When using the Trustbadge in the order process on your website, you – as a joint controller pursuant to Art. 26 GDPR – are required to:
- Fulfill the requirements of your local e-privacy regulations
- keep information in your records of processing activities up-to-date;
- ensure the balancing of interests in accordance with Article 6 (1) (f) GDPR; and
Requirements of your local e-privacy regulations
Your local e-privacy regulations may obligate you to obtain the consent of website visitors when storing information on the website visitor’s device or when gaining access to information already stored on the device (as stipulated in Art. 5 (3) e-privacy directive). An exception may apply to any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
The Trustbadge accesses a so-called DIV element in the user's device in the checkout to obtain the following information:
- email address
- order number
- order amount
- product purchased (only if you collect product reviews)
The Trustbadge then transmits this information to Trusted Shops, whereby the email address is hashed beforehand. The hash value of the email address is used to check whether your customer is already registered for the Trusted Shops services. If yes, the order is automatically secured and the customer receives a review invite. If not, the customer has the option of registering for the Trusted Shops services via the then displayed Trustcard in order to secure the order and receive review invites. If no registration is made, all personal data collected at short notice will be deleted.
In order to meet the requirements of your local e-privacy regulation when using the Trustbadge, you have various options at your disposal:
- Enable Trustbadge consent request
- Clause in the terms and conditions
- Integration of the Trustbadge into the consent manager
1. Enable Trustbadge consent request
You have the option of integrating the Trustbadge into your existing consent manager in a special form: https://help.etrusted.com/hc/en-gb/articles/8335065827357. This allows the Trustbadge to be displayed graphically even if consent has not been granted and offers limited functionalities. If consent is granted, the Trustbadge works as you are used to.
If the customer does not give consent in the Consent Manager or if you have not or not correctly integrated the Trustbadge into your Consent Manager despite the "Enable Trustbadge consent request", the Trustcard appears in the checkout so that your customers have the option of registering for the services. This, in turn, also affects those customers who are actually already registered for the services, as no comparison can take place due to the lack of automatic transmission of the e-mail hash value.
2. Clause in the terms and conditions
When using the variant described above, the Trustbadge also accesses information in the DIV element without consent in order to display the Trustcard correctly. For example, the Trustcard must know how high the total order amount is in order to display how high the protection will be. However, the data is not transmitted to Trusted Shops. Whether access within the meaning of your local e-privacy regulationsis therefore taking place is debatable. If one assumes that this is the case, it can be assumed that this access is necessary to provide the service that is explicitly requested by the user. In this case, there would be no obligation to give consent. Necessity can be affirmed in any case if offering buyer protection is listed in the GTC as a mandatory part of the ordering process. Since you can only offer buyer protection as an essential part of your online shop if the Trustbadge accesses information in the DIV element, there is a necessity. We have provided you with suggestions for GTC clauses under: Template text for your privacy declaration (Trustbadge and widgets) – eTrusted Help Centre.
If you take the legal view that the automatic matching of the hash value of the e-mail address of buyers is also necessary for you to be able to provide your online shop, you could waive the consent of your customers. A technical adjustment in the implementation of the Trustbadge would then not be necessary. In this case, however, you should adapt your GTC accordingly.
3. Integration of the Trustbadge into the consent manager
If you simply integrate the Trustbadge into your existing consent manager and only allow the functionality of the Trustbadge if a visitor to your online shop has consented to the use of all cookies or/and third-party services or individually to the activation of the Trustbadge, the requirements of your local e-privacy regulations can be met. At the same time, product usage could decrease. As soon as a website visitor has not consented, no more functions of the Trustbadge will be available. This means that it will neither be displayed visually nor will your customer have the opportunity to register for the Trusted Shops services in the checkout. Thus, all customers who have not consented to the display of the Trustbadge will not receive any review invites and no possibility to use the buyer protection.
Templates for adapting your privacy notices
Since the type of processing of personal data and the legal basis change when using one of the variants described above, you may need to adapt your privacy notices. We have created suitable templates for all variants. You can find these under “Template text for your privacy declaration (Trustbadge and widgets) – eTrusted Help Centre” in the Help Centre. You can also create suitable data protection notices using the Trusted Shops “Rechtstexter”.
