This Data Protection Policy applies to data processing by:
Controller: Chrono24 GmbH (hereinafter "Chrono24")
Haid-und-Neu-Str. 18, 76131 Karlsruhe
Phone: 49 (0) 721 96693-0
Fax: 49 (0) 721 96693-990
When you visit the Chrono24 website, the browser you are using on your device automatically sends information to the server for our website. This information is temporarily stored in a log file. The following information is automatically collected and subsequently automatically deleted after a period of 20 weeks:
We process the aforementioned data for the following purposes:
We never use collected data to reference you as a person. In the event of an attack on our network infrastructure however, your IP address will be identified in order to assert or defend against legal claims.
We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f of the General Data Protection Regulation (GDPR). Our legitimate interests proceed from the data collection purposes specified above.
Buyers, private sellers and commercial merchants can create a user account on our platform. The mandatory data required to set up a user account must be entered under i), ii) and iii). This data is processed
The data specified under points i), ii) and iii) are processed upon your placement of an inquiry for the purposes outlined above and are required for use of the platform in accordance with Article 6 para. 1 sentence 1 item b of the GDPR, and thus required for fulfilment of the contract and of pre-contractual actions.
You may have the option of providing voluntary information/data depending on the type of user account. We process voluntarily provided information/data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. This information/data is used to facilitate contact with you and ensure rapid clarification of any questions.
After deletion of your user account your data are automatically deleted to prevent further use unless, in accordance with Article 6 para. 1 sentence 1 item c GDPR, it must be stored for a longer period of time pursuant to retention and documentation requirements under tax or commercial code (HGB, StGB, AO), or if you have consented to storage for a longer period of time in line with Article 6 para. 1 sentence 1 item a GDPR.
The following mandatory data must be entered to register as a user (buyer) and set up a user account:
These constitute the login data for your user account.
You can also provide this voluntary user data:
To place sale offers as a private seller you must first have a user account (see i)). To place a sale offer on the platform you must enter the following data:
In order to be able to sell your goods in the Trusted Checkout process, you must register for the sale as a private seller via the trustee service.
When registering for the trustee service, apply to open a Trusted Checkout account at the payment service Mangopay (https://www.mangopay.com/ ) of Leetchi Corp. S.A., (registered office in 59 Boulevard Royal, L-2449 Luxembourg). Payments assigned to you as part of Trusted Checkout will then be posted via this account.
In accordance with laws on the prevention of money laundering and the financing of terrorist organisations, Leetchi Corp. S.A. is obligated to identify each seller based on the documents and information specified.
When registering for the trustee service, the following data and documents are thus collected from you and forwarded onto Leetchi Corp. S.A.:
The following data must be entered to register as a commercial merchant:
You can also provide this voluntary user data:
As a registered user you have the option to communicate with us or a merchant / private seller via an internal messaging tool provided on the website. To use the internal messaging tools, registration is required (see 2. b) ).
When you use our internal messaging tool, we will automatically and manually scan and analyze your sent messages. This is done for the purposes of
We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. Data processing for the aforementioned purposes is a recognised legitimate interest in accordance with the GDPR.
You can manage your sent and received messages by yourself and delete them on request. In the event of an attempted fraud, an unlawful act or breach of the General Terms and Conditions, we may store the appropriate messages even after request for deletion on the bases of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 item f GDPR in order to assert or defend against claims or exercise legal rights.
We create a customer profile for your user account in order for you to use our platform as a registered user/merchant. We categorise your customer profile and supplement it with additional data so that you only receive information likely to be of interest to you. To do so we utilise this data:
We process the aforementioned data for the following purposes:
We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. Data processing for the aforementioned purposes is a recognised legitimate interest in accordance with the GDPR.
You may file objection to the creation of a user profile and/or the evaluation and personalisation of our services or advertising at any time by clicking on this link, in which case processing will be stopped and your user profile will be immediately deleted unless you have consented to longer data retention per Article 6 para. 1 sentence 1 item a GDPR.
In order to initiate and conclude purchase agreements with dealers/private sellers via our Trusted Checkout Service, you will first need a user account (see section 2.b)i) ). Furthermore, it is necessary to specify the following information:
The listed information is processed by us for the following purposes:
In case you request a purchase offer with a dealer/private seller or conclude a purchase contract with the dealer/private seller, we also transfer your personal data to the dealer/private seller for the purposes stated above.
