1.3. DEVICE AND ACCESS DATA

When using online services, it is inevitable that technical data will be generated and processed in order to provide the features and content offered and to display them on your device. We refer to this data as “device and access data”. Device and access data is generated with every use of an online service. It does not matter who the provider is. For example, device and access data are generated by using:

• Websites
• Email newsletters (i.e. when your newsletter interaction is detected)
• Social media fan pages
• Location-based services

1.4. PHOTOGRAPHY AND FILMING

When you participate in events organized by Tradebyte (e.g. E-Channel Day, Global Game Jam, Franconia Game Jam, etc.), you may be depicted on film and photographs used for public relations. Further information can be found in the section “2.3 Filming and photography at events”.

2. WHAT IS TRADEBYTE USING MY DATA FOR?

Tradebyte processes your data in compliance with all applicable data protection laws. Of course, we observe the principles of data protection law for the processing of personal data. As a matter of principle, we will only process your data for the purposes stated in this Privacy Policy or at the time of the collection of the data.

In this chapter, we also inform you on what legal basis we process data for the individual purposes. Depending on the legal basis on which we process your data, you may be entitled to special data protection rights in addition to your existing data protection rights, such as the right to information. For example, in some cases, you have the right to object to the processing of your data.

2.1. DATA PROCESSING IN CONNECTION WITH BUSINESS RELATIONS

Within the business relationship with Tradebyte we also process personal data of you or your employees.

Customer and business partner management

In order to manage our business contacts, we process information about your company (in particular address, branches, authorized representatives, and their contact details) as well as information about the respective contact person (in particular name, position, and professional contact information) and any communication with you. We use this data to reach the appropriate contact person when contacting you, to process your inquiries properly, and to cultivate our business relationship. This data will also be used to arrange an initial consultation with you for the preparation of an offer. Furthermore, we use the above mentioned data as well as the associated communication history for purposes of technical support.

Collection of contact data

When you contact us for the first time or submit your contact details, e.g. in a form on our website, we will store your submitted contact data in our CRM system. We will use this data to contact you and to cultivate our business relationship by sending you marketing information. This data will also be used to arrange an initial consultation with you for the preparation of an offer.

If you do not wish to be contacted, please let us know and we will delete your data from our CRM system (further information on our CRM system can be found under “TB.Home”).

TB.Home

TB.Home (formerly TB.Community) is our central customer portal that guides you through the world of Tradebyte. In order to provide TB.Home, we process your master and contact data. TB.Home serves the purpose of integrating and connecting Tradebyte customers to a specific platform or marketplace (channel) as well as for interaction between project partners. Furthermore, we provide documentation and additional self-services in TB.Home as well as the possibility for zPure clients to register.

For the purpose of contact initiation and mediation of contact data between retailers and platforms / marketplaces, we provide the “TB.Match” function within TB.Home. This is a messenger service that enables you as a user to contact cooperation partners in our e-commerce ecosystem.

If you actively use the “TB.Match” function or accept the communication request of another user, the following personal data of yours will be processed and stored:

• Your personal user ID
• Transmitted communication data, e.g. contact details (surname, first name, e-mail address, telephone number)
• Other conversation data from the communication process

As our CRM system and for providing “TB.Match”, we use the service of Salesforce.com, a company based in the USA. The USA is a country (third country) that does not provide an adequate level of protection for personal data within the meaning of EU Regulation 2016/679. However, Tradebyte ensures that the service provider in question guarantees, contractually or otherwise, a level of data protection equivalent to EU standards. We have therefore concluded a data processing agreement and additional standard contractual clauses with Salesforce.com. More information on data transfer to third countries and the precautions we take in this regard can be found in section 7 of this data protection information.

We store the data processed in “TB.Match” for a period of one year. If you do not agree with the storage, you can make use of your rights as a data subject (according to GDPR chap. 3) and file a revocation against the storage of your data.

Legal basis:
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, whereby our legitimate interests lie in the above-mentioned purposes, namely the contacting of cooperation partners within our e-commerce network.

Contract and billing management

As part of billing, we collect information on offers, orders and services rendered, invoice items, and bank details. Also in this context, we may process contact details of the contact persons.

Publication

If we publish the results of work and/or records in fulfillment of the contract concluded with you, we reserve the right, to publish not only the results and records but also the name and biographical or other personal data (with the exception of contact details) of the contact persons of our contractual partners for commercial purposes.

