Data protection

Privacy policy of the Tropimarkt website

Tropimarkt UG (limited liability)

Levetzowstrasse 13

10555 Berlin, Germany

contact@tropimarkt.com


1. Security and protection of your personal data when visiting our website

The Tropimarkt UG (limited liability) (hereinafter referred to as “Tropimarkt” or “we”) takes the protection of personal data very seriously and applies the utmost care and state-of-the-art security standards to ensure this.

We consider it our primary responsibility to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access.

2. Definitions

To ensure a transparent and easily understandable explanation of the processing of personal data, we inform you about the individual legal definitions that are also used in this privacy policy:

  1. Personal data
    “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. processing
    “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  3. Restriction of processing
    “Restriction of processing” is the marking of stored personal data with the aim of limiting its future processing.
  4. Profiling
    “Profiling” means any type of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  5. Pseudonymization
    “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
  6. file system
    “Filing system” means any structured collection of personal data which is accessible according to specific criteria, regardless of whether this collection is maintained centrally, decentrally or according to functional or geographical considerations.
  7. Responsible
    ‘Controller’ means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
  8. Data processors
    “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  9. Recipient
    “Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  10. Third
    “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  11. consent
    “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Lawfulness of processing

The processing of personal data is only lawful if there is a legal basis for the processing. A legal basis for processing can be found in Article 6(1).
a – f GDPR in particular be:

  1. The data subject has given consent to the processing of their personal data for one or more specific purposes;
  2. The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. The processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. The processing is necessary to protect the vital interests of the data subject or of another natural person;
  5. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

4.Collection of personal data when visiting our website

When you use our website for purely informational purposes, i.e., if you do not register, make a purchase, or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (the legal basis for this is Article 6(1)(f) GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • each data volume transferred
  • Website from which the request originates
  • browser
  • Operating system and its interface
  • Language and version of the browser software.

5. Information on the collection of personal data – (email, contact form, customer account and online shop)

(1) Below we inform you about the collection of personal data when using our website (contact form, customer account and online shop)

When contacting us by email or via our Contact form The data you provide (email address, and optionally your name and phone number) will be stored by us in order to answer your questions. We will delete the data collected in this context once storage is no longer necessary, or restrict processing if there are legal retention obligations.

(3) When you purchase products through our website or create a customer account to manage your past or future orders, we collect the data we need to process the contract. This data is visible in the respective input fields for registration (customer account) or the order form. For an order, we require at least the mandatory information marked with an asterisk (*). We use this data in accordance with Article 6 Paragraph 1 Sentence 1 b GDPR for contract processing and to handle your inquiries.

Our shop is powered by SiteGround Spain S.L. Hosted by Inc. SiteGround Spain S.L. provides us with an e-commerce platform that allows us to sell you our products and services.

Your data will be stored via the data storage, database and generally by SiteGround Spain. S.L. Managed by SiteGround Spain S.L. Your data is stored on a secure server behind a firewall.

When you pay by credit card, Stripe stores your credit card information. This information is encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase data is stored only as long as necessary to complete the transaction. Once the transaction is complete, your purchase data is deleted. All direct payment gateways comply with the PCI-DSS standard and are managed by the PCI Security Standards Council – a joint initiative of Visa, MasterCard, American Express, and Discover. PCI-DSS compliance helps ensure secure payment processing of credit card information in our shop and with our service providers. More detailed information can be found in the Terms of Service. https://stripe.com/en-de/privacy can be read from Stripe.

(4) In addition to credit card payment, we offer other payment methods for the use of the webshop and use various payment service providers with whom we have concluded a data processing agreement.Depending on the payment method you choose, different data will be transmitted to the respective payment service provider. The legal basis for this transmission is Article 6(1)(f) GDPR. 6 Paragraph 1 Sentence Articles 1 a, b, f GDPR.

Below we list our payment service providers:

Stripe

Their privacy policy can be found at https://stripe.com/us/privacy can be viewed.

