This statement provides you with a clear overview of the collection, processing and use of your personal data when you use our platform. We respect your privacy and are committed to protecting your data. If you do not agree with the policies and practices described in this Privacy Policy, you can leave the Bestwrist platform at any time without giving any reason. However, by using our platform, you confirm your acceptance of our privacy policy.
This privacy policy applies to the use of our platform bestwrist.com ("online platform") and describes our procedures for the collection, use and disclosure of your personal data. We also inform you about your rights and how you can view, update and manage this data. Bestwrist undertakes to use your personal information exclusively within the framework of this data protection declaration and the applicable data protection regulations. Separate policies may apply to information we receive by other means and publicly available information. Capitalized terms not defined in this statement shall have the meanings set forth in our Terms and Conditions.
As we take the provisions of the General Data Protection Regulation (GDPR) very seriously, we implement measures to protect your personal data and only work with service providers who offer a secure and GDPR-compliant level of data protection. Bestwrist acts as both data controller and data processor and uses GDPR-compliant databases and sub-processors. This privacy policy describes what types of data we process, for what purposes and on what legal basis. We recommend that you read this statement carefully. If you have any questions or concerns, please contact us at privacy@bestwrist.com.
Please note: The provision of certain data is necessary so that we can offer our services smoothly. Further information on data protection and the use of our services can be found below and on our website.
Responsible for the data processed on this website is:
Bestwrist GmbH
Erkrather Straße 401
40231 Düsseldorf
Germany
E-Mail:info@bestwrist.com
Phone: +49 211 - 97 533 966
Bestwrist works in various processes with service providers who may process personal data on our behalf (so-called processors). Bestwrist has concluded corresponding contracts for order processing in accordance with Art. 28 GDPR with all the processors listed below. These contracts ensure that the processors process the data on our behalf in accordance with data protection regulations and in compliance with the rights of the data subjects.
If personal data is transferred to a third country (e.g. the USA) as part of order processing, Bestwrist ensures an appropriate level of data protection through suitable guarantees. Standard data protection clauses have been agreed for all processors based in a third country, which are recognized by the European Commission as a suitable guarantee in accordance with Art. 46 para. 2 lit. c) GDPR. In addition, Bestwrist works exclusively with service providers in third countries who can prove that they guarantee an essentially equivalent level of protection for the transferred personal data through additional protective measures.
When you visit our website, the browser used on your device automatically transmits certain information to the server of our website. This data is temporarily stored in a so-called log file. The following information is recorded without any action on your part and automatically deleted after a period of 20 weeks:
The listed data is processed by us for the following purposes:
In principle, we do not use the data collected to draw personal conclusions about you. However, if there is an attack on our network infrastructure, your IP address will be evaluated to enforce or defend against legal claims.
Data processing is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR, which arise from the above-mentioned purposes of data collection.
We also use cookies and analysis services when you visit our website. Detailed information on this can be found in sections 6 and 7 of this privacy policy.
Both private sellers and buyers as well as commercial traders can create a Bestwrist account on our platform. To create an account, the data listed in sections 3.2.1., 3.2.2., 3.2.3. and 3.2.4. must be provided. This data is processed for the following purposes:
This data processing is carried out at your request and is required pursuant to Art. 6 para. 1 lit. b) GDPR in order to use the platform for contract fulfillment and pre-contractual measures.
If you use the platform to sell items, you are required to provide your tax identification number. The collection of this number is lawful in accordance with Art. 6 para. 1 lit. f) GDPR, as our legitimate interest is to fulfill tax reporting obligations under the PStTG and to avoid administrative offenses. If you are not subject to reporting under the PStTG, your tax identification number will be deleted after the reporting period has expired, unless you have consented to longer storage in accordance with Art. 6 para. 1 lit. a) GDPR. Further information on the processing of your tax identification number can be found under point 4.1.
Depending on the account type, you can provide additional voluntary information. This voluntary information is processed in accordance with Art. 6 para. 1 lit. f) GDPR and serves to improve the contact process and to clarify any queries quickly.
After deletion of your account, your data will be automatically deleted, unless statutory retention and documentation obligations pursuant to Art. 6 para. 1 lit. c) GDPR (e.g. from HGB, StGB or AO) require longer storage or you have consented to further storage pursuant to Art. 6 para. 1 lit. a) GDPR.
To register as a user (buyer) and create an account, the following data is mandatory:
This data is used as login information for your account.
