Data protection guideline – displaying the Trusted Shops Widgets

When displaying the Trusted Shops Widgets on your website, you, as a data controller under joint controllership (Art. 26 GDPR), are required to:

  • keep information in your records of processing activities up-to-date;
  • ensure the balancing of interests in accordance with Article 6 (1) (f) GDPR; and
  • adjust your Privacy Policy.

Information concerning records of processing activities

The following information should be included in the records of processing activities:

Web server log files of the Trusted Shops Widgets

This procedure describes how personal data are processed in the context of displaying the Trusted Shops Widgets on the controller's website.

Detailed description of the processing:

In order to display the Trusted Shops Services (e.g. Trustbadge, Review Collector)  and to offer the Trusted Shops products to customers after they place an order, we have integrated the Trusted Shops Widgets on the controller’s website under joint controllership. The Trusted Shops Widgets are provided within the framework of joint controllership by a USA-based CDN service provider (Content-Delivery-Network; subcontractor). An appropriate level of data protection is guaranteed by standard data protection clauses and other contractual measures. Further information on the data protection of Trusted Shops AG can be found in their data protection information.

With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and for error analysis.

Legal grounds

Overriding legitimate interests pursuant to Article 6 (1) (f) GDPR

Processing purposes

  • Product offering and website optimisation
  • Ensuring trouble-free operation of the website
  • Abuse and fraud prevention

Data subjects

Website visitors

Processed data

  • IP address (immediately anonymized)
  • Access data
  • Order number (in the case of an order)


IT department of the data processor
Sub-contractor Amazon Web Services (AWS),
410 Terry Avenue North,
Seattle WA 98109-5210, USA,
EU standard contractual clauses and additional safeguards

Storage period:

The anonymized usage data is stored in a security database for the analysis of security vulnerabilities.

Technical and organisational measures

According to the Agreement with Trusted Shops AG 

Balancing of interests in the case of displaying the Trustbadge

Interests of the controller


Controller's own interests: The controller’s interest consists of optimal marketing its products while ensuring safety of purchases using automatic protection offered by Trusted Shops Buyer Protection and authentic customer reviews. The Trustbadge should be reliably displayed; errors resulting from multiple transmissions of identical order numbers should be avoided.


Third party interests: Trusted Shops AG also has an interest in the fulfilment of contracts with registered buyers, whereas the service provider, who is responsible for the error-free and uninterrupted delivery of the Trustbadge, has an interest in the analysis of security vulnerabilities.


Those interests are also recognised by third parties, e.g. other companies. This indicates that said interests are legitimate.


The controller’s right of freedom to exercise a trade or profession is affected as its fundamental right. This indicates that the said interests are legitimate.


These interests are recognised in other legal regulations as well, e.g. Act Against Unfair Competition [UWG], German Trademark Act [MarkenG]. This indicates that said interests are legitimate.


There is no less severe measure which can guarantee faultless security of the respective purchase, and the submission and verification of an "authentic" customer review than connecting the customer's information to the respective transaction, and automatically providing the relevant transaction data.

Interim result:

The controller has a legitimate interest in the processing.


No other fundamental rights besides the right to the protection of the processed personal data of the data subject are affected.


The personal reference arises directly from the data, but the data is immediately anonymized.


The data are not public. However, the data are collected from the data subject directly, and they are clearly informed of this. The data are not published.


The data are of high quality; the error rate is low thanks to automatic transfer.


A third party, AWS, processes the date to ensure faultless / uninterrupted delivery of the Trustbadge. Server and processing location is Germany. EU standard contractual clauses to ensure an adequate level of data protection are agreed.

traffic_yellow.png A third party, Trusted Shops AG, processes the data for the provision of the services and to ensure the authenticity of a respective rating. 



All visitors of the respective website are affected.


Website visitors know of the data processing, since it is common practice to integrate third-party visual content, and because they are clearly informed of this fact in the Privacy Policy.


Data is immediately anonymized. The data subjects are therefore not noticeably affected.

Balancing of interests in the narrow sense

The data subjects are clearly informed of the data processing in the Privacy Policy. Furthermore, data processing is to be expected as the processing of pseudonyms is inevitable in light of the current state of technology. The interests of the data subjects are protected in the best possible way by immediate data anonymization. The storage period also serves overriding legitimate interests but the data subjects are not excessively affected by this process.


The data subjects also have their own interest in the error-free and uninterrupted rendition of the Trustbadge as this is the only way to ensure that the controller's trust-building services can be made use of at all times. Additionally, for visitors who have already concluded a contract with Trusted Shops AG this is the only way to make use of the contractual services provided to them.

The data subject’s interests, fundamental rights, and freedoms are overall not excessively affected by the data processing. The legitimate interests of the controller and the aforementioned third parties are overriding.

Privacy Policy Template

Here you can find a template text for your privacy policy: Privacy Policy Template


This guideline was created with the utmost care, but does not claim to be complete or correct. It is intended as a checklist with text templates and as a suggestion as to how the aforementioned points should be dealt with.

For detailed questions in individual cases, always seek professional legal advice.

Was this article helpful?

1 out of 3 found this helpful