Data protection guideline – recognition of registered Trusted Shops customers

When using the Trustbadge in the order process on your website, you – as a joint controller pursuant to Art. 26 GDPR – are required to:

  • Fulfill the requirements of your local e-privacy regulations
  • keep information in your records of processing activities up-to-date;
  • ensure the balancing of interests in accordance with Article 6 (1) (f) GDPR; and 
  • adjust your Privacy Policy. 

Requirements of your local e-privacy regulations

Your local e-privacy regulations may obligate you to obtain the consent of website visitors when storing information on the website visitor’s device or when gaining access to information already stored on the device (as stipulated in Art. 5 (3) e-privacy directive). An exception may apply to any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.


Functionality of the Trustbadge

The Trustbadge accesses a so-called DIV element in the user's device in the checkout to obtain the following information:

  • email address
  • order number
  • order amount
  • currency
  • product purchased (only if you collect product reviews)

The Trustbadge then transmits this information to Trusted Shops, whereby the email address is hashed (encrypted) beforehand. The hash value of the email address is used to check whether your customer is already registered for the Trusted Shops services. If yes, the order is automatically secured and the customer receives a review invite. If not, the customer has the option of registering for the Trusted Shops services via the then displayed Trustcard in order to secure the order and receive review invites. If no registration is made, all personal data collected at short notice will be deleted.


Legal opinion


In our opinion, the the e-privacy directive must be applied to the Trustbadge. This means that it must be checked whether there is a requirement for consent or whether one of the aforementioned exceptions applies. We have had the Trustbadge checked by a renowned law firm specialising in data protection law. They came to the conclusion that no consent is required. Rather, access to order information can be based on of the exception of Art. 5 (3) of the e-privacy directive because the Trustbadge and the associated access to information that is already stored in the end user's terminal equipment is absolutely necessary so that the operator of the online shop visited by the end user can make it available as a service. To put it simply, the Trustbadge and the buyer protection are an essential part of the online shop. The online shop advertises that it offers buyer protection through Trusted Shops. As a visitor to the shop, you are informed that buyer protection is part of the shop before finalising the order. If the visitor places an order in the online shop, they indicate that they wish to use the online shop in the form presented to them, i.e. with buyer protection. This applies all the more if buyer protection is listed in the shop terms and conditions or/and if this is clearly indicated elsewhere.

In the following, we explain how you could adapt your online shop so that the exception under the e-privacy directive applies. Please bear in mind that data protection supervisory authorities and courts may come to a contrary conclusion. You can of course obtain consent or integrate the Trustbadge in such a way that no automatic transmission of order data to Trusted Shops takes place.


Customisation options

Option 1

The more transparently you demonstrate in your online shop that buyer protection is part of the shopping experience, the easier it is to argue that no consent is required for the trust badge to access order information. We have the following tips:

1. embed the Trustbadge so that it is visible on every page of your online shop.

2. include information about the buyer protection offered in a suitable place in your online shop. This also has a good advertising effect.

3. customise your data protection information. We will provide you with suitable samples: Template text for your privacy declaration (Trustbadge and widgets), Variation 5.

4. adapt your general terms and conditions if necessary: If you make the offer of buyer protection recognisable as part of the order in your T&Cs, this creates additional transparency. You can find a template text under Template text for your privacy declaration (Trustbadge and widgets), (GTC clause 3).

If you wish to obtain consent instead, we have the following integration options for you:


Option 2


1. Enable Trustbadge consent request

You have the option of integrating the Trustbadge into your existing consent manager in a special form: This allows the Trustbadge to be displayed graphically even if consent has not been granted and offers limited functionalities. If consent is granted, the Trustbadge works as you are used to.

If the customer does not give consent in the Consent Manager or if you have not or not correctly integrated the Trustbadge into your Consent Manager despite the "Enable Trustbadge consent request", the Trustcard appears in the checkout so that your customers have the option of registering for the services. This, in turn, also affects those customers who are actually already registered for the services, as no comparison can take place due to the lack of automatic transmission of the e-mail hash value.

When using the variant described above, the Trustbadge also accesses information in the DIV element without consent in order to display the Trustcard correctly. For example, the Trustcard must know how high the total order amount is in order to display how high the protection will be. However, the data is not transmitted to Trusted Shops. According to the Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive para. 52 and 53, such access does not fall under the scope of Art. 5(3) of the ePrivacy Directive, meaning that consent does not need to be obtained for this. If one nevertheless assumes that Art. 5(3) of the ePrivacy Directive applies, it can be argued that this access is necessary in order to provide the telemedia service that is expressly requested by the user. In this case, there would be no obligation to give consent. Necessity can be affirmed in any case if offering buyer protection is listed in the GTC as a mandatory part of the ordering process. Since you can only offer buyer protection as an essential part of your online shop if the Trustbadge accesses information in the DIV element, there is a necessity. We have provided you with suggestions for GTC clauses under: Template text for your privacy declaration (Trustbadge and widgets) – eTrusted Help Centre.

If you take the legal view that the automatic matching of the hash value of the e-mail address of buyers is also necessary for you to be able to provide your online shop, you could waive the consent of your customers. A technical adjustment in the implementation of the Trustbadge would then not be necessary. In this case, however, you should adapt your GTC accordingly. 