PayPal
When you pay for your purchase with PayPal, your personal data will be transmitted to PayPal. If you do not yet have a PayPal account, PayPal will prompt you to do so during the payment process. Using or opening a PayPal account requires transmitting information such as your name, address, telephone number, and email address to PayPal. The legal basis for this data transfer is Article 6(1)(a) and Article 6(1)(b) of the GDPR.

The operator of the payment service PayPal is:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
E-mail: impressum@paypal.com

By choosing PayPal as your payment option, you consent to the transfer of your personal data, such as name, address, telephone number, and email address, to PayPal. Further details regarding the data collected by PayPal can be found in PayPal's privacy policy, which is available at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Klarna
In the case of payment with Klarna, your personal data will be transmitted to Klarna Bank AB, which operates the payment service provider Klarna. The legal basis for the data transfer is Article 6 Paragraph 1 Sentence 1 a GDPR and Article 6 Paragraph 1 Sentence 1 b GDPR.

Klarna AB can be reached as follows:

Klarna Bank AB (publ)
Sveavägen 46
111 34 Stockholm
Sweden
Telephone: 0046 8-120 120 00
Fax: 0046 8-120 120 99
Contact: info@klarna.de

Klarna collects the following data when processing payments for orders from our online shop:

  • Name, date of birth, title, billing and shipping address, email address, mobile phone number
  • Information about ordered products
  • Information about income, credit obligations and payment notes
  • Location-related information
  • IP address

In addition, Klarna conducts an identity and credit check. The data you provide for your purchase is compared with existing data from a credit reference agency. This data processing is based on your explicit consent; the legal basis is Article 6(1)(a) GDPR. You can withdraw your consent at any time without giving reasons, with effect for the future, in accordance with Article 7(3) GDPR.

Detailed information on the data protection regulations of Klarna Bank AB (publ) can be found at https://www.klarna.com/de/datenschutz/

Wirecard
Information on the data protection regulations of Wirecard Bank AG can be found at https://www.wirecardbank.de/fileadmin/user_upload/wirecardbank/fileuploads/Dokumente/Wirecard_-_Kommunikation_Haendler_WDB_als_Controller_-_DE.PDF

(5) We will also pass on your contact details to the commissioned shipping company if this is necessary for processing the order (here: delivery of the goods).

(6) We are obliged under commercial and tax law to store your address, payment and order data for a period of ten years.However, after two years we restrict the processing, meaning your data will only be used to comply with legal obligations. The legal basis for this is Article 6 Paragraph 1 Sentence Article 1 c GDPR.

6. Newsletter

(1) With your consent, you can subscribe to our newsletter, which will inform you about our current special offers. The advertised goods and services are specified in the consent declaration. The legal basis is Article 6(1)(a) GDPR.

(2) We use the so-called double opt-in procedure for newsletter registration. This means that after you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 Once you confirm your registration, your information will be blocked and automatically deleted after one month. We also store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any potential misuse of your personal data.

(3) The only mandatory information required to send you the newsletter is your email address. Providing any other, separately marked data is voluntary and will be used to personalize our communication with you. After your confirmation, we will save your email address for the purpose of sending you the newsletter.

(4) You can withdraw your consent to receive the newsletter and unsubscribe at any time. You can do this by clicking on the link provided in every newsletter email or by sending a message to the contact details provided in the legal notice.

(5) We use the external service provider Emarsys as a data processor for sending the newsletter. A separate data processing agreement has been concluded with the service provider to ensure the protection of your personal data. Further information about Emarsys can be found on their website. https://www.emarsys.com/de/ provided.

7. Use of external tools on our website

We have integrated various tools from different companies into our website, which allow us to evaluate user behavior or create links with other websites.

We work with the following service providers for this purpose:

Google Analytics

The data controller has integrated the Google Analytics component (with anonymization function) on this website.

Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and analysis of data about the behavior of website visitors. A web analytics service records, among other things, data about which website a user came from (known as the referrer), which subpages of the website were accessed, and how often and for how long a subpage was viewed. Web analytics is primarily used to optimize a website and to analyze the cost-effectiveness of online advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics uses cookies. The information generated by the Google Analytics cookie about your use of this website is generally transmitted to and stored on a Google server in the USA.Google may share this personal data, collected through technical means, with third parties.

By activating IP anonymization on our website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

This website also uses the analytics function UserID to track interaction data. This UserID is additionally anonymized and encrypted and is not linked to other data.

You can prevent the storage of cookies by adjusting your browser settings accordingly. However, in this case, you may not be able to fully utilize all the functions of our website.

Furthermore, you can prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

This browser add-on uses JavaScript to inform Google Analytics that no data or information about website visits may be transmitted to Google Analytics.

Furthermore, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Further information and Google's applicable privacy policy can be found at https://policies.google.com/privacy?hl=de and under https://marketingplatform.google.com/about/analytics/terms/de/ Google Analytics can be accessed via this link. https://marketingplatform.google.com/about/ explained in more detail.

Our website also uses Google Analytics reports on performance by demographics and interests, as well as reports on impressions in the Google Display Network. You can deactivate Google Analytics for display advertising and customize the ads in the Google Display Network by accessing the ad settings via this link: https://adssettings.google.de.

Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed centrally via a single interface. Google Tag Manager only implements tags. no Cookies are used and no personal data is collected.

Google provides a corresponding privacy policy for each of these third-party data collection providers: https://www.google.com/intl/de/tagmanager/use-policy.html

However, the Google Tag Manager does not access this data. If deactivation has been carried out for specific domains/websites or cookies, it remains in effect for all tracking tags, provided they are implemented with the Google Tag Manager.

Facebook Tracking Pixel

With your consent, we use the "tracking pixel" from Facebook.This pixel allows us to track user behavior after they have been redirected to our website by clicking on a Facebook and/or Instagram ad. This enables us to measure the effectiveness of our Facebook and Instagram ads for statistical and market research purposes and, if necessary, to implement optimization measures. Tracking users who landed on our website after clicking on one of our Facebook and Instagram ads can last up to 180 days.

The data collected in this way is anonymous to us, meaning we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we are informing you to the best of our knowledge.

Facebook can link this data to the Facebook account and also use it for its own advertising purposes, in accordance with its data policy.

If you wish to disable cookie storage for Facebook, you can do so via your browser settings.

Facebook communication tools

We also use communication tools from Facebook, in particular the "Custom Audiences" and "Website Custom Audiences" products. Essentially, a non-reversible and non-personally identifiable checksum (hash value) is generated from your usage data, which can be transmitted to Facebook for analysis and marketing purposes.

If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/Webseite_custom_audiences/ do.

We also use Customer Match Lists as part of our Facebook advertising activities, u.a. For "Lookalike Audiences" and remarketing. To use Customer Match, lists of encrypted user data are uploaded to Facebook. After the upload, the system checks which data is already known and assigns these users to a list. Once the Customer Match lists are created, the encrypted customer data is automatically deleted. Facebook does not obtain any new addresses as a result (due to encryption).

Twitter

We use components from the provider Twitter on our website. Twitter is a service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Each time you access a page on our website that includes such a component, this component causes your browser to download a corresponding representation of the component from Twitter. This process informs Twitter which specific page of our website is currently being visited.

We have no control over the data that Twitter collects through this process, nor over the extent of this data collection. To our knowledge, Twitter collects the URL of the respective website visited and the user's IP address, but does not use this information for any purpose other than displaying the Twitter component. Further information can be found in Twitter's privacy policy at [link to Twitter's privacy policy]. https://twitter.com/de/privacy.

You can adjust your privacy settings in the account settings under https://twitter.com/account/settings change.

