Privacy Policy

I. Definitions

The definitions are based on Art. 4 DSGVO. For the sake of transparency, we list some essential terminology below:

"processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject");

"controller" means the natural or legal person who alone or jointly or together with others determines the purposes and means of the processing of personal data;

"processor" means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"recipient" means any natural or legal person, public authority, agency or other body to whom personal data are disclosed.

II. Controller

The data controller of this website is Tribu Berlin GmbH ("Tribu" or "we"), Boxhagenerstr. 117 10245 Berlin.

You can reach us at: support@tribu-box.com

III. Principles for the processing of personal data

The processing of personal data is governed by the principles as set out in the GDPR. In particular, processing will only take place lawfully, in a manner that is comprehensible to the data subject and for specified, explicit and legitimate purposes. In addition, the principle of data minimisation applies, according to which data processing is limited to what is necessary.

IV. Legal basis for the processing of personal data

Your personal data will only be collected and processed by us in accordance with the provisions of the GDPR and other provisions of European and applicable national data protection law.

Insofar as we obtain consent from you, the legal basis for data processing is Art. 6 (1) UAbs. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. 

If the processing of your personal data is necessary for the performance of a contract or pre-contractual measures, the legal basis is Art. 6 para. 1 UAbs. 1 lit. b DSGVO. 

If we are legally obliged to process the data, the legal basis is Art. 6 para. 1 UAbs. 1 lit. c DSGVO. 

If the processing is necessary to protect our legitimate interests or those of a third party and your interests, fundamental rights and freedoms are not overridden, the legal basis for the processing is Art. 6 para. 1 UAbs. 1 lit. f DSGVO. 

V. What personal data we process and for what purposes

Tribu collects different types of personal data for different purposes: 

1. Visiting our website

When you visit our website, data and information are automatically collected. This is 

the page from which the file was requested

the name of the file,

the date and time of the request,

the time you spent on the site,

the amount of data transferred,

the access status (i.e. whether the file was transferred or possibly not found, etc.),

the anonymised IP address of the requesting computer,

a description of the type and version of the web browser used,

the operating system installed and the resolution set.

The collected data is stored in the log files of our system. This data is not stored together with other personal data.

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 UAbs. 1 lit. f DSGVO. We have a legitimate interest in collecting and temporarily storing the aforementioned data. The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer and is done to ensure security and functionality. The data is deleted as soon as it is no longer required for the purpose stated here. This usually happens after seven days.

2. Contact

You have the possibility to contact us via the address and e-mail address mentioned in the imprint. We store the sender data you send us, such as e-mail address, name, telephone number and other data you provide. The legal basis for the processing is Art. 6 para. 1 UAbs. 1 lit. b DSGVO and Art. 6 para. 1 UAbs. 1 lit. f DSGVO. We have a legitimate interest in answering your enquiries. In addition, the request may be a case of contract initiation.

3. Online shop, customer account and means of payment

On our website, you have the option to create a customer account. To create a customer account, you are required to enter your first and last name and e-mail address. In addition, you set an individual password. The registration is voluntary. In your customer account you can store further data, such as addresses, telephone numbers, further e-mail addresses. Information about your orders and subscriptions is also stored. As soon as you order something via the customer account, the legal basis is the fulfilment of a contract, previously the implementation of pre-contractual measures, Art. 6 para. 1 UAbs. 1 lit. b DSGVO.

In the context of orders that you can also place as a guest (without a customer account), we also collect your address, telephone number and payment data. We will send you a corresponding e-mail to confirm the order and dispatch. We use this data exclusively for processing the order process and the contractual relationship. The legal basis is Art. 6 para. 1 UAbs. 1 lit. b DSGVO. We use the service providers Circuly GmbH ("Circuly") and Sendcloud GmbH to send electronic shipping notifications. We also use Circuly for the administration of subscriptions and for invoicing. The order process is handled by the service provider Circuly GmbH, Obernstrasse 50 33602 Bielefeld ("Circuly"). There may be a data transfer to the USA within the scope of the processing by ReCharge, which is secured by the agreement of standard data protection clauses pursuant to Art. 46 para. 2 lit. c DSGVO. Further information on data processing by Circuly can be found at: https://www.circuly.io/data-privacy.

We offer payment methods of various services and service providers: 

Sofortüberweisung: Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.

Klarna: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, https://www.klarna.com/de/datenschutz;

Mastercard: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; https://www.mastercard.de/de-de/datenschutz.html; 

Visa: Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, UK; https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html;

Apple Pay: Apple Inc, Infinite Loop, Cupertino, CA 95014 USA; https://www.apple.com/de/legal/privacy/; 

Google Pay: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; https://policies.google.com/privacy; 

Circuly GmbH., Obernstrasse 50 33602 Bielefeld ("Circuly"); https://www.circuly.io/data-privacy

PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg;  https://www.paypal.com/myaccount/privacy/privacyhub

If you pay by credit card, the following data will be collected: Name of the credit card holder, credit card number, validity period of the credit card, security code. If you decide to pay by direct debit, the following payment data will be collected: IBAN. 

We do not collect and store the payment data ourselves, but these are collected directly by the above-mentioned service providers. The legal basis for the data processing is Art. 6 (1) UAbs. 1 lit. b DSGVO, as the processing of the data is necessary for the payment and thus for the execution of the contract.

4. Newsletter

You can order our newsletter via our website. The newsletter informs you, among other things, about changes to our services and products as well as special offers. To subscribe to the newsletter, you need to provide your e-mail address. 

