Data Protection Statement

Responsible party:

TradersClub24 GmbH
c/o weworks
Axel-Springer-Platz 3
20355 Hamburg
Phone: +49 (0) 40 605 909 190
Trade Registry/Nr.: Hamburg, HRB 145319
Managing Director: Carlos Martins

Version: March 2018
This is an English copy. Please note that only the German original is legally valid and can be found here.

1 Basic Information on Data Processing and Legal Foundations

1.1. This data protection statement provides you with information regarding the manner, scope and purpose of processing of personal data within our online service and the associated websites functions and content (hereafter referred to as “online service” or “website”). The data protection statement applies independently of the domains, systems, platforms and devices employed (e.g. desktop or mobile) to run the online service.

1.2. The terminology used, such as “personal data” or “processing” of the personal data, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1.3. Personal user data processed in the context of this online service includes inventory data (e.g. customer name and address), contractual information (e.g. services used, names of contact persons, payment information), usage data (e.g. the websites visited in our online service, interest in our products) and content data (e.g. information entered on the contact form).
1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online service. The terminology deployed, such as “user”, is intended to be gender neutral.
1.5. We process personal data only in compliance with the relevant data protection regulations. This means that user data is only processed when legal permission is given, i.e. in particular if data processing is necessary in order to provide our services (e.g. order processing) as well as other online services, or where user agreement is a statutory requirement, as well as due to our legitimate interests (i.e. analysis, improvement and security of our online service in the sense of Art. 6 (1) (f) GDPR, in particular for the assessment and creation of profiles for advertising and marketing purposes, as well as collection of access data and deployment of third-party services.
1.6. We draw your attention to the fact that the legal basis of the agreements is Art. 6 (1 lit a) and Art. 7 GDPR, the legal basis of data processing for the fulfillment of our services and the execution of contractual measures is Art 6 (1) letter b GDPR, the legal basis of data processing for the fulfillment of our legal obligations is Art. 6 (1 letter c) GDPR, and the legal basis of data processing for the protection of our rightful interests is Art 6 (1 letter f) GDPR.

2 Security Measures

2.1. We make organizational, contractual and technical security measures according to the latest technology in order to ensure that the rules of data protection laws are complied with and in order to protect the data that we process against incidental or intentional manipulations, loss, destruction or against access by unauthorized persons.
2.2. Security measures include in particular the encrypted transfer of data between your browser and our server.

3 Transfer of data to third parties and third-party providers

3.1. Any transfer of data to third parties shall only take place in the context of the statutory requirements. We shall only pass on user data to third parties if this is necessary for example on the basis of Art 6 (1) (b) GDPR for contractual purposes or on the basis of legitimate interests in accordance with Art 6 (1) (f) GDPR in the profitable and effective operation of our commercial business.

3.2. Where we utilize sub-contractors for the provision of our services, we shall make the appropriate legal arrangements and we will put in place relevant technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
3.3. Where third-party content, tools or other means are deployed in the context of this data protection statement (hereafter summarized as “third-party providers”), whose registered offices are in a third country, it shall be assumed that a data transfer is made to countries of the third-party providers. Third countries are defined as countries in which the GDPR is not directly applicable law, meaning in principle countries outside of the EU or of the European Economic Area. The transfer of data to third countries shall be made either if an appropriate level of data protection, an agreement by the users, or otherwise a legal authorization has been given.

4 Provision of contractual services

4.1. We process inventory data (e.g. names and addresses as well as user contact information), contractual information (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and service performance in accordance with Art. 6 (1) (b) GDPR.
4.2. Users can choose to create a user account. In the context of executing an order, the required obligatory information is provided to the users. The user accounts are not public and cannot be indexed by search engines. If users have given notice to terminate their user account, their data will be deleted with regard to the user account, subject to its storage being required for commercial or tax reasons in accordance with Art 6 (1) c) GDPR. It is the responsibility of the users to secure their data before the end of the contract once notice to terminate it has been given. We are entitled to permanently delete all user data stored during the term of the contract.
4.3. We store the IP address and the time of the relevant user action in the context of the registration and renewed registration as well usage of our online services. The storage is made on the basis of our legitimate interests, as well as the interest of the user in protection from misuse and other unauthorized uses. Data will not be forwarded to third parties, unless it is necessary for the pursuit of our claims or there is a statutory obligation to do so under Art 6 (1) c) GDPR.
4.4. We process usage data (e.g. the websites of our online service visited by the user, interest in our products) and content data (e.g. entries in the contact form or user profile) and for advertising purposes in a user profile in order, for example, to show the user product information based on the services they have used up to that point.