2. Integration of the Trustbadge into the consent manager

If you simply integrate the Trustbadge into your existing consent manager and only allow the functionality of the Trustbadge if a visitor to your online shop has consented to the use of all cookies or/and third-party services or individually to the activation of the Trustbadge, the requirements of your local e-privacy regulations can be met. At the same time, product usage could decrease. As soon as a website visitor has not consented, no more functions of the Trustbadge will be available. This means that it will neither be displayed visually nor will your customer have the opportunity to register for the Trusted Shops services in the checkout. Thus, all customers who have not consented to the display of the Trustbadge will not receive any review invites and no possibility to use the buyer protection.

Templates for adapting your privacy notices

Since the type of processing of personal data and the legal basis change when using one of the variants described above, you may need to adapt your privacy notices. We have created suitable templates for all variants. You can find these under Template text for your privacy declaration (Trustbadge and widgets) – eTrusted Help Centre” in the Help Centre. You can also create suitable data protection notices using the Trusted Shops Rechtstexter.

Information concerning records of processing activities

Recognition of registered Trusted Shops Buyer Protection users

This process describes how personal data is processed in the context of the recognition of registered Trusted Shops Buyer Protection members through the Trustbadge on the controller's website.

Detailed description of the processing:

After an order has been placed via the controller’s website, a pseudonym is transferred to Trusted Shops AG in order to check whether the data subject is already a registered user of the Trusted Shops services. We are obliged to undertake this verification as part of the Trusted Shops Buyer Membership Agreements so members can automatically use the contractual services after placing orders on third parties’ websites. For this purpose, personal data is automatically collected from the order data. The email address of the data subject is converted into a hash value on the data subject’s computer using a cryptographic one-way hash function. This hash value – which is impossible for Trusted Shops to decrypt – is transmitted to Trusted Shops. After a check for a match, the parameter is automatically deleted.

Legal grounds

Overriding legitimate interests pursuant to Article 6 (1) (f) GDPR

Processing purposes

Optimal marketing of the controller’s products by ensuring safety of purchases using automatic protection offered by Trusted Shops Buyer Protection and authentic customer reviews.

Data subjects

Website visitors who place an order

Processed data

Pseudonym of the email address


Trusted Shops AG, Subbelrather Str. 15c, 50823 Köln

Technical and organisational measures

The technical and organisational measures of Trusted Shops AG

Balancing of interests – recognition


Controller's own interests: The controller’s interest lies in the optimal marketing of their products while ensuring the safety of purchases through automatic protection in the form of the Trusted Shops Buyer Protection guarantee, and authentic customer reviews. The Trustbadge must be steadily displayed; errors due to multiple transmission of identical order numbers must be avoided.


Interests of third parties: In addition, there are the interests of Trusted Shops AG in the fulfillment of contracts with registered Buyer Protection members and the interest of the service provider who is responsible for the faultless and uninterrupted rendering of the Trustbadge, for the analysis of security anomalies.


Those interests are also recognized by third parties, e.g. other companies. This indicates that said interests are legitimate.


The controller’s right to exercise a trade or profession is affected as its fundamental right. This indicates that said interests are legitimate.


These interests are recognized in other legal regulations as well, e.g. Act Against Unfair Competition [UWG], German Trademark Act [MarkenG]. This indicates that said interests are legitimate.


There is no less severe measure because only the verification of at least one pseudonym can ensure that registered users are automatically recognized. A login function, for example, would eliminate the contractually owed automatism.

Interim result:

The controller has a legitimate interest in the processing.,

Interests / Fundamental rights / Fundamental freedoms of data subjects


No other fundamental rights besides the right to the protection of the processed personal data of the data subject are affected.


Only a single pseudonym is processed. The data cannot directly be traced back to a particular person.


The data are not public. However, the data are collected from the data subject directly, and the data subject is clearly informed of this. The data are not published.


The data are of high quality; the error rate is low thanks to an automated transfer.


All visitors of the respective website are affected. However, only the data of registered Trusted Shops buyers who place an order with a certified online shop and who have concluded a contract for the automatic provision of services with Trusted Shops are processed further. Pseudonyms of other users who have not established any contractual relationship with Trusted Shops remain anonymous.


Website visitors know of the data processing, since it is common practice to integrate third-party visual content, and because they are clearly informed of this fact in the Privacy Policy.


The data will only be processed once in order to verify that the data subject is a registered member. After a check for a match, the parameter will be automatically deleted.

Balancing of interests in the narrow sense

The data subjects are clearly informed of the data processing in the Privacy Policy. Furthermore, data processing is to be expected, as the processing of pseudonyms is inevitable in the light of today's state of technology.  The data are processed only once and are not stored.

All data subjects in the narrow sense, i.e. those for whom further personal data must be additionally processed after a match has been identified, have established a contractual relationship with Trusted Shops AG. The further processing is justified in accordance with Article 6 (1) (b) GDPR, which also indicates that the interests of the controller and those of third parties are overriding. In all other cases, the data transferred is anonymous for the controller because the results are immediately erased without the possibility of being decrypted with the assistance of third parties or otherwise.

The processing of data therefore also serves the interests of some of data subjects and is expected by them. Data subjects are clearly informed of this data processing when concluding the contract with Trusted Shops AG and also in the Privacy Policy of the controller and of Trusted Shops AG.

Overall, the interests, fundamental rights, and freedoms of the data subject are not excessively affected by the data processing. The automatic processing of the data is also justified due to the overriding legitimate interests of the controller. The legitimate interests of the controller and the aforementioned third parties are overriding.

Text template for displaying the Trustbadge

Privacy Policy Template



We have developed this tool with utmost care but cannot guarantee that it is complete and correct. It is intended as a checklist with text templates and as a suggestion on how the aforementioned issues should be processed.

For detailed questions in individual cases, always seek professional legal advice.


Was this article helpful?

5 out of 8 found this helpful