The processing of your aforementioned data takes place on your request and is required in accordance with Art. 6 (1) (1) (b) GDPR for the aforementioned purposes for the use of the platform and thus for the fulfilment of the contract and pre-contractual measures.
We use your e-mail address to send you our personalised regular newsletter if you have expressly consented thereto in accordance with Article 6 para. 1 sentence 1 item a GDPR. To receive the newsletter it suffices to provide your e-mail address.
To receive more personalised newsletter content you can create a customer profile about you based on your collected personal data. This data relates to personal preferences such as product affinities observed on the basis of orders, interests, purchase decisions, preferred shopping time, etc. and is automatically processed and analysed so that relevant offers are predicted for you. Profiling may also be performed without consent on the basis of Article 6 para. 1 item f GDPR given a legitimate interest (see item 2.c) ).
We may also use your e-mail address without your express consent to send you information about similar products of our company if you are an existing customer and have not objected to the use of your e-mail address. Processing for purposes of marketing to existing customers is done on the basis of our legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR. Processing of your e-mail address for the purpose of direct marketing is a statutorily recognised interest under the GDPR.
In order to distribute our newsletter, we use Mailchimp, a tool provided by The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA. The company is a member of the EU-US Privacy Shield.
Further information about how the provider processes data can be found at https://mailchimp.com/legal/privacy/.
Provided that you have expressly given your consent for us to do so in accordance with Art. 6(1) Sentence 1 Section (a) GDPR, we pass your email address on to our partners Zeitauktion GmbH, Mendelejewstr. 2, 09117 Chemnitz, Germany and Fratello Watches B.V., Het Kleine Loo 284, 2592CK Den Haag, The Netherlands. Our partners use your email address to send you your personalised newsletter with offers, new products and promotions at regular intervals. Provision of an email address is sufficient to receive the newsletter.
You can use a form provided on the website to contact us with questions or contact a merchant or private seller. If you wish ask your question to a merchant or private seller, we forward your contact inquiry to them. For the use of the contact form, the following data is required, without exception:
We process the aforementioned data for the following purposes:
Additionally, you can voluntarily provide your name and telephone number to enable quicker contact.
When you use our contact form, we may scan and analyse your message. This is done for fraud prevention purposes and to generally improve communication and customer service.
Data is processed upon placement of your inquiry, and such processing is required for the above purposes to fulfil the contract and pre-contractual actions in accordance with Article 6 para. 1 p. 1 item b GDPR. Data from contact inquiries is also processed on the basis of our legitimate interests per Article 6 para. 1 sentence 1 item f GDPR. These interests proceed from the aforementioned purposes.
Personal data we collect when you use the contact form is automatically deleted upon completion of your inquiry.
We offer a chatbot, giving you the opportunity to ask questions around the clock, which will be answered immediately. You can also contact us using the digital form.
If you use any input fields, the data you enter – such as your email address and your name – will be recorded by us to answer your questions. The legal basis is Art. 6 para. 1 sentence 1 item b and Art. 6 para. 1 sentence 1 item a of the General Data Protection Regulation (GDPR).
When the chatbot is used for the first time, a Universally Unique Identifier (UUID) is assigned to the user once. This allows an interrupted conversation, search or input with the chatbot to be continued at any time (similar to cookies on websites). It is also stored in events. The UUID remains stored in the browser and assigned to the user until local data is deleted. In order to continuously improve the quality of the chatbot, we record events such as “Bot was displayed” and click events such as “User clicked on answer X”.
The data entered into the chatbot is collected by our order processor (Solvemate, Tempelhofer Ufer 1, 10961 Berlin) and is made available to us for the purpose of evaluation.
You can post a comment on articles in the magazine at https://www.chrono24.ca/magazine/. The following data must be provided, without exception in order to post a comment:
Posting comments on articles is voluntary. We utilise your personal data to publish your comments and allow other users to respond to them. We require your e-mail address to contact you and pursue any legal violations.
Your data are processed for the above purposes on the basis of our legitimate interests per Article 6 para. 1 sentence 1 item f GDPR.
In order for comments to be posted in our magazine, we use Disqus, a service provided by Disqus, 717 Market Street, Suite 700, San Francisco, CA 94103.
