Last modified 19.10.2020
In the event of any conflicts between the English and
German versions of these General Terms and Conditions, only the German version
shall be authoritative. The English translation is for information purposes
only.
We at TradeLink take data protection issues very seriously and want to ensure
that your privacy is protected at all times when using our services. In the
following privacy policy we would therefore like to explain how your data is
handled on tradelink.services ("TradeLink platform").
The TradeLink platform is operated by TradeLink, TL Digital Solutions GmbH
("TradeLink"). This Privacy Policy describes how TradeLink ("we," "us," and
"our") uses and protects personal data collected through the TradeLink
Platform.
Personal data is any data that is personally identifiable to you, such as your
title, name, address, email address, IP address, etc. Your personal data will
only be collected and processed by us in accordance with the provisions of the
EU General Data Protection Regulation ("GDPR") as well as other provisions of
European and applicable national data protection law.
This data protection declaration refers exclusively to our TradeLink platform.
If you are forwarded to third-party websites or apps via links from our
TradeLink platform, please inform yourself there about the respective handling
of your data.
The data protection controller within the meaning of the GDPR and all other applicable EU data protection laws ("Controller") is TradeLink. If you have any questions, suggestions or criticisms regarding the data protection of our TradeLink platform, please contact:
Any person concerned subject may also contact our data protection officer
directly at any time with any questions or suggestions regarding data
protection. You can reach him at the following address:
Mr. René Rautenberg
ER Secure GmbH
In the Knackenau 4
82031 Grünwald
as well as via datenschutz@tradelink.co.
Insofar as we obtain consent from you for the processing of personal data, Art.
6 (1) a) DSGVO is the legal basis for the processing of personal data. Any
consent can be revoked by you with effect for the future.
When processing personal data that is necessary for the performance of a
contract with you or your company, Art. 6 (1) b) DSGVO is the corresponding
legal basis. This also applies to processing operations that already become
relevant pre-contractually.
Insofar as processing of your personal data is necessary to comply with one of
our legal obligations, Art. 6 (1) c) DSGVO serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a
third party and your interests, fundamental rights and freedoms do not override
our legitimate interest, Art. 6 (1) f) DSGVO serves as the legal basis for the
processing.
The personal data collected, processed and stored by us are generally only
stored by us for as long as the specific purpose of the storage requires. If
the purpose of storage ceases to apply, your data will be deleted or its
processing restricted.
In addition, however, it may be that European regulations, applicable national
laws or other regulations require longer storage of the data processed by us.
If these storage periods expire, we will delete your data or restrict the
processing thereof.
Insofar as we process personal data from you, you are a "data subject" within the meaning of the GDPR. As a data subject, you have the following rights vis-à-vis TradeLink:
You can request information from us at any time within the scope of the statutory provisions as to whether personal data is being processed by us. If this is the case, you have the right to request information about the scope of data processing (Art. 15 DSGVO).
You have the right to have your data corrected and/or completed vis-à-vis TradeLink if the personal data processed concerning you is inaccurate or incomplete (Art. 16 DSGVO).
If the conditions for this exist, you can demand the restriction of the processing of your personal data (Art. 18 DSGVO).
You may request TradeLink to delete the personal data concerning you without undue delay, if the conditions for this exist. The right to erasure does not exist insofar as the processing is necessary (Art. 17 DSGVO).
If you have asserted the right to rectification, erasure or restriction of processing against TradeLink, TradeLink is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a unreasonable effort. The controller shall inform about these recipients if you so request (Art. 19 DSGVO).
You have the right to receive the personal data concerning you that you have provided to TradeLink in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another company without hindrance by TradeLink, to which the personal data was provided, provided that the conditions for this are met (Art. 20 DSGVO).
You have the right to object at any time, on grounds relating to your
particular situation, to the processing of personal data concerning you being
carried out on the basis of Art. 6(1)(f) DSGVO (Art. 21(1) DSGVO). The
consequence of the objection is that TradeLink will no longer process the
personal data concerning you, unless TradeLink can demonstrate compelling
legitimate grounds for the processing which override your interests, rights and
freedoms, or the processing serves the purpose of asserting, exercising or
defending legal claims.
If the personal data concerning you is processed for the purposes of direct
marketing, you have the right to object at any time to the processing of
personal data concerning you for the purposes of such marketing (Article 21(2)
of the GDPR).
You can inform us of your objection using the following contact details:
If you have submitted a declaration of consent under data protection law, you may revoke this at any time (Art. 7 DSGVO). The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR (Art. 77 GDPR).
