Data protection policy

We are delighted about your interest in our services and take your privacy very seriously. This data protection policy sets out and explains the nature, scope and purpose of the processing of personal data (“data”) through the services and presence of Persera Middle East FZ-LLC and the related websites (e.g., www.trading-deals.com or social/info network websites), features, content, business processes and external offline and online services (all of which are referred to herein as “service(s)”). For users for whom European Union law is applicable, this Privacy Policy, the GDPR itself and the following legal references to the provisions of the GDPR apply. For all other users, this Privacy Policy applies without the applicability of the GDPR and without the respective reference to the GDPR in the following statement in a corresponding manner and as far as it is legally required and applicable for these users. With regard to the legal terms used, reference should be made, in particular, to the definitions in Art. 4 of the GDPR (General Data Protection Regulation).

Responsible

Persera Middle East FZ-LLC, B01-G40 Service Block, Al Hulaila Industrial Zone – FZ, Ras Al Khaimah, UAE
support@trading-deals.com
CEO: Agneta Sadeghi
Imprint
(hereinafter “Trading Deals” or “Persera Middle East” or “PME” or “we” or “us”)

Categories of affected persons (data subjects)

Users, visitors, interested parties, clients and business partners of Trading Deals services (hereinafter all categories are referred to as “users”)

Categories of processed data

Inventory data (e.g., name, postal address), contact details (e.g., email address, telephone number), content data (e.g., submitted or transmitted texts, photographs, videos or other content), usage data (e.g., visited websites, content-related interests, time and duration of access), metadata and communication data (e.g., information about accessing devices, type of browser, IP addresses),
as well as business-related processing
contract data (e.g., commencement of contract, duration, subject matter of the contract, preferred means of communication), payment details (bank details, currency, payment history)

Purposes of data processing

  • Provision, maintenance and optimisation of the services including their functions and content
  • Answering contact and support requests and communicating with users
  • Security and integrity
  • Marketing and determination of reach
  • Additional business-related contract fulfilment, provision of services, customer care as well as marketing, advertising and market research

Legal bases and terms

In accordance with the requirements of Art. 13 GDPR, we are informing you of the legal bases of our data processing. If the legal basis is not mentioned in this data protection policy, the following applies:

As far as permissible, Trading Deals uses the data processing of cookies and so-called tracking (analysis of visitor behaviour, measurement of reach, among other things) with regard to the users, in return for the services we provide free of charge, including support.

The legal basis for obtaining consent is Art. 6 (1)(a) and Art. 7 GDPR, the legal basis for the processing of data for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, such as in cases of inquiries about our services or the utilisation of the test phases. The legal basis for processing in order to comply with our legal obligations is Art. 6 (1)(c) GDPR, the legal basis for processing in order to protect our legitimate interests is Art. 6 (1)(f) GDPR. Art. 6 (1)(d) GDPR serves as the legal basis in the case of essential interests of the affected person or of another natural person as a necessity for the processing of personal data.


  • Responsible is the natural or juridical person, authority, agency or other body that, alone or together with others, decides on the purposes and means of processing personal data
  • Third-party is a natural or juridical person, authority, agency or body other than the affected person, the responsible person, the order processor and the persons authorised under the direct responsibility of the responsible person or the order processor, to process the personal data
  • Personal data refers to all information that is about an identified or identifiable natural person (hereinafter “the affected person”); a natural person is considered to be identifiable, directly or indirectly, particularly through association with an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie) or one or more special features, which can identify the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person
  • Processing is any process or series of operations related to personal data carried out with or without the assistance of automated processes; this term is extensive and includes practically every manner of handling data
  • Profiling refers to all kinds of automated processing of personal data which consists of using that personal data to evaluate certain personal aspects about a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or location of this natural person
  • Pseudonymisation refers to the processing of personal data in such a manner that personal data can no longer be ascribed to a specific data subject (affected person) without the need for additional information, provided that such additional information is kept separate and subject to technical and organisational measures, which ensure that the personal data cannot be ascribed to an identified or identifiable natural person
  • Order processor is a natural or juridical person, authority, agency or other body that processes personal data on behalf of the responsible person
  • Consent refers to a voluntary statement from the affected person, in an informed and unequivocal manner, in the form of a declaration or other unambiguous confirmatory act expressing that this person agrees to the processing of the personal data concerning him/her

Affected persons (data subjects) have the right…

… to revoke their consent according to Art. 7 (3) GDPR with effect in the future (right of revocation).