You also have the option of uploading a profile picture and voluntarily providing the following information:
The first time you log in or log in again to your Bestwrist account, you can alternatively authenticate yourself via third-party providers (Apple or Google). To do this, you will be redirected to the website of the respective third-party provider, where you log in with your access data. Apple or Google will then tell us which data is transmitted for authentication, including:
If we do not yet know your e-mail address, we will check whether you already have a Bestwrist account. If you already have an account, it can be linked to the third-party login; otherwise, you can create a new account using the third-party login. The processing is based on our legitimate interest in offering an additional convenience service (Art. 6 para. 1 lit. f) GDPR). Details on data collection and use by Apple or Google and your rights can be found in their respective privacy policies.
To post ads as a private seller, you need a Bestwrist account (see 3.2.1.). The following information is required to publish an advertisement:
In order to offer items via the escrow service, you must set up an escrow account with Mangopay (Mangopay S.A., Luxembourg). Mangopay is legally obliged to identify sellers to prevent money laundering and requires the following data:
To register as a commercial dealer, you must provide the following data:
You can also provide voluntary information such as:
For authentication via a second factor, we will send you an SMS after your account has been created. For this purpose, the telephone number you provide is transmitted to the service provider Twilio, Inc. (USA), which performs 2-factor authentication. This processing is based on our legitimate interest in the secure use of the marketplace and the optimization of processes (Art. 6 para. 1 lit. f) GDPR).
After registering as a retailer, you may receive print advertising on current watch trends. For this purpose, your name and address will be passed on to mailing service providers, which is considered a legitimate interest in accordance with Recital 47 GDPR. You can also register as a retailer by contacting us via a LinkedIn contact form or by contacting us directly to acquire new customers. The data processed for this purpose includes
This data processing is carried out to establish contact in the context of acquiring new customers and is covered by our legitimate interest (Art. 6 (1) (f) GDPR).
To comply with US tax regulations, we use the AvaTax cloud solution from our processor Avalara, Inc (Seattle, USA). AvaTax handles the automated calculation of sales tax and the complex rate calculation of US sales tax. The following personal data of merchants based in the USA (see section 3.2.4.) is processed for this purpose:
This data collection helps us to determine the regional tax requirements, as the tax regulations in the USA vary from state to state and sometimes even within a county. It is therefore necessary to record the exact location of a merchant in the USA in order to calculate the correct sales tax rate with AvaTax.
Your personal data is processed in accordance with Art. 6 para. 1 lit. c) and f) GDPR. This is necessary to fulfill our legal obligations under US tax laws. In addition, as an international platform, we have a legitimate interest in complying with the applicable legal provisions of the respective markets. Only personal data of merchants in the USA who are subject to the local tax laws are processed.
As a registered user, you can communicate with us and other users (dealers, buyers, private sellers) via the platform-internal messenger integrated on our website. Registration is required to use the messenger (see section 3.2).
Communication in Messenger always takes place between you, your communication partner and Bestwrist. Bestwrist actively participates in the communication and moderates it. During use, your messages are checked and analyzed by us both automatically and manually. This is done for the following purposes:
This data processing is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR and is considered lawful under the GDPR.
You have the option of managing your sent and received messages yourself and requesting their deletion if necessary. However, in the event of suspected fraud, an unlawful act or a breach of the General Terms and Conditions, we reserve the right to retain these messages to secure evidence and to enforce or defend legal claims. This storage is also based on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR.
As part of the use of our platform, we create a customer profile for the Bestwrist account for registered users and merchants. In order to provide you with relevant information, we supplement and categorize this profile using additional data, including
This data is processed by us in order to:
The processing is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR and is considered lawful.
Comprehensive profiling is only possible if you have given us your consent to set the Bestwrist personalization cookie in accordance with Art. 6 para. 1 lit. a) GDPR (see point 6 for more information on cookies). You can adjust your cookie settings yourself at any time.
If you wish to object to the creation of a customer profile, the evaluation or personalization of our services and advertising, you can do so at any time via this link. This will stop the processing and your customer profile will be deleted immediately. Alternatively, you can send your objection at any time by e-mail to support@bestwrist.com.
To process purchase contracts with merchants or private sellers via our escrow service, you first need a Bestwrist account (see 3.2.1). In addition, the following information is required:
This data is processed for the following purposes:
If you request a purchase offer or conclude a purchase contract with a dealer or private seller, we will also transfer your personal data to them in order to fulfill the aforementioned purposes.