We also reserve the right to publish a statement made by you as a business customer in connection with your name, position, if necessary a photo of you, and company/employer or a photo stating your name, your position, and your company/employer (e.g. in connection with a lecture at one of our events or on our website or in social networks, respectively).

Legal basis:
Insofar as the above-mentioned purposes is the performance of a contract entered into between Tradebte and you or the provision of a service requested by you, the legal basis is Art. 6 para. 1 lit. b GDPR Otherwise, the legal basis is Art. 6 para. 1 lit. f GDPR, where our legitimate interests lie in the above-mentioned purposes. If you have agreed in writing (e.g. by email) to the publication of a statement or other data, your legal basis is your consent in accordance with. Art. 6 para. 1 lit. a GDPR.

2.2. SURVEYS

If you participate in one of our surveys, we use your information to analyse customer satisfaction and to identify potential improvements to our products.
We generally evaluate the surveys in aggregated form for analysis purposes. In addition, we would like to give you as our customer the opportunity to discuss your concerns and feedback directly with us. For this purpose, you can indicate a contact request in the surveys. We will then contact you after a survey via the e-mail address provided.

In the course of our surveys we collect the following personal data from you:

• Personal survey ID
• Email address
• Company
• Customer account number
• Submitted information (your feedback)
• Address (optional when specifying a gift wish)

We use the service of Rogator AG, a company based in Nuremberg (Germany), for sending surveys. We have therefore concluded a Data Processing Agreement with Rogator (in accordance with GDPR Art. 28).

We store the personal data received via surveys for a period of three years. Address data required for the receipt of a gift will be deleted immediately after dispatch. If you do not agree with the storage, you can make use of your rights as a data subject (according to GDPR ch. 3) and object to the storage of your data.

Legal basis:
The provisions of GDPR are not applicable to anonymous surveys and in the case of personal evaluations, the legal basis is the aforementioned legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. If you voluntarily state your name and email address at the end of a survey, the legal basis is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

2.3. ORGANIZATION OF EVENTS

Contact and ticket purchase

If you register for the E-Channel Day (ECD) or other events organized by Tradebyte (e.g. Global Game Jam, Franken Game Jam, DevNight), we will process the information and personal details that you provide for the billing and provision of your tickets as well as the management and implementation of the ECD or the respective event. For this purpose, we store your data in our customer management system. If you have not yet been registered in our customer management system so far, we may contact you after the ECD regarding further cooperation. If you do not wish this, you can object to this data processing at any time.

In addition, with a ticket purchase, you will automatically be included in the so-called “Matchmaking Service” of the ECD platform, which will be activated a few weeks before the ECD and through which you can contact other participants and arrange meetings at the ECD. In the “Matchmaking Service”, your contact details (e.g. name, email address, if applicable telephone number, business address, job position) as well as any other data that you can provide will be made visible to other participants. The “Matchmaking Service” is a mandatory part of the ECD.

We use the services of AirLST Teilnehmermanagement GMBH, a company based in Germany (Seitzstraße 23, 80538 Munich, Germany), for ticket sales and the technical provision of matchmaking services in the run-up to an ECD event. The personal data you provide will be transferred to AirLST for this purpose. We have concluded a data processing agreement with AirLST. In this contract, AirLST guarantees to comply with the applicable data protection regulations.

If you have registered for the ECD or other events organized by Tradebyte (including Global Game Jam, Franken Game Jam, DevNight), we may notify you by email about comparable, future events or offers from us. You can object to receiving such emails or unsubscribe anytime for free. A link to unsubscribe can be found in every email. A message to us is also sufficient.

Legal basis:
The legal basis of this data processing is the fulfillment of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR. Otherwise, the legal basis is Art. 6 para. 1 lit. f GDPR, where our legitimate interests lie in the above-mentioned purposes.

Filming and photography at events

We hereby inform you that we create film and photo shoots on the ECD and on any other events organized by Tradebyte (e.g. Global Game Jam, Franconia Game Jam, DevNight). We intend to use these for the purpose of external representation in our advertising media, on our websites, social media pages and in newsletters as well as in other media (e.g. fair presentations, chronicles, annual reports, catalogs, etc.) unlimited in time and content and without geographic restrictions.

