print

Privacy Policy

Effective: 23.05.2018

  1. General information on data processing and legal framework
    1. Entity responsible for data processing: reBuy reCommerce GmbH, Potsdamer Str. 188, 10783 Berlin, Germany. E-Mail: support@rebuy.co.uk.
    2. This privacy policy sets out to clarify the nature, scope and purpose of the processing of personal information within our online offering and the related websites, features and content (collectively referred to as "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms, and devices (such as desktop or mobile) on which the online offering is being run.
    3. The terms used, such as "personal data" or "processing", refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
    4. The personal data of users processed in the context of this online offer includes profile data (personal address (gender), name, first name, shipping and billing addresses, e-mail address, registration date, account updates, arrival and departure times, opt-in modalities for newsletter customers, registrations for various reBuy services, e.g. purchase alerts), contract data (order data, payment information, bank details, credit card data), usage data (IP address, user behaviour on the websites visited for our online offer, origin of the traffic, subID for payback programs, user behaviour when receiving newsletters).
    5. "Users" are all persons who use the online offer, including customers. "Customers" are all persons who have a customer account at reBuy.
    6. We process personal data of customers and users only in compliance with the relevant data protection regulations. This means that the data of customers and users are only processed if a legal permission exists. That is, especially if the data processing for the provision of our contractual services (e.g. processing of orders) as well as online services required or required by law, the consent of the user exists, as well as our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. of the GDPR, in particular in terms of range measurement, creation of profiles for advertising and marketing purposes, as well as collection of access data and use of third-party services).
    7. Please note that the legal basis for consent according to Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures Art. 6 para. 1 lit. b. GDPR, the legal basis for processing in order to fulfil our legal obligations Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing in order to safeguard our legitimate interests Art. 6 para. 1 lit. f. GDPR.
  2. Security measures
    1. We take organisational, contractual and technical security measures in compliance with state of the art technology to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.
    2. One of these security measures is the encrypted transfer of data between your browser and our server.
  3. Disclosure of data to third parties and third party providers
    1. We will only pass users' data on to third parties if this is the case, for example. on the basis of Art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests in accordance with Art. Art. 6 para. 1 lit. f. GDPR in relation to the economical and effective operation of our business operations.
    2. In the event that we use contractors to provide our services, we will take appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with applicable laws.
    3. If, within the framework of this Privacy Policy, content, tools or other means are used by other providers (collectively referred to as "third party providers") and their registered office is located in a third country, it is to be assumed that data will be transferred to the countries of domicile of the third party providers. Third-party countries are countries in which GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. The transfer of data to third-party countries occurs either when there is an adequate level of data protection, user consent or other legal authorisation.
  4. Customer data
    1. We process profile data according to Art. 6 para. 1 lit f. GDPR and contract data for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR.
    2. Users can create a customer account which, in particular, allows them to view their orders. As part of the registration process, the necessary mandatory information will be communicated to the users. Customer accounts are not public and cannot be indexed by search engines. If users want to delete their data, please use our contact form at https://service.rebuy.co.uk/customer/portal/emails/new. Subsequently, select the topic "Delete account". Afterwards we will send you an e-mail with a link to confirm deletion of the account. The account is blocked immediately; deletion of the stored data takes place separately, after all open purchases and sales transactions are completed, legal retention periods according to Art. 6 para. 1 lit. c GDPR have expired and / or data for fraud prevention or tracking are no longer needed. It is the responsibility of the users to save their data prior to deletion. We are entitled to irretrievably delete all user data stored during the term of the contract.
    3. The IP address and the time of the respective user action will be saved as part of the registration and re-registration process, as well as use of our online services. Storage is based on our legitimate economic interests, as well as protecting the users from misuse and other unauthorised use. This data will not be forwarded to third parties, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c GDPR.
    4. We process usage data (IP address, user behaviour on the visited websites of our online offer, origin of the traffic, subID with Payback programs, user behaviour when receiving newsletters) for advertising purposes in a user profile in order to inform the user e.g. display product recommendations based upon their previously used services.