Further information about how the provider processes data can be found at https://help.disqus.com/en/articles/1717103-disqus-privacy-policy.
Your opinion about our products and our service is important to us. We therefore offer you the option of submitting a rating about our platform via Trustpilot A/S's rating service at www.trustpilot.com (Pilestræde 58, 3rd floor, 1112 Copenhagen K, Denmark, hereinafter "Trustpilot"). If you submit a rating, it will be published on our website and on the Trustpilot website. We however reserve the right to delete or not publish the rating.
Upon successful completion of a purchase, you will receive an email from us requesting you to rate our platform and our service. The email will contain a "Business Generated Link" from Trustpilot that will allow you to access Trustpilot and submit a rating regarding your transaction. The "Business Generated Link" will include your first and last name, your country of origin (for example, Germany), your email address and the transaction ID. After you click on the link, your personal information will be transmitted to Trustpilot, so that we can assign your rating to your purchase and ensure the rating's authenticity.
We have signed a data processing agreement with Trustpilot for the use of the rating service. With this agreement, Trustpilot ensures that they process data in accordance with the General Data Protection Regulation and ensure the protection of the data subject's rights.
Ratings submitted directly to Trustpilot can also be published on our website, provided that we were able to ensure the rating's authenticity.
Data processing as part of customer rating via Trustpilot takes place on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. By doing so, we want to ensure the needs-based design and optimisation of our website.
On rare occasions, users may communicate to us personal data from third parties (e.g. authorised representatives, contact persons, different account holders). In such instances where we collect personal data – not from the third party data subjects themselves, but rather through our users – our contractual partners are required to provide information only with the knowledge of the third party data subject. In particular, this includes information about us as the data controller, as well as the disclosed data and the purpose of said disclosure. In all other respects, this data protection information applies to third party data subjects, to the extent that said information is not only relevant for contractual partners. This includes, in particular, information about us as the data controller and our data protection officer, as well as information about the rights of data subjects. Should we, as an exception, receive contact data for a third party data subject, we will inform the data subject directly. However, we do not typically request contact data from third parties. We will only use the third party information for the intended purpose (e.g. necessary contact, payment processing using the account details provided). The data of third party data subjects will be deleted at the latest upon the deletion of the data pertaining to the stated person, or if this person amends or deletes the data concerned. The legal basis for the processing of the data of third party data subjects is Article 6 (1) 1 f GDPR, where said processing is necessary for the pursuit of our legitimate interest in granting our contractual partners the opportunity to involve third parties.
We only disclose your personal data to third parties if:
Chrono24 and our subsidiaries (hereinafter jointly referred to as “parties” or “we”) work closely together in many areas due to our organisational structure. We use uniform EDP systems across all our businesses and operate joint databases in which, in particular, customer data from both parties is processed.
In doing so, we process the personal data of dealers and users of the online platforms of Chrono24 as joint controllers in accordance with Article 26 GDPR. Due to this joint responsibility, we have concluded an agreement with regard to the personal data concerned.
Chrono24 is responsible for the processing of personal data as far as this relates to the provision of EDP systems and internal databases to customers.
Both parties are responsible for entering data into the internal databases and maintaining the records of personal data of both registered and unregistered platform users, as well as personal data of registered dealers.
As part of our joint responsibility, we have in particular also agreed the specific obligations under the GDPR that each party shall fulfil. This concerns, in particular, the exercise of the rights of data subjects and compliance with the information obligations under Articles 13 and 14 GDPR.
Both parties have agreed that Chrono24 shall publish on its platforms the information required in accordance with Articles 13 and 14 GDPR relating to joint data processing and the essential content of the processing conditions.
Both parties shall also inform each other of data protection rights asserted by affected users. They shall provide each other with all the information necessary to respond to requests for information.
Data protection rights can be asserted against Chrono24 as well as against the respective dealer. Chrono24 undertakes to comply with the rights of data subjects to information about, correction, erasure or blocking of their personal data upon request.
Personal data stored in connection with your user account (myChrono24, see items 2.b) i) and ii) ) cannot be viewed by third parties unless you have published offers on the platform. When you publish an offer on the platform as a private seller, registered and unregistered users will only be able to see your provider data on the platform if have expressly consented to their publishing in accordance with Article 6 para. 1 sentence 1 item a GDPR.