Legal basis:
The legal basis of this data processing is our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, for pictures in which persons are to be seen only as an accessory or as a participant in a meeting Section 23 para. 1 no. 2, 3 KunstUrhG (German Law on the Protection of Copyright in Works of Art and Photography), and if applicable, your consent pursuant to Art. 6 para. 1 sent. 1 lit. a GDPR, Section 22 KunstUrhG. We will inform you about the creation of videos and photos during the registration for or at the event itself (e.g. by an appropriately marked sign or a message).

2.4 WEBINARS

For training purposes and to improve user knowledge, we regularly offer our customers webinars. You need to register to participate in the webinars. For this we need the following data from you:

• First and Last Name
• Email address
• Company
• Account number (optional)

We need this data in order to send you the access data for the webinars and to identify you as our customer.

We will only use your email address for registration and not for other advertising purposes that are not related to the webinar you attended. We would only like to contact you after a webinar to obtain your feedback on the quality of the webinar. If you have attended a webinar related to a specific retailer or brand, we will contact you afterwards to find out whether you are interested in a business co-operation.

The monthly newsletter with the announcement of upcoming webinars will be sent to all of our customers who are registered with an email address. If you no longer wish to receive this, you can of course unsubscribe from it at any time.

Your registration data will be deleted after the end of the webinar and will not be processed for other purposes. However, we note your participation in a webinar in our customer database. We do this in order to be able to understand which of our customers have already participated in a training course and to have an overview of the level of knowledge of our customers.

During a webinar you may have the opportunity to enter the so-called “stage”. In this way you can get in direct contact with the moderator, for example to ask a question. Please note that in this case other participants can hear and also see you when your camera is activated.

If you want to ask questions without entering the stage, you should use the chat function instead.

We use the service of Livestorm, SAS., A company based in France (24 rue Rodier, 75009 Paris, France) for the webinar. We have concluded a Data Processing Agreement (DPA) with Livestorm. In this contract, Livestorm guarantees to comply with the applicable data protection regulations.

You can find more information on data protection at Livestorm here.

Legal basis:
The legal basis of this data processing is the fulfillment of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR. Otherwise, the legal basis is Art. 6 para. 1 lit. f GDPR, where our legitimate interests lie in the above-mentioned purposes.

2.5 ADVERTISING

We use your data, also in the context of data analysis and for advertising purposes. In particular, we pursue the following purposes:

• The implementation of existing customer advertising.
• The implementation of direct mail, e.g. in the form of newsletters.
• The planning, implementation, and performance monitoring of advertising that meets the interests of the targeted audiences (personalized advertising).
• Insights into how our services are used (usage analysis).

Depending on the purpose, we use the data stored by us for data analysis.

Legal basis:
As far as the data processing for the purposes described above are based on your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. For the remaining processing activities, data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR, where we process your data on the basis of a balance of interests in order to safeguard our legitimate interests. Tradebyte’s legitimate interest in data processing arises from its purposes and, unless otherwise stated, is competitive and economic in nature. You can disable the processing of your data for personalized advertising and usage analysis at any time.

We also use advertising tools based on cookies and similar technologies so that we can display personalized advertising, i.e. advertising that matches your actual interests and needs, on our website and on the websites of other providers. For more information about the use of cookies and similar technologies for advertising purposes, please see the section “3.4 Information on cookies and similar technologies”.

2.6 APPLICATION PROCESS

We collect and process the personal information about you in order to process your application and match it with our vacancies. This includes the use of the data to contact you.

We use the applicant management system to accept and process job applications: https://www.tradebyte.com/en/jobs/

For further information regarding job application process please check service-specific Privacy Policy for job applicants of Zalando Group: https://jobs.zalando.com/en/privacy-policy

You can reach out to our Privacy Team for general questions on data protection in the job application process and to exercise your data protection rights (for example, deletion of your job application data) by sending an email to: dataprotection@Tradebyte.com.

You can also reach out to our Data Protection Officer for questions on this Privacy Policy or our handling of your data. For contact details, see “11. Changes to this Privacy Policy and Contacts”.

2.7 BASED ON YOUR CONSENT

If you have given us consent to the processing of personal data, your consent (Article 6 para. 1 sentence 1 lit. a GDPR) is the basis of our data processing in the first place. Which of your data we process based on your consent depends on the purpose of your consent. Typical purposes include:

• Subscribing to a newsletter.
• Participation in the service ECD Gate and “Matchmaking”.
• Entering data in contact forms.
• The transmission of your data to third parties or to a country outside the European Union.