  5. Contact
    1. When contacting us (via contact form, e-mail or social network message), the information provided by the user is processed according to Art. 6 para. 1 lit. b) GDPR.
    2. User information can be stored in our Customer Relationship Management System ("CRM System") or similar enquiry organisation system.
    3. We use the "Desk" CRM system from Salesforce.com EMEA Limited Company no. 05094083, registered in England, Floor 26 Salesforce Tower, 110 Bishopsgate EC2N 4AY London, UK in relation to our legitimate interests (efficient and fast processing of user requests). For this purpose, we have entered into an agreement with Salesforce that is based upon the so-called EU standard contractual clauses, in which Salesforce commits itself to processing user data only in accordance with our instructions and compliance with the EU data protection standard. Salesforce has also joined the EU-US Privacy Shield Agreement, providing an additional guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active).
  6. Collection of access data and log files
    1. Based on our legitimate interests as intended by Art. 6 para. 1 lit. f. GDPR, we log every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
    2. Logfile information is retained for security purposes (for example, to investigate abusive or fraudulent activities) as well as for evidential purposes and will not be deleted until final clarification of a possible incident.
  7. Cookies & reach measurement
    1. Cookies are information transmitted from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
    2. We use "session cookies" or "tracking cookies". Session cookies are only stored for the duration of the current visit on our online presence (for example, to enable the storage of your login status or the shopping cart function and thus the use of our online offer). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies cannot save any other data. Session cookies will be deleted once you have finished using our online offer and you have logged out or closed the browser. Tracking cookies remain on your computer to simplify shopping, personalisation and registration services on your next visit. For example, cookies may record what you have chosen to buy while you continue shopping. Tracking cookies can be manually removed by the user.
    3. Users are informed about the use of cookies in the context of pseudonymous range measurement within the context of this privacy policy.
    4. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted using the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
    5. You may choose to refuse the use of cookies that are used for metering and advertising purposes through the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) as well as on the American website (http://www.aboutads.info/choices) or European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
  8. Google Analytics
    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we utilise Google Analytics, a web analysis service of Google Inc. („Google“). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.
    2. Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    3. Google will use this information on our behalf to evaluate how our online offer is utilised by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
    4. We use Google Analytics to display advertisements displayed within Google and its affiliate advertising services only for users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in specific topics or products visited by them, web pages) that we submit to Google (so-called "remarketing" or "Google Analytics audiences"). By utilising Remarketing Audiences, we also want to make sure that our ads are in line with the potential interest of users and are not annoying.
    5. We only use Google Analytics with IP anonymisation activated. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
    6. The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to its use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
    7. For more information about Google's use of data, hiring and opt-out options, please visit Google's websites: https://policies.google.com/technologies/partner-sites?hl=en ("Use of data by Google during use of our partner's apps or websites"), http://www.google.com/policies/technologies/ads ("Data usage for advertising purposes"), http://www.google.co.uk/settings/ads ("Managing information used by Google, to show you advertising").
    8. To prevent the collection of your data via Google Analytics on our website, please click the following link: Google Analytics Opt-Out. Note: Clicking the link will save an opt-out cookie on your device. If you delete the cookies in this browser, you will again be required to click the link. Furthermore, the opt-out only applies within the browser you use and only within our web domain on which the link was clicked.
  9. Google-Re/Marketing Services
    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) the we make use of Marketing and Remarketing Services ("Google Marketing Services") of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, ("Google").
