recash logo

    Data Protection Policy

    Valid from: 01.02.2025

    1. Who is responsible for data processing?

    In accordance with the General Data Protection Regulation (GDPR), the responsible entity is:

    Circular Service GmbH
    c/o TT63 GmbH
    Gustav-Schwab-Str. 9
    81673 Munich, Germany

    Commercial Register: HRB 290030
    Registration Court: Munich
    Email: info@getrecash.com

    We have appointed a Data Protection Officer who can be contacted at the above address or by email.

    2. What data do we collect and why?

    When using our website or the recash app:

    Automatically collected data:

    • IP address
    • Device ID
    • Browser and OS information
    • Date/time of access
    • Referrer URL
    • Session and interaction data

    Purpose:
    To operate and secure the website/app (Art. 6 para. 1 lit. f GDPR).

    User-provided data (during registration and platform use):

    • Name and address of the company
    • Company location
    • Name of registered individuals, profile pictures, email addresses, preferred language
    • Username and password
    • Contact phone numbers
    • Email addresses
    • Account and payment data
    • Tax ID

    Purpose:
    To provide a user account, enable contract formation, and fulfill platform obligations (Art. 6 para. 1 subpara. 1 (b) and (f) GDPR).

    We assign an ID number to every registered person.

    Direct marketing:
    We may use your data, particularly contact data, for direct advertising via email if obtained during service/product sale (Art. 6 para. 1 subpara. 1 (f) GDPR).

    Credit checks:
    Rarely, we may use your data to verify creditworthiness (Art. 6 para. 1 subpara. 1 (f) GDPR).

    Processing order data:
    Details of orders processed on the platform are stored to fulfill contracts and maintain legal clarity (Art. 6 para. 1 subpara. 1 (b) and (f) GDPR).

    Processing creditworthiness data:
    In rare cases, we may use data from third-party sources (e.g. Schufa, Creditreform, trade registers) (Art. 6 para. 1 subpara. 1 (f) GDPR).

    Tracking data:
    We collect browser/device/user behavior data to ensure safe operation. If not technically necessary, processing is based on your consent (Art. 6 para. 1 subpara. 1 (a) GDPR).

    3. Who can obtain your data?

    We may pass on your data to third parties to execute contracts and manage the platform.

    Recipients include:

    • Trade partners
    • Suppliers
    • Carriers and freight forwarders
    • Service providers (e.g., for payments, administration, and advertising)

    Legal basis:
    Art. 28 GDPR or other contractual agreements.

    International transfers:
    When outside the EU/EEA, we ensure data protection standards via adequacy decisions (Art. 45 GDPR) or other safeguards (Art. 46 GDPR).

    Example:

    • Hubspot | Name, address, email, payment data, phone number, tax number | Sales | Germany, USA

    4. Analytics and Third-Party Tools

    4.1. Cookies

    Used for functionality and analytics.

    • Necessary cookies: Art. 6 para. 1 lit. f GDPR
    • Other cookies: Art. 6 para. 1 lit. a GDPR

    4.2. Google Analytics

    Used for visitor analytics and service optimization.

    • Provider: Google Ireland Limited
    • Legal basis: Art. 6 para. 1 lit. a GDPR
    • Data transfer: USA (EU-U.S. Data Privacy Framework)
    • Retention: 14 months
    • DPA: Concluded

    4.3. Brevo (Sendinblue GmbH)

    Used to send transactional emails.

    • Legal basis: Art. 6 para. 1 lit. b GDPR
    • Recipients: Brevo
    • Third-country transfers: India, USA (SCCs), Canada (adequacy decision)
    • Retention: 14 months
    • DPA: Concluded

    4.4. Google Tag Manager

    Used to manage and fire tracking/analytics tags.

    • Legal basis: Art. 6 para. 1 lit. a GDPR
    • Recipient: Google Ireland Limited
    • Data collected: IP, usage, referrer, geo-location
    • Retention: Tag Manager itself stores no personal data

    4.6. Cookie Consent Management – Cookiebot (Usercentrics)

    Manages and documents consent.

    • Legal basis: Art. 6 para. 1 lit. c GDPR
    • Provider: Usercentrics GmbH, Munich
    • Data collected: Consent info, IP, timestamp, banner language, settings
    • Retention: 1 year
    • No third-country transfer

    5. Social Media & Embedded Third-Party Content

    When clicking external links (e.g., YouTube, social media), their own privacy policies apply.
    No data is shared unless you interact (e.g., click a link).

    6. How long do we store your data?

    Data is retained only as long as needed for processing or legal compliance.
    Afterward, it is deleted unless statutory retention periods apply.

    7. Your rights

    Under the GDPR, you have the right to:

    • Access (Art. 15)
    • Rectification (Art. 16)
    • Erasure (Art. 17)
    • Restriction (Art. 18)
    • Data portability (Art. 20)
    • Object (Art. 21)
    • Withdraw consent (Art. 7 para. 3)
    • Lodge a complaint (Art. 77)

    Supervisory Authority:
    Bayerisches Landesamt für Datenschutzaufsicht
    Promenade 18, 91522 Ansbach, Germany

    8. Updates to this policy

    This privacy policy may be updated at any time to reflect legal or service changes.
    The current version will always be available on our website.

    recash logo

    © 2024 Copyright, Circular Service GmbH

    Contact Us

    Shop

    Login

    Sell

    Privacy

    Terms

    Imprint