Privacy Policy

Last modified 19.10.2020
In the event of any conflicts between the English and German versions of these General Terms and Conditions, only the German version shall be authoritative. The English translation is for information purposes only.
We at TradeLink take data protection issues very seriously and want to ensure that your privacy is protected at all times when using our services. In the following privacy policy we would therefore like to explain how your data is handled on tradelink.services ("TradeLink platform").

I. General information about the collection of personal data

The TradeLink platform is operated by TradeLink, TL Digital Solutions GmbH ("TradeLink"). This Privacy Policy describes how TradeLink ("we," "us," and "our") uses and protects personal data collected through the TradeLink Platform.
Personal data is any data that is personally identifiable to you, such as your title, name, address, email address, IP address, etc. Your personal data will only be collected and processed by us in accordance with the provisions of the EU General Data Protection Regulation ("GDPR") as well as other provisions of European and applicable national data protection law.
This data protection declaration refers exclusively to our TradeLink platform. If you are forwarded to third-party websites or apps via links from our TradeLink platform, please inform yourself there about the respective handling of your data.

II. Contact information of the data controller and data protection officer

The data protection controller within the meaning of the GDPR and all other applicable EU data protection laws ("Controller") is TradeLink. If you have any questions, suggestions or criticisms regarding the data protection of our TradeLink platform, please contact:

TradeLink
TL Digital Solutions GmbH
Leopoldstrasse 8
80802 Munich
E-mail: datenschutz@tradelink.co

Any person concerned subject may also contact our data protection officer directly at any time with any questions or suggestions regarding data protection. You can reach him at the following address: Mr. René Rautenberg
ER Secure GmbH
In the Knackenau 4
82031 Grünwald
as well as via datenschutz@tradelink.co.

III. Explanations on the legal basis and the storage period

1. Legal basis for the processing of personal data

Insofar as we obtain consent from you for the processing of personal data, Art. 6 (1) a) DSGVO is the legal basis for the processing of personal data. Any consent can be revoked by you with effect for the future.
When processing personal data that is necessary for the performance of a contract with you or your company, Art. 6 (1) b) DSGVO is the corresponding legal basis. This also applies to processing operations that already become relevant pre-contractually.
Insofar as processing of your personal data is necessary to comply with one of our legal obligations, Art. 6 (1) c) DSGVO serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not override our legitimate interest, Art. 6 (1) f) DSGVO serves as the legal basis for the processing.

2. Storage period and deletion of data

The personal data collected, processed and stored by us are generally only stored by us for as long as the specific purpose of the storage requires. If the purpose of storage ceases to apply, your data will be deleted or its processing restricted.
In addition, however, it may be that European regulations, applicable national laws or other regulations require longer storage of the data processed by us. If these storage periods expire, we will delete your data or restrict the processing thereof.

IV. Your rights

Insofar as we process personal data from you, you are a "data subject" within the meaning of the GDPR. As a data subject, you have the following rights vis-à-vis TradeLink:

1. Right to information regarding processing

You can request information from us at any time within the scope of the statutory provisions as to whether personal data is being processed by us. If this is the case, you have the right to request information about the scope of data processing (Art. 15 DSGVO).

2. Right to rectification

You have the right to have your data corrected and/or completed vis-à-vis TradeLink if the personal data processed concerning you is inaccurate or incomplete (Art. 16 DSGVO).

3. Right to restriction of processing

If the conditions for this exist, you can demand the restriction of the processing of your personal data (Art. 18 DSGVO).

4. Right to deletion

You may request TradeLink to delete the personal data concerning you without undue delay, if the conditions for this exist. The right to erasure does not exist insofar as the processing is necessary (Art. 17 DSGVO).

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against TradeLink, TradeLink is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a unreasonable effort. The controller shall inform about these recipients if you so request (Art. 19 DSGVO).

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to TradeLink in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another company without hindrance by TradeLink, to which the personal data was provided, provided that the conditions for this are met (Art. 20 DSGVO).

7. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you being carried out on the basis of Art. 6(1)(f) DSGVO (Art. 21(1) DSGVO). The consequence of the objection is that TradeLink will no longer process the personal data concerning you, unless TradeLink can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing (Article 21(2) of the GDPR).
You can inform us of your objection using the following contact details:


TL Digital Solutions GmbH
Leopoldstrasse 8
80802 Munich
E-mail: datenschutz@tradelink.co

8. Right to revoke the declaration of consent under data protection law

If you have submitted a declaration of consent under data protection law, you may revoke this at any time (Art. 7 DSGVO). The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR (Art. 77 GDPR).