… to contradict to future processing of the data concerning them according to Art. 21 GDPR at any time (right of contradiction). The objection can particularly be made against processing for direct marketing purposes.

… to request a confirmation as to whether relevant data is being processed and to information about this data, as well as to further information and a copy of the data in accordance with Art. 15 GDPR.

… to demand the completion of the data concerning them or the correction of the incorrect data, in accordance with Art. 16 GDPR.

… to demand that relevant data be deleted immediately according to Art. 17 GDPR or, alternatively, according to Art. 18 GDPR, to demand limitation of the data being processed.

… to demand that the data about you, which you provided to us, be obtained in accordance with Art. 20 GDPR and to request the transmission thereof to other responsible persons.

…, to make a complaint with the responsible supervisory authority pursuant to Art. 77 GDPR.

Duration of storage, deletion of data

The data processed by us is deleted or limited in accordance with Art. 17 and Art. 18 GDPR. Unless expressly stated in this data protection policy, the data stored by us is deleted as soon as it is no longer necessary for its purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other legitimate purposes, the processing thereof is limited. In these cases, the data is blocked and not processed for other purposes. This is the case, for example, with data that must be kept in order to comply with commercial, tax or real estate law.

Cooperation with externals and transfer/transmission to third countries

If we disclose data to external persons or companies (order processors or third parties), transmit data to third parties or otherwise grant others access to the data, then only on the basis of juridical consent (e.g., transmission of data to a payment service provider in accordance with Art. 6 (1)(b) GDPR for fulfilment of the contract), if the affected person has given his/her consent, if there is a legal obligation to do so or if it is based on our legitimate interests or of the external. The processing of data by third parties through our order based on a so-called processing contract takes place in accordance with Art. 28 GDPR.

If we process data outside of the European Union (EU) or the European Economic Area (EEA), or if we utilise third-party services or disclosure or transmit data to third parties, this will only be done if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or if it is justified based on our legitimate interests. Subject to legal or contractual permission, we only process or have the data processed in a third country if the special conditions of Art. 44 et seqq. GDPR are complied with. Specifically, processing takes place, for example, based on specific guarantees, such as the officially recognised level of data protection (implemented for the USA by the “Privacy Shield”) or the compliance with officially recognised special contractual obligations (“standard contractual clauses”).

Data processing regarding contractual relationships

Trading Deals enters into a manifold of contractual relationships and pre-contractual relationships. These include contractual relationships with contractual partners such as customers and ordering parties, but also with interested parties and other users (collectively “contractual partners”). We process the data of our contractual partners in accordance with Art. 6 (1)(b) GDPR in order to fulfil our contractual or pre-contractual services. The processed data itself, the nature, the scope, the purpose and the necessity of its processing are determined by the underlying contractual relationship.

The processed data includes the master data of the contractual partner (a.o. name, address), contact details (a.o. address, email address, telephone number), as well as contract data (a.o. services utilised, content of the contract, contractual communication, name of a contact person) and payment data (bank details, payment history, etc.,). In principle, we do not process any special categories of personal data, except when these are part of contracted or contractual processing.

We process data required for the establishment and fulfilment of the contractual services. We hereby point out the necessity of the indication, insofar as this is not obvious to the contractual partner. Disclosure to external persons or companies will only take place if this is necessary to fulfil the contract or service. When processing the data provided to us through an order, we act in accordance with the instructions of the client and the legal requirements.

