Privacy Policy
Last updated: 14 October 2024
We take the confidentiality and protection of your personal data very seriously. We therefore only process your personal data to the extent permitted by law, in particular the EU General Data Protection Regulation (‘GDPR’) and the German Federal Data Protection Act (‘BDSG’).
With this data protection information, we would like to inform you in accordance with Art. 13, 14 GDPR about the type of processing of your personal data via this website (hereinafter ‘website’) and in the provision of our services (‘services’), the purposes of this data processing and the rights to which you are entitled. Personal data is any information relating to an identified or identifiable natural person.
I. General information
1. Responsible party We, Arbor Technologies GmbH, (hereinafter ‘we’, ‘us’), are responsible for the processing of your personal data on our website and in our app in accordance with Art. 4 (7) GDPR. You can contact us at support@brandback.de or at our address at Kastanienallee 84, 10435 Berlin if you have any questions.
2. Transfer to third parties We may transfer your personal data to third parties if this is necessary for the provision of our website, our app or our services. If we use external service providers, they have been carefully selected and commissioned by us in writing and will only process your personal data on our behalf. Where necessary, we have concluded an order processing contract with them in accordance with Art. 28 GDPR.
3. Disclosure of data to third parties for advertising purposes If you have given us separate consent, we will also pass on your personal data to third parties for advertising purposes. This disclosure enables us and the third parties to provide you with targeted advertising information on products and services that may be of interest to you. Consent to this processing of your data is voluntary and can be revoked at any time. If you wish to make use of your rights as a data subject, as listed in Section IV of this notice, please contact the third party to whom your data has been disclosed directly. We ensure that all third parties to whom we pass on your data also inform you of how you can assert your rights against them.
4. Transfer to a third country We transfer your personal data to non-EU/EEA countries. Insofar as there is no adequacy decision for these countries in accordance with Art. 45 GDPR, we transfer your personal data subject to appropriate safeguards in accordance with Art. 46 GDPR.
5. Blocking and erasure Your personal data will be deleted or blocked as soon as the purpose of the processing no longer applies. We will continue to store your data if we are legally obliged to do so, in particular for tax and accounting purposes. Your personal data will also be blocked or erased if a retention period prescribed by the standards expires, unless further storage of the data is necessary for the conclusion or fulfilment of a contract.
II. Our processing activities in the context of our services
In the following, we would like to give you an overview of the personal data we process, the purposes for which we process it and the legal basis for this processing activity.
1. When you register for our services In order to fully utilise our services on the website and in the app, you must register with us as a user. We need this information in order to provide you with our services and for verification purposes.
When you register for our services, we process the following information, among others
- e-mail address
- your address
- first name and last name
- voluntary additional information (e.g. profile information or telephone number). The legal basis for the processing of your personal data is the initiation of a contractual relationship in accordance with Art. 6 (1) (b) GDPR and our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
2. When you use our service
a) General use We provide various services and functions on our website and in our app, including a marketplace and an area for sharing personal contributions. When you use our service, we process the following information
- e-mail address
- your address
- first and last name
- payment information
- other information required for the fulfilment of our contractual obligations in individual cases.
The legal basis for the processing of your personal data is the fulfilment of a contractual relationship in accordance with Art. 6 (1) (b) GDPR and our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
We need this information in order to provide our services to you. We also transfer your data to the following external service providers and categories of service providers that we have commissioned as processors
- cloud service providers
- management tools
- shipping service providers
Your personal data may be processed by the above providers in the USA. The European Commission has not issued an adequacy decision for the USA. We have ensured the level of data protection through appropriate guarantees within the meaning of Art. 46 GDPR.
b) When you conclude a contract We offer you the opportunity to conclude contracts with us or with third parties on our website and in our app.
For this purpose, we process the information required to fulfil the purchase contract, such as name, address and financial data.
The legal basis for our processing when processing contracts is the fulfilment of a contractual relationship in accordance with Art. 6 (1) (b) GDPR.