This data is processed at your request and is necessary pursuant to Art. 6 (1) (b) GDPR in order to use the platform for contract performance and pre-contractual measures.
After concluding a purchase contract, you can make payment by bank transfer, credit card or PayPal. To ensure payment processing and to prevent fraud, payments are processed via the service provider Mangopay (10 Boulevard Royal, L-2449 Luxembourg). We transmit the following personal data to Mangopay:
The data processing is carried out in accordance with Art. 6 para. 1 lit. b) GDPR and is necessary for the fulfillment of the contract. Further details can be found in Mangopay's privacy policy.
If you choose to pay via the online service 'PayPal' from PayPal (Europe) S.à r.l. et Cie, S.C.A. (22-24 Boulevard Royal, 2449 Luxembourg), your shipping address will be transmitted to PayPal. PayPal is integrated via Mangopay to prevent fraud. The data processing is also based on Art. 6 para. 1 lit. b) GDPR. Further information can be found in PayPal's privacy policy.
Credit card payments can also be processed via the service provider Checkout SAS (37-39 Rue de Surène, 75008 Paris, France). The following data is transmitted to Checkout SAS:
This data processing is also carried out in accordance with Art. 6 para. 1 lit. b) GDPR and is necessary for the fulfillment of the purchase contract. The privacy policy of Checkout SAS can be found here.
For credit card payments, you can also use 'Apple Pay' from Apple Inc (One Apple Park Way, Cupertino, CA 95014, USA), provided your credit card details are stored there. Processing continues to take place via Checkout SAS, with Apple Pay serving as an additional authentication method for fraud prevention. Bestwrist does not process any additional personal data when using Apple Pay. Further information can be found in Apple's Privacy Overview.
If you have expressly consented in accordance with Art. 6 para. 1 lit. a) GDPR, we will use your e-mail address to regularly send you our personalized newsletter. To receive the newsletter, you only need to provide an email address.
In order to personalize the newsletter, a customer profile may be created for you based on the following personal data:
In addition, personal characteristics, such as product affinities from orders, interests, purchasing decisions, preferred shopping times, etc., are automatically processed and analyzed in order to show you relevant offers and advertisements. This profiling can also take place without consent in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of legitimate interests (see section 3.5).
Under certain circumstances, we may also use your email address without your express consent to send you information about similar products from our company, provided that you are an existing customer and have not objected to the use of your email address. In the case of advertising for existing customers, we base the processing on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR, as direct advertising is considered a recognized legitimate interest.
In both cases, you can unsubscribe at any time, e.g. via the unsubscribe link at the end of each newsletter or alternatively by sending an email to support@bestwrist.com.
We use the SendGrid tool from Twilio Inc (101 Spear Street, San Francisco, CA 94105, USA) to send our newsletter. Further information on data processing by this service provider can be found at https://www.twilio.com/en-us/legal/privacy.
You can unsubscribe from the newsletter at any time, either via the link at the end of each newsletter or by sending an e-mail to support@bestwrist.com.
If you have any questions, you can contact us or a dealer/private seller using the contact form provided on our website. If your inquiry is addressed to a dealer or private seller, we will forward it accordingly. The following information is required to use the contact form:
This data is processed by us in order to:
For faster processing, you can optionally enter your name and telephone number.
When using the contact form, your message may be scanned and analyzed by us in order to:
The data processing is carried out in response to your request and is necessary for the processing of the contract and pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR. The processing in the context of the contact request is also based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR, which also result from the purposes mentioned.
The personal data collected when using the contact form will be automatically deleted after your request has been processed.
In order to provide you with the option of tracking your order electronically from the time of dispatch, private sellers are asked to specify the shipping service provider and the corresponding tracking ID. Retailers are required to provide this tracking ID. This information is used by our service provider AfterShip Ltd (One Midtown 38/f Hoi Shing Road Tsuen Wan Unit 2 No. 11, Hong Kong) to provide a tracking option to track the delivery status. The following personal data is processed:
This data processing is carried out on the basis of Art. 6 para. 1 lit. b) GDPR, as it is necessary for the fulfillment of the contract in the context of the use of the platform and the purchase contract.
Your opinion of our products and services is important to us. We therefore allow you to submit reviews via Trustpilot (www.trustpilot.com) and Sitejabber (www.sitejabber.com).