If you are registered as a merchant and publish offers on the platform, registered and unregistered users can view your provider data on the platform (as per item 2.b) iii)). You can restrict the visibility of your data during registration so that your address is not displayed, and thereafter in your profile settings.
The publication of the merchant data is required to fulfil and execute the contract between Chrono24 and the merchant as part of use of the platform in accordance with Article 6 para. 1 sentence 1 item b GDPR.
We utilise ‘cookies’ and ‘pixels’ or ‘tracking pixels’ on our website to record statistics on website usage and evaluate these for the purpose of optimising our offering (see item b).). These enable us to automatically recognise you have previously visited our website when you revisit it.
Your data are processed using cookies and pixels for the purposes specified above on the basis of our legitimate interests and those of third parties, in line with Article 6 para. 1 sentence 1 item f GDPR, according to which these interests qualify as legitimate.
Cookies are small files automatically created by your browser which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, Trojans or other malicious software.
Cookies store data about the specific device used for the respective website visit. This does not mean that we are able to directly discern your identity.
Cookies are in part utilised to enable us to enhance our offer for you. For example, we utilise what are known as ‘session cookies’ to recognise that you have already visited individual pages of our website, or have already logged in to your user account. These cookies are automatically deleted when you leave our website.
We also use temporary cookies which are stored on your device for a specific period of time in order to improve the user experience. When you revisit our site to utilise our services, these automatically register that you have visited before and the entries and settings you have made so that you do not have to re-configure these.
Most browsers are configured by default to accept cookies. You can configure your browser so that cookies are not stored on your computer, or so you receive notification before each new cookie is created. Disabling cookies can however mean that you are unable to utilise some features of our website.
Tracking pixels or just ‘pixels’ are small 1x1-pixel GIF files that can be hidden in graphics, e-mails, etc. when visiting a website. Pixels do not harm your device and do not contain viruses, Trojans or other malware.
Pixels send your IP address, the referrer URL of the website visited, the time the pixel was viewed, the browser used, and previously set cookie information to a web server. This enables us measure reach and conduct other statistical analyses for the purpose of optimising our platform and offerings.
Most browsers automatically accept pixels. You can use certain tools and browser add-ons to block the use of pixels on our webpages (like the AdBlock add-on for the Firefox browser).
We utilise the tracking tools outlined below on the basis of Article 6 para. 1 sentence 1 item f GDPR. We deploy these tracking tools to optimise our website design on an ongoing basis to better meet user needs. In addition we use tracking tools to record website usage statistics which we analyse in order to optimise our offering for you. These interests qualify as legitimate under the provision cited above.
The data processing purposes and data types are as per the respective tracking tools.
are transmitted to a Google server in the US and stored there. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.
This information is used to analyse use of the website, compile reports on website activity and provide additional services related to website activity and internet usage for the purposes of market research and website design in accordance with user needs. This information may be forwarded to third parties as required by law, and to third parties functioning as data processors. Your IP address will never be compiled with any other data held by Google. IP addresses are anonymised to render cross-referencing impossible (IP masking).
You may refuse to accept cookies by changing the settings on your browser accordingly; in such case however you may not be able to fully utilise the entire range of the features of this website.
You can also block the recording of data generated by the cookie concerning your use of the website (including your IP address) and prevent processing by Google by downloading and installing a browser add-on .
As an alternative to the browser add-on, particularly for browsers on mobile devices, you can opt out of data collection by Google Analytics by clicking on this link . An opt-out cookie is set which blocks future collection of your data when visiting this website. The opt-out cookie is stored on your device and is only valid in that browser and for our website. If you delete the cookies for that browser, the opt-out cookie has to be reset.
For more information about privacy related to Google Analytics, see the Google Analytics Help Centre .
We utilise Google conversion tracking to record website usage statistics and analyse these for the purpose of optimising our offerings. Google Adwords places a cookie on your computer (see item 5) when you navigate to our website via a Google ad. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.
These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages of the website of the Adwords customer and the cookie has not yet expired, Google and the customer can observe that the user clicked on the ad and was redirected to this page.
