Privacy Policy


1. General Information

1.1 Responsible Office

inbase GmbH
Klotzenmoor 57
D-22453 Hamburg

Managing Director: Andreas Bräunig
Commercial Register: Hamburg HRB 106219
VAT ID No.: DE261004155

Phone: +49.40.3787922.0
Fax: +49.40.3787922.50
e-Mail: info (at)

1.2 Information on the Processing of Personal Data

In the following, we inform you about the type, scope, legal basis and purposes of processing your personal data.

1.3 Your Rights

You are entitled to the following rights:

  • According to Art. 15 DS-GVO, you have a right to information as to whether and which of your data are stored or processed by us or our contractual partners.
  • In accordance with Art. 16 DS-GVO, you can request a correction of your data.
  • In accordance with Art. 17 DS-GVO, you are entitled to a deletion claim, unless legal obligations make further storage necessary.
  • You can also restrict the processing of the data, e.g. in accordance with Art. 18 DS-GVO, if, among other things, the accuracy of the data is disputed, the data processing is unlawful or you object to the processing in accordance with Art. 21 DS-GVO.
  • Furthermore, according to Art. 20 DS-GVO you have the right to receive the data in a machine-readable form.
  • You can revoke the consents given to us in accordance with Art. 7 III DS-GVO. The revocation has the consequence that the data processing carried out up to the time of revocation is lawful.
  • You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
  • In accordance with Article 21 I of the DPA, they have the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them that is carried out on the basis of Article 6 paragraph 1 letters e or f.
  • You can object to the processing of your personal data for advertising and data analysis purposes at any time.

In case of revocation, please contact the responsible office listed under 1.1.

1.4 Changes to our Privacy Policy

We reserve the right to adapt this privacy policy.

1.5 Data Protection Officer

Although we are not obliged to appoint a data protection officer, we are supported by the

Mag. Jur. Djoko Lukic (
Suhrenkamp 59
22335 Hamburg
Tel: +49 (0)40 - 414 313 070

If you would like to contact the data protection officer with encrypted messages, please use the contact form:

1.6 Contact for Data Protection

For questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted, please contact:

inbase GmbH
Klotzenmoor 57
D-22453 Hamburg

Tel: +49.40.3787922.0
Fax: +49.40.3787922.50
Email: datenschutz (at)

1.7 Supervisory Authority

The supervisory authority responsible for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Klosterwall 6 (Block C)
20095 Hamburg
Telefon: +49 (0)40 - 4 28 54 - 40 40
E-Mail: mailbox (at)

1.8 Deletion or Blocking of Personal Data

After the discontinuation of the respective purpose or after the expiry of any retention periods, the data will be blocked or deleted in accordance with the statutory provisions.

1.9 Use of Cookies

We only use technically necessary cookies. You can prevent all cookies from being set by making the appropriate settings in your browser.

We currently use the following cookies:

Name Expiration Purpose
up2shop_session 2 hours Session cookie: This cookie only stores technically necessary information about the current session.
userlang 5 years This cookie is used for language selection.
up2shop_cookie_consent 2 years Ensures a correct function of the cookie banner.
XSRF-TOKEN 2 hours The XSRF Token protects against both spam and CSRF attacks.
The abbreviation CSRF is made up of the following terms:
- Cross-Site: Security risk through external sites over which we have no influence.
- Request-Forgery: Fake requests to our website.

2. Processing activities

2.1 Collection of General Information through the Use of the Website

The following technical protocol data is recorded when the website is called up:

  • name of each page, subpage or file called up
  • date, time
  • transferred data volume
  • if necessary error messages with disturbed call
  • web browser, requesting domain and IP address of the requesting computer
  • additional information transmitted by the web browser of the requesting computer, such as operating system, screen resolution, Java support, etc.

This data is collected and evaluated exclusively to ensure error-free operation. It is not passed on to third parties for commercial or non-commercial purposes. Technical service providers that we use to provide our infrastructure also collect technical log data and may also be able to access this data.

The website is made available on the basis of its own legitimate interest in accordance with Art. 6 I lit. f) DS-GVO.

2.2 Contact Form or Email Contact

If you contact us by email or contact form, your message will be saved for the purpose of processing your inquiry and for possible follow-up questions. Your data will not be passed on.

The operation of an email infrastructure is our own legitimate interest in the provision of a communication solution in the sense of Art. 6 I lit. f) DS-GVO. If the communication is contractually related to our services, the legal basis is Art. 6 I lit. b) DS-GVO.

2.3 Marketing Platform

Description of Data Processing

We provide a service that enables our customers (suppliers) to market products through online marketplaces and stores. If these products are sold, we collect all data necessary to complete the purchase and transmit this information to our customer.


We process this data only on behalf of our customer and are therefore processors according to Art. 28 DS-GVO. Our customers are responsible for the respective data processing and will inform you of their own data protection declarations in accordance with Art. 13 DS-GVO.

Data Categories

In the context of the order we process the following data of the buyers: name, address data and contact data.

Legal Basis

We process the data on the basis of the order and thus in accordance with Art. 6 I lit. b) DS-GVO. Our customers carry out the data processing for the marketing of their own products. The legal basis for this is their own legitimate interest according to Art. 6 I lit. a) DS-GVO. If you purchase products from our customers, the data processing is carried out on the basis of the purchase contract concluded with you in accordance with Art. 6 I lit. b) DS-GVO.

Transfer of Data

If you make a purchase via the online marketplaces or stores offered, the platform operators will also process your data. In addition, our customers will process the data for the purpose of fulfilling the contract and, if necessary, pass it on to tax consultants, accounting firms and official bodies.

Online Marketplaces

We currently offer marketing via the following platforms:

- Amazon Europe Core S.à r.l. to the privacy policy
- Otto GmbH & Co KG to the privacy policy

Period of Storage

We delete personal data as soon as possible. Data about completed purchases are only kept for a short time and are handed over to our customer. Personal data will be deleted from our systems after 30 days at the latest.

The data which we have to keep for tax reasons will be kept according to the legal periods (10 years according to § 147 AO).

Origin of Data

The processed data is provided by you via the platforms and suppliers.

2.4 Accounting

Purpose of the Data Processing

We are legally obligated (§ 238 HGB) to record all business-relevant events and store them in accordance with § 147 AO (and § 257 HGB).

Data Processing

Your data (master data, address data, contact data and service data) must be recorded for accounting purposes, stored and presented in the event of audits.

Transfer of Data

In the case of official audits, public bodies (e.g. the tax authorities) can view the data. With regard to tax law, we can call on the help of a tax advisor if required. He can also view our accounting data.

Legal Basis

The legal basis is Art. 6 I lit. c) DS-GVO in connection with the respective legal provisions (e.g. § 147 AO or § 257 HGB).

Last update: September 2020