    2. Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    3. Google Marketing Services allows us to better target advertisements for and on our website so that we only present to users ads that potentially match their interests. For example, if a user is shown ads for products that they've indicated an interest in on other websites, this is referred to as remarketing. For these purposes, when Google and our other websites accessing Google Marketing Services are directly accessed by Google, a code will be executed by Google and so-called (re) marketing tag (invisible graphics or code, also called "Web Beacons ") will be incorporated into the website. With their help, the user is provided with an individual cookie, i.e. a small file is saved (instead of cookies, similar technologies can also be used). Cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file is noted which web pages the user visited, for what content he is interested and what offers he has clicked, as well as technical information about the browser and operating system, referring web pages, visit time and other information on the use of the online offer. The IP address of the user is also recorded, whereby in the context of Google Analytics, we ensure that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area, and only in exceptional cases is the date sent to a Google server in the US and shortened there. The IP address will not be merged with the user's data within other offers from Google. The above information may also be linked by Google with such information from other sources. If the user then visits other websites, the ads displayed can be tailored according to their interests.
    4. The data from users are pseudonyms processed in the context of Google marketing services. This means Google does not store and process, for example, the name and e-mail address of the user, but rather processes the relevant cookie-related data within pseudonymous user profiles. This means that from the perspective of Google, ads are not managed and displayed to a specifically identified person, but rather to the owner of the cookie, regardless of who that person is. This does not apply if a user has explicitly allowed Google to process the data without pseudonymisation. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google's servers in the United States.
    5. Among the Google marketing services we use is, among other things, the online advertising program "Google AdWords". In the case of Google AdWords, each advertiser receives a different "conversion cookie". Cookies cannot be tracked through AdWords advertisers' websites. The information collected through the cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that could personally identify users.
    6. We can engage third-party ads based on Google's DoubleClick marketing service. DoubleClick uses cookies that enable Google and its affiliate websites to serve ads based on users' visits to this site or other sites on the Internet.
    7. We may also use the service "Google Optimizer". Google Optimizer allows us to understand how various changes to a website (such as changes to the input fields, design, etc.) can take place by way of so-called "A/B testing". Cookies are stored on users' devices for these purposes. Only pseudonymous user data is processed.
    8. In addition, we may use the "Google Tag Manager" to integrate and manage the Google Analytics and Marketing Services on our website.
    9. For more information about Google's data usage for marketing purposes, see the overview page: https://www.google.com/policies/technologies/ads and Google's privacy policy https://www.google.com/policies/privacy.
    10. If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google's settings and available opt-out options: http://www.google.com/ads/preferences.
  10. Further retargeting services
    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we also make use of other remarketing services. They work as described in point 9.
    2. Criteo GmbH (Gewuerzmuehlstrasse 11, 80538 Munich, Germany) collects information on surfing behaviour from this website in anonymised form for marketing purposes and stores it using cookies. Based on this, Criteo analyses surfing behaviour and shows product recommendations as personalised banner ads on other websites (so-called publishers). The data is not used to personally identify the visitor to a website. There is no other use or disclosure to third parties. For more information on Criteo's privacy policy and the ability to object to Criteo's analysis and storage of your surfing behaviour, please visit http://www.criteo.com/privacy.
    3. Another program with the same functionality is neXeps. To learn more about neXeps' data usage, please visit https://www.nexeps.com/Datenschutzbestimmungen1.pdf. If you would like to opt out of interest-based advertising by neXeps, you can use the opt-out option provided by neXeps: https://config.nexeps.com/consent/453.
    4. We also use RTB House services in the same way. To learn more about RTB House's data usage, please visit https://www.rtbhouse.com/privacy/. If you wish to opt out of RTB House's interest-based advertising, you can take advantage of neXep's opt-out opportunity: https://www.rtbhouse.com/optout-page/.
  11. Facebook Social Plugins
    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we make use of social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook"). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and can be recognised by one of the Facebook logos (white "f" on blue tile, the term "Like", or a "thumbs up" sign ) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
    2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law: (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
    3. If a user invokes a feature of this online offering that includes such a plugin, their device establishes a direct connection to Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by him into the online offer. In doing so, user profiles can be created from the processed data. Therefore, we have no influence on the amount of data that Facebook collects with the help of this plugin and thus inform users according to our knowledge.
    4. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example, by clicking the Like button or leaving a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only anonymous IP addresses are stored in Germany.