V. Visits to the TradeLink platform and creation of logfiles

Each time you visit our TradeLink platform, our system automatically collects data and information from your computer system. In particular, the following of your data is collected:

  • the page from which the file was requested
  • the name of the file
  • the date and time of the request
  • the duration of your visit
  • the amount of data transferred
  • the access status (i.e. whether the file was transferred or possibly not found, etc.)
  • the anonymized IP address of the requesting computer
  • a description of the type and version of the web browser used
  • the operating system installed and the resolution set
The aforementioned data collected by us about you is stored in the log files of our system. A storage of these data together with other personal data, does not take place in principle.
The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 f) DSGVO. We have a legitimate interest in collecting and temporarily storing the aforementioned data, as the temporary storage of the IP address by the system is necessary to enable the delivery of the website to your computer. The storage in log files is done to ensure the functionality of the website. In addition, this data is used to optimize our website and to ensure the security of our information technology systems. An evaluation of your log files for marketing purposes does not take place.
The data will be deleted or alienated so that an assignment to you is no longer possible as soon as they are no longer required for the purpose stated here. In the case of storage of data in log files, the data is usually deleted after seven days.

VI. Contacting TradeLink

1. By e-mail and telephone

On our TradeLink platform, an e-mail address as well as a telephone number is provided, which you can use to contact us. If you send us an e-mail, we will store your e-mail address and other data you have provided. Even if you call us, it is possible that we store the data we need to answer your inquiry. The legal basis for the processing is Art. 6 (1) b) and f) DSGVO, as the contact may be a contract initiation. However, TradeLink also has a legitimate interest in processing your data in order to be able to respond to you.
In the event that we would like to use your data, in particular your telephone number or e-mail address for marketing purposes, we will ask for your consent in advance. In this case, Art. 6 (1) a) DSGVO is the legal basis. You can revoke your consent at any time with effect for the future. In the case of direct marketing, we also base the processing of the data on our legitimate interest according to Art. 6 (1) f) DSGVO.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal or contractual archiving obligations that prevent its deletion. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.
At the time of sending your message, the following data is also stored:

  • Your IP address and
  • Date and time of your contact.
These other personal data processed during the sending process serve to prevent misuse of the e-mail and to ensure the security of our information technology systems. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The data is used exclusively for processing the conversation. The legal basis for the processing of the data is Art. 6 para. 1 f) DSGVO.

2. Via contact form

A contact form is available on our website, which can be used by you to contact TradeLink electronically. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored.
The legal basis for the processing of the data is Art. 6 (1) a), b) or f) DSGVO. The processing of personal data from the input mask of our contact form serves us - in addition to the above-mentioned purposes - solely to process your request, which is in our interest. This may involve, for example, the initiation of a contract. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal archiving obligations to prevent its deletion. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.
At the time your message is sent, the following data is also stored:

  • Your IP address;
  • Date and time of your contact.
These other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems. The legal basis for the processing of the data is Art. 6 para. 1 f) DSGVO. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The data is used exclusively for processing the conversation.

VII. Registered user on the TradeLink platform

1. Processing by TradeLink

To use the TRADLINK platform, registration via a form provided by us is required. Within the scope of this registration there are certain mandatory data to be provided by you as well as voluntary data which are marked separately.
We use, store and process this data, as this is necessary for the establishment, content or modification of the user relationship between you and us, as well as for the use and billing of the related services.
The legal basis for the aforementioned data processing on the TRADLINK platform is Art. 6 (1) b) and f) DSGVO. We delete your data insofar as it is no longer required for the aforementioned purpose and no contractual or legal retention periods exist. This is the case at the latest after 10 years.

2. Accessibility of data for other users

Other users of the TradeLink platform may see the following personal data from you within the scope of the intended use of the platform:

  • Name
  • Content of messages sent to users
  • Information about the assigned company (name, address, website)
  • Professional email address
  • Professional phone number
  • Profile picture
  • Participation in notification, delivery and ordering processes
  • Comments on such processes
  • Actions related to such processes, which are stored per notification in the notification history accessible to all authorized users
  • Issued invitations to other users
  • Usual information about browser and device settings
We delete your data as soon as it is no longer required for the purpose and no legal or contractual retention periods exist.

