Data protection

Data Protection Statement

This data protection statement gives you an overview of the processing of your data at Tradebyte. It applies to all websites and other services offered by Tradebyte.

How to read this data protection statement:

We provide different ways to read this data protection statement. First of all, you will find some basic information in this section. Subsequently, we have classified this data protection statement according to the topics relevant to you and divided it into individual chapters. Should you already know all about the topic, you can go directly to the individual chapters.

We have omitted cross-references whenever possible. This ensures that you receive a coherent explanation of all the information, no matter which chapter you are currently reading. However, if you read this data protection statement from beginning to end, you may notice repetitions of text.

This data protection statement applies to the following services:

The way we at Tradebyte process your data is similar for most of our offers. This data protection statement therefore applies to all services which we offer our customers in Europe. Regardless of whether we do this via a website, by telephone, at events or via other channels.

You will learn the following in this data protection statement:

  • Which data is stored by Tradebyte.
  • What we do with this data and what they are required for.
  • Which data protection rights and choices you have.
  • Which technology and data we use for advertising.

If you have any questions about this data protection statement or generally about data protection at Tradebyte, you can contact our data protection officer at datenschutz@tradebyte.com.

1. Which data does Tradebyte process?

Tradebyte is the link between platform operators such as Zalando and external shop providers who offer goods via these platforms. Data processing in this context ensues via an online platform, which serves to exchange shipping orders and to maintain and exchange product data of the customer. The sole person responsible for the customer data processed in this way in accordance with Art. 24 GDPR is the respective provider of the goods. He is solely responsible for assessing the permissibility of data processing and use and for safeguarding the rights of the data subjects. Please note that the provider of the goods have their own data protection regulations. These can usually be found on the websites of the respective provider. Tradebyte is not responsible for the data protection regulations and data processing practices of the providers.

In addition, we primarily receive data collected when you interact with our websites. For example, this could be information about which device you are using.

When we talk about “your data”, we mean personal data. This is all the information with which we could identify you immediately or in combination with other information. Examples: Your name, your telephone number, your customer number, order numbers, or your e-mail address. All information with which we cannot identify you (not even in combination with other information) is considered non-personal data. Non-personal data is also referred to as anonymous data. If we combine your personal data with anonymous data, all the data in this data set is considered personal data. If we delete the personal data from information or a data set about you, then the remaining data in this data set is no longer considered personal data. This procedure is called anonymisation. Generally, the following applies: If we ask you to provide certain personal information, you may of course refuse to do so. You decide which information you provide us with. However, we may not (or not optimally) be able to provide you with the services you require. This may be the case, for example, in the presentation of the website.

1.1. Contact data

If you contact us, e.g. to express your interest or to register for a training session or webinar, we collect your contact data. Depending on how you contact us (e.g. via contact form, by telephone or e-mail), your contact details may include your name, company, postal addresses, telephone numbers, fax numbers, e-mail addresses, and similar contact details.

1.2. Conversation content, contact forms, newsletter subscription and Infocenter (log-in)

When you communicate with us or other users by telephone, mail, social media services, contact forms or otherwise, we collect the content of your messages. If you contact us via a contact form or subscribe to the e-mail newsletter, we collect information in addition to your contact data regarding how the newsletter should be sent or the data transmitted by you within the scope of the form. The only mandatory field when subscribing to the newsletter is the e-mail address. Surname and first name may be entered optionally. Additional mandatory fields when registering for the Infocenter, our login area, are the company name and a user name.

1.3. Social network data

Tradebyte also uses the services of social networks such as Facebook for its PR. We use these popular platforms to provide you with information in addition to our own communication channels. Please note, however, that we have no influence on the terms of use of the social networks and the services they offer and only have limited influence on their data processing. We therefore ask you to carefully consider which personal data you communicate to us via social networks. We cannot influence the behaviour of social network operators, other users or third parties who may work with or use the services of social network operators.

Tradebyte’s websites may incorporate social networking features. These can be messenger services and so-called social plug-ins. We may receive data from the respective providers with which you can be identified. Generally, we receive the following data from social networks:

  • Your public profile information stored with the respective social network (e.g. name, profile picture)
  • Information about the type of device you are using
  • The account ID of your profile on the respective network (e.g. Facebook ID)

Furthermore, we do not receive any data from social network providers without your consent which could be used to identify or contact you.