When utilising our services, we can store the IP address and the time of the respective action of the user. The storage takes place based on our legitimate interests as well as the interests of the users with regard to protection against misuse and other unauthorised use. In principle, this data will not be disclosed to third parties unless this is necessary in order to pursue our claims pursuant to Art. 6 (1)(f) GDPR, or there is a legal obligation pursuant to Art. 6 (1)(c) GDPR. The data will be deleted if it is no longer required to fulfil contractual or statutory duties of care and any warranty, consumer protection or similar obligations. For this purpose, the necessity of keeping the data is reviewed every three years. Furthermore, legal storage obligations apply.

Hosting, log files, email dispatch

The hosting services we utilise are necessary to provide the following services: infrastructure and application services, computing and storage capacity, database services, email dispatch, as well as security and technical maintenance services, which we implement to operate our services.

Hereby, we, or if applicable, our hosting providers, process inventory data, contact details, content data, contract data, usage data, meta and communication data of clients, interested parties and visitors of our service on the basis of our legitimate interests in the efficient and secure provision of our services in accordance with Art. 6 (1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of processing contract). Our website is hosted by Amazon Web Service (AWS).

For the possible processing of data in this context, there is a corresponding order processing contract to ensure data protection. We or our hosting provider, collect(s) data on the basis of legitimate interests in line with Art. 6 (1)(f) GDPR about every access to the server, on which this service is located (so-called server log files). Access data includes the name of the visited website, file, date and time of visit, amount of data transferred, information about successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), IP address and the requested provider. Further basis for data processing in the corresponding case is Art. 6 (1)(b) GDPR, which allows the processing of data to fulfil contractual or pre-contractual measures. Log file information is used for security reasons, such as, for example, to investigation misuse or fraud, and is stored for a maximum of 7 days and deleted thereafter. Data, of which further retention is required for evidential purposes, shall be exempted from deletion until final clarification of the event.

Registration function, verification

Users have the possibility to create an account. Upon registration, the required mandatory information is communicated to users and processed based on Art. 6 (1)(b) GDPR for purposes of providing the account or to provide the service itself. The processed data includes, in particular, the login information (email address, password, country). This data, as well as other data entered during or after registration, will be used for the purpose of providing the account and the use of related services. A legally required verification requires the collection and proof of name, address, date of birth and in the case of legal entities beyond that.

The users can be informed by email about information that is related to their account or the booked service (e.g., technical changes, news). As soon as users have cancelled their account, or the term has expired, their data concerning the account will be deleted, subject to legal storage obligations or our legitimate interests. It is the users’ responsibility to back up their data before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract duration.

When using our registration and login functions, as well as the account usage and verification, we store the IP address and the time of the corresponding action of the user. This storage is based on our legitimate interests and on the interest of the user’s protection against misuse and other unauthorised use. Disclosure of this data to third parties does generally not take place unless it is necessary to pursue our claims or there is a legal obligation in accordance with Art. 6 (1)(c) GDPR. IP addresses are anonymised or deleted after 7 days at the latest.

Establishing contact

When contacting us (e.g., by contact form, email, telephone or on social networks), the user’s information is processed for the purpose of processing the request in accordance with Art. 6 (1)(b) GDPR (pre-contractual and contractual relationships) and Art. 6 (1)(f) GDPR (other inquires). User information can be stored in a Customer Relationship Management (CRM) system or a similar organisational system to optimise contact. We delete the contact inquiries, if it is no longer necessary to keep them. We check the necessity every two years. In all other cases, juridical archiving obligations apply.

Agile CRM

We use the system of the CRM provider Agile CRM to organize, optimize and maintain requests, contacts, business / contractual relationships as well as marketing, support and sales, Agile CRM, Inc., 22 Heritage Blvd, Princeton NJ 08540, USA. Our legitimate interest exists pursuant to Art. 6 (1)(b) and (f) GDPR. The CRM is cloud based. The servers are provided by Agile CRM in the US. Agile CRM is a certified participant under the Privacy Shield Agreement, providing additional assurance of compliance with European data protection law
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG

Agile CRM uses the data of users solely for technical processing of the purposes mentioned above. On this occasion Agile CRM also uses cookies. Their storage can be prevented by appropriate setting of the browser, which, however, can lead to the functional restriction of our services. We have completed a data processing agreement with Agile CRM
( https://www.agilecrm.com/legalese/customers/customer-dpa and https://www.agilecrm.com/legalese/data-privacy/dpa ).