Information on Withdrawal:
You can withdraw a consent previously given at any time with effect for the future, e.g. by email, post, letter, or fax. In addition, there is also a corresponding opt-out link in each newsletter.

2.8 OTHER PURPOSES

If data protection law permits, we may also use your information for new purposes without your consent, such as conducting data analysis and developing our services and content. The prerequisite for this is that these new purposes for which the data are to be used were not yet established or foreseeable at the time the data was collected, and the new purposes are compatible with those purposes for which the data in question were originally collected. For example, new legal or technical developments and new business models and services may lead to new processing.

3. INFORMATION ON WEBSITES

We use your data for the provision of Tradebyte websites. In addition to the device and access data associated with each use of these services, the nature of the data processed and the purposes of processing will depend in particular on how you use the features and services provided through our services. We also use the information we collect during the visit of our websites to find out how our online offer is used. We basically record all data that you provide us directly via our services.

3.1. DEVICE AND ACCESS DATA

Every access to our servers and databases generates device and access data, which is logged in so-called server log files. The IP address contained therein will be anonymized at the end of the respective access at short notice, as soon as the storage is no longer necessary for maintaining the functionality of the respective website.

If available and enabled on your device, we will also collect a device-specific identification number (for example, a so-called “promotional ID” if you use an Android device or “Ad-ID” if you use an Apple device). This device identifier is issued by the manufacturer of your device’s operating system and can be read by websites and apps and used to present content based on your usage habits. If you do not want this, you can always disable it in your device’s browser settings or system settings.

3.2. LOGIN: INFOCENTER

If you are a Tradebyte customer, you have the possibility to place a  call to the Infocenter as part of the functionality of the product (e.g. TB.One). There you can adjust various product-related settings. These settings are saved.

3.3. INFO ON WEBSITE COOKIES AND SIMILAR TECHNOLOGIES

Our websites use cookies and comparable technologies, which are provided either by Tradebyte or by third-party service providers (“Tools”).

Cookies are small text files which are saved by your web browser and which save particular settings and data for exchange with our web server. Similar technologies are in particular web storage (local/session storage) fingerprints, tags, or pixels.

Cookies are not used to execute programs or load viruses onto your computer. The primary purpose of cookies is to provide an offer tailored to you and to make our services as time-efficient as possible. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or similar technologies are rejected or only stored with your prior consent. If you reject cookies or similar technologies, it is possible that not all of our offers will function properly for you.

This website uses the following cookies and similar technologies:

• Essential cookies: These cookies are required for optimal navigation and operation of the website. For example, these cookies are used to implement the basket function, such that the goods in your basket stay saved while you continue with the purchase. The necessary cookies also serve to save particular inputs and settings which you have made so that you do not have to constantly repeat them, and to adapt Tradebyte content to your individual interests. Only limited use of the website is possible without necessary cookies.

You can find more information about essential cookies, their providers, their purposes, data categories, storage periods, and data transfer to third countries via the link “Data preferences” in the footer of the respective website or directly via the link “Set preferences” in the cookie banner of the respective website.

Legal basis:
The legal basis for the processing of your data is Article 6 para. 1 lit. f GDPR, to enable comfortable and personalized use of our website. In certain cases, these tools may also be required for the fulfilment of a contract or for the execution of pre-contractual measures, in which case processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR.

• Web-Performance and Analytics: In order to improve our website, we use tools for the statistical collection and analysis of general user behaviour based on access data (“Analytics Tools”). We also use Analytics Tools to evaluate the use of our various marketing channels.

You can find more information about Analytics Tools, their providers, their purposes, data categories, storage periods, and data transfer to third countries via the link “Data preferences” in the footer of the respective website or directly via the link “Set preferences” in the cookie banner of the respective website.

Legal basis:
The legal basis for Web Performance and Analytics cookies is, unless otherwise stated, your consent according to Art. 6 para. 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 para. 1 lit. a GDPR). If personal data is transferred to these third countries, there is a risk that personal data may be collected and analyzed by authorities and that data subjects’ rights guaranteed under EU law may not be enforced. If you consent to the use of cookies, your consent also extends to these data transfers to third countries and the processing there.

• Marketing: We also use tools for advertising purposes (“Marketing tools”). Some of the device and access data collected when using our website is used for interest-based advertising. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites of other providers.

You can find more information about Marketing Tools, their providers, their purposes, data categories, storage periods, and data transfer to third countries via the link “Data preferences” in the footer of the respective website or directly via the link “Set preferences” in the cookie banner of the respective website.

