by the Internet provider, enabling it to send and receive data. We collect information that you provide voluntarily when using the website. In addition, certain information about your use of the website is automatically collected by us during your visit to the website.
a. Legal principles underlying data processing
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data will only be processed by us if this is legally permissible. When using this website, we process personal data only with your consent (Art. 6 paragraph 1 sentence 1 letter a GDPR) and for the following purposes: to perform our contractual obligations to you, or upon your request, to perform our pre-contractual arrangements (Art. 6 paragraph 1 sentence 1 letter b GDPR), to fulfil a legal obligation (Art. 6 paragraph 1 sentence 1 letter c GDPR) or to fulfil our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms necessitating the protection of personal data prevail (Art. 6 paragraph 1 sentence 1 letter f GDPR). The processing of applicant data is carried out solely to establish the employment relationship on the basis of § 26 para. 1 BDSG.
b. Revocation of consent
If you have provided us with separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing which has taken place based on consent until consent was revoked.
c. Duration of storage
Unless otherwise stated in the following information, we store data only as long as necessary to achieve the purpose of processing or to fulfil our contractual or statutory obligations. Such statutory retention obligations may arise in particular from commercial legal or tax regulations.
d. Technical service providers
Unless otherwise stated in the following information, data will be processed on servers operated by technical service providers commissioned by us for this purpose. Such service providers receive detailed instructions for data processing and are contractually responsible for implementing adequate technical and organisational measures to ensure data protection.
4. Processing of server log files
When using our website for information purposes only, general information is initially stored automatically (i.e. not via registration) and transmitted to our server by your browser. By default, this information includes: Browser type/ version, operating system used, accessed page, previously visited page (referrer URL), IP address, date and time of the server request, and the HTTP status code.
DWe process this data to fulfil our legitimate interests while complying with the legal principles underlying Art. 6 para. 1 sentence. 1 letter f GDPR. This processing is necessary for purposes of technical management and the security of the website. Stored data will be deleted after seven days unless there is a justified suspicion of illegal use based on specific evidence which requires further examination and processing of the information.
5. Contact form
Our website contains a contact form which you will be able to use to message us. The transfer of your data will be encrypted.
The legal basis for data processing is Art. 6 para. 1 sentence. 1 letter b GDPR. All data fields marked as mandatory fields are required to process your request. If you do not provide us with your data, we will not be able to process your request. Any additional data is provided voluntarily by the user. Alternatively, you can also contact us at the email address we have listed for you.
6. Registration and Login
To access certain functions of the website, registration on the website is required. The required information can be found in the registration form. It is crucial that all information items marked as required are filled in so that the registration can be completed. The data provided will be processed for the purpose of rendering services. The processing of that data is based on the legal provisions of Art. 6 para. 1 sentence. 1 letter b GDPR.
7. Services for registered users
In order to be able to provide the e-mail services and telephone services described in Section 2 for registered users, we process your personal data, such as your customer name, e-mail address, telephone number if available and details of the requested service. The data we receive is processed for the purpose of providing the service. We process the data in accordance with Article 6 (1) 1 b GDPR.
8. Facebook Connect
You can also register via Facebook (Facebook login). You can use your existing Facebook user account for this purpose. The Facebook login allows you to use this registration option for our website.
If you want to log in to our website via your Facebook account, you will be guided directly to Facebook in the initial step. Facebook will ask you to log in or register. Under no circumstances will we be able to obtain your personal access data (user name and password) in this process.
In a second step, you will connect your Facebook profile to our service. At that time, you will also learn which data from your Facebook profile will be transferred to us. As a rule, this includes your 'public information' on Facebook and any information that you share or make publicly available for a given application. This usually includes your name, profile and cover picture, gender, networks, user name (Facebook URL) and user ID (Facebook ID). To be able to contact you outside of Facebook, we also use your email address stored on Facebook. For an overview of the information that is public on your profile, see the settings menu on your Facebook profile (https://www.facebook.com/settings?tab=applications).
The legal basis for data collection and storage is your consent within the meaning of Art. 6 para. 1 sentence. 1 letter a GDPR. If you would like to disconnect Facebook Connect from our service or revoke your consent, please log in to Facebook and make the necessary changes to your profile there (https://www.facebook.com/settings). We will then no longer be authorised to use information from your Facebook profile.