Each time you visit our TradeLink platform, our system automatically collects data and information from your computer system. In particular, the following of your data is collected:
On our TradeLink platform, an e-mail address as well as a telephone number is
provided, which you can use to contact us. If you send us an e-mail, we will
store your e-mail address and other data you have provided. Even if you call
us, it is possible that we store the data we need to answer your inquiry. The
legal basis for the processing is Art. 6 (1) b) and f) DSGVO, as the contact
may be a contract initiation. However, TradeLink also has a legitimate interest
in processing your data in order to be able to respond to you.
In the event that we would like to use your data, in particular your telephone
number or e-mail address for marketing purposes, we will ask for your consent
in advance. In this case, Art. 6 (1) a) DSGVO is the legal basis. You can
revoke your consent at any time with effect for the future. In the case of
direct marketing, we also base the processing of the data on our legitimate
interest according to Art. 6 (1) f) DSGVO.
The data is deleted as soon as it is no longer required to achieve the purpose
for which it was collected and there are no legal or contractual archiving
obligations that prevent its deletion. The conversation is terminated when the
circumstances indicate that the matter in question has been conclusively
clarified.
At the time of sending your message, the following data is also stored:
A contact form is available on our website, which can be used by you to contact
TradeLink electronically. If you take advantage of this option, the data
entered in the input mask will be transmitted to us and stored.
The legal basis for the processing of the data is Art. 6 (1) a), b) or f)
DSGVO. The processing of personal data from the input mask of our contact form
serves us - in addition to the above-mentioned purposes - solely to process
your request, which is in our interest. This may involve, for example, the
initiation of a contract. The data is deleted as soon as it is no longer
required to achieve the purpose for which it was collected and there are no
legal archiving obligations to prevent its deletion. The conversation is
terminated when the circumstances indicate that the matter in question has been
conclusively clarified.
At the time your message is sent, the following data is also stored:
To use the TRADLINK platform, registration via a form provided by us is
required. Within the scope of this registration there are certain mandatory
data to be provided by you as well as voluntary data which are marked
separately.
We use, store and process this data, as this is necessary for the
establishment, content or modification of the user relationship between you and
us, as well as for the use and billing of the related services.
The legal basis for the aforementioned data processing on the TRADLINK platform
is Art. 6 (1) b) and f) DSGVO. We delete your data insofar as it is no longer
required for the aforementioned purpose and no contractual or legal retention
periods exist. This is the case at the latest after 10 years.
Other users of the TradeLink platform may see the following personal data from you within the scope of the intended use of the platform:
In addition to the previously mentioned data, when you use our TradeLink
Platform, various types of cookies are used and stored on your computer or
mobile device. Cookies are small text files that are stored on your computer or
mobile device when you visit our TradeLink Platform. Various information flows
to us as a result of the cookies being set.
We use the following types of cookies:
Cookies are stored on your computer. You can decide at any time whether to delete the cookies from your computer. Through the settings in your browser, you can determine for yourself whether the transmission of cookies from your computer to us should be disabled, limited or the cookies should even be deleted completely. If you deactivate all cookies for our website, it may no longer be possible to use all functions of the website to their full extent. The following list provides more information on how to disable or manage your cookie settings in the browser you use:
In addition, you have the option to customize your cookie settings directly on our TradeLink platform. By clicking on "Cookies", you can select which types of cookies you would like to enable on our TradeLink Platform and which ones you would like to disable by opting out. You can change your settings at any time. Please note: If you delete your cookies, this will result in the opt-out cookie also being deleted and you may have to activate it again.
We will generally only share your personal data with service providers,
business partners and other third parties in accordance with applicable data
protection laws and will provide you with sufficient information about this.
We may disclose personal data to service providers engaged by us and require
them to perform services on our behalf. In doing so, we comply with the strict
applicable national and European data protection regulations. The service
providers are subject to our instructions and are subject to strict contractual
restrictions regarding the processing of personal data. Accordingly, processing
is only permitted to the extent necessary to perform the services on our behalf
or to comply with legal requirements. It is specified in advance by us exactly
what rights and obligations our service providers should have with respect to
personal data.
We may disclose personal data to a third party if we are required to do so by
law or legal process or to provide and administer our services. In addition, we
may be required to provide information to a law enforcement or other government
agency. If disclosure of information is necessary for TradeLink's cooperation
and thus provision of services to you, or if you declare your consent, we are
also authorized to disclose data. Also, if company audits are pending,
disclosure is usually unavoidable.
Our TradeLink platform, and therefore your data, is hosted by us on Heroku, a
service provided by salesforce.com Inc. among others. To provide cloud
infrastructure services, TradeLink uses the services of Salesforce.com, inc.
Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105,
United States ("Salesforce"). Salesforce may only access the data as instructed
by us (commissioned processing). Salesforce also takes strict technical
measures to protect your personal data. Salesforce will not disclose your
personal data to third parties unless the disclosure is necessary to perform
the agreed services or Salesforce must do so to comply with the law or a valid
and binding order of a governmental or regulatory authority. Data transferred
for this purpose will be kept to the minimum necessary. Salesforce uses servers
located in the EEA whenever possible. However, it cannot be ruled out that data
may also be transferred to the USA. We have therefore concluded an order
processing agreement with Salesforce together with standard data protection
clauses.
Furthermore, Salesforce will take the necessary steps to ensure that an
adequate level of data protection is maintained.
The legal basis for the processing of your data is Art. 6 (1) f) DSGVO. The
purpose of the data processing is that Salesforce allows us to store data on
Salesforce servers.
We store the data for no longer than the statutory retention periods.
For more information on data protection at Salesforce, please visit:
https://www.salesforce.com/company/privacy/.
Our Platform uses Google Cloud services provided by Google Ireland Limited,
Gordon House, Barrow Street, Dublin 4, Ireland, ("Google Cloud"). Google Cloud
provides cloud storage, which we use to transfer and store documents on our
Platform. By using Google Cloud, we may obtain the following data through the
documents you provide to us: Names, addresses, email addresses, phone and fax
numbers, text entries, photographs, videos. Google may receive usage data (web
pages visited, interest in content, access times) and meta/communication data
(device information, IP addresses) that are used by Google for service
optimization and security purposes.
If publicly accessible content, documents or forms are offered by us with
Google Cloud, cookies may be stored by Google for the purpose of traffic
analysis and/or to remember your settings. Google Cloud sets so-called
long-term cookies, which are not deleted immediately after your visit to our
TradeLink platform. Cookies are deleted by the provider after up to 26 months.
The data is stored on Google's servers. Google Cloud uses servers located in
the EEA whenever possible. However, it cannot be ruled out that data may also
be transferred to the USA. We have concluded an order processing agreement with
Google, including standard data protection clauses.
The use of Google Cloud serves the better execution of contracts with you as
well as the possible initiation of contracts, whereby Art. 6 (1) b) and f)
DSGVO legitimizes the processing. We will only process your data as long as it
is necessary for the purpose of the data collection.
More information about Google Cloud and privacy can be found here:
https://cloud.google.com/terms/data-processing-terms,
https://cloud.google.com/terms/
and
https://cloud.google.com/security/privacy,
https://www.google.com/policies/privacy.
TradeLink uses Azure Active Directory, a service provided by Microsoft Ireland
Operations Ltd, One Microsoft Place, South County Business Park Leopardstown
Dublin 18, D18 P521 Ireland.
Azure Active Directory is a single sign-on (SSO) solution that allows customers
to log in to the platform using their existing Microsoft account without
creating their own platform account. This service is optional and does not have
to be used.
The legal basis for the processing is Art. 6 para. 1 a) DSGVO.
We will only process your data as long as it is necessary for the purpose of
the data collection (in this case, the creation of statistics and their
evaluation).
As far as possible, the data will be processed on European servers. There may
be data transfer to the USA when using Azure Active Directory. For this case,
we have concluded standard data protection clauses with Microsoft Corporation,
One Microsoft Way, Redmond, WA 98052-6399, USA, taking into account additional
security measures.
For more information on Azure Active Directory privacy, please see here:
https://azure.microsoft.com/de-de/overview/trusted-cloud/privacy/
We use Intercom. This is a communication service intended to improve communication between customers/users and us. By using Intercom, we can communicate with customers and users in a faster and more targeted manner via a chat, a ticket system or chatbots, and thus provide an even better user experience and better customer support. Also, using Intercom allows us to improve our own platform through surveys and A/B testing. Furthermore, the use of Intercom enables information to be communicated to customers directly via our platform through the use of banners, news and push notifications. Finally, customer onboarding can be enhanced through the use of intercom, for example by offering product tours or by explaining the product functions.
According to its own statements, Intercom may use information from you to improve and develop its own services. In this way, usage behavior in particular can be analysed, for example to identify trends. In addition, Intercom uses information from you to provide you with technical support in using the Intercom service.
You can view Intercom's data protection information as the processing company here: https://www.intercom.com/legal/privacy.
The legal basis is Section 25 (1) TTDSG, Article 6 (1) (a) GDPR. Data processing company: Intercom R&D Unlimited Company, Stephen Court, 18-21 Saint Stephens Green, Dublin, Ireland (EEA and Switzerland). The place of processing is Ireland. The data will be deleted as soon as they are no longer required for the purposes of processing. You can revoke your consent at any time with effect for the future by deselecting the cookies that are not required in the cookie settings. The legality of the data processing that took place on the basis of the consent until the revocation is not affected by this.