This is a contract in which Agile CRM is committed to protecting our users’ privacy, processing it on our behalf in accordance with its privacy policy and, in particular, not giving it to third parties unauthorized. Further information can be found in the privacy policy of Agile CRM
https://www.agilecrm.com/legalese/customers/customer-privacy

Newsletter

What follows is the explanation of the content of our regular (approximately weekly) newsletter, as well as the registration, sending and statistical evaluation procedure, as well as the right of objection. By subscribing to our newsletter, you consent to the receipt and the procedures described.

Content of the newsletter:

We only send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) with the consent of the recipient or legal permission. Insofar as the contents of a newsletter are concretely outlined, they are essential for the consent of the users. In addition, our newsletters contain information about our services and our company itself.

Double opt-in and logging:

Registration for our newsletter is made using the double-opt-in method. After registration, an email is sent asking for confirmation of the registration. This confirmation is necessary so that nobody can register with strange email addresses. The registration for the newsletter will be logged in order to prove the registration process in line with legal requirements. This includes storing the login and confirmation times and the IP address. Likewise, changes to your data stored with the mailing provider will be logged.

Registration data:

To register for the newsletter, it is sufficient to enter your own correct email address. We sometimes also ask for the name, so that it is possible to personally address the individual or in connection with a further contact request.
Performance measurement:
The dispatch of the newsletter and the associated performance measurement are based on the consent of the recipients in accordance with Art. 6 (1)(a) and Art. 7 GDPR in conjunction with § 7 (2)(3) UC. Otherwise, if consent is not required, based on our legitimate interests in direct marketing pursuant to Art. 6 (1)(f) GDPR in connection with § 7 (3) UC.

Logging:

Logging of the application is based on our legitimate interests in line with Art. 6 (1)(f) GDPR. Our interest lies in the application of a user-friendly and secure newsletter process that serves our business interests and meets the expectations of our users. In addition, proof of consent should be possible for us.
Termination or revocation (cancellation, deregistration):
You can cancel the receipt of our newsletter at any time, in other words, revoke your consent. An unsubscribe link to cancel the newsletter can be found at the end of every newsletter. Alternatively, a corresponding message to the contact person specified in our imprint is sufficient. We can save the email addresses for up to three years based on our legitimate interests before we delete them, in order to be able to prove prior consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for cancellation is possible at any time, if prior existence of consent is confirmed at the same time.

Performance measurement of newsletters

The newsletters contain a so-called Web-Beacon. This is a pixel-sized file which is retrieved by our server when you open the newsletter or from the server of a mail service provider. Upon retrieval, technical information, for example information about the browser and the computer system, as well as your IP address and the time of retrieval are collected. This information is used for the technical improvement of the services based on the technical data, the target groups and their reading behaviour, which is based on the location that the information is retrieved (can be determined with the help of the IP address) or the access times. Statistical surveys also include determining if the newsletter were opened, when they were opened, and which links were clicked on. Although this information can be technically ascribed to the individual recipients, there is no intention on our part or the mail service providers to monitor individual recipients. Instead, the evaluations serve to identify the reading habits of the recipients and to adapt our content to suit these habits or to send different content according to the interests of the recipients. A separate revocation of the performance measurement is not possible. In order to do this, the newsletter itself would have to be cancelled.

SendGrid

Trading Deals uses the mail service provider SendGrid, a US-American based company by SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA for the delivery of the ordered Trading-Signals. SendGrid is a service which allows the dispatch of emails, among other things, to be organised and analysed. If users enter data such as, for example, an email address, it will be stored on the SendGrid servers in the USA. The data protection policy of the mail service provider can be found here https://sendgrid.com/policies/privacy/.