Further information can be found in the terms of use and data protection information of the respective providers.

Please also note the information on processing social network data in connection with functions of social networks under “Information about websites”.

Tradebyte currently uses the social plug-ins of the following social networks:

  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA („Facebook“). The link to Facebook’s data protection statement can be found here: Facebook’s data policy.
  • Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA („Twitter“). The link to Twitter’s data protection statement can be found here: Twitter’s data policy.

1.4. ECD Gate

Upon your registration for the ECD, we will process the personal data required for purchasing your ticket. This data is provided by you via the respective input fields during the purchasing process and is needed to prepare your tickets and to realise and carry out the ECD. Additionally, you will automatically be included in the ECD platform’s so-called “matchmaking service”. You can use the service, which will be activated some weeks prior to the ECD, to contact other participants in order to set up meetings at the event. To facilitate this process, your contact data (e.g. name, email, business address, job title and – if applicable – phone number) as well as any other data you might have provided, will be made visible to other participants. The “matchmaking service” is an obligatory part of the ECD. The legal basis for processing data in this way is Art. 6 (1) lit. b GDPR.

We hereby also advise you that we will create audio- as well as video recordings during the ECD, which will be used for promotional purposes in our external representation without any constraints regarding time, region, or content. This includes use in our promotional media and mailings, on our websites and social media channels as well as in other media (e.g. yearbooks/annual reports, chronologies, business reports, catalogues, appearances at trade fairs etc.). The legal basis for processing data in this way is Art. 6 (1) lit. a GDPR (if based on your consent), Art. 6 (1) lit b GDPR (if necessary to comply with contracts), and Art. 6 (1) lit f GDPR (to protect our legitimate interests stated above). If possible, we will make you aware of such recordings either at registration or during the event itself (e.g. by using a suitable sign or some other way of notification). If you do not wish to appear in any such recordings, please feel free to communicate your wish to our employees and the ECD photographers at any time.

Once you have registered for the ECD, we will be able to contact you via email to inform you about similar future offers and events. The legal basis for processing data in this way is our legitimate interest, as stated above, according to Art. 6 (1) lit. f GDPR. You can refuse to receive such emails or unsubscribe for free at any time. A link for unsubscribing will be provided in each mailing. Alternatively, it would suffice to contact us directly.

1.5. Applications

We collect data in connection with applications in various ways:

In the case of applications by e-mail, the submitted documents and information will be stored.

For applications via contact forms, the first name, surname, e-mail address and details are stored in free text fields or uploaded documents. At the invitation of our recruiting team, you have the opportunity to consent to the storage of your data in our talent pool upon completion of your application process. If you make use of this option, your application data will be stored with us for 12 months.

After 12 months, your application data will be deleted automatically.

Of course, you can always request the deletion of your data by e-mail to: Jobs@Tradebyte.com at any time.

1.6. Device and access data

When using online services, it is unavoidable that technical data is created and processed in order to provide the functions and content offered and to be displayed on your device. We summarise this data as “device and access data”. Device and access data is generated each time an online service is used. It does not matter who the provider is. Device and access data therefore arise, for example, during the use of:

  • Websites
  • E-mail newsletters (i.e. when your newsletter interaction is recorded)
  • Location-based services

Device and access data include the following categories:

  • General device information, such as type of device, operating system version, configuration settings (e.g. language settings, system permissions), information about the internet connection (e.g. name of the mobile network, connection speed).
  • Identification data (IDs), such as session IDs, cookie IDs, unique device ID numbers (e.g. Google Advertising ID, Apple Ad ID), third-party account IDs (if you use social plug-ins), and other popular internet technology to recognise your web browser or device.
  • Access data that is automatically transmitted each time web servers and databases are accessed online by web browsers (as part of so-called HTTP requests). This includes standardised information on the requested content (such as the name and file type of a file accessed) as well as further information on server access (such as transmitted data volume and error codes), your device (such as the type of device, operating system, software versions, device IDs, IP address, the previously visited page and the time of access).