You can unsubscribe from the newsletter at any time by revoking your consent. You can unsubscribe either by sending a message to the contact options described above or via a link provided for this purpose in the newsletter.

After subscribing to the newsletter, we will send you a confirmation e-mail to ensure that you actually wish to receive our newsletter. After confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis of the processing is your consent according to Art. 6 (1) UAbs. 1 lit. a DSGVO. In addition, we store your IP address and the time of registration and confirmation in order to be able to prove your consent and to detect possible misuse of personal data. The legal basis in this respect is Art. 6 para. 1 UAbs. 1 lit. f DSGVO.

We also use newsletter tracking. This enables us to find out whether the newsletter sent was opened by the recipient, at what time the newsletter was called up and the associated IP address. We can also see which contents were particularly interesting. The legal basis of the processing is your consent according to Art. 6 (1) UAbs. 1 lit. a DSGVO.

To send the newsletters, we use Mailchimp, a service provided by The Rocket Science Group, LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA) and have concluded an order processing agreement. It cannot be ruled out that data transfer or data processing will take place in a third country. We have concluded standard contractual clauses with the service provider for this purpose in accordance with Art. 46 (1) lit. c DSGVO. 

VI. Use of cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Cookies serve to make the website as a whole more user-friendly and effective. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognise your browser on your next visit (persistent cookies). In addition to cookies, other technologies are also used, such as "fingerprinting", which creates an individual ID from various information.

The legal basis for the use and storage of essential, technically and functionally necessary cookies or technologies is Art. 6 para. 1 UAbs. 1 lit. f DSGVO and § 25 para. 2 No. 2 TTDSG. We have a legitimate interest in storing cookies for the technically error-free provision of our website and certain absolutely necessary webshop functionalities, such as the use of so-called "shopping cart" cookies. Non-essential cookies are only set with your consent in accordance with Art. 6 para. 1 UAbs. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time with effect for the future. 

We use Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses cookies. The information generated by the cookie about your use is usually transmitted to a Google server in the USA and stored there. We have activated IP anonymisation on this website by adding the code "gat._anonymizeIp();" so that your IP address is shortened beforehand by Google within member states of the European Union or the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. A data transfer to the USA may take place, which is secured by the agreement of standard contractual clauses in accordance with Art. 46 (2) lit. c DSGVO. When configuring Google Analytics, care was taken to ensure that Google receives this data as an order processor. Google also uses the data for the purposes of advertising, market research and/or demand-oriented design of its own offer. In doing so, Google may link the data with other user data (such as search history, personal accounts, usage data of other devices and any other data Google has on this user). The collected data is automatically deleted in Google Analytics after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month. The legal basis for data processing is your consent, Art. 6 para. 1 UAbs. 1 lit. a DSGVO, § 25 para. 1 S. 1 TTDSG. You can revoke your consent to the use of Google Analytics at any time with effect for the future. You can find more information on Google's terms of use and data protection at http://www.google.com/analytics/terms/de.html or at https://policies.google.com/?hl=de.

VII. Retention of personal data, deletion of your data

We store your personal data only for as long as is necessary for the purposes stated and then delete it. We store your personal data to the extent necessary to comply with our legal obligations, such as retention periods under tax law. Any further processing and storage, for example for the purposes of legal prosecution or legal defence, remains unaffected. 

VIII. Recipients

We only pass on your personal data to recipients if this is necessary for the purpose of processing the contract or handling the services you have used, if there is a legal obligation to do so or if you have given your prior consent. Data will only be passed on to the extent specified above.

IX. Profiling

We do not carry out automated decision-making including profiling in accordance with Art. 22 DSGVO.

X. Rights of the data subjects

As a data subject or data subject, you have the following rights:

1. Information

You can request information from us at any time within the framework of the legal provisions as to whether personal data is being processed by us. If this is the case, you have the right to request information about the scope of the data processing (Art. 15 DSGVO). If you would like to know whether and, if so, which personal data we have stored about you, please contact us at support@tribu-box.com. 

2. Correction

You have the right to request that inaccurate personal data concerning you be corrected or completed (Art. 16 DSGVO).

3. Deletion

Under the conditions of Art. 17 DSGVO and § 35 BDSG, you have the right to demand that we delete the personal data concerning you without delay. The right to erasure does not exist, among other things, if the processing is necessary for compliance with a legal obligation or for the assertion or exercise of legal claims or the defence against them.  

4. Restriction of processing

You may request the restriction of processing under the conditions set out in Art. 18 DSGVO.

5. Data transfer

You have the right to receive personal data concerning you, under the conditions of Art. 20 DSGVO, in a structured, common and machine-readable format and to transmit it to other companies.

6. Right to object

You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 UAbs. 1 lit. e or f DSGVO (Art. 21 DSGVO). After receiving your objection, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You may object to the processing of your data for the purpose of direct marketing at any time. In this case, we will no longer process the personal data for these purposes.

7. Revocation

You can revoke consent given by you for the processing of personal data at any time without giving reasons. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8. Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data concerning you infringes data protection (Art. 77 DSGVO). 

Limitation of Liability: Tribu Box takes all reasonable steps to ensure the security and privacy of the information provided by our customers. However, in the event of accidental disclosure of contact information or other security breaches, Tribu Box does not accept responsibility for any potential legal actions that may arise from such incidents. Customers acknowledge that Tribu Box has taken appropriate measures to protect their information, but they also understand that no security measure is completely error-free. By using our services, customers release Tribu Box from any legal liability related to the accidental disclosure of information or other security breaches, provided that reasonable and compliant actions have been taken in accordance with applicable laws and regulations.