Serviciu nou: Livrarea de mașini standalone în întreaga Europă. Calculați costurile de transport.

Privacy Policy SmartTrade

I. Responsible party and Contact

The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) is us, the

E-FARM GmbH
Kleine Reichenstraße 1
20457 Hamburg
Germany
Email: info@e-farm.com
Phone: +49 40 466 44 811

Contact details of our data protection officer:

PROLIANCE GmbH
www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
Email: datenschutzbeauftragter@datenschutzexperte.de
Phone: +49 89 2500 39 222

II. Type and Scope of Processed Personal Data

  1. Registration Data
    The use of SmartTrade requires prior registration by the user. During registration, the following personal data is collected and processed:
  • First and last name
  • Email address
  • Company data (company name, address)
  • Phone number
  • Login data (username, encrypted password)
  • Location information (branches)
  • Role/position within the company
  1. Usage Data
    During the use of SmartTrade, machine data is entered, including brand, type, model, year of manufacture of the machine, as well as information on equipment features, history, and condition of the machine. If this data allows conclusions about individuals (e.g., when entering customer data), this is also processed as personal data.
    In addition, the following usage data is processed:
  • User content, usage, operational, and telemetry data as well as support information
  • IP addresses
  • Time of access
  • Browser information
  • Device information
  1. Communication Data
  • Email correspondence
  • Support requests and tickets
  1. Payment Data
    Invoices are sent as PDFs to the super administrator defined by the user in the company settings. The following data is processed:
  • Billing address
  • Email address for invoice delivery
  • Payment information (bank account, if relevant)
  1. Media Content
    The user can upload media such as photos and videos of the machine. If these image data depict individuals, these personal data are also processed.

III. Legal Grounds for Processing

  1. Performance of a Contract (Art. 6 (1) (b) GDPR)
    The processing of the above-mentioned personal data is primarily for the performance of the usage agreement, in particular for the provision of the software; registration and management of user accounts; provision of evaluation results of the market price for machines; marketing of machines through the E-FARM website; invoicing and payment processing; customer support and technical assistance.
  2. Legal Obligations (Art. 6 (1) (c) GDPR)
    Additionally, we store tax and commercial law relevant data to fulfill legal obligations, in particular in accordance with applicable statutory storage and retention requirements (e.g., from the HGB and AO).
  3. Legitimate Interests (Art. 6 (1) (f) GDPR)
    Furthermore, the processing of your data is carried out to protect our legitimate interests, particularly to ensure IT security and the proper operation of the software; protection against misuse of access data and unauthorized access.
  4. Consent (Art. 6 (1) (a) GDPR)
    Where consent is required for specific processing activities, we will obtain it separately.

IV. Disclosure of Personal Data to Third Parties

For the operation of the software, we use the following service providers as data processors. They process your data strictly according to our instructions.

MongoDB
https://www.mongodb.com
Purpose: Database provider with servers in the EU.

Amazon Web Services (AWS)
https://aws.amazon.com
Purpose: Provision of the application with servers in the EU.

Auth0
https://auth0.com
Purpose: Provision of user accounts with servers in the EU.

V. Data Transfer to Third Countries

The processing of personal data takes place exclusively within the territory of the European Union (EU) / European Economic Area (EEA).
If, exceptionally, a transfer of data to a third country becomes necessary, it will only occur if:

  • an adequacy decision by the EU Commission pursuant to Art. 45 GDPR is in place,
  • appropriate safeguards pursuant to Art. 46 GDPR (e.g., EU standard contractual clauses) are in place, or
  • explicit consent of the data subject is provided.

VI. Retention Period

  1. General Retention Periods
    We delete personal data immediately after the reason for processing ceases to exist or after the relevant statutory retention and storage obligations expire.
  2. Contract Data
    Data necessary for contract fulfillment will be stored for the duration of the contractual relationship.
  3. Statutory Retention Obligations
    Certain data are subject to statutory retention obligations:
  • Commercial law retention obligations: 6 or 10 years (§§ 147, 257 HGB, §§ 147, 257 AO)
  • Tax law retention obligations: usually 10 years
    After these periods, the data will be deleted unless further processing is required for the assertion, exercise, or defense of legal claims.

VII. Rights of Data Subjects

As data subjects, you have the following rights:

  1. Right of Access (Art. 15 GDPR)
    You have the right to obtain information about the personal data stored about you, including information about:
  • the processing purposes,
  • the categories of personal data,
  • the recipients or categories of recipients,
  • the planned storage duration,
  • the origin of the data, and
  • the existence of automated decision-making.
  1. Right to Rectification (Art. 16 GDPR)
    You have the right to request the immediate correction of inaccurate or incomplete personal data.
  2. Right to Erasure (Art. 17 GDPR)
    You have the right to request the immediate deletion of your personal data, provided that one of the legal grounds applies, and processing is not necessary for the fulfillment of legal obligations or the assertion, exercise, or defense of legal claims.
  3. Right to Restriction of Processing (Art. 18 GDPR)
    You have the right to request the restriction of processing of your personal data if the legal requirements are met.
  4. Right to Data Portability (Art. 20 GDPR)
    You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.
  5. Right to Object (Art. 21 GDPR)
    You have the right to object at any time to the processing of personal data concerning you, based on Art. 6 (1) (e) or (f) GDPR, on grounds relating to your particular situation.
  6. Withdrawal of Consent (Art. 7 (3) GDPR)
    If the processing is based on consent, you have the right to withdraw this consent at any time with effect for the future. The lawfulness of processing until the withdrawal remains unaffected.
  7. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
    You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.
    Competent supervisory authority:
       The Hamburg Commissioner for Data Protection and Freedom of Information
       Ludwig-Erhard-Straße 22
       20459 Hamburg
       Email: mailbox@datenschutz.hamburg.de
       Phone: 040 / 428 54 – 4040

VIII. Automated Decision-Making and Profiling

There is no automated decision-making within the meaning of Art. 22 GDPR that produces legal effects or similarly significantly affects the data subject.

IX. Contact for Data Protection Questions

For questions about data protection, exercising your rights, or complaints, you can contact us at any time: datenschutzbeauftragter@datenschutzexperte.de