Sprache wechseln: Deutsch

(Mon.-Fri. 8.30 - 19.00) +49 341 926590

Fax: 0341 / 926 59 100 E-Mail: info@haendlerbund.de

Member Login
Phone:+49 341 926590

Mon.-Fri. 8.30 - 19.00

Phone:+49 341 926590

Mon.-Fri. 8.30 - 19.00

The largest e-commerce association in Europe
with more than 80,000 secured online presences


Use our fast and free callback service!

+49 341 926 59 560


+49 341 926 59 100

Powered by ChronoForms - ChronoEngine.com

Data Protection Policy

Every online retailer is obliged to provide a data protection policy insofar as he/she collects data from users. It does not matter whether the user simply fills out a typical contact form or leaves his personal data behind when placing an order.

With the upcoming GDPR (deadline: 25 May 2018), the data protection guidelines will be enormously tightened, which will entail new legal requirements for the data protection policy. Members of Händlerbund receive the GDPR-compliant data protection policy in good time in the member area. For everyone else it means: get help quickly, because the changes are more comprehensive than expected.

Extract from the GDPR amendments to the data protection policy

A detailed overview of the forthcoming changes to the GDPR can be found here: Overview of the GDPR

Web Analytics Tools

In the data protection policy, the functionality, the recipient, the right of withdrawal and the use of data must be explained separately for each tool. An explicit consent of the visitors will not be necessary, which is quite reassuring. However, an opt-out widget must be made available to enable objections to be raised.

Information Duties

The new information obligations are regulated in Articles 13 and 14 of the GDPR and are to be made available in a precise, transparent, comprehensible and easily accessible form. The following information duties, among others, must be transmitted to the data subject: names and contact data of the responsible person, if applicable the contact data of the data protection officer, the purposes of data processing, etc.

Disclosure Obligations

Example: in the future, customers of an online shop may request information on the following information, among others, regarding the personal storage and use of data:

  • the purpose of the data processing;
  • whether there is a right to rectification, erasure or limitation of data processing;
  • whether the customer has a right of objection;
  • where and how complaints can be filed with an authority, etc.

Geöffnetes Gesetzbuch mit Richterhammer

Legal Basis & Information on the Integration of the Data Protection Policy

According to § 13 TMG, the user must inform at the beginning of the usage process about the type, scope and purpose of the collection and use of personal data. The privacy policy

  • should be clearly visible,
  • can be integrated into the main navigation (e.g. footer) via a button that can be called up at any time.

Check to see if you need a privacy statement:

According to you, you need a privacy policy in order to be legally secure and protected from warnings. We offer the privacy policy and all other legal texts you need for your online presence as part of our memberships.

Special Provisions of the Data Protection Declaration

Facebook-Button: Like

Social Media Extensions
According to a judgement of the Regional Court Düsseldorf (LG Düsseldorf, judgement of 09/03/2016, file number 12 O 151/15), the use of the so-called Facebook Like Buttons is endangered. A reference in the data protection policy is also not sufficient. The court decision is not valid. The ECJ is currently awaiting a ruling. Nevertheless, we recommend not including the Like button. All other social plugins like Google+, Twitter & Co. have not been judged yet. If you use one of these plugins, a corresponding note in the data protection policy is necessary. Online shop operators who have deactivated the plugin, whereby it must first be activated by the user by double-clicking (so-called 2-click model), are also obliged to supplement the data protection policy with a corresponding note on data collection/data use. But even the 2-click solution no longer offers complete legal security.

Icon zur Website Analytics tools

Website Analytics Tools
Among the website analysis tools are Google Analytics and etracker. Inform your users accordingly about the collection and use of the collected data in the data protection policy. In addition, you should make sure that you use tools such as Google Analytics in a legally compliant manner, e.g. by concluding a written contract with Google for the order data agreement, using the analysis tool only with abbreviated IP addresses and, if necessary, deleting existing old data. Attention when using Google Analytics! Use this tracking instrument only with the extension "anonymizeIP" to prevent unauthorised and warning-endangered data transmission.

Checklist for a GDPR-compliant website analysis:

  • Clause in the data protection policy for each tool separately with explanations on how the tools work
  • General obligations to provide information on cookies and analysis tools (new in particular are the legal basis and the
  • purpose of the data processing, see above under Information obligations)
  • Automatic anonymisation of the visitor ID, especially with Google Analytics
  • Respect for the "DoNotTrack" settings
  • Opt-out widget

Tastatur mit Aufschrift Cookies

If you as an online retailer use so-called cookies in your online shop at some points, i.e. small text files which are stored on the computer and in the respective browser of the visitor, this is a further obligatory statement which must be observed in the data protection declaration. At best, you also mention that you use cookies in your shop in order to make the offer more user-friendly, more effective and safer. If the shop operator intentionally or negligently does not set up a data protection policy, or does not set up a correct or complete data protection policy, and if the user is not otherwise completely or timely informed about the data protection concerns in connection with the visit of the website, this may result in fines of up to €50,000.

Checklist for a GDPR compliant cookie:

  • Understandable clause in the data protection policy about the functionality and purpose of the cookie(s)
  • Reference to the opt-out option in the browser settings, optionally with instructions
  • General obligations to provide information on cookies (new is in particular the legal basis and the purpose of data processing, see above under "Obligations to provide information")
  • Respect for the "DoNotTrack" settings

Your GDPR-compliant Data Protection Policy

From as little as €9.90 per month, you will receive all the legal texts you need for legally compliant trading. For example, the GDPR-compliant data protection policy, legal notice, cancellation policy and general terms and conditions. We assume full liability for all legal texts and also supply suitable legal texts for over 50 sales platforms.

If you need more help with the GDPR, the Unlimited membership is worth it for you! You will then receive legal advice via telephone & e-mail, a comprehensive shop inspection and many other e-commerce services.

Become a Händlerbund member

Unlimited Membership €49.90*p. mth.
  • unlimited number of legally secured online presences
  • provision of national and international legal texts
  • unlimited access to legal advice
  • unlimited representation in the event of legal action
  • your online shop checked by an expert legal team
get membership
* All prices are net plus mandatory sales tax payable as an annual fee.
Anchor Top