    5. The purpose and scope of data collection and the further processing and use of the data by Facebook as well as the related rights and settings options for protecting the privacy of users can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.
    6. If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Further settings and the option to object to the use of data for promotional purposes are detailed within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
  12. Facebook, Custom Audiences and Facebook Marketing Services
    1. Within our online offer and due to our legitimate interests in analysis, optimisation and economic operation of our online offer, we use the so-called "Facebook Pixel" provided by the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook").
    2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law: (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
    3. With the help of Facebook Pixel, it is possible for Facebook to determine which visitors to our online offer belong to a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to display the Facebook Ads we have been sent only to those Facebook users who have shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined by web pages visited by them), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook Pixel we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
    4. Facebook Pixel is integrated when accessing our website directly through Facebook and can store a so called cookie on your device, i.e. save a small file. If you subsequently log in to Facebook or visit Facebook in the logged-in state, your visit to our online offer will be noted in your profile. The data collected about you are anonymous to us, in other words, we are unable to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should send data to Facebook for comparison purposes, they will be encrypted locally in the browser and then sent to Facebook via a secure https connection. This is done solely for the purpose of establishing a comparison with the equally encrypted Facebook data.
    5. The processing of the data by Facebook is part of Facebook's data usage policy. Accordingly, general notes on the presentation of Facebook Ads can be found in Facebook's data usage policy: https://www.facebook.com/policy.php. Special information and details about Facebook Pixel and how it works can be found in the Help section of Facebook: https://www.facebook.com/business/help/651294705016616.
    6. You may object to Facebook Pixel capturing and using your data to display Facebook Ads. To set which types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
    7. To prevent the collection of your data by means of the Facebook Pixel on our website, please click the following link: Facebook opt-out. Note: If you click the link, an "opt-out" cookie will be saved on your device. If you delete the cookies in the browser, then you will have to click the link again. Furthermore, the opt-out only applies within the browser you used and only within our webdomain on which the link was clicked.
    8. You may opt for the use of cookies that are used for metering and advertising purposes through the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) as well as on the American website (http://www.aboutads.info/choices) or European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
  13. Device-wide services
    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we make use of the services of the company Roq.ad GmbH to understand cross-device use of our offer.
    2. To learn more about Roq.ad's data usage, please visit https://www.roq.ad/en/privacy#privacy. If you would like to opt out of cross-device analysis by roq.ad, you can use the opt-out option provided by roq.ad: https://www.roq.ad/privacy#optout.
  14. Newsletter
    1. The following information informs you about the contents of our newsletter as well as registration, distribution and statistical evaluation procedures, as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
    2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters contain information about our promotions, vouchers, product recommendations, evaluation requests for your purchases, sales experience, reminders about products in your shopping cart or notepad, reminders about products in the shipping basket, and news from reBuy.
    3. Double opt-in and logging: Registration for our newsletter takes place in a so-called double-opt-in procedure, provided that you register for a newsletter via our German or Dutch websites. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with third-party e-mail addresses. After confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 para. 1, page 1, lit. a GDPR. Registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.
    4. Service provider: the distribution of the newsletter by means of Newsletter Dispatch Platform "Salesforce", Salesforce.com EMEA Limited Company No. 05094083, registered in England, Floor 26 Salesforce Tower, 110 Bishopsgate EC2N 4AY London. You can view the privacy policy of the shipping service provider here: https://www.salesforce.com/company/privacy/full_privacy/. Salesforce.com is obliged to comply with EU data protection regulations. Salesforce is also certified under the Privacy Shield Agreement, providing an additional guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active).
    5. Credentials: To subscribe to the newsletter, it is sufficient to provide your e-mail address.
    6. Statistical Survey and Analysis - The newsletters contain a so-called web-beacon, i.e. a pixel-sized file that is retrieved from the distribution service provider's server when the newsletter is opened. This call will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on specifications or audience and their reading habits, based on location (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters have been opened, when they were opened and which links were clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavour nor that of the distribution service provider to observe individual users. Evaluation serves only to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
    7. The use of the distribution service provider, the implementation of statistical surveys and analyses as well as logging of the registration process are based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in providing a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.