5 Contact
5.1. When contacting us (through the contact form or email), the user information is processed for the purpose of processing and fulfillment of the contact request in accordance with Art. 6 (1) (b) GDPR.
5.2. The user information can be stored in our Customer Relationship Management System (CRM System) or comparable reference system.

6 Collection of access data and log files
6.1. On the basis of our legitimate interests in the sense of Art. 6 (1) (f) GDPR, we collect data every time the server is accessed on which this service is located (known as server log files). The access data includes the name of the website accessed, file, date and time of the access, data volume transferred, notification of successful access, browser type and version, user operating system, referrer URL (previously visited sites), IP address and the provider making the access request.

6.2. Log file information is stored for a maximum of seven days and subsequently deleted for security reasons (e.g. to solve abuse or fraud offences). Data for which continued storage is required for evidence purposes is exempted from deletion until the investigation has been completed of the relevant incident.


7 Cookies & reach measurement

7.1. Cookies are information that are transferred to the users’ web browser by our web server or a third-party web server and stored there to be accessed at a later date. Cookies can be small files or other types of information storage.
7.2. We use “session cookies”, which are only filed for the duration of the actual visit on our site. A randomly generated clear identification number is filed in a session cookie, which is known as a Session ID. In addition, a cookie contains information about its origin and storage duration. These cookies cannot store any other data. Session cookies are deleted as soon as you have finished using our online service and have logged out or closed the browser.
7.3. Users are informed in the framework of this data protection statement regarding the use of cookies in the context of pseudonymized reach measurement.
7.4. If users do not want cookies to be stored out their computer, they will be asked to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to restricted functionality of this online service.
7.5. You can object to the deployment of cookies that are used for reach measurement and advertising purposes by visiting the deactivation page of the network advertising campaign ( as well as the American website ( or the European (

8 Cookies Settings
In addition, or as an alternative to cookies settings, you can stop tracking by Google Analytics on our pages by clicking this link. This installs an opt-out cookie on your device. This prevents future collection by Google Analytics for this website and for this browser, as long as the cookie remains installed on your browser.

Click on the lower button to switch off Google Analytics tracking.


This website uses Cookies in order to improve the user experience. By clicking OK, you agree to this. Further information can be found in the Data Protection Statement. Also look at our printed copy.
• OK
• Only allow First-Party-Cookies
• Do not allow any cookies


9 Google Analytics
9.1. On the basis of our legitimate interests (i.e. interest in the analysis, improvement and profitable operation of our online service in the sense of Art. 6 (1) (f) GDPR) we deploy Google Analytics, which is a web analysis service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie regarding the use of the online service by the user is normally transferred to a Goggle server in the US and stored there.
9.2. Google is certified by the Privacy-Shield Agreement and thus offers a guarantee to comply with the European data protection laws
9.3. Google will use this information on our behalf in our order to evaluate the use of our online service by the users, to draw up reports about activities within this online service and to provide us with additional services connected with the use of this online service and with Internet usage. For this purpose, pseudonymous usage profiles of the users can be created from the processed data.
9.4. We only use Google Analytics with activated IP anonymization. This means that the users’ IP address is abbreviated by Google within member states of the European Union or in other countries that are party to the European Economic Area treaty. The complete IP address is only transmitted to a Google server in the US in exceptional cases and is then abbreviated there.
9.5. The IP address transmitted by the user’s browser is not collated with other data by Google. Users can prevent the storage of the Cookies using a relevant setting of their browser software; users can moreover prevent the collection of the data generated by the Cookie and connected to their use of the online service by Google, by downloading and installing the browser plug-in available under the following link:
9.6. You can find further information on data usage by Google, settings and opt-out options on Google web pages: (“Data use by Google when you use our partner websites or apps”), (“Data used for advertising purposes”), („Managing information that Google uses to show you advertising”).


