Data protection

§ 1 Information about the collection of personal data

(1) In the following we inform you about the collection of personal data when using our website https://www.transparentshare.com and our application TransparentShare. Personal data are all data that can be related to you personally, e.g. name, email addresses, user behavior.

(2) Responsible acc. Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is TranspaShare GmbH, Rudolf-Diesel-Str. 12, 69234 Dielheim, phone: +49 6222/3170157, email: info@transpashare.com (see our imprint).

(3) When you contact us by e-mail or via a contact form, the data you provide (first name, surname, e-mail address, possibly your telephone number) will be saved by us in order to answer your questions (legal basis is art. 6 para. 1 sentence 1 letters a, b and f GDPR). When the message is sent, the following data is also stored: the user's IP address, email address, date and time of sending. Your consent is obtained for processing and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. We delete the data that arises in this context after it is no longer required to store it, or we limit processing if there are statutory retention requirements.

(4) If we use contracted service providers for individual functions of our offer or if we would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We also state the specified criteria for the storage period.

§ 2 your rights

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
• to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
• to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the correctness of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert or exercise them or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible;
• to revoke your consent given to us at any time in accordance with Art. 7 Para. 3 GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our place of business.

§ 3 Collection of personal data when you visit our website and our app (cookies)

(1) If you only use the website or app for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website / app, we collect the following data, which is technically necessary for us to display our website / app to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• Amount of data transferred in each case
• Website from which the request came
• Browser
• Operating system and its interface
• Language and version of the browser software.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website / app. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the place that sets the cookie (in this case by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

(3) Use of cookies:

a) This website / app uses the following types of cookies, the scope and functionality of which are explained below:

• Transient cookies (see b)
• Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These save a so-called session ID, with which various requests from your browser can be assigned to the common session. This means that your computer can be recognized when you return to our website / app. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.

d) You can configure your browser settings according to your wishes and e.g. B. reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website / app.

e) We use cookies in order to be able to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

f) We also use HTML5 storage objects that are stored on your device. These objects save the required data regardless of the browser you are using and have no automatic expiry date. If you do not want the Flash cookies to be processed, you must install a corresponding add-on, e.g. B. "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.

§ 4 Further functions and offers on our website or app

(1) In addition to purely informational use, we offer various services that you can use if you are interested. To do this, you usually have to provide additional personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.

(3) Furthermore, we can pass on your personal data to third parties if we offer participation in campaigns, competitions, contracts or similar services together with partners. You will receive more information on this when you provide your personal data or in the description of the offer below.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the offer.

(5) Social media buttons with data protection (Shariff)
We use so-called "social plugins" on our website and in the application. Currently these are the plugins for the Facebook, Twitter, LinkedIn, E-Mail and WhatsApp services. This enables the user to quickly and easily share TransparentShare with friends on social networks. Via these plugins, data, including personal data, can be sent to the US service providers and, if necessary, used by them.

We do not collect any personal data ourselves using the social plugins or their use. In order to prevent data from being transmitted to service providers in the USA without the knowledge of the user, we use the so-called Shariff solution. This solution ensures that initially no personal data is passed on to the providers of the individual social plugins when you visit our website or our application. Only when you click on one of the social plugins can data be transferred to the service provider and saved there.

You can find more information about the Shariff solution on the provider's website, Heise Medien GmbH & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

§ 5 Objection or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.

(2) If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case, in particular, if the processing is not required to fulfill a contract with you, which we will describe in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue processing.

(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising under the following contact details: TranspaShare GmbH, Rudolf-Diesel-Str. 12, 69234 Dielheim, phone: +49 6222/3170157, email: info@transpashare.com.

§ 6 Use of our services

(1) If you would like to use our services, you must first register and create an account by entering your e-mail address and a password of your choice or using your Facebook, LinkedIn or Apple account. For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration. The data you enter in the account will be saved on a revocable basis. You can always delete all other data, including your user account, in your profile.

(2) Auth0: We use the services of Auth0, 10900 NE 8th Street, Bellevue, WA 98004, USA for registration and login and to manage the logins in our system. The data is transferred to the USA and processed there. This is done in our interest in the optimization and economic operation of our offer. 

(3) If you would like to use the premium version, which is subject to a fee, you must provide your personal data, which we need to process your order, in order to conclude the contract. We process the data you provide to process your order. We work with the following payment service provider:

Stripe: Payment is processed by the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland, to whom we receive the information you provided during the ordering process along with the information about your order (name, email, credit card number, IBAN, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this. More information on Stripe's data protection can be found at the URL https://stripe.com/de/terms.

