Data protection guideline – recognition of registered Trusted Shops customers

When using the Trustbadge in the order process on your website, you – as a joint controller pursuant to Art. 26 GDPR – are required to:

  • Fulfill the requirements of your local e-privacy regulations
  • keep information in your records of processing activities up-to-date;
  • ensure the balancing of interests in accordance with Article 6 (1) (f) GDPR; and
  • adjust your Privacy Policy.

Requirements of your local e-privacy regulations

Your local e-privacy regulations may obligate you to obtain the consent of website visitors when storing information on the website visitor’s device or when gaining access to information already stored on the device (as stipulated in Art. 5 (3) e-privacy directive). An exception may apply to any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.

The Trustbadge accesses a so-called DIV element in the user's device in the checkout to obtain the following information:

  • email address
  • order number
  • order amount
  • currency
  • product purchased (only if you collect product reviews)

The Trustbadge then transmits this information to Trusted Shops, whereby the email address is hashed beforehand. The hash value of the email address is used to check whether your customer is already registered for the Trusted Shops services. If yes, the order is automatically secured and the customer receives a review invite. If not, the customer has the option of registering for the Trusted Shops services via the then displayed Trustcard in order to secure the order and receive review invites. If no registration is made, all personal data collected at short notice will be deleted.

According to your local e-privacy regulations, this may not be permitted in this form.

Customisation options

In order to meet the requirements of your local e-privacy regulation when using the Trustbadge, you have various options at your disposal:

 

  1. Deactivating automatic access by the Trustbadge to order information
  2. Enable Trustbadge consent request
  3. Clause in the terms and conditions
  4. Integration of the Trustbadge into the consent manager

 

1. Deactivating automatic transmission of order information by the Trustbadge

You have the option of requesting your CSM to deactivate the automatic transmission of order information by the Trustbadge. In this case, the Trustbadge is displayed on your website at all times and is active in the checkout. However, it does not automatically transmit order information to Trusted Shops. Instead, the Trustcard appears automatically after the order has been completed, so that your customers have the opportunity to register for the services. However, this also affects those customers who are actually already registered for the services, as no comparison can take place due to the lack of automatic transmission of the email hash value.

2. Enable Trustbadge consent request

You have the option of integrating the Trustbadge into your existing consent manager in a special form: https://help.etrusted.com/hc/en-gb/articles/8335065827357. This allows the Trustbadge to be displayed graphically even if consent has not been granted and offers limited functionalities. If consent is granted, the Trustbadge works as you are used to.

If a customer visits your website and gives their consent in the Consent Manager, information is automatically transmitted to Trusted Shops after the order is placed, so that with an existing registration for the Trusted Shops services the order is automatically secured and a review invite is sent. If there is no registration, the customer can register for the first time using the displayed Trustcard.

If the customer does not give consent in the Consent Manager, the Trustcard appears in the checkout so that your customers have the option of registering for the services. This, in turn, also affects those customers who are actually already registered for the services, as no comparison can take place due to the lack of automatic transmission of the e-mail hash value.

3. Clause in the terms and conditions

When using variant 1 or 2 described above, the Trustbadge also accesses information in the DIV element without consent in order to display the Trustcard correctly. For example, the Trustcard must know how high the total order amount is in order to display how high the protection will be. However, the data is not transmitted to Trusted Shops. Whether access within the meaning of your local e-privacy regulationsis therefore taking place is debatable. If one assumes that this is the case, it can be assumed that this access is necessary to provide the service that is explicitly requested by the user. In this case, there would be no obligation to give consent. Necessity can be affirmed in any case if offering buyer protection is listed in the GTC as an obligation of your online shop. Since you can only offer buyer protection as an essential part of your online shop if the Trustbadge accesses information in the DIV element, there is a necessity. We have provided you with suggestions for GTC clauses under: Template text for your privacy declaration (Trustbadge and widgets) – eTrusted Help Centre.

If you take the legal view that the automatic matching of the hash value of the e-mail address of buyers is also necessary for you to be able to provide your online shop, you could waive the consent of your customers. A technical adjustment in the implementation of the Trustbadge would then not be necessary. In this case, however, you should at least adapt your GTC accordingly. We advise against this, however, as it is associated with considerable legal risks.

4. Integration of the Trustbadge into the consent manager

If you simply integrate the Trustbadge into your existing consent manager and only allow the functionality of the Trustbadge if a visitor to your online shop has consented to the use of all cookies or/and third-party services or individually to the activation of the Trustbadge, the requirements of your local e-privacy regulations can be met. At the same time, product usage could decrease. As soon as a website visitor has not consented, no more functions of the Trustbadge will be available. This means that it will neither be displayed visually nor will your customer have the opportunity to register for the Trusted Shops services in the checkout. Thus, all customers who have not consented to the display of the Trustbadge will not receive any review invites.

Templates for adapting your privacy notices

Since the type of processing of personal data and the legal basis change when using one of the variants described above, you may need to adapt your privacy notices. We have created suitable templates for all variants. You can find these under Template text for your privacy declaration (Trustbadge and widgets) – eTrusted Help Centre” in the Help Centre. You can also create suitable data protection notices using the Trusted Shops Rechtstexter.