We work with Trustpilot A/S (Pilestræde 58, 3rd floor, 1112 Copenhagen K, Denmark) to give you the opportunity to rate our platform. After a successful purchase, you will receive an email from us with a "Business Generated Link" to Trustpilot, which you can use to leave a review. This link contains the following personal data:
By clicking on the link, this data is transmitted to Trustpilot so that we can assign your review and ensure its authenticity. Reviews submitted directly to Trustpilot can also be displayed on our website, provided their authenticity has been verified.
The processing of your data for reviews via Trustpilot is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, as we strive for an optimized and needs-based design of our website. Further information on data processing by Trustpilot can be found in Trustpilot's privacy policy.
If your billing address is in the USA, you can also submit reviews via the review service Sitejabber, operated by GGL Projects, Inc. (1528 South El Camino Real, Suite 110, San Mateo, CA 94402, USA). After completing a purchase, we will send you an e-mail with a "Review Request" from Sitejabber, which will redirect you to submit a review. The review request contains the following personal data:
By clicking on the link, this data is transmitted to Sitejabber to enable the assignment of your rating to your transaction and to ensure its authenticity.
This data processing is also based on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Further information on data processing by Sitejabber can be found in Sitejabber's privacy policy.
You can maintain and manage your personal watch collection online in the Watch Collection by adding watches, saving data and uploading your own pictures. You can view and update the Watch Collection from anywhere. You can also add watches that you would like to monitor and have the value of your watch estimated.
The following data is required to use the Watch Collection:
Optionally, you can enter additional details such as the purchase price, time and place of purchase and upload pictures of your watch.
This data is processed for the following purposes:
The data stored in the Watch Collection is personal data - i.e. data that does not directly refer to a person, but from which a person could be derived. A legal basis is required for the processing of personal data.
Data processing is carried out on the basis of Art. 6 para. 1 lit. b) GDPR and our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to use the Watch Collection as a valuable source of information and to expand our knowledge of the market through the statistical evaluation of the data in order to optimally adapt our services in the future.
If you have expressly consented in accordance with Art. 6 para. 1 lit. a) GDPR, the data collected will also be used for the purchase and sale of the watches in your Watch Collection.
In some cases, users may provide us with personal data of third parties (e.g. authorized representatives, contact persons or other account holders). Users are obliged to ensure that the data subject is informed about the disclosure of their data and is aware of us as the controller, the data provided and the purpose of its use.
This data protection information also applies to affected third parties insofar as it contains information relevant to contractual partners, including information about us as the controller, our data protection officer and the rights of data subjects. If, in exceptional cases, we receive contact details of a third party, we will inform this person directly. As a rule, we do not collect contact details of third parties. Third-party data is used exclusively for the intended purpose (e.g. making contact, processing payments).
Third-party data is deleted as soon as the data subject's data is deleted or the data subject updates or removes this data.
This processing is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR in order to give contractual partners the opportunity to involve authorized third parties.
To translate content such as dealer reviews, news, advertisements and their descriptions, we use the translation service Google Translate from Google LLC (USA) and DeepL Translate from DeepL SE (Germany) via an API. Depending on the content, the transmission of personal data cannot be ruled out.
This data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR, based on our legitimate interest in designing the website in line with requirements and overcoming language barriers in user-generated content.
For quality assurance and training purposes, we record incoming calls with your express consent. The following data is processed:
This data is only accessible to the employees involved in the interview and their superiors. Third parties do not have access. Processing is permitted in accordance with Art. 6 para. 1 lit. a) GDPR if you have given us your consent. Recordings are stored for 90 days and then deleted.
If you contact our support team by phone or email, your request will be managed via the omnichannel tool Sprinklr from Sprinklr, Inc (USA). The following data is processed:
Your data is processed on request and is necessary for processing in accordance with Art. 6 para. 1 lit. b) GDPR. In addition, the use of Sprinklr is in our legitimate interest to standardize customer management in accordance with Art. 6 para. 1 lit. f) GDPR.
If you have given your consent at the beginning of the conversation in accordance with Art. 6 para. 1 lit. a) GDPR, the telephone call will be recorded and used exclusively for training purposes and for transcription to ensure that your request can be processed comprehensively. Recordings are deleted after three months.
We use Sprinklr AI, Sprinklr's artificial intelligence, to summarize emails or transcribed phone calls (if consent has been given) to support our employees in customer communication. Before being transferred to the AI, personal data is anonymized as far as possible. However, complete anonymization cannot be guaranteed. Sprinklr is contractually obliged not to use the transmitted content for AI training purposes, which reduces the transmission of personal data to a minimum.
This processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in the purposes mentioned.
After purchasing a watch on our platform, we usually provide you with both an invoice and a proof of purchase in PDF format. These PDF files are created on a server of our service provider Amazon Web Services EMEA Sarl (AWS, Luxembourg). For this purpose, we transmit the necessary data in encrypted form to AWS, which creates the PDFs and sends them back to us in encrypted form.
Depending on the document, the following personal data may be processed by AWS:
The processing of this data is necessary for the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR. Invoices are stored for 10 years due to tax retention obligations according to § 147 AO and then deleted; Trusted Checkout certificates are deleted after 6 months.
We only pass on your personal data to third parties if:
In accordance with EU Directive 2021/514 (DAC 7), we as the platform operator are obliged to report information on individuals and companies that carry out paid activities on our platform on an annual basis. We transmit this information to the Federal Central Tax Office (BZSt), which then forwards the data to the domestic or foreign tax authorities.
The data transmitted annually to the BZSt includes data from providers subject to reporting requirements:
If you are registered as a commercial trader, we will also send you:
If you sell watches on Bestwrist, you are a reportable supplier. This data transfer to the BZSt is lawful in accordance with Art. 6 para. 1 lit. c) GDPR, as we are obliged to do so as a platform operator in accordance with Section 13 DAC 7.
In addition, we are obliged to report the following information to the BZSt:
In connection with this data transfer to the BZSt, you can assert your rights as a data subject in accordance with point 12 of the data protection declaration.
As a platform operator, we determine the purposes and means of certain data processing together with other controllers. As a result, we act as joint controllers in accordance with Art. 26 GDPR.
Due to our organizational structure, Bestwrist works closely with partner companies (hereinafter referred to as "parties" or "we"). We use uniform IT systems and operate joint databases, which in particular contain customer data of both parties.
As part of this joint responsibility, we process the personal data of retailers and users of the Bestwrist platform. For this purpose, we have concluded contractual agreements on joint responsibility. Bestwrist assumes responsibility for the provision of IT systems and the maintenance of internal customer databases.
Both parties are responsible for entering and updating the personal data of users and registered merchants in the joint databases. With regard to compliance with the GDPR requirements, we have defined who assumes which tasks, in particular the exercise of the rights of data subjects and the fulfillment of the information obligations pursuant to Art. 13 and 14 GDPR.
It has been agreed that Bestwrist will provide the necessary information in accordance with Art. 13 and 14 GDPR on the joint processing operations on its platforms. Both parties shall exchange information on data protection rights asserted by data subjects and provide all information necessary to respond to requests for information.
Data subjects can assert their data protection rights both against Bestwrist and against the partner company. Bestwrist undertakes to comply with requests for information, correction, deletion or blocking of personal data.
Bestwrist and the commercial traders (hereinafter referred to as "traders") work together within the framework of the online marketplace for watches. Bestwrist operates the platform on which retailers can buy and sell watches.
Bestwrist and the merchants process personal data of users of the platform as joint controllers in accordance with Art. 26 GDPR. There are contractual agreements on joint responsibility with regard to the data concerned.
Bestwrist is responsible for data processing when it comes to the analysis of user behavior, the statistical evaluation and provision of this data for the retailer as well as the forwarding of contact data for order processing and shipping. The retailer, on the other hand, is responsible for adjusting the statistical data and using the contact data to deliver the purchased item.
Both parties have also determined who is responsible for the respective obligations under the GDPR. In particular, this includes safeguarding the rights of data subjects and fulfilling the information obligations pursuant to Art. 13 and 14 GDPR.
Bestwrist provides the relevant information and the essential content of the joint processing conditions on the platform in accordance with Art. 13 and 14 GDPR. Both parties inform each other about asserted data protection rights and exchange all necessary information to respond to requests for information.
Data subjects can assert their rights both against Bestwrist and against the respective retailer. Bestwrist undertakes to provide the data subjects with all necessary information in accordance with Art. 15 GDPR.
In order to carry out the 1099-K reporting required by the IRS (Internal Revenue Service), we work contractually with Mangopay S.A. (2 Avenue Amélie, L-1125 Luxembourg; hereinafter referred to as "Mangopay"). US sellers who have made transactions of at least USD 600 in the financial year must be reported to the IRS accordingly via the 1099-K form. As a payment service provider, Mangopay is legally obliged to report these reportable US sellers.