Legal basis:
The legal basis for Marketing Tools is, unless otherwise stated, your consent according to Art. 6 para. 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 para. 1 lit. a GDPR). If personal data is transferred to these third countries, there is a risk that personal data may be collected and analyzed by authorities and that data subjects’ rights guaranteed under EU law may not be enforced. If you consent to the use of cookies, your consent also extends to these data transfers to third countries and the processing there.

You can revoke your consent for Analytics and Marketing tools at any time. To do so, click on the link “Data preferences” in the footer of the respective website or open the settings directly via the link “Set preferences” in the cookie banner of the respective website. There you can also change the selection of the tools you wish to consent to using, as well as obtain additional information about the cookies and the respective storage periods. Alternatively, you can assert your revocation for certain tools directly with the provider.

3.4. USER DATA & ANALYTICS ON OUR PRODUCT SITES

4. ONLINE PRESENCE ON SOCIAL MEDIA

Tradebyte maintains social media profiles on the social networks including so-called “fan pages”. On our social media profiles we regularly publish and share content, offers, and product recommendations. With every interaction on our social media profiles, the operators of the social networks record your usage behavior with cookies and similar technologies. Tradebyte can view general statistics on the interests and demographics (such as age, gender, region) of the  audience. When you use social networks, the nature, scope, and purposes of processing the data in social networks are determined primarily by the social network operators.

4.1. PROVIDER / RESPONSIBLE PERSON FOR FAN PAGE

The responsible Tradebyte company, which acts as the content provider of a social media profile, can be found in the imprint information on the respective social media profile.

The social networks Facebook and Instagram are each offered by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

The social network LinkedIn is offered by LinkedIn Ireland Unlimited Company, Gardner House 2, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

The social network Twitter is offered by Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”).

The social networks Xing/Kununu are offered by XING SE, Dammtorstraße 30, 10354 Hamburg, Germany (“Xing”).

If you communicate directly with us through our social media profiles including fan pages or share personal content with us, Tradebyte is responsible (Data Controller) for the processing of your data. An exception applies to the data processing described in the usage analysis (including page insights); to learn more about the legal basis of data processing carried out by the social networks on their own responsibility, please refer to the privacy policy of the respective social network.

Processing of your data by operators of social networks 

Please note that social networks also use your data when you use our social media profiles including fan pages for its own purposes, which are not shown in this Privacy Policy. We have no influence on these data processing operations on social networks. In this regard, we refer to the privacy policies of the respective social networks:

Privacy Policy Facebook

Privacy Policy Instagram

Privacy Policy LinkedIn

Privacy Policy Twitter

Privacy Policy Xing

4.2. WHICH DATA IS COLLECTED?

When you visit our social media profiles, Tradebyte collects all communications, content, and other information that you provide to us directly, such as when you post something on a social media profile or send us a private message. Of course, if you have an account on the social network, we can also see your public information, such as your username, information in your public profile, and content that you share with a public audience.

Usage analysis (Page Insights)

With every interaction with a social media profile, a respective operator of social networks uses cookies and similar technologies to track the usage behavior of page visitors. On this basis, the operators of social networks receive so-called “page insights” or otherwise named usage analysis data. Usage analysis data contain only statistical, depersonalized (anonymized) information about visitors to the social media profile, which can therefore not be assigned to a specific person. We do not have access to the personal information the social networks use to create usage analysis data. The selection and processing of usage analysis data is done exclusively by the social networks.

With the help of usage analysis data, we gain insights into how our social media profiles are used, what interests the visitors of our social media profiles have, and what topics and content are particularly popular. This allows us to optimize our social media activities, for example, by better tailoring and selecting our content in accordance with the interests and usage habits of our audience.

Legal basis:
The legal basis of this data processing is Art. 6 (1) para. 1 lit. f GDPR, based on our legitimate interest in effectively informing users and communicating with users, or Art. 6 (1) para. 1 lit. b GDPR, in order to stay in contact with and inform our customers and to execute pre-contractual measures with future customers and interested parties.

For the legal basis of data processing carried out by the social networks on their own responsibility, please refer to the privacy policies of the respective social networks. You can also obtain further information on the respective data processing under the links below.