Facebook Inc. is certified under the Privacy Shield Agreement warranting compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
On our website, we offer the option to comment on the listed articles. As a user, you will be able to ask the respective seller a question. Registration is required to use this service. When a comment is made, the respective user name is displayed and assigned to the article. All other information you provide (e.g. within the comment) is voluntary.
The legal basis for storing your email address is Art. 6 para. 1 sentence. 1 letter f GDPR. We use your personal data only in the event that a third party reports a comment to us as unlawful and if we are required to review such an incident. We save your data as long as your comment is publicly visible.
We do not check comments before they are published. However, we expressly reserve the right to delete your comments if they are objected to as unlawful by third parties. You may object to the storing of the above data at any time. In that case, however, we would have to remove your comments from our website.
10. Data processing to facilitate purchases
If you place an order for a product through our website, we process your personal data only to process the transaction or to make a product available to you. When handling your booking or order, we only process data that was entered in the input mask by you. If you decide to pay up front, no additional data will be collected by us.
To be able to deliver ordered products to you, we transmit the data required for delivery to one of our delivery providers as indicated in the order.
The legal basis for processing data is Art. 6 para. 1 sentence 1 b) GDPR. All data fields marked as required fields are needed to process your booking or order. Failure to fill in those fields means that we will not be able to process your booking or order. Any additional data is provided voluntarily by the user.
We use various payment processors to handle payment and purchase transactions and would like to describe their services in the following section:
a. Credit card payments
We offer you the option to pay by credit card. Please note that the payment processor is solely responsible for collecting and processing payment information
b. PayPal payments
You also have the option to make payments using PayPal. Please note that PayPal (Europe) S.à r.l. et Cie, S.C.A., based in Luxembourg, is responsible for collecting and processing the relevant payment information.
PayPal transmits to us your address data stored with PayPal, which we process exclusively for handling contractual transactions. The legal basis is Art. 6 para. 1 sentence 1 letter b GDPR.
Further information on PayPal ‘s data protection policy can be found at: https://www.paypal.com/en/webapps/mpp/ua/privacy-full?locale.x=en_EN#r5.
c. Additional payment processors
You have the option to pay by “Instant Bank Transfer” provided by Sofort GmbH. We also use GiroPay, GIROPAY GMBH, Heidelpay, EPS and IDEAL as payment processors. Please note that the payment processor is solely responsible for collecting and processing payment information.
If a purchaser decides to pay by instalments, they are subject to a credit check. Data is transferred to credit reference agencies by and on behalf of Universum Payment Solution GmbH.
These agencies provide them with information and possibly credit information based on mathematical and statistical processes (probability and/or score values), the calculation of which uses address information and other details.
In Germany, the following credit reference agencies may be used:
Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstraße 28, 22761 Hamburg
UNIVERSUM Business GmbH, Hanauer Landstraße 164, 60314, Frankfurt
SCHUFA Holding AG, Postfach 102166, 44721 Bochum
You have the option to apply for a job in the jobs section on our website. To this end, we collect personal data from you including your name, CV, cover letter and other content provided by you. To review our applications, we use a service provider who acts solely on our behalf in accordance with the legal requirements for order processing.
Your personal application data will only be collected, stored, processed and used for purposes connected with your interest in a current or future employment with us, and for the processing of your application. Your online application will only be processed and reviewed by members of our staff who have been assigned to this task. All employees entrusted with data processing are required to maintain strict confidentiality of your data.
SIf we are unable to offer you employment, we will retain the data you provided for up to six months following completion of the application process for the purpose of responding to any questions relating to your application and non-acceptance. This does not apply if legal provisions prevent deletion, if extended storage is required for the purpose of providing evidence, or if you have expressly agreed to a longer storage period.
The legal basis for data collection is § 26 Paragraph 1 BDSG. Please be informed, if we retain your applicant data for a period of six months with your express consent, that you may revoke your consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing which has taken place until the time that consent was revoked.
In the following section, we will inform you about our newsletter as well as other types of business emails, electronic mail and your rights of objection. By subscribing to our newsletter, you accept its receipt and agree to the following procedures. The legal basis is your consent pursuant to Art. 6 para. 1 sentence 1 letter a GDPR.