In this context, we as the platform operator collect the necessary tax identification numbers from US sellers during the registration process and transmit them to Mangopay. This ensures that both Mangopay and Bestwrist fully comply with their legal obligations to the IRS.
For US sellers, the processing of their tax identification number is a joint responsibility between Mangopay and Bestwrist in accordance with Art. 26 GDPR. In this joint responsibility, we have concluded a corresponding agreement with Mangopay on the processing of the personal data concerned.
Mangopay and Bestwrist exchange information about the data protection rights of the users concerned and provide each other with all data necessary for processing requests for information.
Data subjects can assert their rights against both Bestwrist and Mangopay. Bestwrist undertakes to comply with the rights of data subjects to information, correction, deletion or blocking of personal data, provided that there are no other legal obligations to the contrary.
The personal data stored in your Bestwrist account (see sections 3.2.1. and 3.2.3.) cannot be viewed by third parties as long as you have not published any listings on the platform. If you create and publish advertisements as a private seller, your seller data will only be visible to registered and non-registered users if you have expressly consented to the publication of this data in accordance with Art. 6 para. 1 lit. a) GDPR
If you are registered as a trader and publish advertisements on the platform, both registered and non-registered users can view your vendor data (see section 3.2.4.). However, when you register and later within your profile, you have the option of setting the visibility of your data so that your address is hidden.
The publication of your provider data is necessary in the context of platform use in accordance with Art. 6 para. 1 lit. b) GDPR in order to fulfill and execute the contract between Bestwrist and the retailer.
We use cookies and pixels (hereinafter "scripts") on our website to statistically record the use of our website and to optimize our offer for you (see point 7). These scripts make it possible to automatically recognize that you have already visited the website when you visit it again. Our scripts can be divided into technically necessary and technically unnecessary scripts.
For technically necessary cookies that process personal data, we rely on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR, as the trouble-free operation of our website is considered a legitimate interest. Scripts that are not technically necessary are only activated with your express consent. Details on the scripts used can be found under point 7.
For technically necessary cookies that process personal data, we rely on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR, as the trouble-free operation of our website is considered a legitimate interest. Scripts that are not technically necessary are only activated with your express consent. Details on the scripts used can be found under point 7.
Cookies store information related to the device you are using without revealing your identity. They are used to improve the use of our website, for example through session cookies that recognize when you have already been on the site or logged in. Session cookies are deleted after you leave the site.
In addition, we use temporary cookies that are stored for a limited period of time and recognize your previous entries and settings when you visit again in order to make the service more user-friendly.
Most browsers accept cookies automatically. You can configure your browser so that no cookies are stored or a message appears before a new cookie is created. Complete deactivation can, however, restrict the use of certain website functions.
Tracking pixels are small 1x1 pixel graphics that can be embedded in websites or emails. They do not contain any malware. Pixels send data such as IP address, referrer URL, time of page view, browser and previously set cookie information to a server. This information enables reach measurements and statistical evaluations to optimize our platform.
You can deactivate pixels with tools or browser add-ons (e.g. "AdBlock" for Firefox).
Certain technologies are absolutely necessary for the operation of our platform in accordance with Section 25 (2) No. 2 TDDG in order to ensure trouble-free use of our website and app. If personal data is processed in this context, we rely on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. The strictly necessary cookies are used as follows
When you visit our website and app, we use strictly necessary cookies in order to offer all the functions of the platform. The information collected is used, among other things, to:
The following data is collected regularly:
For the storage period of the individual cookies, please refer to point 6.1. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.
We use Riskified, Inc. (220 Fifth Avenue, Floor 2, New York, NY, USA) for fraud prevention for credit card payments. Riskified checks whether credit card payments without 3D-Secure should be protected against fraudulent chargebacks. For this purpose, a cookie collects the following data, which is processed by Riskified:
The data is stored for 48 months and then deleted. This processing is based on our legitimate interest in fraud prevention and general security of the platform in accordance with Art. 6 para. 1 lit. f) GDPR. Fraud prevention is expressly recognized as a legitimate interest in Recital 47 of the GDPR.
