In our User Privacy Notice we have compiled all essential information about our handling of your personal data and your corresponding rights for you.

1. Scope and updates of this User Privacy Notice

This User Privacy Notice applies to your use of this website and all SpartaCrypto applications, services (including payment services), products and tools (collectively the “Services”), regardless of how you access or use these Services, including access via mobile devices and apps. This User Privacy Notice also applies if reference is made to it via a link or in a similar manner, e.g. on websites of partners on which Services from SpartaCrypto are offered. We may change this User Privacy Notice at any time by posting the revised User Privacy Notice on this website and indicating the effective date of the revised User Privacy Notice. You will be notified of any material changes to this User Privacy Notice via email.

2. Controller

Which SpartaCrypto group company is responsible for the collection and processing of your personal data in connection with the provision of the Services depends on how you use our Services.

2.1 Use of the Services

Depending on the region in which you are located, one of the following eBay group companies is responsible for the collection and processing of your personal data in connection with the provision of our Services (except payment services for sellers):

  • USA: eBay Inc., 2025 Hamilton Avenue, San Jose, CA 95125, USA Canada: eBay Canada Limited, 240 Richmond Street West, 2nd Floor Suite 02-100 Toronto, Ontario, M5V 1V6, Canada
  • EU: eBay GmbH, Albert-Einstein-Ring 2-6, 14532 Kleinmachnow, Germany
  • United Kingdom: eBay (UK) Limited, 1 More London Place, London, SE1 2AF, United Kingdom
  • India: eBay Singapore Services Private Limited, 10 Collyer Quay, #10-01 Ocean Financial Centre, Singapore 049315
  • For all other countries: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland

2.2 Use of the payment services for sellers

Depending on the region in which you are located and whether we provide our payment services there, the following eBay group companies are responsible for the collection and processing of your personal data in connection with the provision of our payment services to sellers:

  • USA: eBay Commerce Inc., 2065 Hamilton Ave., San Jose, CA 95125, USA
  • EU: eBay S.à r.l., 22-24 Boulevard Royal, L-2449 Luxembourg
  • UK: eBay Commerce UK Ltd., 1 More London Place, London SE1 2AF, United Kingdom
  • Canada: eBay Commerce Canada Limited, 44 Chipman Hill, Suite 1000, Saint John NB E2L 2A9, Canada’
  • Australia: eBay Commerce Australia Pty. Ltd., Level 18, 1 York Street, Sydney NSW 2000, Australia

As described in our Payments Terms of Use, your personal data may be processed by one or more of these companies depending on your location and the location of the eBay website on which a user completes a transaction with you.

3. Data protection officer and contact

We have appointed data protection officers in several countries to oversee the protection of your personal data. You will find the contact details of your data protection officer in the list of our data protection officers in our eBay Privacy Center. Furthermore, if you have any questions or complaints regarding this User Privacy Notice, our global data protection principles (see section 6.1 Data transfers to eBay Inc. corporate family members under section 6. International data transfers below) or our handling of personal data, you can contact the eBay Privacy Team or the controller who is responsible for the processing of your personal data at any time (for further information, see section 2. Controller above). This applies regardless of whether we have appointed a data protection officer in your country or not. You can find all necessary information and contact details in our eBay Privacy Center.

4. What personal data we collect and process

We collect your personal data when you use our Services, create a new SpartaCrypto account, provide us with information via a web form, add or update information in your SpartaCrypto account, participate in online community discussions or otherwise interact with us. We also collect personal data from other sources (such as other credit agencies or bureaus, and data providers). In total, we collect the following personal data:

4.1 Personal data you provide when using our Services or creating a SpartaCrypto account

  • Data that identifies you, such as your name, address, telephone numbers, email addresses, your username or your tax identification number that you provide when setting up your SpartaCrypto account or at a later date.
  • If you use our payment services as a seller, additional identification data (such as social security number or date of birth), tax identification numbers (such as VAT identification number) and other information (such as bank account number) that you provide when using our payment services as a seller.
  • Data regarding purchases or sales that you provide in a transaction.
  • Content that you share with other users through our messaging tools (see Filtering of messages sent via our messaging tools under section 11. Other important information regarding data protection for more information).
  • Financial information (e.g. credit card and account numbers, transaction details, and form of payment). Shipping, billing, and other information you provide, as well as information required for customs clearance (such as tax identification numbers or other identification numbers) and relevant shipping information (such as shipment numbers and tracking information) if shipped through one of our programs.
  • In some cases: age, gender, country of birth, nationality, employment status, family status, interests and preferences.
  • You may provide us with additional information through a web form or by updating or adding information to your SpartaCrypto account, by participating in community discussions, member chats, surveys, inquiries, dispute resolution, customer service calls recorded with your consent, or if you contact us for any other reason regarding our Services. Other data that we are required or entitled by applicable law to collect and process and that we need for your authentication or identification, or for the verification of the data we collect.

4.2 Personal data we collect automatically when you use our Services or create an SpartaCrypto account

  • Data that is generated as part of one of your transactions (purchases or sales) or that is linked to your SpartaCrypto account as a result of a transaction in which you are involved, such as transaction amounts, time and location of transactions and form of payment or payout method.
  • Data that is generated through your other actions when you use our Services and which is linked to your SpartaCrypto account, e.g. when you place items in your shopping cart, place items on the watch list, save sellers, searches or interests, or follow users.
  • Data regarding all other interactions with our Services, your advertising preferences, and your communications with us.
  • Location data, including your general location data (e.g., IP address) and, with your permission, the precise location data of your mobile device. Please note that for most mobile devices, you can manage or disable the use of precise location services for all applications in the settings menu of your mobile device.
  • Computer and connection information, such as statistics regarding your use of our Services, information on data traffic to and from websites, referral URL, information on advertisements, your IP address, your access times including accessed pages within our Services, your language settings and your weblog information.

4.3 Personal data we collect in connection with the use of cookies and similar technologies

We use cookies, web beacons and similar technologies to collect data in connection with our Services. We collect this data from the devices (including mobile devices) that you use our Services with. The data collected includes the following usage- and device-related information:

  • Data about the pages you visit, the access time, frequency and duration of visits, the links on which you click and other actions you take as part of your use of our Services and in advertising and email content.
  • Data about your activities and interactions with our advertising partners including data about the advertisements you were shown, how often they were shown, when and where they were shown, and whether you took any action, such as clicking on an advertisement or making a purchase.
  • The user segment or category into which you as a user fall, for example: female, 20-49 years old, interested in sneakers.
  • Model or device type, operating system and version, browser type and settings, device ID or individual device identifier, advertisement ID, individual device token, and cookie-related data (e.g. cookie ID).
  • The IP address from which your device accesses our Services.
  • Location data, including your general location data (e.g., IP address) and, with your permission, the precise location data of your mobile device. Please note that most mobile devices allow you to manage or disable the use of precise location services for all applications in the settings menu.

4.4 Personal data from other sources

We also collect personal data about you from other sources and from third parties to the extent permitted by applicable law. In particular, this includes the following data:

  • Data from public sources (e.g. demographic data)
  • Data from credit agencies or bureaus (e.g. credit reports/checks, identity confirmation, data for risk modeling and setting of credit limits)
  • Data from data providers (e.g. “Know Your Customer”/identity verification, demographic, interest-based and online advertising related data)
  • With regard to our payment services for sellers: data from government or other sources concerning any previous convictions of the respective seller, to the extent permitted by applicable law

We combine or connect the personal data we collect from you with data from these other sources. Where personal data is disclosed to us by third parties, we take steps to ensure that these third parties are legally permitted to disclose your personal data to us. We also receive access to personal data about you from other members of the SpartaCrypto corporate family.

4.5 Social network data you share with us

  • We allow you to use social networks (such as Facebook) or other providers of single sign-on services (such as Google or Apple) with whom you already have an account to create a SpartaCrypto account or to link your SpartaCrypto account to such single sign-on services. You can determine the personal data that we can access when authorizing the connection with the single sign-on service.
  • We allow you to share personal data with social networks (such as Facebook) or to link your SpartaCrypto account to a social network. These social networks may automatically provide us with access to certain personal data they have stored about you (e.g. content you have viewed or enjoyed, information about the advertisements you have been shown or clicked on, etc.). You can determine the personal data that we can access through the privacy settings of each social network.
  • We may also use plug-ins or other technologies from various social networks. If you click on a link displayed through a social network plug-in, you voluntarily connect to that social network.