Your subscription to our newsletter will be fulfilled using the double opt-in procedure which also serves to confirm your email address. This confirmation is necessary so as to prevent fraudulent logins with other email addresses. Subscriptions to the newsletter are logged to keep a record of the registration process in accordance with legal requirements. This includes storage of the login and confirmation time, as well as the IP address. Any changes to your data stored with the delivery service provider will also be logged.
The newsletter is distributed by Emarsys interactive services GmbH, Stralauer Allee 6, 10245 Berlin. You can view the data protection regulations of the shipping service provider here: https://www.emarsys.com/de/datenschutzrichtlinie.
Please be aware that we evaluate your user behaviour when sending the newsletter and transactional emails.
Emarsys also stores cookies on your computer via your web browser. The cookies and the identification numbers they contain are not linked to your name, address, e-mail address or other personally identifiable information unless you have expressly given us permission to send you information specifically tailored to your interests. The shipping service provider uses these cookies to recognise your browser, so that we can track your movements on our website and record and determine the success of specific marketing measures. We use this information to improve our website and e-mail newsletter, in particular by adapting our information and offers to the individual interests and needs of users.
The analysis of the newsletter is based on Art. 6 (1) f GDPR. We have a legitimate interest in the anonymised analysis of user behaviour in order to optimise both our website and our advertising.
We use the data obtained from Emarsys to create a pseudonymous user profile so that we can provide you with a newsletter tailored to your interests. The following data is collected:
Did you open the newsletter? And what links did you click on?
When did you view our website and for how long? Which products and categories did you look at?
When did you make a purchase and what did you buy? From which category and for what amount? And: Did you cancel your order?
The information collected in this way is stored on a server located within the European Union.
You can object to the cookie-based collection and evaluation of the online data described above by clicking on the opt-out button below. If you exercise this option, an anonymous 'opt-out' cookie will be saved in your web browser, which will inform the Emarsys web server of your objection and prevent the collection of your data. The opt-out cookie will remain effective in the browser you are using until you delete it using the browser tools. However, if you delete the cookie or use another browser or computer, the shipping service provider will no longer be able to recognise that you have declared such an objection. Alternatively, you can set your browser to prevent it from accepting cookies.
You may cancel our newsletter at any time. This can be done with ease using the link at the bottom of each of our mailings or by sending a message to the email address listed under Contact. Unfortunately, no separate cancellation of the distributions from the service provider or statistical evaluations is possible, and instead the entire subscription must be cancelled.
14. Newsletter without consent
If we receive your email address in connection with the purchase or sale of a product or service and you have expressed no objection to this, we reserve the right to send you offers by email of similar products to those already purchased from our product range on a regular basis.
If you do not want this, you can object at any time by sending an email to: firstname.lastname@example.org without incurring any costs other than transmission costs under the applicable standard rates. In addition, each newsletter contains a separate unsubscribe link.
Edit cookie settings
16. Analysis of our website
a. Google Analytics
We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser will not be commingled with other Google data. Users can prevent the storing of cookies by setting their browser software accordingly. You can also prevent the information generated by the cookie from being collected by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking this link.
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR. Use of this service is prompted by our legitimate interest in evaluating user behaviour on our website for the purposes of adapting the design to user needs. http://tools.google.com/dlpage/gaoptout?hl=en. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking this link.
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR. Use of this service is prompted by our legitimate interest in evaluating user behaviour on our website for the purposes of adapting the design to user needs.
Google is certified under the Privacy Shield Agreement and warrants compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use services by Webtrekk GmbH, Boxhagener Str. 76-78, 10245 Berlin to statistically assess our website. Webtrekk’s services allow us to collect statistical data about the ways consumers use our website. The data collected will be used towards improving and optimising our offerings. Webtrekk will collect and evaluate information transmitted by your browser.
Personal identification is not possible at any time. All collected data is only used to create anonymous user profiles for generating web statistics. Data collected by Webtrekk will not be used to identify individuals without the consent of those individuals.
Any data processing is carried out in furtherance of our legitimate interests and is governed by the legal provisions of Art. 6 para. 1 sentence. 1 f GDPR. With our processing activities, we aim to optimise our offerings while reducing the processing of personal data to an absolute minimum.
If you wish to object to the collection and storage of your data, please visit the following link https://www.webtrekk.com/en/legal/opt-out-webtrekk/. Under the option 'Disclaimer for data storage', you have the option of adding an opt-out cookie on your device.
