Data protection guideline – recognition of registered Trusted Shops customers

When using the Trustbadge for the ordering process on your website, you – as the data controller – are required to:

  • keep information in your records of processing activities up-to-date;
  • ensure the balancing of interests in accordance with Article 6 (1) (f) GDPR; and
  • adjust your Privacy Policy.

We have developed this tool with utmost care but cannot guarantee that it is complete and correct. It is intended as a checklist with text templates and as a suggestion on how the aforementioned issues should be processed.

For detailed questions in individual cases, always seek professional legal advice.

Information concerning records of processing activities

Recognition of registered Trusted Shops buyers

This process describes how personal data are processed in the context of the recognition of Trusted Shop buyers through the Trustbadge on the controller's website.

Detailed description of the processing:

After the placement of an order via the controller’s website a pseudonym is transferred to Trusted Shops GmbH in order to check whether the data subject is already a registered user of the Trusted Shops services. We are obliged to undertake this verification as part of the Trusted Shops Buyer Membership Agreements so members can use the contractual services automatically after placing orders on the websites of third parties. The email address of the data subject is converted into a hash value on the data subject’s computer using a cryptographic one-way hash function. This hash value – which is impossible for Trusted Shops to decrypt – is transmitted to Trusted Shops. After a check for a match, the parameter is automatically deleted.

Legal grounds

Overriding legitimate interests pursuant to Article 6 (1) (f) GDPR

Processing purposes

Optimal marketing of the controller’s products while ensuring safety of purchases using automatic protection offered by Trusted Shops Buyer Protection and authentic customer reviews.

Data subjects

Website visitors who place an order

Processed data

Pseudonym of the email address


Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Köln

Technical and organisational measures

The technical and organisational measures of Trusted Shops GmbH apply:

Balancing of interests – recognition

Interests of the controller


Controller's own interests: The controller’s interest lies in the optimal marketing of their products while ensuring the safety of purchases through automatic protection in the form of the Trusted Shops Buyer Protection guarantee, and authentic customer reviews.


Interests of third parties: Trusted Shops GmbH also has an interest in the fulfilment of contracts with registered buyers.


Those interests are also recognised by third parties, e.g. other companies. This indicates that said interests are legitimate.


The controller’s right to exercise a trade or profession is affected as its fundamental right. This indicates that said interests are legitimate.


These interests are recognised in other legal regulations as well, e.g. Act Against Unfair Competition [UWG], German Trademark Act [MarkenG]. This indicates that said interests are legitimate.


There is no less severe measure which can guarantee faultless security of the respective purchase, and the submission and verification of an "authentic" customer review than connecting the customer's information to the respective transaction, and automatically providing the relevant transaction data.

Interim result:

The controller has a legitimate interest in the processing.,

Interests / Fundamental rights / Fundamental freedoms of data subjects


No other fundamental rights besides the right to the protection of the processed personal data of the data subject are affected.


One pseudonym is processed. The data cannot directly be traced back to a particular person.


The data are not public. However, the data are collected from the data subject directly, and they are clearly informed of this. The data are not published.


The data are of high quality; the error rate is low thanks to automatic transfer.


All visitors of the respective website are affected. However, only the data of registered Trusted Shops buyers who buy in a certified online shop and who have concluded a contract for the automatic provision of services with Trusted Shops are processed further. Pseudonyms of other users who have not established any contractual relationship with Trusted Shops remain anonymous.


Website visitors know of the data processing, since it is common practice to integrate third-party visual content, and because they are clearly informed of this fact in the Privacy Policy.


The data will only be processed once in order to verify that the data subject is a registered member. After a check for a match, the parameter will be automatically deleted.

Balancing of interests in the narrow sense

The data subjects are clearly informed of the data processing in the Privacy Policy. Furthermore, data processing is to be expected, as the processing of pseudonyms is inevitable in the light of today's state of technology.  The data are processed only once and are not stored.

All data subjects in the narrow sense, i.e. those for whom further personal data must be additionally processed after a match has been identified, have established a contractual relationship with Trusted Shops GmbH. The further processing is justified in accordance with Article 6 (1) (b) GDPR, which also indicates that the interests of the controller and those of third parties are overriding. In all other cases, the data transferred is anonymous for the controller because the results are immediately erased without the possibility of being decrypted with the assistance of third parties or otherwise.

The processing of data therefore also serves the interests of some of data subjects and is expected by them. Data subjects are clearly informed of this data processing when concluding the contract with Trusted Shops GmbH and also in the Privacy Policy of the controller and of Trusted Shops GmbH.

Overall, the interests, fundamental rights, and freedoms of the data subject are not excessively affected by the data processing. The automatic processing of the data is also justified due to the overriding legitimate interests of the controller.  The legitimate interests of the controller and the aforementioned third parties are overriding.

Text template for displaying the Trustbadge

Privacy Policy Template


Was this article helpful?

0 out of 0 found this helpful