Pinterest

We use the service of Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA on our website. Through the integrated "Pin it" button on the page, Pinterest receives the information that you have accessed the corresponding page of our website.If you are logged into Pinterest, Pinterest can associate this visit to our site with your Pinterest account and thus link the data. The data transmitted by clicking the "Pin it" button is stored by Pinterest. For information on the purpose and scope of data collection, its processing and use, as well as your rights and settings options to protect your privacy, you can find further information in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

To prevent Pinterest from associating your visit to our website with your Pinterest account, you must log out of your Pinterest account before visiting our site.

WhatsApp & Apple Business Chat

By sending a start message, I agree to the validity of TropiMarkt's internal data protection regulations.

In particular, I consent, pursuant to Article 6(1)(a) GDPR, to my personal data (surname and first name, telephone number, messenger ID, profile picture, and message history) being stored, processed, and used within the context of using the respective messenger service in order to send me messages. An active account with the respective provider is required to use the messenger service.

I am also aware that TropiMarkt uses MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich as a technical service provider and data processor for the provision of this service.

My consent to the processing of personal data can be revoked at any time; a corresponding notification to TropiMarkt is sufficient for this purpose. Further information can be found in the respective privacy policies of TropiMarkt, the messenger services, and MessengerPeople GmbH.

8. Tracking & Cookies data

We use cookies and similar tracking technologies to monitor activity on our service, and we have certain information.

Cookies are files containing a small amount of data that may include an anonymous unique identifier. Cookies are sent from a website to your browser and stored on your device. Other tracking technologies, such as beacons, tags, and scripts, are also used to collect and track information, as well as to improve and analyze our service.

You can instruct your browser to reject all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our service.

Examples of cookies we use:

  • Session cookies. We use session cookies to operate our service.
  • Preferred cookies. We use preference cookies to store your preferences and various settings.
  • Security cookies. We use security cookies for security reasons.

9. Your data protection rights vis-à-vis TropiMarkt

(1) Right to withdraw consent, Article 7 GDPR
In accordance with Article 7, paragraph 3 of the GDPR, you have the right to withdraw your consent to data processing at any time without giving reasons. You can send your withdrawal informally to the address or email address provided at the beginning of this privacy policy. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (Article 7, paragraph 3, sentence 2 of the GDPR).

(2) Right of access, Article 15 GDPR
According to Article 15, paragraph 1 of the GDPR, you have the right to information about whether we process your personal data. If this is the case, you are entitled to further information (Article 15, paragraph 2 of the GDPR).

(3) Right to rectification, erasure or restriction of processing, Articles 16, 17 and 18 GDPR
According to Article 16 GDPR, you have the right to request the immediate rectification of inaccurate data and the completion of incomplete data – including by means of a supplementary statement.
You have the right to erasure of your personal data in accordance with Article 17 GDPR, in particular if the processing of your personal data is not or is no longer lawful.

(4) Right to object, Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6 You have the right to object to the processing of your personal data pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
You can exercise your right to object at any time by contacting us using the contact details provided in the legal notice.

(5) Right to lodge a complaint with a supervisory authority, Article 77 GDPR
Furthermore, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful. The Austrian Data Protection Authority provides a supervisory authority under [relevant legislation/regulation]. https://www.dsb.gv.at/dokumente Forms are available for exercising your legal rights and for filing complaints. For our German customers: Your responsible supervisory authority is the one in your place of residence. A list of all supervisory authorities can be found at [link to list of supervisory authorities]. https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

10. Cloudflare's Content Delivery Network

We use a Content Delivery Network (CDN) provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare is certified under the Privacy Shield agreement, which guarantees compliance with European data protection laws.https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).

A CDN (Content Delivery Network) is a service that allows content from our online offering, especially large media files such as graphics or scripts, to be delivered via regionally distributed servers connected to the internet. User data is processed exclusively for the aforementioned purposes and to maintain the security and functionality of the CDN.

The use is based on our legitimate interests, d.h. Interest in the secure and efficient provision, analysis and optimization of our online services pursuant to Art. 6 para. 1 lit. f. GDPR.

For more information, please see the Cloudflare privacy policy: https://www.cloudflare.com/security-policy.