In our app, we use Firebase Crashlytics from Google Ireland Ltd (Dublin, Ireland) to analyze app usage - in particular system crashes and errors. Crashlytics collects data about the device, the installed app version and other information that is helpful for troubleshooting, including the IP address. Further details can be found in Crashlytics' privacy policy. The data is stored for 90 days and then deleted. This processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to analyze and fix app crashes.
On the domain "bestwrist.com" we use accessiBe Ltd (Tel Aviv, Israel) to make the website accessible in accordance with the ADA (Americans with Disabilities Act). With the help of an accessiBe script, information is stored on your device that allows you to customize accessibility settings in the website footer. Browser information, website behavior and IP address are collected in order to implement accessibility as required. This data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in an accessible platform and compliance with the ADA.
We use the services of Cloudflare, Inc (San Francisco, USA) to protect our platform against DDoS (Distributed Denial-of-Service) attacks. Cloudflare analyzes various parameters and behavioral patterns when the website or app is accessed in order to detect possible attacks. The processed data includes
Data processing is carried out to increase platform security and is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
We work closely with various advertising agencies for marketing campaigns. In order to measure the success and optimize our marketing activities, we may transfer personal data to advertising agencies that was collected via marketing pixels (see point 6.2). The following data categories are affected:
The following tracking tools are only used if you have expressly given us your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent separately for each tool at any time via the Consent Manager, which is available at the end of the privacy policy. This does not affect the lawfulness of the processing carried out before you withdraw your consent. We use these tracking tools to optimize our website and analyze user behavior.
We use Google Analytics from Google LLC (USA) for the needs-based design and optimization of our website. Google Analytics creates pseudonymized user profiles and uses cookies (see section 6.1). The data collected by the cookies includes, among other things
The data is transferred to Google servers in the USA and used to analyze and create reports. Your IP address is anonymized so that a direct assignment is not possible. Further information can be found in the Google Analytics help section.
We use Google Ads from Google to statistically record and optimize our offer (for details see 7.1.1). When you visit our website via a Google ad, a cookie is set that expires after 30 days. It enables us to create conversion statistics without collecting personal information. You can find Google's privacy policy here.
We use Meta Custom Audiences from Meta Platforms Ireland Ltd (Ireland). If you reach our website via a meta ad, Meta sets a cookie (see section 6.1) for conversion tracking analysis, which expires after 180 days. This cookie enables us to recognize whether you have been redirected via a Meta ad. Further information can be found in the Meta privacy policy.
Hotjar Ltd (Malta) analyzes user behavior on our website. Hotjar collects data such as:
This data is stored in anonymized form. Further information can be found in the Hotjar privacy policy.
We use Microsoft Advertising and Universal Event Tracking (UET) from Microsoft Ireland Operations Ltd (Ireland) to track user activity when they access our website via Microsoft ads. The data is transferred anonymously to Microsoft servers in the USA and stored there. Further information can be found here.
For fraud prevention purposes, we transmit IP address and end device information to MaxMind, Inc (USA). This data is analyzed to identify possible fraud attempts. Further details can be found in MaxMind's privacy policy.
Google Tag Manager from Google Ireland Ltd (Ireland) manages tracking tags on our website and transmits IP addresses and browser information to Google servers. Further information can be found in the Google privacy policy.
In our app, we use AppsFlyer Ltd (Israel) to analyze advertising campaigns. Aggregated data such as IP address and user ID are collected if you have given your consent for this. Further information can be found in the AppsFlyer privacy policy.
The following targeting tools are only used to show you relevant advertising with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time via the Consent Manager.
We use Google Ads for targeted advertising and segment user groups on the basis of anonymized data. The information collected by Google is used to analyze your use of the website and to improve our advertising measures. You can find more information here.
Meta Custom Audiences enables us to place targeted advertising on Facebook and Instagram. A JavaScript code is used to process data such as IP address and browser information in pseudonymized form. Further details can be found in the Meta privacy policy.
With CrossEngage GmbH (Germany), we collect data on your user behavior in order to carry out targeted marketing measures. Further information can be found in the CrossEngage privacy policy.
LinkedIn Ireland Unlimited Company (Ireland) enables us to optimize advertising and create pseudonymized user profiles using LinkedIn pixels. IP addresses are anonymized and deleted after 90 days. Further information can be found here.
With Google Ads Customer Match from Google Ireland Ltd (Ireland), we segment target groups using encrypted email addresses that are uploaded to Google for matching. The encrypted email addresses are automatically deleted after matching. Further details on data processing by Google can be found here.