Every Adwords customer receives a different cookie. Cookies thus cannot be tracked via the websites of Adwords customers. Information obtained via conversion cookie is used to prepare conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers receive information on the total number of users who have clicked on their ad and were redirected to a page bearing a conversion tracking tag. They do not however receive any information with which the user can be personally identified.
You can disable collection and processing of your website usage data by VWO at any time with non-retrospective effect. An opt-out cookie is utilised for this which contains the data you do not want VWO to collect. The data is not disclosed to third parties unless there is a legal obligation to do so or the third parties have been commissioned as data processor (such as a data centre).
We use the Hotjar analytics service (3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) on our website. Hotjar is a tool for studying user behaviour that enables us to measure and evaluate the behaviour of visitors to our website (such as mouse movement, clicks and scroll height).
Hotjar places cookies for this purpose (see item 5) on the devices of site visitors which can store their browser information, operating system, data on time spent on the site, etc. in anonymised form.
We utilise Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of the Microsoft Corporation ("Microsoft") that allows us to track user activity on our website when the user navigates to our website via Bing Ads advertisements.
A cookie is placed on your computer when you visit our website via a Bing Ads ad, (see item 5). A Bing UET tag is integrated into our website. This tag is a code which in combination with the cookie stores certain non-personally data about your use of the site. This includes the time spent visiting the website, the areas of the website that were visited and the ads via which the user navigated to the website. Information about your identity is not collected.
This information is transmitted to Microsoft servers in the US and stored there for a maximum 180 days. Microsoft is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.
For more information on Bing analytics services, visit the Bing website.
See the Microsoft Data Privacy Policies for further information about data protection at Microsoft .
For fraud prevention purposes we transmit your IP address and data about the device used to the service provider MaxMind, Inc. (14 Spring Street, 3rd Floor Waltham, MA 02451, USA, hereinafter "MaxMind"). Your data is transmitted to a MaxMind server in the US and stored there. MaxMind is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy. We use this service to receive statistical analysis of IP addresses, devices and locations which we utilise to detect and prevent fraud.
Your data is processed exclusively for this purpose. This data is deleted when you end usage. Further information on data protection in connection with MaxMind can be found here.
You can prevent geolocalisation by blocking the placement of cookies by changing the settings on your browser accordingly; in such case however you may not be able to fully utilise the entire range of the features of this website.
Our mobile app uses crashlytics analysis software of Google Ireland Limited with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Crashlytics"). Crashlytics collects app usage data specifically relevant to system crashes and errors. Data is gathered about the device and app version installed as well as other information which facilitates troubleshooting, such as data relating to the user's software and hardware. For further information see the Crashlytics Data Protection Policy: https://try.crashlytics.com/terms/privacy-policy.pdf.
You can opt out of the use of Crashlytics in the privacy settings of our Mobile App.
We utilise the targeting tools outlined below on the basis of Article 6 para. 1 sentence 1 item f GDPR. Targeting tools are used to ensure that all advertising displayed on your devices is based on your actual or predicted interests. These interests qualify as legitimate under the provision cited above.
See the sections on the respective tracking tools regarding their data processing purposes and data types.
We utilise Google Remarketing Tags, which are a service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter "Google"). Google utilises ‘cookies’ (see item 5), which are text files stored on your computer allowing analysis of your website usage. The information generated by the cookie about your use of this website (including your IP address) is sent to a Google server in the US and stored there. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.
Google then removes the last three digits of the IP address, rendering definite cross-referencing of the IP address impossible. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators and provide other website and internet usage-related services.
Please be advised however that you may not be able to utilise all functionalities of this website in such case. By using this site, you consent to Google processing data gathered about you in the manner and for the purpose outlined above. Further information about Google policies can be found here .
Cookies are used on our website to collect and evaluate data for the purpose of optimising advertising (see item 5). For this we use targeting technologies of Google Inc. (Double Click, Double Click Exchange Buyer, Double Click Bid Manager). These technologies enable us to serve advertising to you in targeted fashion based around your interests. The cookies are used, for example, to record information about which of our products you are interested in. Using this information we can market offers to you on our website or third-party websites which are oriented around your specific interests as predicted based on your historical user behaviour. Data collected and evaluated pertaining to your user behaviour exclusively on a pseudonymous basis so that it is not possible for us to identify you. In particular, this data is not merged with personal data about you.
Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.
The cookie is automatically deleted after 30 days.
You can also configure setting for the display of interest-based advertising via the Google Ads Settings Manager.
We utilise Facebook Website Custom Audiences, a service of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This Facebook marketing service allows us to display personalised and interest-based advertising on Facebook for particular groups of pseudonymised visitors to our website who use Facebook.
A Facebook custom audience pixel is integrated on our website. This is a Java Script code which stores non-personal data about your usage the website. This data includes your IP address, the browser you are using, and the referring and destination pages. This data is transmitted to Facebook servers in the United States. Facebook is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.
In an automated process there it is checked whether you have a Facebook cookie stored. The Facebook cookie automatically determines whether you belong to the target group relevant for us. If you belong to the target group, we then show you relevant ads of ours on Facebook. In this process, you are not personally identified, either by us or by Facebook.
You can opt out of use of the Custom Audiences service on the Facebook website. After logging in to your Facebook account, go to the Facebook ads settings.
This website utilises technologies of Criteo SA (32 Rue Blanche, 75009 Paris, France) to collect and store data for marketing and optimisation purposes. We determine the purposes and means of processing jointly with Criteo, and thus are jointly responsible for processing as controller.
When Criteo is used, additional pixels of partners of Criteo are loaded as well. An overview of all publishers and networks that load pixels is provided here .
You can opt out of pseudonymous analysis of your browsing behaviour at any time via us. See the Criteo link below for instructions on disabling the Criteo service.
Please be advised that if you opt out of displaying personalised ads from Criteo and other advertising affiliates, you will still receive advertisements but these will be less tailored to your interests and browsing behaviour.
Information about your user behaviour on our website is collected and evaluated via cookies on our website (see paragraph 5) by our service provider CrossEngage GmbH (Bertha-Benz-Strasse 5, 10557 Berlin). This allows us to tailor our marketing activities around your actual or predicted interests and display ads on other websites or advertising channels.
If you do not consent you can opt out of such collection and use with non-retrospective effect by e-mail notification to firstname.lastname@example.org. Further information on data protection in connection with CrossEngage can be found here .
We utilise social plug-ins of the social media networks Facebook, Twitter and Instagram to promote our company on our website on the basis of Article 6 para. 1 sentence 1 item f GDPR. This promotional purpose is a legitimate interest within the meaning of the GDPR. The respective providers are responsible for ensuring operation in conformance with data protection laws.
The social media buttons are integrated with a self-developed solution. This solution prevents you from connecting to a social media network just by opening a web page with a social media button on it without pressing the button, i.e. data are not sent to the social media network unless you hit the button.
Our platform uses social media plug-ins of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) to personalise the experience through usage of "LIKE" and "SHARE" buttons. These are a Facebook offering.
When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Facebook servers. The plug-in content is sent by Facebook directly to your browser and integrated into the page.
When a plug-in is integrated, Facebook receives the data the browser you used to access the page of our website in question even if you do not have a Facebook account or are currently not logged in to Facebook. This data (including your IP address) is transmitted by your browser directly to a Facebook server in the US and stored there.
If you are logged into Facebook, Facebook can directly reference your visit to our website your Facebook account. If you interact with a plug-in such as by pressing a "LIKE" or "SHARE" button, the corresponding information data is also transmitted directly to a Facebook server and stored. This data is posted on Facebook and displayed to your Facebook friends.
Facebook can use this data for the purposes of advertising, market research and structuring Facebook pages in line with user needs. This involves Facebook creating user, interest and relationship profiles, for example to evaluate your use of our website in relation to advertisements displayed on Facebook, to inform other Facebook users of your activities on our website and to provide other services related to use of Facebook.
If you do not want Facebook to reference information about you from our website to your Facebook account, you must log out of Facebook before visiting our website.
Please see the Facebook data privacy notices for information regarding the purpose and scope of data collection, further processing and use of data by Facebook, your data privacy rights and data privacy configuration settings.
Plug-ins of the news and social networking firm Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, hereinafter "Twitter") are integrated into our web pages. Twitter plug-ins (Tweet button) bear the Twitter logo, making them identifiable on our website. An overview of Tweet buttons can be found here .