5. Purposes and legal basis for data processing and categories of recipients

We process your personal data for various purposes and based on several different legal bases that allow this processing. For example, we process your personal data to provide and improve our Services, to provide you with a personalized user experience on this website, to contact you about your SpartaCrypto account and our Services, to provide customer service, to provide you with personalized advertising and marketing communications, and to detect, prevent, mitigate and investigate fraudulent or illegal activity. We also share your information with third parties, including service providers acting on our behalf, for these purposes. In addition, we may share your personal data among SpartaCrypto group companies in order to fulfil our contract with you under the User Agreement and, if applicable, the Payments Terms of Use. Below you will find a summary of the purposes for which we process your personal data, including the categories of recipients to whom we transmit personal data for the purposes stated, sorted by our legal basis for this processing or sharing:

5.1 We process your personal data in order to fulfil our contract with you and to provide you with our Services. This includes the following purposes:

  • Processing of data relating to you or your company for the purpose of entering into a contract with you and executing it.
  • Provision of our Services, including but not limited to enabling and performing transactions with other users (including the transmission of your personal data to other users where necessary to perform the transaction, including in cases of terminated, failed or subsequently voided transactions, e.g. by sharing your return address so a buyer may return an item), displaying your transaction and feedback history to you, providing and enhancing features such as payment processing, ratings and SpartaCrypto account management, providing other services you may use (as described in connection with such services), and ensuring the functionality of our Services. In connection with the provision of our Services, we will send you notifications relating to the execution of transactions and the use of our Services in accordance with the communication preferences in your SpartaCrypto account.
  • Enabling the delivery of purchased items by logistics/shipping service providers including notifications in connection with the delivery (such as tracking information), the latter to the extent permitted by applicable law without your consent.
  • Provision of our payment services in accordance with the Payments Terms of Use.
  • Providing general customer support including the solution of problems with your SpartaCrypto account, arbitration of disputes, providing other services within the scope of customer service as well as enforcement of fee claims. For these purposes, we may contact you via notification through email, telephone, SMS, push notification on your mobile device or by mail. If we contact you by telephone, in order to ensure efficiency, we may use automatically dialed calls with tape announcements or automated text messages in accordance with our User Agreement and Payments Terms of Use, to the extent permitted by applicable law.
  • Processing of general location data (such as IP address or postal code) in order to provide you with location-based services (such as radius search and other content that is personalized on the basis of your general location data).
  • Enforcement of our User Agreement, Payments Terms of Use, this User Privacy Notice and other rules and policies.
  • Publication and promotion of your listings and related content on the websites or in the applications, services and tools of other SpartaCrypto corporate family members or cooperating third party operators of websites, applications, services and tools. When we share the content of your listings and any related personal data with third parties, we do so only on the basis of an agreement that limits the use of such personal data by the third party to the purposes necessary to fulfil its contractual obligations to us. Third party providers are contractually obliged to take appropriate security measures with regard to this data. Third party providers are strictly forbidden to pass on personal data contained in your listings to other third parties. In case of data transmissions to SpartaCrypto corporate family members, such restrictions result from our Binding Corporate Rules.

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Other SpartaCrypto users
  • SpartaCrypto’s corporate family members
  • External service providers, authentication partners, physical storage service partners, and shipping companies (such as DHL, UPS, etc.)
  • Government agencies or public authorities (including customs and tax authorities)
  • Payment service providers
  • External operators of websites, applications, services and tools

5.2 We process your personal data in order to comply with legal obligations to which we are subject. This includes the following purposes:

  • Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or government agencies, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
  • Prevention, detection and mitigation of illegal activities (e.g. fraud, money laundering and terrorist financing).
  • Complying with information requests from third parties based on any statutory information rights they have against us (e.g. in the event of an intellectual property infringement, product piracy, or other unlawful activity).
  • Ensuring the information security of our Services.
  • Retention and storage of your personal data to comply with specific legal retention requirements (for more information on SpartaCrypto’s storage of your data, see section 7. Storage duration and erasure).

