1. General Information
1.1 Responsible Office
Managing Director: Andreas Bräunig
Commercial Register: Hamburg HRB 106219
VAT ID No.: DE261004155
e-Mail: info (at) inbase.com
1.2 Information on the Processing of Personal Data
In the following, we inform you about the type, scope, legal basis and purposes of processing your personal data.
1.3 Your Rights
You are entitled to the following rights:
- According to Art. 15 DS-GVO, you have a right to information as to whether and which of your data are stored or processed by us or our contractual partners.
- In accordance with Art. 16 DS-GVO, you can request a correction of your data.
- In accordance with Art. 17 DS-GVO, you are entitled to a deletion claim, unless legal obligations make further storage necessary.
- You can also restrict the processing of the data, e.g. in accordance with Art. 18 DS-GVO, if, among other things, the accuracy of the data is disputed, the data processing is unlawful or you object to the processing in accordance with Art. 21 DS-GVO.
- Furthermore, according to Art. 20 DS-GVO you have the right to receive the data in a machine-readable form.
- You can revoke the consents given to us in accordance with Art. 7 III DS-GVO. The revocation has the consequence that the data processing carried out up to the time of revocation is lawful.
- You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
- In accordance with Article 21 I of the DPA, they have the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them that is carried out on the basis of Article 6 paragraph 1 letters e or f.
- You can object to the processing of your personal data for advertising and data analysis purposes at any time.
In case of revocation, please contact the responsible office listed under 1.1.
1.5 Data Protection Officer
Although we are not obliged to appoint a data protection officer, we are supported by the datenschutzbuero.hamburg.
Mag. Jur. Djoko Lukic (datenschutzbuero.hamburg)
Tel: +49 (0)40 - 414 313 070
If you would like to contact the data protection officer with encrypted messages, please use the contact form: https://datenschutzbuero.hamburg/kontakt
1.6 Contact for Data Protection
For questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted, please contact:
Email: datenschutz (at) inbase.com
1.7 Supervisory Authority
The supervisory authority responsible for us is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Klosterwall 6 (Block C)
Telefon: +49 (0)40 - 4 28 54 - 40 40
E-Mail: mailbox (at) datenschutz.hamburg.de
1.8 Deletion or Blocking of Personal Data
After the discontinuation of the respective purpose or after the expiry of any retention periods, the data will be blocked or deleted in accordance with the statutory provisions.
We only use technically necessary cookies. You can prevent all cookies from being set by making the appropriate settings in your browser.
We currently use the following cookies:
|up2shop_session||2 hours||Session cookie: This cookie only stores technically necessary information about the current session.|
|userlang||5 years||This cookie is used for language selection.|
|up2shop_cookie_consent||2 years||Ensures a correct function of the cookie banner.|
|XSRF-TOKEN||2 hours||The XSRF Token protects against both spam and CSRF attacks.
The abbreviation CSRF is made up of the following terms:
- Cross-Site: Security risk through external sites over which we have no influence.
- Request-Forgery: Fake requests to our website.
2. Processing activities
2.1 Collection of General Information through the Use of the Website
The following technical protocol data is recorded when the website is called up:
- name of each page, subpage or file called up
- date, time
- transferred data volume
- if necessary error messages with disturbed call
- web browser, requesting domain and IP address of the requesting computer
- additional information transmitted by the web browser of the requesting computer, such as operating system, screen resolution, Java support, etc.
This data is collected and evaluated exclusively to ensure error-free operation. It is not passed on to third parties for commercial or non-commercial purposes. Technical service providers that we use to provide our infrastructure also collect technical log data and may also be able to access this data.
The website is made available on the basis of its own legitimate interest in accordance with Art. 6 I lit. f) DS-GVO.
2.2 Contact Form or Email Contact
If you contact us by email or contact form, your message will be saved for the purpose of processing your inquiry and for possible follow-up questions. Your data will not be passed on.
The operation of an email infrastructure is our own legitimate interest in the provision of a communication solution in the sense of Art. 6 I lit. f) DS-GVO. If the communication is contractually related to our services, the legal basis is Art. 6 I lit. b) DS-GVO.
2.3 Marketing Platform
Description of Data Processing
We provide a service that enables our customers (suppliers) to market products through online marketplaces and stores. If these products are sold, we collect all data necessary to complete the purchase and transmit this information to our customer.
We process this data only on behalf of our customer and are therefore processors according to Art. 28 DS-GVO. Our customers are responsible for the respective data processing and will inform you of their own data protection declarations in accordance with Art. 13 DS-GVO.
In the context of the order we process the following data of the buyers: name, address data and contact data.
We process the data on the basis of the order and thus in accordance with Art. 6 I lit. b) DS-GVO. Our customers carry out the data processing for the marketing of their own products. The legal basis for this is their own legitimate interest according to Art. 6 I lit. a) DS-GVO. If you purchase products from our customers, the data processing is carried out on the basis of the purchase contract concluded with you in accordance with Art. 6 I lit. b) DS-GVO.
Transfer of Data
If you make a purchase via the online marketplaces or stores offered, the platform operators will also process your data. In addition, our customers will process the data for the purpose of fulfilling the contract and, if necessary, pass it on to tax consultants, accounting firms and official bodies.
We currently offer marketing via the following platforms:
Period of Storage
We delete personal data as soon as possible. Data about completed purchases are only kept for a short time and are handed over to our customer. Personal data will be deleted from our systems after 30 days at the latest.
The data which we have to keep for tax reasons will be kept according to the legal periods (10 years according to § 147 AO).
Origin of Data
The processed data is provided by you via the platforms and suppliers.
Purpose of the Data Processing
We are legally obligated (§ 238 HGB) to record all business-relevant events and store them in accordance with § 147 AO (and § 257 HGB).
Your data (master data, address data, contact data and service data) must be recorded for accounting purposes, stored and presented in the event of audits.
Transfer of Data
In the case of official audits, public bodies (e.g. the tax authorities) can view the data. With regard to tax law, we can call on the help of a tax advisor if required. He can also view our accounting data.
The legal basis is Art. 6 I lit. c) DS-GVO in connection with the respective legal provisions (e.g. § 147 AO or § 257 HGB).
Last update: September 2020