Who is responsible according to the General Data Protection Regulation (GDPR)?
What personal data does the website process?
What personal data does the bygora Marketplace process?
What rights do I have regarding my personal data?
What about the bygora Newsletter?
How does the KYC check through Trulioo work?
What additional tools and cookies does bygora use?
bygora uses HTML5 Local Storage for the purpose of verifying the User’s authorization to access the User profile and the bygora Marketplace. Through Local Storage, specific data related to the User is stored in the User’s browser.
bygora uses the Amazon Web Services (“AWS“) service provided by Amazon Web Services, Inc, P.O. Box 81226, Seattle, WA 98108-1226, USA. The data is stored exclusively in data centers in the European Union (Frankfurt am Main, Germany and Dublin, Ireland), which are certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. Of course, there are strictly limited access rights for AWS on the part of bygora and the data is automatically encrypted. As a company, AWS has subjected itself to so-called Binding Corporate Rules. More information about AWS and data protection can be found at https://aws.amazon.com/en/compliance/gdpr-center/ and https://aws.amazon.com/en/privacy/.
For the services we offer, bygora uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The services include “Facebook” and “Instagram” (hereinafter together “social media site”, both operated by Facebook Ireland Ltd. bygora points out to the User that the User uses the social media site and its functions on his own responsibility. This applies in particular to the interactive functions (e.g. commenting, sharing, rating). Facebook processes personal data relating to the User’s account, the User’s IP address and the end devices used by the User; cookies are used for data collection. These are small files that are stored on the User’s end devices. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There, the User will also find information on how to contact Facebook, on the options for objecting and on the settings for advertisements. The data use policy is available at the following link:
The information may be used by Facebook to provide bygora, as the operator of the Facebook pages, with statistical information such as gender and age distribution about the use of the social media page. In addition, Facebook may display further information or advertisements to Users according to their preferences. Facebook provides more detailed information on this at the following link: http://facebook.com/help/pages/insights. The data collected about the User in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. If the User visits one of bygora’s social media presences (e.g. Instagram), the User triggers a processing of his personal data during such a visit. In this case, bygora is jointly responsible with the operator of the social media site for the data processing operations within the meaning of Art. 26 GDPR, insofar as bygora actually makes a joint decision with the operator of the social media site about the data processing and bygora also has an influence on the data processing. As far as possible, bygora has concluded joint responsibility agreements with the operator of the social media site in accordance with Art. 26 GDPR, in particular the Page Controller Addendums of Facebook Ireland Ltd. The User can in principle assert his rights both against bygora and against the operator of the social media site. bygora asks the User to note that despite the joint responsibility according to Art. 26 GDPR with the operators of social networks, bygora has no full influence on the data processing of the individual social networks. The corporate policy of the provider has a significant influence on bygora’s options. In the event of the assertion of data subject rights, bygora can only forward these requests to the operator of the social media site. In which way the operator of the social media site uses the data from the visit of the social media site for its own purposes, to which extent activities on the social media site are assigned to individual Users, how long the operator of the social media site stores this data and whether data from a visit of the social media site is passed on to third parties, is not conclusively and clearly stated by the operator of the social media site and is not known to bygora. When a social media site is accessed, the IP address assigned to the User’s terminal device is transmitted to the operator of the social media site. According to the operator of the social media site, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. The operator of the social media site also stores information about the end devices of its Users (for example, as part of the “registration notification” function); if necessary, the operator of the social media site is thus able to assign IP addresses to individual Users. If the User is currently logged in to the social media site as a User, a cookie with the identifier User is located on the User’s end device. This enables the operator of the social media site to track that the User has visited this site and how the User has used it. Buttons embedded in websites (e.g. Facebook Like button) enable the operator of the social media site to record the User’s visits to these websites and assign them to the User’s social media profile. Based on this data, content or advertising can be offered tailored to the User. If the User wishes to avoid this, the User should log out of the social media site or deactivate the “stay logged in” function, delete the cookies present on the User’s device and exit and restart the browser. In this way, information by which the User can be directly identified will be deleted. This allows the User to use bygora’s social media site without revealing his or her identifier. When the User accesses interactive functions of the site (like, comment, share, message, etc.), a login screen of the operator of the social media site appears. After any login, the User is again recognizable as a specific User for the operator of the social media site. Alternatively, the User can use a different browser than usual to visit the social media site of bygora. The legal basis for the use of the social media site is Art. 6 para. 1 p. 1 lit. f GDPR.
bygora has integrated components of the service “TradeTracker” on the website. TradeTracker is an affiliate network that offers affiliate marketing. Affiliate marketing is an Internet-based form of distribution that enables commercial operators of Internet sites, the so-called. Merchants or advertisers are able to display advertisements, which are usually remunerated via click or sale commissions, on third-party websites, i.e. on the websites of sales partners, also known as affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing. The operating company of TradeTracker is TradeTracker Deutschland GmbH, Eiffestraße 426, 20537 Hamburg, Germany. TradeTracker sets a cookie on the information technology system of the data subject. The tracking cookie from TradeTracker does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor to a website and the advertising material clicked on are stored. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. TradeTracker. The data subject can prevent the setting of cookies at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent TradeTracker from setting a cookie on the information technology system of the data subject. In addition, cookies already set by TradeTracker can be deleted at any time via an internet browser or other software programs. The applicable data protection provisions of TradeTracker can be found at https://tradetracker.com/en/privacy-policy/.
The website of bygora uses the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin. As part of its tracking services, “AWIN” stores cookies for the documentation of transactions (e.g. of leads and sales) on end devices of Users who visit or use websites or other online offers of its customers (e.g. register for a newsletter or place an order in an online shop). These cookies are used solely for the purpose of correctly assigning the success of an advertising medium and the corresponding billing within its network. AWIN does not collect, process or use personal data. Only the information about when a certain advertising medium was clicked on by an end device is placed in a cookie. In the AWIN tracking cookies, an individual sequence of numbers is stored, which cannot be assigned to the individual User, with which the partner program of an advertiser, the publisher and the time of the User’s action (click or view) are documented. AWIN also collects information about the end device from which a transaction is carried out, e.g. the operating system and the calling browser. The storage of “AWIN cookies” is based on Art. 6 Para. 1 lit. f) GDPR. bygora has a legitimate interest in this, as the amount of its affiliate remuneration can only be determined through the cookies. If you would like more information about AWIN’s data processing, you can find it here: https://www.awin.com/en/legal.
Michael Koid (CEO bygora)