17. Tracking & Retargeting
a. Retargeting Criteo
We use the technologies of Criteo SA, 32 Rue Blanche, 75009 Paris, France (Criteo). When you visit our website, a Criteo cookie stores information about your behaviour on our website (e.g. clicked offers). Criteo uses this information at its sole discretion and its own responsibility to display for you suitable advertisements from third party sites.
The legal basis for processing is Art. 6 para. 1 sentence 1 letter f GDPR. Any processing serves our legitimate economic interests.
Criteo provides information at https://www.criteo.com/en/privacy/ on the processing of personal data including consent withdrawal options. You can also prevent the information generated by the cookie from being recorded. To do this, visit the following websites:
b. Facebook (visitor action pixel)
We use the 'visitor action pixel' by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or, for EU residents, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Facebook').
Visitor action pixels allow us to track the behaviour of users after they have been directed to our website by clicking on a Facebook ad (so-called „Conversion“). They can also be used to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook about whose activities we will inform you to the best of our ability. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook's Data Usage Policy. https://www.facebook.com/about/privacy/.
The visitor action pixel is triggered by Facebook when you visit our website and may place a cookie on your device. If you then log in to Facebook or visit Facebook when logged in, your visit to our online offering will be noted in your profile. The data collected about you is still anonymous to us and will not provide us with any information about user identity. However, Facebook stores and processes data in a way that can be connected to the individual user profile and may be used by Facebook for its own market research and advertising purposes.
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR and serves our legitimate economic interests.
You can object to being recorded by the Facebook pixel as well as the use of your data to display Facebook ads at the following address: https://www.facebook.com/settings?tab=ads
Facebook is certified under the Privacy Shield Agreement and warrants to comply with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
c. Facebook Custom Audiences
The legal basis for such processing is Art. 6, para. 1, sentence 1 letter f GDPR. If you wish to opt out of the use of Facebook Website Custom Audiences in the future, you can do so at https://www.facebook.com/ads/website_custom_audiences
Facebook is certified under the Privacy Shield Agreement and warrants compliance with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
d. Google Marketing Services
On our website, we use marketing and remarketing services by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). These services allow us to display ads in a more targeted manner by presenting ads that are geared towards user preferences. Remarketing allows for ads and products to be displayed to users who are interested in other sites on the Google Network. For these purposes, Google executes a code and embeds so-called (re)marketing tags when you visit our website. With their assistance, an individual cookie, i.e. a small file, is stored on a user device (comparable technologies can also be used instead of cookies). Cookies can be placed by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records the websites users have visited, the content they are interested in and the types of offers that have been made. In addition, technical information about the browser and operating system, referring websites, visit time and further information about the use of the online offer are stored. User IP addresses are also recorded. With regard to Google Analytics, it should be mentioned that IP addresses are truncated within member states of the European Union or in other contracting states of the agreement on the European Economic Area.
All user data will only be processed as pseudonymous data. Google does not store any names or email addresses. All displayed ads are therefore not displayed specifically for an identifiable individual, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.
One of Google’s marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. As a result, cookies cannot be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that identifies users in person.
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
Google is certified under the Privacy Shield Agreement and warrants to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
e. Microsoft Bing Ads
We use Bing ads, the conversion and tracking tool from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, 'Microsoft') on our website. Microsoft stores a cookie on user computers to facilitate analyses of the ways our online offerings are used. This requires the user to have reached our website via an advertisement from Microsoft Bing Ads. This allows both Microsoft and us to detect when a user has clicked on an ad, has been redirected to our online offerings and has reached a predetermined target page. Only the total number of users who clicked on a Bing ad and were then directed to the target page (conversions) will be visible. No IP addresses will be stored. No other personal information that identifies the user is disclosed.
Additional information on data protection and how cookies are handled in Bing Ads can be found in Microsoft’s data protection declaration: https://privacy.microsoft.com/en-en/privacystatement.
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR. If you do not wish to participate in the Bing Ads tracking process, you can withdraw consent here: http://choice.microsoft.com/en-EN/opt-out.
Microsoft is certified under the Privacy Shield Agreement and warrants to comply with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR. If you do not consent to your data being recorded, please go to the link below and select Opt out: http://optout.ioam.de
A cookie from the provider Tracedelight GmbH (tracdelight GmbH, Arabellastrasse 23, 81925 Munich) is installed on our site.