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies (in connection with our payment services provided in the EU for sellers in particular with regard to compliance with Luxembourg laws concerning FATCA dated July 7, 2015 and concerning the OECD Common Reporting Standard dated December 18, 2015).
  • Third parties based on statutory information claims against us
  • Third party service providers
  • Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us.
  • Credit agencies, bureaus, or associations, if required by applicable law (e.g. information on payment delays, payment defaults or other irregularities that may be relevant to your credit report).
  • SpartaCrypto’s corporate family members

5.3 We process your personal data in order to protect your vital interests or the vital interests of another natural person. This includes the following purposes:

  • Prevention, detection, mitigation and investigation of unlawful activities that may result in impairment of your vital interests or the vital interests of another natural person, unless there is a statutory obligation to this effect.

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • Law enforcement agencies, courts, government agencies or public authorities (including tax and financial authorities), intergovernmental or supranational bodies
  • Third parties who are involved in judicial proceedings
  • SpartaCrypto’s corporate family members
  • External service providers

5.4 We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. In order to reconcile our legitimate interests with your rights, we have introduced appropriate control mechanisms. On this basis, we process your data for the following purposes:

  • Participation in investigations and proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation to this effect, and we may legitimately assume that the disclosure of the data is necessary to avert imminent disadvantages or to report a suspicion of an illegal act. In such cases, we will only disclose what we believe is necessary, such as your name, city, zip code, telephone number, email address, (previous) usernames, IP address, fraud complaints, bidding and listing history.
  • Protection of the legitimate interests of third parties in connection with civil law disputes, including the investigation of such disputes, unless there is a statutory obligation to this effect, if we may legitimately assume that it is necessary to disclose the data to such third parties in order to avert imminent disadvantages.
  • Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (e.g. through the use of captchas, a port enumeration technology to identify user sessions using remote desktop tools or the telephone number stored in your SpartaCrypto account for risk assessments and two-factor authentication), unless there is a statutory obligation to this effect.
  • Monitoring and improvement of the information security of our Services, unless there is a statutory obligation to this effect.
  • Performance of identity checks, creditworthiness and other financial standing checks, evaluation of applications and comparison of information for accuracy and verification purposes.
  • Automatic filtering and, where necessary, manual review of messages sent through our messaging tools (including chat messages and emails sent to SpartaCrypto alias email addresses) to prevent fraudulent or suspicious activity or violations of our User
  • Agreement or other rules and policies, including enforcing the prohibition of purchases and sales outside of SpartaCrypto, as further explained below under Filtering of messages sent via our messaging tools (see section 11. Other important information regarding data protection).
  • Provision of functions for users that make the processing of transactions easier or more convenient (e.g. administration of several delivery addresses).
  • Analysis and improvement of the Services from SpartaCrypto corporate family members, e.g. by reviewing site usage data or information from users about blocked or crashed pages in order to identify and solve problems and to provide you with an improved user experience, including as part of product development.
  • Analysis of telephone conversations with our customer service that we recorded with your consent.
  • Advertisements by mail (according to your communication preferences in your SpartaCrypto account).
  • To the extent permitted by applicable law without your consent, communications with you via electronic mail (e.g. email or text message) or telephone to offer you vouchers, discounts and special offers, to conduct opinion polls and surveys, and to inform you about our Services (according to your communication preferences in your SpartaCrypto account). If you do not wish to receive email marketing communications from us, you can also unsubscribe by clicking on the link in the email you received.
  • For technical reasons, the implementation may take a few days.
  • Notifications regarding promotions and information about our Services after logging into your account.
  • For users outside the European Economic Area (EEA), Switzerland and the United Kingdom: Personalization, measurement and improvement of advertisements in our online offerings, the online offerings of SpartaCrypto’s corporate family members or third parties.
  • Customization of page content to display the items and services you may like based on the actions you take.
  • Evaluation of the quality and success of our email marketing campaigns (e.g. through analysis of opening and click rates).
  • Assessment of the service status (e.g. on the basis of tracking information if sellers use shipping labels from shipping providers via SpartaCrypto or provide tracking numbers).
  • Offering of partner and bonus programs and other co-branded marketing efforts, e.g. seller financing offers or co-branded credit cards in collaboration with a third party lender or credit card issuer.
  • Provision of shared content and services (such as registration for services, transaction processing and customer service) with SpartaCrypto’s corporate family members or cooperating payment service providers.
  • Initiation, preparation and execution of a company acquisition, e.g. in the event of a merger with another company or takeover by another company. If such an event occurs, we will require the merged entity to comply with this User Privacy
  • Notice with respect to your personal data. Should your personal data be processed for any purpose not specified in this User
  • Privacy Notice, you will be informed in advance of the processing of your data for this new purpose.
  • Assertion of or defense against legal claims, including those asserted by one SpartaCrypto user against another SpartaCrypto user.