2. Why does Tradebyte use my data?

Tradebyte processes your data in compliance with all applicable data protection laws. In doing so, we naturally observe the principles of data protection law for the processing of personal data. We therefore only process your data for the purposes explained to you in this data protection statement or communicated to you when collecting the data. These primarily include marketing for our services.

In this chapter we also inform you on which legal basis we process data for individual purposes. Depending on the legal basis on which we process your data, you may be entitled to special data protection rights – in addition to the existing data protection rights which always apply such as the right to information. For example, in some cases you have the right to object to the processing of your data.

2.1. Advertising 

We use your data, also in the context of data analyses, for advertising purposes. In particular, we pursue the following purposes:

  • Advertising for existing customers.
  • Advertising for existing customers.
  • Direct advertising, e.g. in the form of newsletters.
  • The planning, implementation and success monitoring of advertising which corresponds to the interests of the target groups addressed (personalised advertising).• Findings on how our services are used (usage analysis).

Depending on the purpose, we use the data stored by us for data analyses.

We process your data on the basis of a balance of interests to protect our legitimate interests. Tradebyte’s legitimate interest in data processing arises from the respective purposes and is, unless otherwise stated, of a competitive and economic nature.

Legal basis:

If data is processed with your consent for the purposes described above, the legal basis is Article 6 (1) (a) GDPR (consent). Otherwise, data processing is carried out on the basis of Article 6 (1) (f) GDPR, the legitimate interests being in the above-mentioned purposes. You can deactivate the processing of your data for personalised advertising and usage analysis at any time. If you click on the following link, an opt-out cookie is set, which prevents the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=en and https://adssettings.google.com/authenticated?hl=en

2.2. Application process

The purposes are:

  • Filling specific vacancies
  • Being added in the talent pool so that we can contact you for suitable vacancies in the future.

Legal basis:

If data is processed with your consent for the purposes described above, the legal basis is Article 6 (1) (a) GDPR (consent). Otherwise, data processing is carried out on the basis of Article 6 (1) (f) GDPR, the legitimate interests being in the above-mentioned purposes.

2.3. Due to your consent

If you have given us your consent for the processing of personal data, your consent (Article 6 (1) (a) GDPR) is the primary basis of our data processing. Which of your data we process on the basis of your consent depends on the purpose of your consent. Typical purposes are, for example:

  • Subscription to a newsletter.
  • Subscription to a newsletter.
  • Participation in the ECD Gate and “matchmaking” service.
  • The entry of data in contact forms.
  • The transfer of your data to third parties or to a country outside the European Union

Revocation information

You can revoke a previously given consent at any time with effect for the future, e.g. by mail, letter or fax.
In addition, there is a corresponding unsubscribe link in every newsletter.

2.4. Other purposes

If data protection law permits, we may also use your data without your consent for new purposes, for example in carrying out data analyses and in the further development of our services and content. This requires that the new purposes for which the data is to be used have not yet been defined or were not foreseeable when the data concerned was collected and that the new purposes are compatible with the purposes for which the data concerned was originally collected. For example, new developments in the legal or technical field and new business models and services can lead to new processing purposes.

3. Information about websites

We use your data to make the Tradebyte websites available. In addition to the device and access data which is generated each time you use these services, the type of data processed and the processing purposes depend in particular on how you use the functions and services provided via our services. Furthermore, we use the data arising from the use of our services to find out how our online service is used.

3.1. Provider

The provider of the websites is Tradebyte Software GmbH, Bahnhofsplatz 8, 91522 Ansbach, Germany.

3.2. Which data is collected?

We generally collect all data that you provide us with directly via our services.

Device and access data
Every time our servers and databases are accessed, device and access data is generated and logged in server log files. The IP address contained therein will swiftly be made anonymous, as soon as storage is no longer necessary to maintain the functionality of the respective website.

If available and enabled on your device, we will also collect a device-specific ID number (e.g. a so-called “Advertising ID” if you are using an Android device or an “Ad ID” if you are using an Apple device). This device ID is assigned by the manufacturer of your device’s operating system and can be read and used by websites and apps to present content based on your usage habits. Should you not desire this, you can disable it at any time in your device’s browser settings or system settings.

3.3. Login: Infocenter

If you are Tradebyte customers, you have the possibility to access the Infocenter from the product (e.g. TB.One). There you can carry out various product-related settings. These settings are saved.