SendGrid is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European privacy standards ( https://www.privacyshield.gov/participant?id=a2zt0000000TRktAAG&status=Active ). With the help of SendGrid, we are able to analyse the sent emails. This allows us to determine whether a message has been opened and which links have been clicked on. In addition, technical information is collected (e.g., time of retrieval, IP address, browser type and operating system). This solely serves for statistical analysis of the emails. The results of these analyses can be used to better identify delivery problems. This mail service provider is used based on our legitimate interests in accordance with Art. 6 (1)(f) GDPR and a contract processing agreement (Data Processing Agreement) in accordance with Art. 28 (3)(1) GDPR.

Cookies, right to contradict to direct advertising

A cookie is a small file that is stored on a user’s computer. Different information can be stored within the cookie. A cookie is primarily used to store information about a user or the device during and after the user’s visit to an online service. A temporary cookie, session cookie, or transient cookie is a cookie that is deleted after a user leaves an online service and closes the browser. In a cookie of this nature, the login status or subscription status can be stored. A cookie is referred to as permanent or persistent when it remains in storage even after the browser has been closed. This allows, for example, the login status to be saved when users return to the online service after a few days. Likewise, such cookies may store the interests of the users, which is used to establish the reach or for marketing purposes. Third party cookies are cookies that are offered by providers other than the provider responsible for running the online service. With a cookie set by the responsible provider, one refers to it as a first-party cookie. ATT-Signals can use temporary and permanent cookies and explains this in this data protection policy. If users do not want cookies to be stored on their computers, they can use the appropriate option in the system settings of the browser to disable this process. Saved cookies can be deleted in the system settings of the respective browser. The exclusion of cookies can lead to functional limitations of this service.

A general objection to the use of cookies used for the purpose of online marketing can be declared in a variety of services, especially in the case of tracking through cookies, via the US-American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be deactivated by switching off this function in the settings of the browser. It should be noted that not all features of this service can then be used.

Disable Cookies

Google Analytics

Based on our legitimate interests (interest in the analysis, optimisation and economic operation of our services in line with Art. 6 (1)(f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online service by users is regularly transmitted to Google’s servers in the US and stored there.
Google Analytics is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
Google uses information on our behalf to evaluate the use of our services by users, to compile reports on the activities within the services, and to provide us with other services related to the use of our services and internet usage. Thereby, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. The IP addresses of Google users will be shortened within member states of the European Union or other parties of the Agreement in the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies through the respective setting on their browser. In addition, users can prevent the collection of data generated by the cookie and related to their use of our service, and the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de .
For more information about Google’s data usage, settings and objection options, please refer to Google’s data protection policy ( https://policies.google.com/technologies/ads ) as well as the settings for advertising by Google ( https://adssettings.google.com/authenticated ).
The personal data of users will be deleted or anonymised after 14 months.

Disable Google Analytics

Facebook Pixel

Within our services, based on our legitimate interests in analysis, optimisation and the economic operation of our service, and only for these purposes, the so-called Facebook Pixel (conversion pixel/visitor action pixel) by the social network Facebook, which is published by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook) is used. If the user is located in the EU, Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is the operator of Facebook. Facebook is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).
With the help of Facebook Pixel, it is possible for Facebook to determine the online visitors of our service as a target group to present advertisements (so-called “Facebook ads”). Accordingly, we use Facebook Pixel to only display the Facebook Ads which we submit to those Facebook users who have shown an interest in our service or who have certain characteristics (e.g., relevant interests in certain topics or products, which are determined through the visited websites), which we transmit to Facebook (so-called “Custom Audiences”). With the help of Facebook Pixel, we also want to ensure that our Facebook ads meet the potential interest of users and avoid annoying or harassing users. Furthermore, we can use Facebook Pixels to understand the effectiveness of the Facebook Ads for statistical and market research purposes, by means of being informed whether users have been redirected to our website after clicking on Facebook Ads (so-called “conversion”).
The processing of data by Facebook is done according to the data usage policy of Facebook. General tips for displaying Facebook Ads are also available in Facebook’s data usage policy: https://www.facebook.com/policy . Details about Facebook Pixel and how it works are available in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
The collection and use of your data by Facebook Pixel to display Facebook Ads can be objected to here: https://www.facebook.com/settings?tab=ads . To change the types of ads you see on Facebook, you can visit the website set up by Facebook and follow the instructions for the usage-based advertising settings: https://www.facebook.com/settings?tab=ads .
You can also object to the use of cookies, which serve to measure the reach and for advertising purposes, on the deactivation page of the network advertising initiative ( http://optout.networkadvertising.org/) and the US-based website (http://www.aboutads.info/choices) or on the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/).