VIII. Use of cookies and marketing measures

1. Cookies in general

In addition to the previously mentioned data, when you use our TradeLink Platform, various types of cookies are used and stored on your computer or mobile device. Cookies are small text files that are stored on your computer or mobile device when you visit our TradeLink Platform. Various information flows to us as a result of the cookies being set.
We use the following types of cookies:

  • Necessary cookies: cookies may be necessary for our website to function properly.
  • Functional cookies: by using cookies, we can also provide you with more user-friendly services that would simply not be possible without the cookie setting.
  • Tracking cookies: With the help of setting a cookie, the information and offers on our website can, for example, be optimized in the sense of the user to their needs. Cookies enable us, as already mentioned, to recognize you on our website. The purpose of this recognition is to make it easier for you to use our website.
  • Analysis cookies: Cookies can also be used to analyze website usage. In this case, it is then determined, for example, how many users visit the website and at which points the website can possibly be improved. In this analysis, however, no connection is made between you and the statistics compiled on the basis of the data collected. If we use cookies for analysis, we will inform you about this.
If we obtain consent from you, Art. 6 (1) a) DSGVO is the legal basis. Consent can be revoked at any time with effect for the future. If the cookies are necessary for the platform use, Art. 6 para: 1 b) DSGVO is the correct legal basis. Otherwise, we base the processing on our legitimate interest according to Art. 6 para. 1 f) DSGVO: We would like to provide you with a constantly updated comprehensive offer.
We use the data collected through cookies for as long as they are required for the respective purpose mentioned.

2. Use of cookies

Cookies are stored on your computer. You can decide at any time whether to delete the cookies from your computer. Through the settings in your browser, you can determine for yourself whether the transmission of cookies from your computer to us should be disabled, limited or the cookies should even be deleted completely. If you deactivate all cookies for our website, it may no longer be possible to use all functions of the website to their full extent. The following list provides more information on how to disable or manage your cookie settings in the browser you use:

In addition, you have the option to customize your cookie settings directly on our TradeLink platform. By clicking on "Cookies", you can select which types of cookies you would like to enable on our TradeLink Platform and which ones you would like to disable by opting out. You can change your settings at any time. Please note: If you delete your cookies, this will result in the opt-out cookie also being deleted and you may have to activate it again.

IX. Integration of third-party services

1. Principles

We will generally only share your personal data with service providers, business partners and other third parties in accordance with applicable data protection laws and will provide you with sufficient information about this. We may disclose personal data to service providers engaged by us and require them to perform services on our behalf. In doing so, we comply with the strict applicable national and European data protection regulations. The service providers are subject to our instructions and are subject to strict contractual restrictions regarding the processing of personal data. Accordingly, processing is only permitted to the extent necessary to perform the services on our behalf or to comply with legal requirements. It is specified in advance by us exactly what rights and obligations our service providers should have with respect to personal data.
We may disclose personal data to a third party if we are required to do so by law or legal process or to provide and administer our services. In addition, we may be required to provide information to a law enforcement or other government agency. If disclosure of information is necessary for TradeLink's cooperation and thus provision of services to you, or if you declare your consent, we are also authorized to disclose data. Also, if company audits are pending, disclosure is usually unavoidable.

2. Web hosting

Our TradeLink platform, and therefore your data, is hosted by us on Heroku, a service provided by salesforce.com Inc. among others. To provide cloud infrastructure services, TradeLink uses the services of Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States ("Salesforce"). Salesforce may only access the data as instructed by us (commissioned processing). Salesforce also takes strict technical measures to protect your personal data. Salesforce will not disclose your personal data to third parties unless the disclosure is necessary to perform the agreed services or Salesforce must do so to comply with the law or a valid and binding order of a governmental or regulatory authority. Data transferred for this purpose will be kept to the minimum necessary. Salesforce uses servers located in the EEA whenever possible. However, it cannot be ruled out that data may also be transferred to the USA. We have therefore concluded an order processing agreement with Salesforce together with standard data protection clauses.
Furthermore, Salesforce will take the necessary steps to ensure that an adequate level of data protection is maintained. The legal basis for the processing of your data is Art. 6 (1) f) DSGVO. The purpose of the data processing is that Salesforce allows us to store data on Salesforce servers.
We store the data for no longer than the statutory retention periods. For more information on data protection at Salesforce, please visit: https://www.salesforce.com/company/privacy/.