We set a cookie for users as soon as they click on a publisher's integrated product. This allows us to match publishers to product providers and to keep an accurate record of our affiliate business and serves no other purpose. No data will be transferred to third countries. Your use of this service is governed by Art.. 6 para. 1 sentence. 1 letter f, GDPR.
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR.
You have the option of disabling cookies by selecting the appropriate browser settings.
This service is governed by Art. 6 para. 1 sentence. 1 letter f, GDPR.
If you object to your data being used for this reason, you can deactivate the storage of cookies under Tools/Internet options in your browser, limit them to certain websites or set your browser to notify you when you receive a cookie. Please note that this may limit our ability to display our online offerings or prevent us from providing you with guidance in navigating our pages.
A cookie from ChannelPilot, an online marketing tool provided by Channel Pilot Solutions GmbH (Überseeallee 1, 20457 Hamburg) is installed on our site. The information generated by the cookie about your use of the website such as browser type/version, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request, is transmitted to a ChannelPilot server in Germany and stored there. The IP address transmitted by your browser via ChannelPilot will not be commingled with other ChannelPilot data. In addition, ChannelPilot only stores the IP address for a short period of time (usually no more than 24 hours) and subsequently renders it unrecognisable. Caching is performed for the sole purpose of detecting possible click fraud (bot detection). On behalf of REBELLE, ChannelPilot will use this information to evaluate the performance of connected online marketing channels.
The legal basis for the use of this service is Art. 6 para. 1 sentence. 1 letter f GDPR. You can prevent ChannelPilot from capturing and processing your website-related user data generated by the cookie (including your IP address) by using the opt-out option available under the following link: www.channelpilot.de/optout.
18. Integrated services and contents from third parties
We use services and content provided by third parties (hereinafter collectively referred to as 'content') on our website. To facilitate integration, it is necessary for technical reasons to process your IP address so that content can be sent to your browser. Your IP address will therefore be transmitted to the respective third party provider.
In each case, data processing is carried out to safeguard our legitimate interests in the optimisation and economic operation of our website and the legal basis for this service is Art. 6 para. 1 sentence. 1 f GDPR.
The Java programming language is regularly used to integrate the content. You can therefore object to data processing by deactivating Java in your browser. Instructions and further security advice are available from the Federal Office for Information Security at https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Java/Java_Sicherheistempfehlungen/java_sicherheitsempfehlungen_node.html
We have incorporated content from the following third parties into our website:
- 'Google Maps' for displaying maps;
- 'Google Translate', which can be used to translate texts on our website into another language;
Google is certified under the Privacy Shield Agreement and warrants to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
b. Trusted Shops GmbH
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any collected reviews, as well as to offer Trusted Shops products to buyers after placing an order.
This serves to protect our prevailing legitimate interests in optimal marketing by enabling safe shopping in accordance with Art. 6 (1) 1 lit. f GDPR. The trust badge and associated advertised services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The trust badge is provided within the scope of commissioned data processing by a CDN provider (content delivery network). Trusted Shops GmbH also uses service providers from the USA. An adequate level of data protection is ensured. Further information about data protection at Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz
When the trust badge is viewed, the web server automatically saves a server log file, which also contains your IP address, the date and time the badge was viewed, the amount of data transferred and the requesting provider (access data) and documents the access. Individual access data is stored in a security database for the analysis of vulnerabilities. The log files are automatically deleted at the latest 90 days after creation.
Additional personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered for use. The contractual agreement between you and Trusted Shops applies. Personal data is automatically collected from the order data for this purpose. A neural parameter, i.e. the email address hashed using a one-way cryptological function, is used to automatically check whether you as a buyer are already registered for use of a product. The e-mail address is converted before being transmitted as a hash value that cannot be decrypted by Trusted Shops. The parameter is automatically deleted after checking for a match.
This is necessary for the fulfilment of our and Trusted Shops' prevailing legitimate interests in the provision of the buyer protection linked to the specific order and the transactional valuation services in accordance with Art. 6 (1) 1 lit. f GDPR. Additional details, including how to object, can be found in the Trusted Shops data protection declaration linked above and in the trust badge.