Disable Facebook Pixel

Affiliation

Trading Deals, in conjunction with its services, uses the industry-standard cookies and tracking practices necessary to operate our affiliate program, and to enable this form of business operation and service to users at all. This is done on the basis of our legitimate interests, in particular the interest in the analysis, optimization and economic operation of our services, pursuant Art. 6 (1)(f) GDPR. The services of our contractual partners (mainly brokers, service providers for the financial sector) are presented on our website and linked (affiliate link). Trading Deals receives a compensation / commission if users use the affiliate link functionally and then take advantage of the services of our contractual partners. Functionally means in this context that is marked by the affiliate link of the user for our contracting party in such a way that an assignment of users and Trading Deals to the offer of the contractor takes place. It is fundamental to our affiliate service that it is traceable for us and our contractor whether users who are interested in offers of our contractors through our services will subsequently use those offers at our request. Ultimately, the origin of visitor traffic on the website of our contractual partner and the previous user behavior in our services are decisive. Accordingly, the affiliate links or our services are provided with some values that can be set as part of a link or a cookie. These values usually represent the website from which the user originated (referrer), time, a digital identification of the operator of the referrer on which the affiliate link was set, a digital identification of the relevant service of our contractor and a digital identification of the user. There are also values related to tracking. For example, this is usually an ID for the marketing medium, the partner and categorical classifications. The digital identification of the users is done by pseudonymous values, in which no personal data is contained. Only in this way is the aforementioned purpose and operation of our affiliate program guaranteed. Only by merging this tag with other user data can a personal reference be made. This is the only way the contractor can determine performance on our part and how Trading Deals can provide its service, especially with regard to payments to users. Likewise, the system described operates when Trading Deals use affiliates for its own services in order to get users mediated.
More privacy information is available in the privacy statements of our affiliate partners whose products we present.

Incorporation of third-party services and contents

Within our service, based on our legitimate interests in the analysis, optimisation and economic operation of our services in line with Art. 6 (1)(f) GDPR, we incorporate third-party content or service offers into our content and services (hereinafter “content”). This always presupposes that the third-party providers of this content detect the IP addresses of the users, since they would not be able to send the content to the users’ browsers without the IP address. The IP address is therefore required for the presentation of this content. We make a concerted effort to only use content whose respective providers solely use the IP address for the delivery of content. Third parties may also use so-called Pixel-Tags (invisible graphics, also referred to as Web-Beacons) for statistical or marketing purposes. The Pixel-Tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring web pages, visiting time, and other information regarding the use of our services.

YouTube

We include videos from the YouTube platform by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Data protection policy https://www.google.com/policies/privacy/
Opt-out https://adssettings.google.com/authenticated .

Our presence on social networks and information platforms

We are present on social networks and platforms in order to communicate with (potential) clients, interested parties, business partners and users, and to inform them about our services there.

Hence, data of users outside of the European Union can thereby be processed. This may result in risks for the users. For example, the enforcement of user rights could be made more difficult. Regarding US providers, who are certified under the Privacy Shield, we would like to note that they are committed to upholding the EU’s data privacy standards.
Furthermore, user data is regularly processed for market research and advertising purposes. Thus, for example, user profiles can be created from the user behaviour and recognisable interests of the users. These user profiles may be used to place advertisements or the like within and outside the networks, which may be in the interests of the users. For this purpose, cookies are usually stored on the computers of the users, in which the user behaviour and the interests of the users are stored. In addition, the user profiles can also store data independently of the devices used by the users. This happens, in particular, when the users are members of the respective social network and are logged in.

The processing of users’ personal data takes place in accordance with our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 (1)(f) GDPR. If users of a social network provider are asked to consent to data processing, the legal basis for processing is Art. 6 (1)(a) and Art. 7 GDPR.