10 Google Re/Marketing-Services
10.1. On the basis of our legitimate interests (i.e., reach measurement, improvement and profitable operation of our online service in the sense of Art. 6 (1) (f) GDPR), we use the marketing and re-marketing services (abbreviated to “Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
10.2. Google is certified under the Privacy Shield Agreement and thereby provides a guarantee of compliance with European data protection laws (
10.3. Google Marketing Services allow us to display advertising for and on our website in a more targeted way in order to show users only advertising that will potentially be of interest to them. If a user is shown for example advertisements for products that they were interested in on other websites, this is called “Re-marketing”. For this purpose, when accessing our website and others on which Google Marketing Services are active, a Google code is executed directly by Google and (re)marketing tags are incorporated into the website (invisible graphics or code that is also known as “web beacons”). Through these, an individual cookie is stored on the user’s device, i.e. a small file (comparable technologies can be used instead of Cookies). Cookies can be set by different domains, amongst which,,,, or This file notes which websites the user visits, which content he is interested in and which offers he clicked on, as well as technical information on the browser and operating system, referring websites, visit duration and additional information on the use of the online service. The user IP address is also collected, although we notify in the framework of Google Analytics that the IP address is abbreviated in the member states of the European Union or in other countries that are party to the treaty on the European Economic Area, and it is only transmitted in full to a Google server in the US and abbreviated there in exceptional cases. The IP address is not collected with user data within other Google services. The above listed information can also relate to such information from other sources by Google. If the user subsequently visits other websites, he may be shown advertisements tailored to him according to his interests.
10.4. User data is processed pseudonymously in the framework of Google Marketing Services. This means that Google does not store and process for example the name or email address of the users, but processed the relevant data connected to the cookie within pseudonymous user profiles, i.e. from the point of view of Google, the advertisements are not administered and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymization. The information collected about the user by Google Marketing Services are transmitted to Google and stored on Google servers in the US.
10.5. The online advertising program “Google AdWords” is one of the Google Marketing Services that we use. In the case of Google AdWords, each AdWords client receives a different “conversion Cookie”. Cookies can therefore not be traced via the websites of AdWords clients. The information obtained with the help of cookies is used to draw up conversion statistics for AdWords clients who have chosen conversion tracking. AdWords clients discover the total number of users who clicked on their advertisement and were forwarded to a page with a Conversion Tracking tag. They do not however receive any information with which users can be personally identified.
10.6. We can incorporate third-party advertising on the basis of the Google Marketing Service “DoubleClick”. DoubleClick uses cookies, with which Google and its partner websites can run advertisements on the basis of user visits to this website or to other websites on the internet.
10.7. You can find additional information on data usage for marketing purposes by Google on the overview page:, Google’s Data Protection Statement is available on
10.8. If you would like to object to the interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google:

11 Newsletter
11.1. Here we provide you with information regarding the content of our newsletter as well as the registration, sending and statistical evaluation procedure as well your rights of objection. By subscribing to our newsletter, you agree to receipt of the newsletter and to the procedure described.
11.2. Newsletter content: we send newsletters, emails and additional electronic messages with commercial information (hereafter, “newsletter”) only with the agreement of the recipients or a legal authorization. If the content of the newsletter has been accurately described when registering, it is definitive for the agreement of the users. In addition, our newsletters contain information on our company, products, offers, and campaigns.
11.3. Double Opt-In and reporting: registering for our newsletter is made in a double opt-in procedure, which means that you receive an email after registration asking you to confirm your registration. This confirmation is required so that no one can register with email addresses that are not their own. Subscriptions to the newsletter are reported in order to be able to prove the registration process in compliance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the dispatch service provider are also reported.
11.4. Dispatch service provider: sending the newsletter is carried out by Infusionsoft, Inc. 1260 South Spectrum Boulevard, Chandler, Arizona 85286, hereafter described as “dispatch service provider”. You can view the data protection provisions of the dispatch service provider here: In order to ensure an appropriate level of data protection, we have agreed EU standard contractual clauses with the dispatch service provider.
11.5. The dispatch service provider can use data in a pseudonymous form according to their own information, i.e. without allocation to a user, for the optimization or improvement of their own services, e.g. for the technical optimization of the dispatch and the display of the newsletter or for statistical purposes, in order to determine which countries the recipients come from. However, the dispatch service provider shall not use the data of our newsletter recipients to write to them directly, nor will they pass the data on to third parties.
11.6. Registration data: in order to register for the newsletter, it is enough to provide your email address. We ask for your name so that we can personalize the greeting in the newsletter.
11.7. Statistical evaluation and analysis; the newsletter contains a Web Beacon, which is a pixel-sized file that is accessed by the server of the dispatch service provider upon opening the newsletter. In the context of this access, initially technical information on the browser and your system as well as your IP address and time of access is collected. This information is used to make technical improvements to the service using the technical data or the target groups and their reading behavior using their access locations (which can be determined using the IP address) or the access times. The statistical evaluation includes information on whether the newsletters are opened, when they are opened, and which links are clicked on. This information can be allocated to the individual newsletter recipients for the technical reasons. It is not however our intention, nor the intention of the dispatch service provider, to observe individual users. The evaluations instead are useful in order to understand the reading habits of our users, and to adapt our content to them or to send different content according to the interests of our users.
11.8. The use of the dispatch service provider, completion of statistical evaluations and analysis as well as reporting of the registration procedure are carried out based on our legitimate interests according to Art. 6 (1) (f) GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that services both our business interests as well as fulfilling the expectations of the users.
11.9. Unsubscribe/revocation – you can unsubscribe from receiving our newsletters at any time, which means revoking your agreements. This simultaneously cancels your agreements to its dispatch by the dispatch service provider and the statistical analysis. A separate cancellation of dispatch by the dispatch service provider or statistical evaluation is unfortunately not possible. You can find a link to unsubscribe from the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and have unsubscribed from it, their personal data will be deleted.


