Review reminders via Trustbadge
Trusted Shops sends review invites automatically to all customers who are also registered for the Trusted Shops services. Those users can either activate the services via the Trustbadge after their purchase or are already registered for them. Currently, there are more than 20 million registered users. In the context of this user agreement for buyers, Trusted Shops regularly sends out review invites without the shop having to separately collect the users’ consent.
For this reason, sending out such emails (review invites) in no way represents any commissioned processing activity on behalf of another controller.
Read answers to the most frequently asked questions regarding privacy at Trusted Shops:
FAQ on Trusted Shops Data Protection
Review invites sent to registered users in the context of using the Trusted Shops services are not advertisements, and thus, should not be construed as such, as these emails are a part of the services booked. It is only through them and the link contained within them that users can participate in the review programme and review the transaction connected to the review link.
The legal basis for this data processing in terms of data protection is art. 6, para. 1, line 1 b) GDPR according to which the processing is lawful if it “is necessary for the performance of a contract to which the data subject is party […]“.
Who is responsible for collecting the user’s consent in the dispatch of review invites?
If the review invite is sent out via one of the following channels, Trusted Shops does so on your behalf and your order:
- manually via the Review-Collector,
- Auto Collection
- via Trusted Shops Events-API.
The use of these tools is of course purely optional and is not necessary for collecting reviews via Trusted Shops. However, should you use them, then you and Trusted Shops are again joint controllers in terms of this processing. You are responsible to obtain the consent pursuant to Art. 6 (1) lit. a GDPR, which is obligatory pursuant to § 7 UWG. Besides, you have to fulfill the transparency obligations according to Art. 13 GDPR. Only if the recipient of the review invite actually submits a review do they have to accept Trusted Shops’ terms and conditions of use and agree to their data additionally being used for the creation of an account.
Collecting user’s consent
If the review invites are not sent out on the basis of the abovementioned Trusted Shops services contract, then such emails are considered to be advertisements, not least by the courts of law, for example in Germany.
Consent collection via checkbox
Legitimate consent requires that the buyer gives it specifically and individually. Hence, the declaration of consent must not be connected to other declarations or agreements. Furthermore, it requires an action on the part of the customer. This can be achieved via a checkbox or another type of separate button for the consent in receiving the review invite, or via some other sort of action, e.g. filling out a separate field only for registering for the reception of review invites.
The most widespread solution to this issue is an empty (not pre-checked) checkbox during the ordering process, e.g. with a small text like: “I would like to always be reminded via single email after purchase to leave a review. I have been informed and know that I may revoke my consent at any point with effect for the future.” The consent form can also be tied to a subscription to your newsletter (via a single checkbox). Then you just need to transfer the email address with an opt-in into our system. The dispatch of our review reminder is legally secure.
Consequences of not collecting consent
If you have not collected your customer’s consent as explained, this entitles not only the email recipients (private or business) but also competitors of Trusted Shops, and Consumer and Competition Protection Associations to damage claims and to cease-and-desist orders.
Please refer tothe regulations for obtaining the consent as stipulated in the Joint Controllership Agreement.