Below is a list with information on the social networks on which we operate online presences:

Facebook

• Tradebyte and Facebook are jointly responsible for processing your data for the provision of Page Insights. You can view the agreement with Facebook here:

Information about Pages Insights 

• Facebook has summarised the key contents of this agreement (including a list of Page Insights data) for you here:

Information on Page Insights Data

Instagram

• Tradebyte and Instagram/Facebook are jointly responsible for processing your data for the provision of Page Insights. You can view the agreement with Facebook here:

Information about Pages Insights 

• Instagram/Facebook has summarised the key contents of this agreement (including a list of Page Insights data) for you here:

Information on Page Insights Data

LinkedIn

• Tradebyte and LinkedIn are jointly responsible for processing your data on the LinkedIn company page for the provision of Page Insights (so-called Page Insights Joint Controller Addendum). LinkedIn has summarised information on the Page Insights data processed and the contact options in the event of data protection requests here:

Page Insights Joint Controller Addendum

Twitter

• Twitter has summarised information on the data processed and the contact options in the event of data protection requests here:

Privacy Policy Twitter

Xing/Kununu

• Xing has summarised information on the data processed and on the contact options in the event of data protection requests here:

Privacy Policy Xing

4.3. WHAT PRIVACY RIGHTS DO I HAVE?

Your data protection rights are described under “8. What data protection rights do I have?” also apply, of course, with regard to processing of your data in connection with our social media profiles. We would like to point out that data protection requests (e.g. objection) can be most efficiently exercised with the respective operator of the social network, as only these operators have access to the data and can directly take appropriate measures.

You can also address your inquiries to us. We will then forward your request to the respective social network.

5. NEWSLETTER

We offer various newsletter services. For information on the topics covered by each newsletter and other tips, sign up for a newsletter service. When using our newsletter, we also collect device and access data.

5.1. HOW DO I SIGN UP?

For sending our newsletters we use the so-called double opt-in procedure, i.e. we will only send you a newsletter if you have previously expressly agreed that we should activate the newsletter service. You must also have confirmed that the email address you have provided is yours. For this purpose, we will send you a notification email and ask you to confirm that you are the owner of the provided email address by clicking on a link contained in this email.

5.2. HOW DO I UNSUBSCRIBE?

If you no longer wish to receive newsletters from us, you can object at any time without incurring any costs other than the transmission costs according to the basic rates of the respective provider. A message in text form (e.g. email, fax, letter) is sufficient. Of course, you will also find an unsubscribe link in every newsletter.

5.3. WHICH DATA IS COLLECTED?

When you sign up for a newsletter, we automatically save your IP address and the times of registration and confirmation. In this way, we can prove that you have actually registered and, if necessary, recognize the misuse of your email address.

We collect device and access data that is generated by your interaction with a newsletter. For this analysis, the newsletters contain references to image files stored on our web server. When you open a newsletter, your email program loads these image files from our web server. We collect the resulting device and access data in a pseudonymized form under a randomly generated identification number (newsletter ID), which we will not use for your identification without your consent . This is so that we can understand if and when you have opened which issues of a newsletter. The links contained in the newsletters also contain your newsletter ID, so that we can record which content is of interest to you.

Furthermore, we collect data on your user behaviour on our website when you browse our website after visiting a link in the newsletter.

You can object to the newsletter and behavioural analysis at any time by unsubscribing from the respective newsletter service. Of course, you will also find an unsubscribe link in each issue of our newsletter. Further information can be found under “8. What privacy rights do I have?”.

Alternatively, you can disable the display of images in your email program. In this case, however, you will not be able to view the newsletter completely.

6. WITH WHOM IS MY DATA SHARED?

Tradebyte will only pass on your data if it is permitted under German or European data protection law. We work very closely with some service providers, for example with technical service providers (e.g. operation of computer centers). These service providers may only process your data under special conditions on our behalf. Insofar as we use them as a processor, the service providers will only be able to access your data to the extent and for the period required for the provision of the respective contractually agreed services.

6.1. ZALANDO GROUP COMPANIES

Tradebyte is a Zalando Group company that shares many systems and technologies. This allows us to offer you a less expensive, better, safer, more consistent, and interesting service. Therefore, those companies and departments within the Zalando Group, which need access to this data to fulfill our contractual and legal obligations or to fulfill their respective functions within the Zalando Group, have access to your data.

6.2 TECHNICAL SERVICE PROVIDERS

We work with technical service providers to provide you with our services. These service providers include, for example, Salesforce.com, EMEA Ltd. or Amazon Web Services, Inc. If they process your information outside the European Union, this may result in your information being transferred to a country with lower privacy than in the European Union. Tradebyte will in such cases ensure that the service providers in question, by contract or otherwise, guarantee an equivalent level of data protection.