(4) Email hooks: For better processing of email notifications for Stripe events, e.g. subscription ordered, subscription canceled or invoice sent, we use the offer from emailhooks.com, to which we send the necessary data, e.g. your email address in accordance with Art. 6 Para. 1 lit. f GDPR. Your data will only be passed on to the extent that this is necessary. Emailhooks is provided by Codelance LCC, Parker, CO 80134, United States. Codelance LCC is a Stripe verified partner. You can find more information about the data protection of emailhooks at the URL https://www.emailhooks.com/terms-of-service.

(5) SendinBlue: This website uses SendinBlue to send newsletters. The provider is SendinBlue SAS, 55 rue d'Amsterdam, 75008 Paris, France. SendinBlue is a service with which the sending of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter (e.g. e-mail address) is stored on SendinBlue's servers.

Our newsletters sent with SendinBlue enable us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. All links in the e-mail are so-called tracking links with which your clicks can be counted.

The data you have stored with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the SendinBlue servers after you unsubscribe from the newsletter. This does not affect data that we have stored for other purposes (e.g. email addresses for the member area).
For more information, see the SendinBlue data protection provisions at: https://de.sendinblue.com/legal/privacypolicy/

Conclusion of an order processing contract
We have concluded a contract with SendinBlue in which we oblige SendinBlue to protect our customers' data and not to pass them on to third parties.

(6) Hotjar: Our website uses the Hotjar web analysis service from Hotjar Ltd .. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel: +1 (855) 464-6788).

This tool can be used to track movements on the websites on which Hotjar is used (so-called heatmaps). For example, it can be seen how far users scroll and which buttons users click and how often. The tool can also be used to obtain feedback directly from website users. Above all, Hotjar's services can improve the functionality of the Hotjar-based website by making them more user-friendly, more valuable and easier to use for end users.

When using this tool, we pay particular attention to the protection of your personal data. So we can only understand which buttons are clicked, the course of the mouse, how far is scrolled, the screen size of the device, device type and browser information, geographical location (only the country) and the preferred language to display our website. Areas of the websites in which personal data from you or third parties are displayed are automatically hidden by Hotjar and are therefore never traceable. In order to exclude direct personal reference, IP addresses are only stored anonymously and processed further. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It can therefore be the case that these services collect data that is transmitted by your browser as part of web page requests. This would be, for example, cookies or your IP address. In these exceptional cases, this processing takes place in accordance with Art. 6 Para. 1 lit. a GDPR based on the consent you have given for the purpose of statistical analysis of user behavior for optimization and marketing purposes.

Hotjar offers every user the option of preventing the use of the Hotjar tool with the help of a “Do Not Track Header” so that no data is recorded about the visit to the respective website. This is a setting that all common browsers support in current versions. To do this, your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our websites with different browsers / computers, you have to set up the “Do Not Track-Header” for each of these browsers / computers separately.

When visiting a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page https://www.hotjar.com/legal/compliance/opt-out/ go and click Deactivate Hotjar.

More information about Hotjar Ltd. and via the Hotjar tool, see: https://www.hotjar.com

The data protection declaration of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy/

(7) Facebook pixel: Our website uses the visitor action pixel from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) to measure conversion. With the help of the Facebook pixel, the behavior of the site visitors can be tracked after they have been redirected to our website by clicking on a Facebook ad. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected are anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage guidelines. This enables Facebook to switch advertisements on Facebook pages as well as outside of Facebook. As the website operator, we cannot influence this use of the data. You will find further information on protecting your privacy in Facebook's data protection information: https://www.facebook.com/about/privacy/.

You can also use the remarketing function “Custom Audiences” in the advertising settings area under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen deactivate. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Facebook Pixel cookies

Surname	purpose	validity
act, c_user, datr, fr, pl, presence, sd, wd, xs	Facebook sets various cookies for identification sessions and analysis. These are used to identify whether you are logged into Facebook as a user, for tracking purposes and from which URL the Share / Like function is being used.	variable

(8) Google Ads and Google Conversion Tracking: This website uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use so-called conversion tracking as part of Google Ads. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify users.

If the user visits certain pages on this website and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not want to participate in tracking, you can object to this use by deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of "conversion cookies" and the use of this tracking tool are based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.

You can find more information about Google Ads and Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

(9) Google Tag Manager: This website uses the Google Tag Manager (Google LLC. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA). This service enables website tags to be managed via an interface. The Google Tool Manager only implements tags. This means: no cookies are used and no personal data is recorded.

The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags, provided that they are implemented with the Google Tag Manager.