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • SpartaCrypto’s corporate family members
  • External service providers
  • Other SpartaCrypto users
  • Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
  • Third parties who are involved in judicial proceedings
  • Payment service providers
  • Credit agencies or bureaus, data verification services, risk assessment vendors and collections agencies (e.g. information about payment delays, payment defaults, or other irregularities that may be relevant to your credit report, or that we use to confirm your identity, model risk, establish credit limits, or collect unpaid debts)
  • Other companies in the context of a company acquisition
  • Other third parties in the event of an investigation for fraud, intellectual property infringement, retail crime, stolen goods, product piracy or other unlawful activity, if we, in our sole discretion, deem the investigation of such incident necessary or useful. In such cases, we will disclose personal data including the seller’s name, address, city, zip code, country, telephone number, email address and company name to the third party and bind the third party by a worldwide non-disclosure agreement to treat the data as confidential.

Information about your right to object to processing based on our legitimate interests can be found below under section 8. Rights as a data subject and, with regard to the use of cookies and similar technologies, below under section 9. Cookies & similar technologies.

5.5 With your consent, we process your personal data for the following purposes:

  • For users within the European Economic Area (EEA), Switzerland and the United Kingdom: Personalization, measurement and improvement of advertisements in our online offerings, the online offerings of SpartaCrypto’s corporate family members or third parties
  • Marketing communications by telephone or electronic mail (such as email or SMS), including communications by other SpartaCrypto’s corporate family members or by third parties, unless these communications are permitted without your consent under applicable law. We may engage third parties to send marketing communications on our behalf
  • Processing of your precise location data to provide location-based services. Please note that most mobile devices allow you to manage or disable the use of precise location services for all applications in the settings menu
  • For users within the European Economic Area (EEA): Storing your financial information (e.g. credit card and account numbers) for future transactions
  • Provision of a single sign-on service allowing you to register or log-in to third party services using your SpartaCrypto log-in credentials
  • Processing of your personal data on the basis of your consent, which you have given so that we or third parties can enable you to use certain services or make them available to you

You can find information about your right to withdraw your consent below under section 8. Rights as a data subject and information with regard to the use of cookies and similar technologies below under section 9. Cookies & similar technologies.

Where necessary, we transmit your personal data to processors and the following recipients for one or several of the purposes described above:

  • SpartaCrypto’s corporate family members
  • External service providers
  • Third parties using our single sign-on service (as authorized by you in each single case)
  • Other third parties with whom we partner to offer you specific services (as described at the collection of the respective user consent)
  • Third party financial institutions with whom we partner to offer financial products to you, for them to provide joint content and services (such as, registration, transactions and customer support). These third party financial institution partners will use your personal data to send you marketing communications only if you have requested their services

5.6 Data Sharing between SpartaCrypto’s Corporate Family Members

As set out above under “Personal data from other sources”, we also receive access to personal data about you from other SpartaCrypto corporate family members. This enables us, in particular, to provide you, with your consent as legally required, with information about products and services, which we believe might interest you, and improve our products, services, content, and advertising by analyzing your use of the services of other SpartaCrypto corporate family members, in particular through the matching of certain data (e.g. cookie IDs). Furthermore, this allows us to better prevent, detect, mitigate and investigate fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks. We will also grant access to personal data about you to other SpartaCrypto corporate family members for the aforementioned purposes. To the extent that other SpartaCrypto corporate family members have access to your personal data, they will follow practices that are at least as restrictive as the practices described in this User Privacy Notice.