3. Google Cloud Services

Our Platform uses Google Cloud services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, ("Google Cloud"). Google Cloud provides cloud storage, which we use to transfer and store documents on our Platform. By using Google Cloud, we may obtain the following data through the documents you provide to us: Names, addresses, email addresses, phone and fax numbers, text entries, photographs, videos. Google may receive usage data (web pages visited, interest in content, access times) and meta/communication data (device information, IP addresses) that are used by Google for service optimization and security purposes.
If publicly accessible content, documents or forms are offered by us with Google Cloud, cookies may be stored by Google for the purpose of traffic analysis and/or to remember your settings. Google Cloud sets so-called long-term cookies, which are not deleted immediately after your visit to our TradeLink platform. Cookies are deleted by the provider after up to 26 months. The data is stored on Google's servers. Google Cloud uses servers located in the EEA whenever possible. However, it cannot be ruled out that data may also be transferred to the USA. We have concluded an order processing agreement with Google, including standard data protection clauses.
The use of Google Cloud serves the better execution of contracts with you as well as the possible initiation of contracts, whereby Art. 6 (1) b) and f) DSGVO legitimizes the processing. We will only process your data as long as it is necessary for the purpose of the data collection.
More information about Google Cloud and privacy can be found here: https://cloud.google.com/terms/data-processing-terms, https://cloud.google.com/terms/ and https://cloud.google.com/security/privacy, https://www.google.com/policies/privacy.

4. Azure Active Directory

TradeLink uses Azure Active Directory, a service provided by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521 Ireland.
Azure Active Directory is a single sign-on (SSO) solution that allows customers to log in to the platform using their existing Microsoft account without creating their own platform account. This service is optional and does not have to be used.
The legal basis for the processing is Art. 6 para. 1 a) DSGVO.
We will only process your data as long as it is necessary for the purpose of the data collection (in this case, the creation of statistics and their evaluation).
As far as possible, the data will be processed on European servers. There may be data transfer to the USA when using Azure Active Directory. For this case, we have concluded standard data protection clauses with Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, taking into account additional security measures.
For more information on Azure Active Directory privacy, please see here: https://azure.microsoft.com/de-de/overview/trusted-cloud/privacy/

5. Intercom

We use Intercom. This is a communication service intended to improve communication between customers/users and us. By using Intercom, we can communicate with customers and users in a faster and more targeted manner via a chat, a ticket system or chatbots, and thus provide an even better user experience and better customer support. Also, using Intercom allows us to improve our own platform through surveys and A/B testing. Furthermore, the use of Intercom enables information to be communicated to customers directly via our platform through the use of banners, news and push notifications. Finally, customer onboarding can be enhanced through the use of intercom, for example by offering product tours or by explaining the product functions.

According to its own statements, Intercom may use information from you to improve and develop its own services. In this way, usage behavior in particular can be analysed, for example to identify trends. In addition, Intercom uses information from you to provide you with technical support in using the Intercom service.

You can view Intercom's data protection information as the processing company here: https://www.intercom.com/legal/privacy.

The legal basis is Section 25 (1) TTDSG, Article 6 (1) (a) GDPR. Data processing company: Intercom R&D Unlimited Company, Stephen Court, 18-21 Saint Stephens Green, Dublin, Ireland (EEA and Switzerland). The place of processing is Ireland. The data will be deleted as soon as they are no longer required for the purposes of processing. You can revoke your consent at any time with effect for the future by deselecting the cookies that are not required in the cookie settings. The legality of the data processing that took place on the basis of the consent until the revocation is not affected by this.

The following data is collected:

  • First and Last Name
  • E-mail address (also information collected by third parties)
  • Telephone number (also information collected by third parties)
  • Name of the company for which the user works (including information collected by third parties)
  • Position of the user in the company (including information collected by third parties)
  • Operating system and version of the operating system
  • Hardware model and manufacturer
  • screen resolution
  • Device identifiers
  • Websites visited before using the Intercom service
  • Time spent viewing a screen/page
  • Date and time of the query
  • Activity Status (First Visit, Last Visit, Last Interaction, Last Contact)
  • visited pages
  • Clicked links
  • language preferences
  • Tags associated with customer account
  • User ID assigned by Intercom
  • Social Networking Profile Information Collected by Third Parties
  • Information collected from third parties that the user has viewed or interacted with Intercom content
  • User Avatar Information Collected by Third Parties
  • Geolocation Data Collected by Third Parties
  • Communication content in Messenger (will be kept for the user by cookie for up to one week after the end of use)

Data processing purposes are provision of communication services, system messages from Intercom and improvement of Intercom products. Technology used includes cookies, local storage, session storage. You can view Intercom's cookie policy here: https://www.intercom.com/legal/cookie-policy. The cookies used are the messenger cookies listed there.