(10) FinanceAds: JavaScript "Finance Ads Conversion Tracking" from financeAds GmbH & Co. KG (Karlstrasse 9, 90403 Nuremberg) is integrated on our website and in our application for the processing of an affiliate program. The script enables us to distribute a so-called lead or sale commission to advertising network partners when they mediate a successful registration or a product purchase. The script is only executed for users who have come to the Transparentshare.com website from an affiliate partner in the FinanceAds network, when the user visits pages that are relevant for the commission. For this, so-called Finance Ads parameters are stored locally in a cookie in the user's browser and read out in a script-based manner when our website is called up for billing purposes. The evaluation is carried out using pseudonymous data sets and only for the aforementioned purposes. The duration of the Finance Ads parameters integrated in the user's browser is 90 days. You can find further information on data protection at FinanceAds here: https://www.financeads.net/aboutus/datenschutz/.

(11) Due to commercial and tax law requirements, we are obliged to save your address, payment and order data for a period of ten years. However, after two years we will restrict processing, ie your data will only be used to comply with legal obligations.

(12) To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

§ 7 notifications about buy and sell recommendations and / or newsletters

(1) With your consent, you can subscribe to regular notifications about buy and sell recommendations and / or our newsletter, with which we inform you about our current interesting offers or special topics. The services are named in the declaration of consent.

(2) We use the so-called double opt-in procedure to register for notifications and our newsletter. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm your e-mail address that you wish to receive the notifications and / or the newsletter. You can select or deselect in the application whether you want notifications or our newsletter. If you do not confirm your registration within a week, your information will be blocked and automatically deleted after a month. In addition, we save the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The mandatory information for sending the notifications and / or the newsletter is your first name, surname and your email address. The provision of further, separately marked data is voluntary. and is used to address you personally. After your confirmation, we will save your first name, last name and email address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the notifications and / or the newsletter at any time and unsubscribe from the notifications and the newsletter. You can revoke your consent by clicking on the link provided in every notification and newsletter e-mail info@transpashare.com or by sending a message to the contact details given in the legal notice.

(5) We would like to point out that we evaluate your user behavior when sending the notifications and / or newsletters. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website / app. For the evaluations, we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. The data is only collected in pseudonymised form, so the IDs are not linked to your other personal data, and direct personal reference is excluded. Such tracking is also not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the aforementioned tracking takes place.

§ 8 Use of Google Analytics

(1) We use Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet usage.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available under the following link. download and install in: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics with the extension "_anonymizeIp ()". As a result, IP addresses are further processed in abbreviated form, so that personal references can be excluded. If the data collected about you can be linked to a person, this will be excluded immediately and the personal data will be deleted immediately.

Clicking on the following link prevents Google Analytics from collecting data by setting a so-called opt-out cookie:

(5) We use Google Analytics to analyze the use of our website and to improve it regularly. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. 

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. http://www.google.com/analytics/terms/de.html,
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html,
as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy

§ 9 Registration via Facebook and LinkedIn

(1) In addition to direct registration for our service by entering the requested data in the input mask, we offer you the option of registering via Facebook or LinkedIn. For the processing of your data, your consent is obtained during the registration process and reference is made to this data protection declaration. To register, you will be redirected to the Facebook or LinkedIn page, where you can log in with your usage data. This will link your Facebook or LinkedIn profile and our service. Through the link we automatically receive the following information from Facebook or LinkedIn: first name, last name, email address, profile picture.

This information is absolutely necessary for the conclusion of the contract in order to be able to identify you.

(2) Only if you click on the marked field and thereby activate it will Facebook or LinkedIn receive the information that you have accessed our offer. In addition, the data mentioned under Section 3 of this declaration will be transmitted. In the case of Facebook, according to the respective provider in Germany, the IP address is anonymized immediately after collection. By activating the link, personal data will be transmitted from you to the respective provider and stored there (for US providers in the USA). Since the provider collects data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking.

(3) We have no influence on the data collected and the data processing operations, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the provider.

(4) By registering or logging in via Facebook or LinkedIn, we offer you the opportunity to use our service more quickly and easily, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use is Art. 6 Para. 1 S. 1 lit. f GDPR.

(5) Further information on the purpose and scope of data collection and its processing by Facebook and LinkedIn can be found in the data protection declarations of these providers, which are provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

(6) Addresses of the respective plug-in providers and URL with their data protection information:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications such as http://www.facebook.com/about/privacy/your-info#everyoneinfo. 

b) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. 

§ 10 data security

(1) During your visit, we use the popular SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the lower status bar of your browser.

(2) We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

§ 11 Topicality and changes to this data protection declaration

This data protection declaration is currently valid and was last updated in October 2018.

Due to the further development of our website / app and offers about it or due to changed legal or official requirements, it may be necessary to change this data protection declaration. The current data protection declaration can be accessed at any time on the website at https://www.transparentshare.com/datenschutz can be called up and printed out by you.

Status: June 2020