3.4. Social plug-ins

Our services may include social plug-ins (“plug-ins”) of various social networks. You can use these plug-ins to share content or recommend products, for example. By integrating the plug-ins, the social network receives the information that you have accessed the corresponding page of our website and can record your device and access data. If you are logged in to the social network, the social network can also assign the visit to your account on the respective social network. When you interact with the plug-ins, such as pressing the Facebook “Like” button or posting a comment, the information is sent directly from your browser to the social network and stored there. The purpose and scope of the data collection and further processing and use of the data by social networks, as well as your relevant rights and setting options for the protection of your privacy, can be found in the data protection information of the respective networks and websites. The links for this can be found below. Even if you are not logged in to the social networks, data can be sent to the networks from websites with active social plug-ins. An active plug-in sets a cookie with an ID each time the website is accessed. As your web browser sends this cookie with every connection to a server without being asked, the social network could in principle create a profile of which websites the user belonging to the ID has accessed. And it would then also be quite possible to assign this ID to a person again later – for example when logging on to the social network later.

Facebook social plug-ins 

On some websites, we use the plug-ins of the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The link to Facebook’s data protection statement can be found here: Facebook’s data policy.

Social Plug-ins von Twitter

On some websites, we use the plug-ins of the social network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The link to Twitter’s data protection statement can be found here: Twitter’s data policy.

3.5. Online advertising/retargeting

Our websites contain cookies and similar tracking technology from advertising partners who operate an online advertising network. In this way it is also possible for our advertising partners to record your device and access data and to present you with personalised advertising on other websites and in apps, also from other providers, which is oriented towards your interests.

Currently, we exclusively use Google services for these purposes. You can deactivate the processing of your data for retargeting at any time. If you click on the following link, an opt-out cookie is set, which prevents the future collection of your data when you visit this website: https://adssettings.google.com/authenticated?hl=en

3.6. Usage analysis

We use common tracking technology in all our services for evaluating device and access data. Specifically, we use Google Analytics. This allows us to know how our services are generally used by our users. Identification cookies and similar identifiers are used. For example, we learn which content and topics are particularly popular, at which times our services are used particularly frequently, from which regions (down to city level) our services are used and which browsers and devices our users generally use.

You can deactivate the processing of your data for usage analysis at any time. If you click on the following link, an opt-out cookie is set, which prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en

4. Newsletter

We offer you various newsletter services. Information on the topics covered by the individual newsletters and further information are available when you subscribe to a newsletter service. When using our newsletters, we also collect device and access data.

4.1. How do I subscribe?

We use the so-called double opt-in procedure for sending our newsletters which are subject to subscription, i.e. we will not send you a newsletter until you have expressly agreed in advance that we should activate the newsletter service. Furthermore, you must have confirmed that the e-mail address you have provided belongs to you. For this purpose, we will send you a notification e-mail and ask you to confirm that you are the owner of the e-mail address provided by clicking on a link contained in this e-mail.

4.2. Unsubscribing

Should you not wish to receive any newsletters from us at a later date, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form (e.g. e-mail, fax, letter) to us is sufficient. Of course you will also find an unsubscribe link in every newsletter.

4.3. Which data is collected?

When you register for a newsletter, we automatically store your IP address and the time of registration and confirmation. In this way we can prove that you have actually subscribed and, if necessary, recognise the misuse of your e-mail address.

We collect device and access data which is generated during your interaction with a newsletter. For this evaluation, the newsletters contain references to image files that are stored on our web server. When you open a newsletter, your e-mail programme loads these image files from our web server. We record the resulting device and access data in pseudonymised form under a randomly generated identification number (newsletter ID), which we do not use for identifying you without your consent. This enables us to track whether and when you have opened which issues of a newsletter. The links contained in the newsletters also contain your newsletter ID so that we can record what you are interested in.

You can unsubscribe from the newsletter analysis at any time by unsubscribing from the relevant newsletter service. Of course you will also find an unsubscribe link in every issue of our newsletters. For more information, see “What data protection rights do I have?” below in this data protection statement.

Alternatively, you can deactivate the display of images in your e-mail programme. In this case, however, you will not be able to view the complete newsletter.