Information concerning records of processing activities

Recognition of registered Trusted Shops Buyer Protection users

This process describes how personal data is processed in the context of the recognition of registered Trusted Shops Buyer Protection members through the Trustbadge on the controller's website.

Detailed description of the processing:

After an order has been placed via the controller’s website, a pseudonym is transferred to Trusted Shops AG in order to check whether the data subject is already a registered user of the Trusted Shops services. We are obliged to undertake this verification as part of the Trusted Shops Buyer Membership Agreements so members can automatically use the contractual services after placing orders on third parties’ websites. For this purpose, personal data is automatically collected from the order data. The email address of the data subject is converted into a hash value on the data subject’s computer using a cryptographic one-way hash function. This hash value – which is impossible for Trusted Shops to decrypt – is transmitted to Trusted Shops. After a check for a match, the parameter is automatically deleted.

Legal grounds

Overriding legitimate interests pursuant to Article 6 (1) (f) GDPR

Processing purposes

Optimal marketing of the controller’s products by ensuring safety of purchases using automatic protection offered by Trusted Shops Buyer Protection and authentic customer reviews.

Data subjects

Website visitors who place an order

Processed data

Pseudonym of the email address

Recipient:

Trusted Shops AG, Subbelrather Str. 15c, 50823 Köln

Technical and organisational measures

The technical and organisational measures of Trusted Shops AG

Balancing of interests – recognition

traffic_green.png

Controller's own interests: The controller’s interest lies in the optimal marketing of their products while ensuring the safety of purchases through automatic protection in the form of the Trusted Shops Buyer Protection guarantee, and authentic customer reviews. The Trustbadge must be steadily displayed; errors due to multiple transmission of identical order numbers must be avoided.

traffic_green.png

Interests of third parties: In addition, there are the interests of Trusted Shops AG in the fulfillment of contracts with registered Buyer Protection members and the interest of the service provider who is responsible for the faultless and uninterrupted rendering of the Trustbadge, for the analysis of security anomalies.

traffic_green.png

Those interests are also recognized by third parties, e.g. other companies. This indicates that said interests are legitimate.

traffic_green.png

The controller’s right to exercise a trade or profession is affected as its fundamental right. This indicates that said interests are legitimate.

traffic_green.png

These interests are recognized in other legal regulations as well, e.g. Act Against Unfair Competition [UWG], German Trademark Act [MarkenG]. This indicates that said interests are legitimate.

traffic_yellow.png

There is no less severe measure because only the verification of at least one pseudonym can ensure that registered users are automatically recognized. A login function, for example, would eliminate the contractually owed automatism.

Interim result:

The controller has a legitimate interest in the processing.,

Interests / Fundamental rights / Fundamental freedoms of data subjects

traffic_yellow.png

No other fundamental rights besides the right to the protection of the processed personal data of the data subject are affected.

traffic_yellow.png

Only a single pseudonym is processed. The data cannot directly be traced back to a particular person.

traffic_yellow.png

The data are not public. However, the data are collected from the data subject directly, and the data subject is clearly informed of this. The data are not published.

traffic_green.png

The data are of high quality; the error rate is low thanks to an automated transfer.

traffic_yellow.png

All visitors of the respective website are affected. However, only the data of registered Trusted Shops buyers who place an order with a certified online shop and who have concluded a contract for the automatic provision of services with Trusted Shops are processed further. Pseudonyms of other users who have not established any contractual relationship with Trusted Shops remain anonymous.

traffic_green.png

Website visitors know of the data processing, since it is common practice to integrate third-party visual content, and because they are clearly informed of this fact in the Privacy Policy.

traffic_green.png

The data will only be processed once in order to verify that the data subject is a registered member. After a check for a match, the parameter will be automatically deleted.

Balancing of interests in the narrow sense

The data subjects are clearly informed of the data processing in the Privacy Policy. Furthermore, data processing is to be expected, as the processing of pseudonyms is inevitable in the light of today's state of technology.  The data are processed only once and are not stored.

All data subjects in the narrow sense, i.e. those for whom further personal data must be additionally processed after a match has been identified, have established a contractual relationship with Trusted Shops AG. The further processing is justified in accordance with Article 6 (1) (b) GDPR, which also indicates that the interests of the controller and those of third parties are overriding. In all other cases, the data transferred is anonymous for the controller because the results are immediately erased without the possibility of being decrypted with the assistance of third parties or otherwise.

The processing of data therefore also serves the interests of some of data subjects and is expected by them. Data subjects are clearly informed of this data processing when concluding the contract with Trusted Shops AG and also in the Privacy Policy of the controller and of Trusted Shops AG.

Overall, the interests, fundamental rights, and freedoms of the data subject are not excessively affected by the data processing. The automatic processing of the data is also justified due to the overriding legitimate interests of the controller. The legitimate interests of the controller and the aforementioned third parties are overriding.

Text template for displaying the Trustbadge

Privacy Policy Template

 

 

We have developed this tool with utmost care but cannot guarantee that it is complete and correct. It is intended as a checklist with text templates and as a suggestion on how the aforementioned issues should be processed.

For detailed questions in individual cases, always seek professional legal advice.

 


Was this article helpful?

2 out of 4 found this helpful