The following data is collected:
Data processing purposes are provision of communication services, system messages from Intercom and improvement of Intercom products. Technology used includes cookies, local storage, session storage. You can view Intercom's cookie policy here: https://www.intercom.com/legal/cookie-policy. The cookies used are the messenger cookies listed there.
Data recipients are:
No data is transferred to third-party countries (outside of the European Union), see Intercom European Data Hosting Addendum.
We work with external service providers for application development and website
maintenance.
Our service providers may only access data within the scope of our instructions
(order processing). Our service providers also take strict technical measures
to protect your personal data. Our service providers do not disclose your
personal data to third parties unless the disclosure is necessary to perform
the agreed service or our service providers must do so to comply with the law
or a valid and binding instruction from a governmental or regulatory authority.
The data transferred for this purpose will be limited to the minimum necessary.
Our service providers are subject to our instructions and are subject to strict
contractual restrictions regarding the processing of personal data.
Accordingly, processing is only permitted to the extent necessary to perform
the services on our behalf or to comply with legal requirements. It is
specified in advance by us exactly which rights and obligations our service
providers should have with regard to personal data.
The legal basis for the processing of your data is Art. 6 para. 1 f DSGVO. The
purpose of the data processing is that our service providers maintain our
database for us and develop the website. Our service provider will store your
data for as long as it is necessary to achieve the purpose.
TradeLink and its customers have jointly determined the means and purposes of
the processing activities described in more detail below for certain processing
operations. In this respect, they are joint controllers within the meaning of
Art. 4 No. 7; 26 DSGVO. This section serves to inform you about the essentials
of the agreement.
The joint determination of purposes and means exists in relation to such
processing operations that are directly related to the intended use of the
provided functionalities of the platform by the customers. The joint
responsibility does not include the decision on the selection of service
providers for the basic operation of the platform, such as hosting service
providers. The responsibility for these operations lies solely with TradeLink.
TradeLink undertakes to provide the data subjects with the obligatory
information pursuant to Art. 13, 14 DSGVO with regard to the use of the
platform.
The customer acts primarily as the point of contact for data subjects pursuant
to Art. 26 (1) sentence 3 DSGVO.
Both parties shall provide the data subject with a copy of the personal data being processed upon request pursuant to Art. 15 GDPR and provide the necessary information. A data subject may request the erasure of personal data held by the parties from either party pursuant to Art. 17 GDPR. When this request is made, one party will inform the other party of the request and what data is to be erased. Both parties will process requests for restriction of processing in accordance with Art. 18 GDPR. Should one party restrict processing, it will inform the other if this request relates to joint processing. Both parties will handle all requests regarding the right to information of data subjects. If a data subject has asserted his or her right to rectification, erasure or restriction of data against a Party, that Party must communicate any rectification or erasure of personal data or any restriction of processing to the other Party and to any recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort (Article 19 GDPR). The Contracting Party shall inform the Data Subject of these recipients, insofar as the Data Subject so requests.
Both parties will process all requests for data transfer in accordance with
Art. 20 DSGVO. If this request relates exclusively to processes carried out by
one party or only to data stored by one party, this request will be forwarded
directly to the other party. The data subject may exercise his/her right to
object to one of the parties (Art. 21 GDPR). When exercising the right, one
party shall inform the other of the objection. The parties may then no longer
process the personal data unless they demonstrate compelling legitimate grounds
for the processing which override the interests, rights and freedoms of the
data subject, or they demonstrate that the data must be processed for the
establishment, exercise or defense of legal claims - unless the data are used
exclusively for direct marketing. The data subject may, under the conditions of
Art. 7 DSGVO, revoke consents given by him/her at any time vis-à-vis both
parties. The parties shall inform each other of this. Notwithstanding the
details of this supplementary agreement, a data subject may assert his or her
rights under the GDPR with and against each of the joint controllers of the
processing operation concerned, pursuant to Art. 26(3) GDPR.
Insofar as a data subject should contact one of the parties directly for the
purpose of exercising his/her data subject rights, in particular for correction
and deletion, of his/her data, this request shall be forwarded to the other
party without delay, irrespective of the obligation to guarantee the data
subject right. The parties shall support each other in guaranteeing the data
subject rights.
TradeLink has implemented appropriate physical, technical and administrative
security standards to protect Personal Data from loss, misuse, alteration or
destruction. Our service providers and affiliates are contractually obligated
to maintain the confidentiality of personal data. In addition, they are not
permitted to use the data for purposes not authorized by us.
Because the security of your data is important to us, your entire visit is
conducted over a secure TLS connection. If personal data is collected, the data
transfer is also TLS-encrypted. The TLS encryption process protects your data
from unauthorized access on its way through the Internet.
We may update this privacy statement from time to time. Therefore, we encourage you to periodically review this Privacy Statement so that you are aware of our privacy practices. This privacy statement was last updated on 10/19/2020.