6.3. EVENT MANAGEMENT

For the planning and organization of our events we use service providers, such as Meetup. We select these service providers carefully to ensure that your personal information is properly stored and processed as part of your registration for one of our events.

6.4. AUTHORITIES AND OTHER THIRD PARTIES

If we are required by a decision of the authorities or court or in the case of defense of legal claims, we pass on your data to law enforcement authorities or other third parties if necessary.

7. DATA TRANSFER TO THIRD COUNTRIES

As explained in this Privacy Policy, we use services of providers which are partly located in or process personal data in so-called third countries (outside the European Union or the European Economic Area), i.e. countries whose level of data protection does not correspond to that of the European Union.

Insofar as this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include, among others, the Standard Contractual Clauses of the European Union or binding corporate rules.

Where this is not possible, we rely on the derogations of Art. 49 GDPR, in particular your explicit consent or necessity of data transfer for performance of the contract or for implementation of the pre-contractual measures.

If a third country data transfer is foreseen and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may obtain access to the transferred data in order to collect and analyse it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie consent banner, you will also be informed about it.

8. WHAT PRIVACY RIGHTS DO I HAVE?

Under the respective statutory conditions, you have the following data protection rights:

Right to information (Article 15 GDPR), right to erasure (Article 17 GDPR), right to rectification (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with a supervisory authority (Article 77 GDPR), right to withdraw the consent (Article 7 para 3 GDPR) and the right to object to certain data processing activities (Article 21 GDPR). The contact details for exercising your rights can be found under “11. Changes to this Privacy Policy and contacts”.

Important notes:

• As far as providers of goods use our software solution for the connection to online shops, requests for information and the assertion of other claims by end customers whose data are processed via our software are to be asserted directly to the provider of the goods as the data controller.
• In order to ensure that your data is not disclosed to third parties in the case of requests for information, we always require sufficient proof of identity.
• The competence and jurisdiction of the data protection authorities are determined in accordance with the registered office of the data controller. You may, however, contact any data protection authority in any member state of the European Union, in particular at your place of residence, which will forward your complaint to the competent authority. The Lead Authority responsible for Tradebyte is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.
• If you have given your consent to the processing of your data, you can withdraw it at any time. A withdrawal does not affect the admissibility of the processing of your data carried out before your withdrawal.
• You can object to the processing of your data for advertising purposes, including direct mail (also in the form of data analysis) at any time without stating reasons.
• If the processing of your data is based on a balance of interests pursuant to Article 6 para. 1 lit. f GDPR, you can object to the processing. If you object, we kindly ask you to explain the reasons why we should not process your data. In the case of your justified objection, we will examine the situation and will either discontinue or adjust the processing or inform you of our compelling reasons worthy of protection, on the basis of which we may continue the processing.

9. WHEN WILL DATA BE DELETED?

We will store your personal information for as long as necessary for the purposes set out in this Privacy Policy, in particular to meet our contractual and legal obligations. Possibly, we will also store your personal information for other purposes if and as long as the law allows us to store it for specific purposes, including for the defense of legal claims.

Deletion may be waived in the cases permitted by law, in the case of anonymous or pseudonymised data, which would render the processing impossible or seriously detrimental to scientific research or statistical purposes.

10. HOW DOES TRADEBYTE PROTECT MY DATA?

Your personal data is securely transmitted using encryption. We use the protocol SSL (Secure Socket Layer). Furthermore, we protect our website and other systems by technical and organizational measures against loss, destruction, access, modification, or dissemination of your data by unauthorized persons.

11. CHANGES TO THIS PRIVACY POLICY AND CONTACTS

In the course of the development of our websites, the implementation of new technologies and in order to improve our services to you, changes to this Privacy Policy may be required. Therefore, we recommend that you review this Privacy Policy from time to time.

You can reach out to our Privacy Team for general questions on privacy and in order to exercise your data protection rights by sending an email to dataprotection@tradebyte.com.

In order to directly contact our Data Protection Officer, please send your inquiry to the following postal address indication that it is “for the attention of Data Protection Officer”:

Data Protection
Tradebyte Software GmbH
Bahnhofsplatz 8
91522 Ansbach

Telefax: +49 (0)981 20822-222
Email: dataprotection@tradebyte.com