If you conclude a contract via our marketplace, we will forward the information relevant to the conclusion of the contract to the respective seller or buyer. To process payments on our website, we use the payment service provider Stripe Payments Europe, Ltd.1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland (‘Stripe’). During payment processing, personal data such as name, address, email address and payment information (e.g. credit card number) are transmitted to Stripe and processed by them.
Stripe uses this information exclusively to process payment transactions and to prevent fraud. The data is transmitted in encrypted form and treated in accordance with the applicable data protection regulations. For more information about Stripe's privacy practices and the options they offer to protect your privacy, please refer to Stripe's privacy policy: Privacy Policy (stripe.com).
3. When you sign up for our newsletter We offer you the opportunity to subscribe to our newsletter, which we use to inform you about our company and advertising and to draw your attention to events that we organise. When you register, we collect the following personal data from you for the purpose of sending the newsletter:
- First name and surname
- e-mail address
- Voluntary additional information.
When contacting our users and interested parties, the legal basis for the processing of data for the purposes mentioned is our legitimate interest in providing information about our range of services. The legal basis for the processing is your expressly granted consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time for the future by sending us an e-mail to support@brandback.de or by clicking on the corresponding link in the newsletter.
III. Our processing activities on the website
1. When you visit our website
Each time you access our website, the following personal data is processed automatically:
- IP address of the requesting computer,
- Browser type, browser version and language used,
- Your operating system,
- Date and time of access to your visit,
- Name of your access provider,
- the name of the page or file accessed and the amount of data transferred (access status/http status code) and
- the website from which your system accesses our website (‘referrer URL’).
The legal basis for this processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. We have weighed our interest in the provision, operation and security of this website against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, the provision of the website is not technically possible. This also applies to its operation and security. In this context, the security of the website also serves your interests.
2. Cookies
a) Functional cookies We use functional cookies to ensure the functionality of our website. Cookies are small text files that store information about user behaviour when visiting a website and are stored on the user's computer and are available for further visits to the website. These cookies do not cause any damage to your computer and do not contain viruses.
The information obtained through functional cookies is not linked to your IP address. No other personal data is collected. We use the information contained in these cookies to enable, analyse and improve the operation and use of our website and to ensure our IT security.
You can also visit our website without the use of cookies if you have deactivated the storage of cookies by making the appropriate settings in your browser. In this case, however, you may not be able to use all the functions of our website.
The legal basis for data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. We weigh our interest in providing the cookie-dependent functions of this website against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, it is not technically possible to provide the functions. At the same time, you have the option described above to prevent the processing of your personal data in connection with cookies. As soon as you close your browser, the session cookie is automatically deleted by default, unless you have made a different setting in the cookie settings of your browser.
b) Analytical/marketing cookies We use the following cookies on our website for marketing and analytical purposes.
Matomo We use the web analysis tool ‘Matomo’ to customise the design of our website. Matomo creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise and count returning visitors. We also use the Heatmap & Session Recording modules. Matomo's heatmap service shows us the areas of our website where the mouse is moved most frequently or which are clicked on most often. The session recording service records individual user sessions. We can play back recorded sessions and thus analyse the use of our website. Data entered in forms is not recorded and is not visible at any time.
Data processing is based on your consent in accordance with Section 25 (1) TTDSG, Art. 6 (1) (a) GDPR, provided you have given your consent via our banner. You can revoke your consent at any time. Please make the appropriate settings via our banner.
Further information on Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/
IV. Rights of the data subjects
In accordance with the GDPR, you have the following rights in relation to your personal data:
- Right of access,
- Right to rectification,
- Right to erasure (‘right to be forgotten’),
- Right to restriction of processing,
- Right to object to processing,
- right of cancellation and
- right to data portability.
If we process your personal data on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR, you can object to the processing by contacting us (see ‘Controller’ for contact details). The same applies if we process your data on the basis of your consent. You have the right to withdraw your consent at any time with effect for the future.
You also have the right to lodge a complaint with a supervisory authority about the processing of your personal data.