We would like to take the opportunity to refer to the statements of the providers of the following networks. The links contain a detailed description of the respective processing and the objection options.

In the case of requests for information and the assertion of user rights, these can be most effectively asserted with the relevant providers because only the providers have the required access to the user data and can immediately implement measures or provide information. Furthermore, we are always available as a contact should you require information.

Legal bases and terms

In accordance with the requirements of Art. 13 GDPR, we are informing you of the legal bases of our data processing. If the legal basis is not mentioned in this data protection policy, the following applies:

As far as permissible, Trading Deals uses the data processing of cookies and so-called tracking (analysis of visitor behaviour, measurement of reach, among other things) with regard to the users, in return for the services we provide free of charge, including support.

The legal basis for obtaining consent is Art. 6 (1)(a) and Art. 7 GDPR, the legal basis for the processing of data for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, such as in cases of inquiries about our services or the utilisation of the test phases. The legal basis for processing in order to comply with our legal obligations is Art. 6 (1)(c) GDPR, the legal basis for processing in order to protect our legitimate interests is Art. 6 (1)(f) GDPR. Art. 6 (1)(d) GDPR serves as the legal basis in the case of essential interests of the affected person or of another natural person as a necessity for the processing of personal data.

  • Responsible is the natural or juridical person, authority, agency or other body that, alone or together with others, decides on the purposes and means of processing personal data
  • Third-party is a natural or juridical person, authority, agency or body other than the affected person, the responsible person, the order processor and the persons authorised under the direct responsibility of the responsible person or the order processor, to process the personal data
  • Personal data refers to all information that is about an identified or identifiable natural person (hereinafter “the affected person”); a natural person is considered to be identifiable, directly or indirectly, particularly through association with an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie) or one or more special features, which can identify the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person
  • Processing is any process or series of operations related to personal data carried out with or without the assistance of automated processes; this term is extensive and includes practically every manner of handling data
  • Profiling refers to all kinds of automated processing of personal data which consists of using that personal data to evaluate certain personal aspects about a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or location of this natural person
  • Pseudonymisation refers to the processing of personal data in such a manner that personal data can no longer be ascribed to a specific data subject (affected person) without the need for additional information, provided that such additional information is kept separate and subject to technical and organisational measures, which ensure that the personal data cannot be ascribed to an identified or identifiable natural person
  • Order processor is a natural or juridical person, authority, agency or other body that processes personal data on behalf of the responsible person
  • Consent refers to a voluntary statement from the affected person, in an informed and unequivocal manner, in the form of a declaration or other unambiguous confirmatory act expressing that this person agrees to the processing of the personal data concerning him/her

Facebook Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Google/YouTube Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Instagram Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Twitter Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Linkedin LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Hotjar

This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe https://www.hotjar.com. Hotjar is a tool used to analyse your user patterns on our website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website the website visitor reviews with preference. We are also able to determine how long you have stayed on a page of our website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels). Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator. Hotjar uses cookies. Cookies are small text files that are placed on your computer and stored by your browser. Their purpose is to make our website presentation more user friendly, more effective and more secure. These cookies allow us to determine if our website was used with a certain device or if the functions of Hotjar have been deactivated for the respective browser. Hotjar cookies will remain on your device until you delete them. You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited. The use of Hotjar and the storage of the Hotjar cookies are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, to optimize the operator’s web offerings and advertising. If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/opt-out Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device. For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy We have entered into a contract data processing agreement with Hotjar to implement the stringent European Data Protection Regulations.

Protection and security measures

In accordance with Art. 32 GDPR, Trading Deals takes into account the currency of technology, the costs of implementation, and the type, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, and appropriate technical and organisational measures to ensure a level of protection appropriate to the risk incurred. This includes, above all, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data and controlling access, input, disclosure, security of availability and separation of such data. In addition, there are procedures that introduce observance of data subject rights, data deletion and responses to data threats. Furthermore, according to Art. 25 GDPR, the protection of personal data is already taken into account in the development and selection of hardware, software and procedures, in accordance with the principle of data protection, through the design of technology and privacy-friendly default settings.