    8. Termination/revocation - You may terminate the subscription to our newsletter at any time, i.e. revoke your consent. At the same time, your consent for delivery by the distribution service provider and statistical analyses expire. A separate revocation of delivery by the distribution service provider or the statistical evaluation is unfortunately not possible. A link to unsubscribe from the newsletter can be found at the end of each newsletter.
  15. Integration of services and content from third parties
    1. Within our online offer and within the framework of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), we make use of third-party content or services in order to provide their content and services, e.g. include videos or fonts (collectively referred to as "content"). This always presupposes that the third-party providers of this content receive the IP address of users, since they could not send such content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. These "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web sites, visit time, and other information regarding the use of our online offer.
    2. The following presentation provides an overview of third-party providers as well as their content, as well as links to their data protection statements, which contain further information on the processing of data and the previously mentioned opt-out options:
      • Should our customers make use of third-party payment services (e.g. PayPal, Sofortüberweisung or credit card), the terms and conditions and the privacy information of the respective third party providers, which are available within the respective websites or mobile applications apply. For the processing payments we use the services of Adyen B.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, The Netherlands.
      • Videos from “YouTube” of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
      • Links to Xing, provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Privacy policy: https://www.xing.com/app/share?op=data_protection.
      • We offer a link to Twitter, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter's privacy policy http://twitter.com/privacy. You can change your privacy settings on Twitter in Account Settings at http://twitter.com/account/settings.
      • On our site there is a link to the features of Instagram, provider is: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Privacy policy: http://instagram.com/about/legal/privacy/.
      • Web analytics and optimisation using the Hotjar service, third-party Hotjar Ltd, Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe. Hotjar enables movements on websites where Hotjar is used to be traced by means of so-called heat maps. For example, it is possible to see how far users are scrolling down and which buttons users frequently click. Furthermore, technical data such as selected language, system, screen resolution and browser type are recorded. In doing so, at least temporarily during the visit to our website, profiles of users can be created. Furthermore, using Hotjar it is also possible to obtain feedback directly from the users of the website. In this way, we gain valuable information to make our websites faster and more customer-friendly. Privacy policy: https://www.hotjar.com/privacy. Opt-out: https://www.hotjar.com/opt-out.
  16. Rights of users
    1. Users have the right, upon request, to receive information free of charge about the personal data that we have stored about them.
    2. In addition, users shall have the right to correct inaccurate data, limit the processing and deletion of their personal data, where applicable, assert their rights to data portability and, in the event of unlawful processing, file a complaint with the appropriate regulatory authority.
    3. Likewise, users can revoke consent, generally with effect for the future.
  17. Deletion of data
    1. The data stored is deleted as soon as it is no longer necessary for its purpose and the deletion does not conflict with any statutory storage requirements. Unless the users' data is deleted because it is required for other, legally permitted purposes, its processing will be restricted. This means the data is locked and not processed for other purposes. This applies, for example, for data of users which must be kept for commercial or tax reasons.
    2. According to legal requirements, storage takes place for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
  18. Right of objection
    1. Users may object to the processing of their personal data in accordance with legal requirements at any time. The objection may, in particular, be made against data processing for direct marketing purposes.
  19. Changes to the privacy policy
    1. We reserve the right to change the privacy policy in order to adapt it to amended legal situations, or to changes in the service and data processing. However, this only applies to declarations of data processing. If users' consent is required or elements of the privacy policy contain provisions of the contractual relationship with users, the changes will only be made with the consent of the users.
    2. Users are requested to inform themselves regularly about the content of the privacy policy.
  20. Data Protection Officer

    If you have any questions about data protection, please contact our company data protection officer via datenschutz@rebuy.com or by post: Data Protection Officer, reBuy reCommerce GmbH, Potsdamer Str. 188, 10783 Berlin, Germany