This website uses the Kameleoon test and web analysis service provided by Kameleoon GmbH. The program enables the analysis of user behaviour based on user segmentation. The analysis of the log file data allows us to determine how the individual user segments visit the website, which landing pages are visited and how we can achieve an increase in click rates.
As described above, cookies/local browser storage, which are linked to a pseudonymised ID, are used for the analyses. Your IP address is completely anonymised and will not be saved. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server in Germany and stored there in an aggregated and pseudonymised form. The IP address transferred by your browser through the use of Kameleoon is not merged with other Kameleoon data.
Kameleoon evaluates your use of the website and compiles reports about website activity so that we can regularly improve our services. The legal basis for data processing is Article 6 (1) f GDPR and serves our legitimate interest in promoting our products through user-specific optimisations.
You can prevent the cookies/local storage from being saved by changing the corresponding settings in your browser software. However, please be aware that if you do this you may not be able to use the full functionality of this website. You can also deactivate Kameleoon tracking at any time (and prevent Kameleoon from collecting the data generated by the cookie relating to your use of the website and the processing of this data by Kameleoon) by clicking on the following link: http://www.rebelle.com#kameleoonOptout=true
d. PLAN International
If you are registered with our website, you can donate the proceeds from items sold to PLAN International via our website. In order for PLAN International to be able to issue you with a donation receipt, we will pass on your personal data to PLAN International Deutschland e.V. If your data is not provided, a donation receipt cannot be issued. The data transmitted includes: first name, surname, postal address, email address and the sales proceeds amount. The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 b of the GDPR.
e. One Signal
We use OneSignal (OneSignal, 2194 Esperanca Avenue, Santa Clara, CA 95054, USA) to send Push Notifications to the users of our app. OneSignal processes usage data, your advertising ID and, if your device’s settings allow it, location information. Detailed information can be found at: https://documentation.onesignal.com/docs/data-collected-by-the-onesignal-sdk. The legal basis for data processing is Art. 6 Para. 1 Point (f) of the GDPR and serves our legitimate interest in the promotion of our products using user-specific notifications. You can deactivate notifications from OneSignal by changing your device’s settings, and therefore also withdraw your permission for the processing of your user data in the future.
We use the services of AUBII GmbH (Germany) on our website and for valuation management.
AUBII GmbH operates a rating platform at www.auszeichen.org which provides online shops, service providers, stationary shops and other providers with a technical solution for professional rating management. This service asks our customers to rate us and presents the collected ratings in the form of a widget on our website. The Ausgezeichnet.org widget used on the website creates a technically necessary session cookie which is automatically deleted after the session and is used for server assignment. No personal data is transferred.
We use the rating seal in order to increase transparency, improve our services and help to build trust. The processing therefore serves our legitimate interest in accordance with Art. 6 (1) f) GDPR.
g. trustpilot A/S
We use the service of trustpilot A/S (Denmark) on our website and for rating management.
This service asks our customers to rate us and presents the collected ratings in the form of a widget on our website. To collect the reviews, we send you an e-mail asking you to rate our products and services. As a result, personal data such as name, email address and reference number are processed by us and by trustpilot. We send the e-mails in accordance with Art. 6 (1) f) GDPR in conjunction with Section 7 (3) UWG (Law Against Unfair Competition). We use the rating seal to increase transparency, improve our services and help build trust.
The ratings are displayed anonymously by a widget on our website. Additional information about how we handle personal data at trustpilot can be found here.
As a user of our services, you are entitled to assert your legal rights against us. In particular, you have the following rights:
- In accordance with Article 15 GDPR and § 34 BDSG, you have the right to request information as to whether and to what extent we process personal data about you.
- You have the right to request us to correct your data in accordance with Article 16 of the GDPR.
- You have the right to request us to delete your personal data in accordance with Article 17 GDPR and § 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Article 18 of the GDPR.
- You have the right, in accordance with Article 20 of the GDPR, to receive personal data that you have provided to us in a structured, current and machine-readable format and to transfer this data to another person charged with handling your data.
Right of objection
In accordance with Art. 21 GDPR, you have the right to object to any processing activities that are governed by Art. 6 para. 1 sentence. 1(e) or (f) GDPR.
Data Protection Officer
You can reach our data protection officer using the following contact information: email@example.com
Lodging a complaint with the supervisory authority
If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to appeal to a supervisory authority in accordance with Article 77 GDPR.