.svg){kind=logo}
Privacy statement
1. Data protection at a glance
General notes
The following notes provide an overview of how your personal data is processed when you use this website. Personal data is any data that can be used to personally identify you.
Contact details of the person responsible:
The contact details of the person responsible (website operator) can be sent to imprint be removed.
2. Website usage
When you visit our website, you transfer data to our web server via your Internet browser. The following data is temporarily recorded in a log file during an ongoing connection for communication between your Internet browser and our web server:
• IP address of the requesting computer
• Date and time of access
• Name, URL and transferred data volume of the retrieved file
• Access status (requested file transferred, not found, etc.)
• Identification data of the browser and operating system used (if transmitted by the requesting web browser)
• Website from which access was made (if transmitted by the requesting web browser)
The data in this log file is processed as follows:
• The log entries are continuously automatically evaluated in order to be able to identify attacks on the web servers and react accordingly.
• In individual cases, i.e. when faults, errors and security incidents are reported, a manual analysis is carried out.
• Log entries that are older than seven days are anonymized by shortening the IP address.
The legal basis for the processing required to provide the website and the temporary storage of usage data and log files is Art. 6 para. 1 lit. f DSGVO (legitimate interest).
We use Google Cloud Run (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to host and deliver our web application (Next.js). Data processing is carried out on servers in Europe (Germany and Belgium). An order processing contract has been agreed and an appropriate level of data protection is guaranteed. Google is certified under the EU-U.S. Data Privacy Framework.
We use Webflow (Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA) to build and maintain our marketing and content pages. In individual cases (e.g. support, global CDNs), data processing can also take place in the USA. An order processing contract has been agreed and an appropriate level of data protection is guaranteed.
We use the Sentry service (Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA) to monitor the technical stability of our application and to analyze errors. Sentry is used to log system crashes or code errors (bugs). Technical information (device type, OS, stack trace) and, if applicable, your IP address are transmitted. The data is used exclusively for technical analysis and troubleshooting. An order processing contract has been agreed and an appropriate level of data protection is guaranteed. Data processing is carried out on servers in Europe.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the browser's address line changing from http://to https://and by the lock icon in your browser line.
3. Contact form
If you send us inquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be processed by us for the purpose of processing the enquiry and in case of follow-up questions and will store them until clarification is made. We will not share this data without your consent.
The legal basis for processing is Article 6 (1) (b) GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).
Storage period: The data submitted via the contact form will be deleted no later than 60 days after the final processing of your request, provided that there are no further legal storage requirements.
4. User account
You can register on our website and create a user account to use additional functions (create ads, submit requests). We use the data entered for this purpose (e.g. name, address, e-mail address, telephone number, if applicable sales tax identification number and bank details) only for the purpose of providing and providing the respective offer or service for which you have registered.
Preparation of offers and requests (platform function)
If you post offers or requests on our platform, the data you enter (title, description, contact details, if applicable) is published on our platform and is visible to other users. This serves the purpose of establishing contact between commercial parties.
Please note: Only publish data that you actually want to make publicly available.
The legal basis for processing is Article 6 (1) (b) GDPR (contract fulfilment or implementation of pre-contractual measures).
Storage period: User accounts and associated data are stored for the duration of use and deleted 60 days after the user account has been closed.
We store data subject to tax retention requirements (e.g. invoices) for the legally required period of 10 years.
We use the Supabase service (Supabase, Inc., 970 Toa Payoh N, #07 -04, Singapore 319000; server location: Frankfurt, Germany) to authenticate and manage accounts. Data processing is carried out on servers in Frankfurt. An order processing contract has been agreed and an appropriate level of data protection is guaranteed.
To send system-critical emails (e.g. registration confirmation, password reset, notifications about platform activity), we use the Resend service (Resend Inc., 2261 Market Street #4838, San Francisco, CA 94114, USA; server location for EU customers primarily Ireland). An order processing contract has been agreed.
5. Payment processing
We integrate payment services from the provider Stripe on this website (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland).
The use of this service is mandatory for providers (retailers) on our platform in order to pay the paid subscription or service fee required to post objects and advertisements. Without payment processing via Stripe, it is technically and contractually impossible to actively use the sales functions on our platform.
The data transmitted to Stripe (name, address, account number, credit card number, invoice amount, currency and transaction number) is used by Stripe exclusively for payment processing and fraud prevention.
The legal basis for processing is Article 6 (1) (b) GDPR (processing to fulfill a contract).
6. Range measurement
Cookies & consent management
Our website uses cookies. These are small text files that your web browser stores on your device. We use a consent management tool (cookie banner) to obtain your consent to store certain cookies (e.g. for analyses). Processing is carried out on the basis of Art. 6 para. 1 lit. c DSGVO (legal obligation to obtain consent) or Art. 6 para. 1 lit. a GDPR (consent). You can withdraw your consent at any time via the settings in the cookie banner.
Umami
We use the open-source web analytics service Umami. Umami is run on its own server (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany). The collected data therefore does not leave Europe. Umami is designed to be privacy-friendly and does not collect any personal data and does not use cookies as standard. Only anonymized usage data is collected (e.g. page views, length of stay, referrer).
Legal basis: The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize its website.
7. Plug-ins and tools
Mapbox
We use map services and the address autofill feature from Mapbox (Mapbox, Inc., 740 15th Street NW, 5th Floor, Washington, DC 20005, USA). When using address completion, your IP address and the entered address fragments are transferred to Mapbox in order to provide suitable suggestions. An order processing contract has been agreed and an appropriate level of data protection is guaranteed. Mapbox is certified under the EU-U.S. Data Privacy Framework.
The legal basis for processing is Article 6 (1) (f) GDPR (legitimate interest). We are interested in correctly recording address data and making it easy to find the locations listed on the website.
social media
Links to social networks (Facebook, Instagram, LinkedIn) are included on our website. After clicking on the integrated graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on how to handle your personal data when using these websites, please refer to the respective privacy policies of the providers.
8. Direct advertising
After a purchase of goods, we will also use your first name, last name and email address to send you our own promotional content via email about products and services that are similar to the goods or services you have purchased in the past.
The legal basis for processing is Art. 6 (1) (f) GDPR in conjunction with Section 7 paragraph 3 UWG. Our legitimate interest is to promote sales of our goods or services. You can object to processing at any time with effect for the future.
9. Storage period
Unless a specific storage period has been specified in this privacy policy, we process your data until the purpose for data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless there are other legally permissible reasons for storage (e.g. tax or commercial retention periods); in the latter case, the deletion takes place after these reasons cease to exist.
10. Your rights as a data subject
When processing your personal data, the GDPR grants you, as a data subject, certain rights:
Right to information (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to information about this personal data and to the information detailed in Article 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to immediately request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.
Right to deletion (Art. 17 GDPR)
You have the right to request that personal data concerning you be deleted immediately, provided that one of the reasons set out in detail in Article 17 GDPR applies.
Right to restrict processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Article 18 GDPR is met, e.g. if you have filed an objection to processing, for the duration of the audit by the person responsible.
Right to data portability (Art. 20 GDPR)
In certain cases, which are detailed in Article 20 GDPR, you have the right to receive personal data concerning you in a structured, common and machine-readable format or to request that this data be transmitted to a third party.
Right of withdrawal (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled under Article 7 (3) GDPR to withdraw your consent to the use of your personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the withdrawal is not affected.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Article 6 (1) (f) GDPR (data processing to protect legitimate interests) or on the basis of Article 6 (1) (e) GDPR (data processing to protect public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
In accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. In particular, the right of appeal can be exercised with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
.png)