When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, a direct connection is established between your browser and a Twitter server. Twitter then receives the information that you have visited our page, and your IP address. You can link content from our webpages with your Twitter account by clicking on the Twitter "Tweet" button while logged into your Twitter account. This enables Twitter to cross-reference your visit to our webpages to your user account. Please note that as website provider we have no knowledge of the content of the data transmitted or regarding its use by Twitter.
You should log out of your Twitter account first if you do not want Twitter to be able to cross-reference your visit to our webpages to your Twitter user account.
Our website utilises Instagram social plug-ins ("plug-ins") operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").
The plug-ins bear an Instagram logo, such as the "Instagram camera".
When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Instagram servers. The plug-in content is sent by Instagram directly to your browser and integrated into the page. When a plug-in is integrated, Instagram receives the data the browser you used to access the page of our website in question even if you do not have an Instagram profile or are currently not logged in to Instagram.
This data (including your IP address) is transmitted by your browser directly to an Instagram server in the US and stored there. If you are logged into Instagram, Instagram can directly reference your visit to our website your Instagram account. If you interact with a plug-in such as by pressing an Instagram button, the corresponding information data is also transmitted directly to an Instagram server and stored.
This data is also published on your Instagram account and displayed to your contacts there.
If you do not want Instagram to directly reference information about you from our website to your Instagram account, you must log out of Instagram before visiting our website.
In order to send transaction and service emails, we pass on your email address to an email service provider. We use the following service providers:
We use the Mailgun tool provided by Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA. The company is part of the EU-US Privacy Shield and has therefore chosen to be subject to regulations that are similar to EU data protection regulations.
Further information about how the provider processes data can be found at https://www.mailgun.com/privacy-policy.
We use the Sparkpost tool provided by Message Systems Inc., 301 Howard St. Suite 1330 San Francisco, CA 94105, USA. The company is part of the EU-US Privacy Shield and has therefore chosen to be subject to regulations that are similar to EU data protection regulations.
Further information about how the provider processes data can be found at https://www.sparkpost.com/policies/privacy/.
Data processing as part of sending transaction and service emails takes place on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. By doing so, we wish to ensure that communication processes are automated in a needs-based manner, in particular with regard to those actions undertaken by you, or in order to be able to inform you about security-relevant matters as quickly as possible.
We want to make trading on Chrono24 as secure as possible for you. This is why we make use of solutions from service providers specialised in this area for the purpose of fraud prevention, and retrieve information from these service providers regarding transactions on Chrono24. The information processed includes the IP address of the device used to access our website, as well as information regarding the use of Chrono24. We are not able to associate this information with a specific user. This will only happen if fraudulent behaviour is suspected based on the information collected. The specialist service providers may be companies with headquarters in the USA. However, we only choose service providers who are certified in accordance with the ‘EU-US Privacy Shield Framework’. This ensures that we only work with service providers who meet the data protection level prescribed within the EU. The legal basis is Art. 6(1)(f) GDPR. The GDPR recognises the prevention of any attempted fraud to the detriment of our customers or to our own detriment as a legitimate interest.
You have the right:
If your personal data are processed on the basis of on legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR, you have the right to file an objection against the processing of your personal data pursuant to Article 21 GDPR given reasons for doing so which pertain to your special circumstances or the objection pertains to direct advertising. In the latter case you enjoy a general right to file objection which we will act upon without your having to outline any special circumstances.
We utilise the widely used TLS (Transport Layer Security) method for our website in combination with the highest level of encryption supported by your browser. TLS is a secure and proven standard utilised in online banking, for example. A secure TLS connection is indicated among other things by the letter ‘s’ appended on the ‘http’ (i.e. https://..) in the address bar of your browser, and by a lock icon appearing at the bottom of your browser.
We furthermore implement appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction and unauthorised access by third parties. The security measures we implement are continuously upgraded to remain in line with technological progress.
If you register with us as a user, you can only access your user account after entering your personal password. You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
We take company-internal data protection very seriously as well. We bind our staff and commissioned service provider firms to uphold confidentiality and comply with data protection regulations.
This Data Protection Policy is the latest, valid version, last updated in March 2020.
Changes to our website and offers marketed via the website and changes in legal or regulatory requirements may necessitate updating of this Data Protection Policy. You can view and print out the latest updated version of this Data Protection Policy at any time on the website