Data recipients are:

  • Amazon Web Services, Inc (Ireland)
  • Cloudflare, Inc (Ireland)
  • Intercom Inc (Ireland)

No data is transferred to third-party countries (outside of the European Union), see Intercom European Data Hosting Addendum.

6. Application development and website maintenance

We work with external service providers for application development and website maintenance.
Our service providers may only access data within the scope of our instructions (order processing). Our service providers also take strict technical measures to protect your personal data. Our service providers do not disclose your personal data to third parties unless the disclosure is necessary to perform the agreed service or our service providers must do so to comply with the law or a valid and binding instruction from a governmental or regulatory authority. The data transferred for this purpose will be limited to the minimum necessary. Our service providers are subject to our instructions and are subject to strict contractual restrictions regarding the processing of personal data. Accordingly, processing is only permitted to the extent necessary to perform the services on our behalf or to comply with legal requirements. It is specified in advance by us exactly which rights and obligations our service providers should have with regard to personal data.
The legal basis for the processing of your data is Art. 6 para. 1 f DSGVO. The purpose of the data processing is that our service providers maintain our database for us and develop the website. Our service provider will store your data for as long as it is necessary to achieve the purpose.

X. Joint responsibility

TradeLink and its customers have jointly determined the means and purposes of the processing activities described in more detail below for certain processing operations. In this respect, they are joint controllers within the meaning of Art. 4 No. 7; 26 DSGVO. This section serves to inform you about the essentials of the agreement.
The joint determination of purposes and means exists in relation to such processing operations that are directly related to the intended use of the provided functionalities of the platform by the customers. The joint responsibility does not include the decision on the selection of service providers for the basic operation of the platform, such as hosting service providers. The responsibility for these operations lies solely with TradeLink. TradeLink undertakes to provide the data subjects with the obligatory information pursuant to Art. 13, 14 DSGVO with regard to the use of the platform.
The customer acts primarily as the point of contact for data subjects pursuant to Art. 26 (1) sentence 3 DSGVO.

Both parties shall provide the data subject with a copy of the personal data being processed upon request pursuant to Art. 15 GDPR and provide the necessary information. A data subject may request the erasure of personal data held by the parties from either party pursuant to Art. 17 GDPR. When this request is made, one party will inform the other party of the request and what data is to be erased. Both parties will process requests for restriction of processing in accordance with Art. 18 GDPR. Should one party restrict processing, it will inform the other if this request relates to joint processing. Both parties will handle all requests regarding the right to information of data subjects. If a data subject has asserted his or her right to rectification, erasure or restriction of data against a Party, that Party must communicate any rectification or erasure of personal data or any restriction of processing to the other Party and to any recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort (Article 19 GDPR). The Contracting Party shall inform the Data Subject of these recipients, insofar as the Data Subject so requests.

Both parties will process all requests for data transfer in accordance with Art. 20 DSGVO. If this request relates exclusively to processes carried out by one party or only to data stored by one party, this request will be forwarded directly to the other party. The data subject may exercise his/her right to object to one of the parties (Art. 21 GDPR). When exercising the right, one party shall inform the other of the objection. The parties may then no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or they demonstrate that the data must be processed for the establishment, exercise or defense of legal claims - unless the data are used exclusively for direct marketing. The data subject may, under the conditions of Art. 7 DSGVO, revoke consents given by him/her at any time vis-à-vis both parties. The parties shall inform each other of this. Notwithstanding the details of this supplementary agreement, a data subject may assert his or her rights under the GDPR with and against each of the joint controllers of the processing operation concerned, pursuant to Art. 26(3) GDPR.
Insofar as a data subject should contact one of the parties directly for the purpose of exercising his/her data subject rights, in particular for correction and deletion, of his/her data, this request shall be forwarded to the other party without delay, irrespective of the obligation to guarantee the data subject right. The parties shall support each other in guaranteeing the data subject rights.

XI. Security Standards

TradeLink has implemented appropriate physical, technical and administrative security standards to protect Personal Data from loss, misuse, alteration or destruction. Our service providers and affiliates are contractually obligated to maintain the confidentiality of personal data. In addition, they are not permitted to use the data for purposes not authorized by us.
Because the security of your data is important to us, your entire visit is conducted over a secure TLS connection. If personal data is collected, the data transfer is also TLS-encrypted. The TLS encryption process protects your data from unauthorized access on its way through the Internet.

XII. Changes to this statement

We may update this privacy statement from time to time. Therefore, we encourage you to periodically review this Privacy Statement so that you are aware of our privacy practices. This privacy statement was last updated on 10/19/2020.