12 Rights of Concerned Persons
If your personal data is processed, you are a concerned person in the meaning of the GDPR and you have the following rights in relation to us as the person in charge:
12.1. Right to information
You can request a confirmation from us regarding whether your personal data has been processed by us.
If such a processing has occurred, you can request the following information from us:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data being processed;
(3) the recipients, respectively the categories of recipients, to whom your personal data was disclosed or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for the determination of the storage duration;
(5) the existence of a right to correction or deletion of your personal data, a right to restriction of processing by us or a right to object to this processing;
(6) the existence of a right of objection with a supervisory authority;
(7) all available information regarding the origin of the data, if the personal data is not collected from the person concerned;
(8) the existence of an automated decision-making including profile under Art. 22 (1) and (4) GDPR and, at least in these cases, detailed information regarding the reasoning as well as the reach and intended effects of such processing for the person concerned.
You have the right to request information regarding whether your personal data is transmitted to a third country or an international organization. In this context, you can request notification regarding the appropriate guarantees under Art. 46 GDPR in connection with transmission.
12.2. Right to Correction
You have a right to request that we make a correction or completion, where the processed personal data relating to you is incorrect or incomplete. We shall undertake the correction without delay.
12.3. Right to restriction of processing
Under the following conditions, you can request the restriction of processing of your personal data:
(1) If you contest the accuracy of your personal data for a period of time that allows us to check the accuracy of your personal data;
(2) the processing is unlawful and you refuse the deletion of your personal data and instead request the restriction of use of your personal data;
(3) we no longer require your personal data for the purposes of processing, but you require it for the enforcement, exercise or defense of legal claims, or
(4) if you have filed an objection against the processing according to Art. 21 (1) GDPR and it has not yet been established whether our legitimate reasons outweigh your grounds.
If the processing of your personal data was restricted, this information, apart from its storage, can only be processed with your agreement or for the enforcement, exercise or defense of legal claims or for the protection of the rights of another natural or legal entity or for reasons of an important public interest of the European Union or a member state.
If the restriction of processing was restricted according to the above conditions, we will notify you before the restriction is lifted.
12.4. Right to Deletion
Deletion Obligation
You can ask us to delete your personal data without delay, and we are obliged to do so without delay, if one of the following grounds applies:
(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your agreement on which the processing is based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
(3) You file an objection in accordance with Art. 21 (1) GDPR against processing and there are no overriding legitimate reasons for such processing, or you file an objected against the processing in accordance with Art. 21 (2) GDPR.
(4) Your personal data was processed illegally.
(5) The deletion of your personal data is required for the compliance with a statutory obligation under European law or the law of the member states to which we are subject.
(6) Your personal data was collected in relation to services offered by the information service company according to Art. 8 (1) GDPR.
12.5. Information to third parties
If we have made your personal data public and if we obliged to delete it according to Art. 17 (1) GDPR, then we will undertake appropriate measures taking into account the available technology and the implementation costs, including of a technical nature, in order to inform those responsible for the data processing, who process the personal data, that you as the person concerned have requested the deletion of all links to this personal data or of copies or replications of this personal data.
12.6. Exceptions
The right to deletion is not present where the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for the fulfillment of a legal obligation which requires the processing under European or member state law to which we are subject, or for the fulfillment of a task that is in the public interest or is carried out in the exercise of official authority that has been transferred to us;
(3) on grounds of public interest in the area of public health according to Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
(4) for archiving purposes, scientific or historical research purposes or for statistical purposes of public interest in accordance with Art. 89 (1) DSGVO, as well as the right listed under section a) that is likely to make the realization of the goals of this processing impossible or seriously difficult, or
(5) for the enforcement, exercise or defense of legal claims.
12.7. Right to Notification
If you have enforced the right to correction, deletion or restriction of the processing, we are obliged to notify all recipients to whom the personal data connected to you was disclosed, of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with an unreasonably high effort. You have the right to be notified by us about these recipients.
12.8. Right to data transferability
You have the right to receive the personal data connected to you, which you have provided to us, in a structured, standard and machine-readable format. You additionally have the right to transmit this data to another authorized person without being impeded by us, as long as
(1) the processing is based on an agreement pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
(2) data processing is carried out using automated processes.
In exercising this right you moreover have the right to ensure you’re your personal data is transmitted directly from us to another authorized person, where this is technically feasible. This must not infringe on the freedoms and rights of other persons.
The right to data transferability does not apply for a processing of personal data which is necessary for the completion of a task that is in the public interest or which is carried out in the exercise of public authority that has been transferred to us.
12.9. Right of Objection
You have the right to file an objection at any time against the processing of your personal data, for reasons arising from your particular situation, where this processing is carried on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
We will no longer process your personal data unless we can demonstrate compelling reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves the enforcement, exercise or defense of legal entitlements.
If your personal data is processed in order to operate direct advertising, you have the right to file an objection at any time against the processing of your personal data for the purposes of such advertising; this also applies to profiling, where it is connected to such direct advertising.  .
If you object to the processing for the purposes of direct advertising, your personal data will no longer be processed for these purposes.
You have the option of exercising your right of objection in connection with the use of services of the information company through automated processes, for which technical specifications are used.
12.10. Right to revocation of agreement statement under data protection law
You have the right to revoke your agreement statement under data protection law at any time. The revocation of the agreement does not affect the legality of the processing carried out on the basis of the agreement until the revocation.
12.11. Automated decision in individual cases including profiling
You have right not to be subjected to a decision that is based solely on an automated processing, including profiling, which has legal effect over you or otherwise substantially affects you. This does not apply, if the decision
(1) is necessary for the completion or fulfillment of a contract between you and the authorized person,
(2) is permitted on the basis of legal provisions of the European Union or member states to which the authorized person is subject, and these statutory regulations contain appropriate measures for the protection or your rights and freedoms as well as your legitimate interests or
(3) is made with your explicit agreement.
However, these decisions must not be based on specific categories of personal data under Art. 9 (1) GDPR, where Art. 9 (2) (a) or (g) GDPR do not apply and appropriate measures were put in place for the protection of rights and freedoms as well as of your legitimate interests.
With regard to the cases listed under (1) and (3), we put in place appropriate measures to protect rights and freedoms as well as your legitimate interests, which includes at least the right to obtain the intervention of a person mandated by us, to set out our own point of view and to contest the decision.
12.12. Right to Complaint with a supervisory authority
Without prejudice to any other administrative or judicial legal remedy, you have the right to file a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged breach, if you are of the opinion that the processing of your personal data breaches the data protection regulation provisions.
The supervisory authority with which the complaint is filed will inform the appellant of the status and outcome of the complaint including the option of a judicial legal remedy according to Art. 78 GDPR.
12.13. Deletion of data
The data stored with us are deleted as soon as they are no longer necessary for its designated purpose and the deletion is not contradicted by any legal archiving obligations. Where the user information is not deleted because it is required for other and legally admissible purposes, its processing will be restricted, i.e. the data will be locked and not processed for other purposes. This applies for example for user data that must be preserved for commercial law or tax law reasons.
According to statutory regulations, the information will be stored for six (6) years in accordance with Section 257 (1) HGB (Trading books, inventories, opening balances, annual statements, trading letters, booking receipts etc.) as well as for 10 years in accordance with Section 147 (1) AO (Books, notes, status reports, booking receipts, trade and business letters, documents relevant to taxation, etc.).