We are aware of our responsibility in handling personal data and would like to inform you about the use of social media plugins and the data protection aspects of our social media presence.
Our website contains social plugins from various social networks. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time via the Consent Manager. The data protection-compliant use of the plugins is the responsibility of the respective providers.
The plugins are integrated in such a way that they do not establish a connection to the social networks until you activate them. A connection to the respective network is only established when you click on the button.
We use Facebook plugins (e.g. "Like" and "Share" buttons) from Meta Platforms Ireland Ltd (Ireland). If you activate the plugin, your browser establishes a connection to Facebook servers. Even if you are not logged in, Facebook receives information such as your IP address. Further information can be found in the Facebook privacy policy.
Our website contains plugins from X (formerly Twitter), operated by Twitter International Unlimited Company (Ireland). If you activate the plugin, your browser establishes a connection to X servers. Your IP address and your visit to the site may be transmitted to X. Further details can be found in the X privacy policy.
We use plugins from Instagram LLC. (USA). When you activate an Instagram plugin, a connection to Instagram servers is established and your IP address is transmitted. Further information can be found in the Instagram privacy policy.
Links to our YouTube page are integrated in extended data protection mode so that no usage data is transmitted to Google. Further details can be found in the Google privacy policy.
We operate public profiles in the following social networks:
We operate the social media profiles in joint responsibility with the platform providers in accordance with Art. 26 GDPR.
When you visit our social media profiles, the platform operators use cookies and similar technologies to compile visitor statistics and to personalize advertisements in a targeted manner. This information may also be used by other service providers and partners of the platform operators.
Further information can be found in the respective privacy policies of the platforms:
The anonymized statistics we receive help us to optimize marketing measures. The network operators ensure that data is transferred to the USA on the basis of standard contractual clauses in order to guarantee data protection.
We also use the profiles to communicate with customers and interested parties and to present our offer. Other data (e.g. through comments or messages) is only used for interaction. The legal basis is our legitimate interest in an optimized company presentation in accordance with Art. 6 para. 1 lit. f) GDPR.
We use the tools Mailgun (Mailgun Technologies, Inc., USA) and Sparkpost (Sparkpost, USA) to send transactional and service emails. The following personal data is transmitted for this purpose:
We base this processing on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to ensure automated communication of security-relevant information and service notifications.
For outreach campaigns, we use Pitchbox (Pitchbox LLC, USA), which enables us to send, receive and measure success. Your e-mail address is transmitted to Pitchbox. This processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in direct advertising in accordance with Recital 47 GDPR.
We use specialized service providers to increase security on Bestwrist. For this purpose, IP addresses and other transaction information are recorded and only assigned if fraud is suspected. If service providers are based in the USA, we ensure that they comply with the EU standard contractual clauses. The legal basis is Art. 6 para. 1 lit. f) GDPR.
We use the AutoIdent solution from IDnow (Germany) for user identification. Among other things, first and last name, date of birth and ID number are recorded. A manual check is carried out in the event of discrepancies. This data processing is carried out in accordance with Art. 6 para. 1 lit. b) and lit. f) GDPR for fraud prevention.
We use the AutoIdent solution from IDnow (Germany) for user identification. Among other things, first and last name, date of birth and ID number are recorded. A manual check is carried out in the event of discrepancies. This data processing is carried out in accordance with Art. 6 para. 1 lit. b) and lit. f) GDPR for fraud prevention.
This data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR to improve marketplace security.
Potential cases of fraud are forwarded to Bestwrist Direct GmbH in order to prevent transactions with suspicious customers. The e-mail address and first and last name are passed on. This data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of a joint responsibility agreement in accordance with Art. 26 GDPR.
We use Cloudflare Turnstile to protect against spam. Among other things, the IP address and system information are analyzed. The processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR.
We use Ubble from NJFVision SAS (France) for identity verification. Video recordings and biometric data are collected. Data is deleted after 96 hours; the verification results are visible for 90 days. Processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR for fraud prevention.
In accordance with the GDPR, you have rights such as revocation, information, correction, deletion, restriction, data portability and complaint. Simply exercise your right to object by sending an email to support@bestwrist.com.
Our website uses TLS encryption and organizational security measures to protect your data. Registered users should treat their access data confidentially.
Your data will be deleted in accordance with statutory retention periods. We retain data for legal defense for up to three years.
This privacy policy is valid from January 2025 . Changes will be published at https://www.bestwrist.de/datenschutz