Information concerning records of processing activities
Recognition of registered Trusted Shops Buyer Protection users
This process describes how personal data is processed in the context of the recognition of registered Trusted Shops Buyer Protection members through the Trustbadge on the controller's website.
Detailed description of the processing:
After an order has been placed via the controller’s website, a pseudonym is transferred to Trusted Shops AG in order to check whether the data subject is already a registered user of the Trusted Shops services. We are obliged to undertake this verification as part of the Trusted Shops Buyer Membership Agreements so members can automatically use the contractual services after placing orders on third parties’ websites. For this purpose, personal data is automatically collected from the order data. The email address of the data subject is converted into a hash value on the data subject’s computer using a cryptographic one-way hash function. This hash value – which is impossible for Trusted Shops to decrypt – is transmitted to Trusted Shops. After a check for a match, the parameter is automatically deleted.
Overriding legitimate interests pursuant to Article 6 (1) (f) GDPR
Optimal marketing of the controller’s products by ensuring safety of purchases using automatic protection offered by Trusted Shops Buyer Protection and authentic customer reviews.
Website visitors who place an order
Pseudonym of the email address
Trusted Shops AG, Subbelrather Str. 15c, 50823 Köln
Technical and organisational measures
The technical and organisational measures of Trusted Shops AG
Balancing of interests – recognition
Controller's own interests: The controller’s interest lies in the optimal marketing of their products while ensuring the safety of purchases through automatic protection in the form of the Trusted Shops Buyer Protection guarantee, and authentic customer reviews. The Trustbadge must be steadily displayed; errors due to multiple transmission of identical order numbers must be avoided.
Interests of third parties: In addition, there are the interests of Trusted Shops AG in the fulfillment of contracts with registered Buyer Protection members and the interest of the service provider who is responsible for the faultless and uninterrupted rendering of the Trustbadge, for the analysis of security anomalies.
Those interests are also recognized by third parties, e.g. other companies. This indicates that said interests are legitimate.
The controller’s right to exercise a trade or profession is affected as its fundamental right. This indicates that said interests are legitimate.
These interests are recognized in other legal regulations as well, e.g. Act Against Unfair Competition [UWG], German Trademark Act [MarkenG]. This indicates that said interests are legitimate.
There is no less severe measure because only the verification of at least one pseudonym can ensure that registered users are automatically recognized. A login function, for example, would eliminate the contractually owed automatism.
The controller has a legitimate interest in the processing.,
Interests / Fundamental rights / Fundamental freedoms of data subjects
No other fundamental rights besides the right to the protection of the processed personal data of the data subject are affected.
Only a single pseudonym is processed. The data cannot directly be traced back to a particular person.
The data are not public. However, the data are collected from the data subject directly, and the data subject is clearly informed of this. The data are not published.
The data are of high quality; the error rate is low thanks to an automated transfer.
All visitors of the respective website are affected. However, only the data of registered Trusted Shops buyers who place an order with a certified online shop and who have concluded a contract for the automatic provision of services with Trusted Shops are processed further. Pseudonyms of other users who have not established any contractual relationship with Trusted Shops remain anonymous.
The data will only be processed once in order to verify that the data subject is a registered member. After a check for a match, the parameter will be automatically deleted.
Balancing of interests in the narrow sense
All data subjects in the narrow sense, i.e. those for whom further personal data must be additionally processed after a match has been identified, have established a contractual relationship with Trusted Shops AG. The further processing is justified in accordance with Article 6 (1) (b) GDPR, which also indicates that the interests of the controller and those of third parties are overriding. In all other cases, the data transferred is anonymous for the controller because the results are immediately erased without the possibility of being decrypted with the assistance of third parties or otherwise.
Overall, the interests, fundamental rights, and freedoms of the data subject are not excessively affected by the data processing. The automatic processing of the data is also justified due to the overriding legitimate interests of the controller. The legitimate interests of the controller and the aforementioned third parties are overriding.
Text template for displaying the Trustbadge
We have developed this tool with utmost care but cannot guarantee that it is complete and correct. It is intended as a checklist with text templates and as a suggestion on how the aforementioned issues should be processed.
For detailed questions in individual cases, always seek professional legal advice.