5. How does Tradebyte use my data for advertising?

Tradebyte uses your data for advertising exclusively in the context of sending newsletters. Advertising by Tradebyte is not personalised.

6. To whom is my data transmitted?

Tradebyte will only pass on your data if this is permitted under German or European data protection law. We work particularly closely with a number of service providers, such as technical service providers (e.g. the operation of data centres). These service providers may categorically only process your data on our behalf under special conditions. If we use them as contract processors, the service providers only have access to your data to the extent and for the period necessary for the provision of the respective service.

6.1. Companies of the Zalando Group

Within the Zalando Group, many systems and technologies are used mutually. This enables us to offer you a less expensive, better, safer, more consistent and more interesting service. Therefore, the companies and departments within the Zalando Group that need your data to fulfil our contractual and legal obligations or to fulfil their respective functions within the Zalando Group have access to your data.

6.2 Technical service providers

We work together with technical service providers to provide you with our services. These service providers include for example Salesforce.com EMEA Ltd. and the Amazon Web Services, Inc. If they process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than the European Union. In such cases, Tradebyte shall ensure that the service providers concerned guarantee an equivalent level of data protection by contract or otherwise.

6.3. Authorities and other third parties

As far as we are obliged by a decision of authorities or courts or for legal or criminal prosecution, we pass on your data to law enforcement authorities or other third parties if necessary.

7. Which data protection rights do I have?

You have the following legal data protection rights under the respective legal requirements: Right of access by the data subject (Article 15 GDPR), Right to erasure (Article 17 GDPR), Right to rectification (Article 16 GDPR), Right to restriction of processing (Article 18 GDPR), Right of data portability (Article 20 GDPR), Right to lodge a complaint with a supervisory authority (Article 77 GDPR), Right to revoke consent (Article 7 (3) GDPR), as well as the Right to object to certain data processing measures (Article 21 GDPR). You can find the contact details for your applications under “contact persons”.

Important information:

  • Requests for information and the assertion of other claims with regard to order data of end customers can only be asserted directly against the data controller for whom Tradebyte processes the data as order processor. This is the respective provider of the goods.
  • Requests for information and the assertion of other claims with regard to order data of end customers can only be asserted directly against the data controller for whom Tradebyte processes the data as order processor. This is the respective provider of the goods.
  • To ensure that your data will not be disclosed to third parties when you request information, please attach sufficient proof of your identity to your request by e-mail or mail.• The responsibilities of the data protection authorities depend on the location of the responsible body. You can also contact the data protection authority at your place of residence, which will then forward your complaint to the competent authority. The competent authority for Tradebyte is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.
  • If you have given your consent to the processing of your data, you can revoke this at any time. A revocation has no effect on the permissibility of the processing of your data carried out before your revocation.• You can object to the processing of your data for advertising purposes, including direct advertising (also in the form of data analyses) at any time without stating reasons.
  • If we base the processing of your data on a balance of interests in accordance with Article 6 (1) (f) GDPR, you may object to the processing. When exercising an objection, we ask you to explain the reasons why we should not process your data. In the event of your justified objection, we will examine the situation and will either stop or adjust the processing or inform you of our compelling reasons worthy of protection, on the basis of which we may continue the processing.

8. When is my data deleted?

We will store your personal data for as long as necessary for the purposes stated in this data protection statement, in particular to fulfil our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the law allows us to store it further for certain purposes, including for the defence of legal claims. Deletion may be waived in the cases permitted by law, provided that the data is anonymous or pseudonymous and the deletion makes processing for the purposes of scientific research or statistics impossible or would seriously impair it.

9. How does Tradebyte protect my data?

Your personal data is transmitted securely by encryption. We use the SSL (Secure Socket Layer) coding system. Furthermore, we protect our websites and other systems through technical and organisational measures against loss, destruction, access, alteration or publication of your data by unauthorised persons.

10. Changes to this data protection statement and contact persons

As we continue to develop our websites and implement new technology to improve our service for you, changes to this data protection information may be necessary. We therefore recommend that you re-read this data protection statement from time to time.

You can contact our data protection officer with questions about data protection at Tradebyte at any time. She can be reached at datenschutz@tradebyte.com.