13 Deletion of Data
13.1. The data stored with us will be deleted as soon as it is no longer necessary for its designated purpose and there are no statutory archiving obligations contradicting such a deletion. Where the user data is not deleted, because it is required for other and legally admissible purposes, its processing will be restricted, i.e. the data will be locked and not processed for other purposes. This applies for example for user data that must be preserved for commercial law or tax law reasons.
13.2. According to statutory provisions, archives shall be kept for 6 years in accordance with Section 257 (1) HGB (commercial ledgers, inventories, opening statements, annual statements, commercial correspondence, booking receipts, etc.) as well as for 10 years according to Section 147 (1) AO [Tax Code] (ledgers, notes, situation reports, booking receipts, commercial and business correspondence documents relevant for tax purposes, etc.).

14 Right of Objection
Users can object to the future processing of their personal data according to the statutory regulations at any time. The objection can be made in particular against the processing for purposes of direct advertising.

15 Changes to Data Protection Statement
15.1. We reserve the right to change the Data Protection statement in order to adapt it to change legal situations, or in case of changes to the service as well as to the data processing. This however only applies with regard to statements on data processing. Where agreements by users are required or part of the data protection statement contain regulations of the contractual relationship with the users, the changes shall only be made with the agreement of the users.
15.2. Users are asked to keep themselves up to date regarding the content of the data protection statement.