5.7 Additional information regarding our payment services for sellers

With regard to our payment services for sellers in the EU, we additionally point out that SpartaCrypto is subject to professional secrecy, which requires special transparency with regard to the processing and, in particular, the transmission of your personal data. We therefore expressly draw your attention to the fact that SpartaCrypto may pass on your personal data to trustworthy third parties and business partners where necessary to provide our payment services for sellers, as described above in this Section 5 of the User Privacy Notice. This includes in particular the following third parties and business partners:

  • Other payment service providers, including financial institutions
  • Companies offering financial products, analyses and scoring (e.g. credit agencies or bureaus)
  • Authorities, agencies and other governmental bodies (e.g. to combat fraud)
  • Auditors and other professional advisors
  • You can request a complete list of all third party providers and business partners for our payment services for sellers in the EU by contacting us.

5.8 Automated decision-making

We use technologies that are considered automated decision making or profiling. We will not make any automated decisions about you that would significantly affect you unless such a decision is necessary for entering into, or the performance of, a contract with you, we have obtained your consent, or we are required by applicable law to use such technology. You will find information on your right to object to this processing of your data below under section 8. Rights as a data subject.

6. International data transfers

Some recipients of your personal data are located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring personal data to such recipients, we provide appropriate safeguards.

6.1 Data transfers to SpartaCrypto’s corporate family members

The transmission of personal data between different SpartaCrypto corporate family members (e.g. to enable cross border transactions and for other legally permitted purposes) is based on our worldwide data protection principles, which are binding internal data protection regulations (Binding Corporate Rules, BCRs), or on the basis of other appropriate safeguards (e.g. standard data protection clauses issued or approved by the European Commission (2021/914/EU, 2010/87/EU, 2001/497/EC or 2004/915/EC)). Through our Binding Corporate Rules, the SpartaCrypto corporate family members undertake to protect your personal data and to comply with data protection obligations. Further information on our binding company-wide guidelines and our worldwide data protection principles can be found in the SpartaCrypto Privacy Center.

6.2 Other data transfers (from the European Economic Area to third countries)

We may transfer your personal data to recipients (see section 5. Purposes and legal basis for data processing and categories of recipients) who may be located anywhere in the world. We will only transfer your personal data from the European Economic Area (EEA), United Kingdom or Switzerland to third countries, i.e. countries outside the EEA, on the basis of appropriate safeguards or if otherwise authorized by applicable law. Third countries providing an adequate level of data protection according to the European Commission currently include Andorra, Argentina, Canada (for companies covered by the Personal Information Protection and Electronic Documents Act), Switzerland (for transfers out of the EEA), the Faroe Islands, Guernsey, the State of Israel, the Isle of Man, Japan, Jersey, New Zealand, the United Kingdom and Uruguay. In other cases, SpartaCrypto provides the necessary safeguards, e.g. through the conclusion of data protection contracts adopted by the European Commission (e.g. standard data protection clauses (2021/914/EU, 2010/87/EU, 2001/497/EC or 2004/915/EC)) with the recipients, or through other measures provided for by law. A copy of the documentation of the measures taken by us is available on request. We regularly reevaluate the measures taken to assess requirements deriving from new regulatory guidance and case law, e.g. from the Court of Justice of the European Union (CJEU) decision in the matter C-311/18.

7. Storage duration and erasure

Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this User Privacy Notice (see section 5. Purposes and legal basis for data processing and categories of recipients for more information on the processing purposes). Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged or permitted to keep your personal data longer (e.g. for legal compliance, tax, accounting or auditing purposes, or to detect and prevent fraudulent or illegal activity on SpartaCrypto). In Europe, the retention periods are generally between 6 and 10 years (e.g. for contracts, notifications and business letters). As far as legally permissible or required, we restrict the processing of your data instead of deleting it (e.g. by restricting access to it). This applies in particular to cases where we may still need the data for the execution of the contract or for the assertion of or defense against legal claims, or where such retention is otherwise required or permitted by law. In these cases, the duration of the restriction of processing depends on the respective statutory limitation or retention periods. The data will be deleted after the relevant limitation or retention periods have expired. The specific retention periods for personal data are documented in our regional data retention guidelines. How long we retain personal data may vary depending on the Services we provide and our legal obligations under applicable national law. The following factors typically affect the retention period:

Necessity for the provision of our Services

  • This includes such things as executing the User Agreement with you, maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.

Consent-based processing of personal data

  • If we process personal data on the basis of consent (including consent to the extended storage), we store the data for as long as necessary in order to process it according to your consent.

Statutory, contractual or other similar obligations

  • Corresponding storage obligations may arise, for example, from laws or official orders. It may also be necessary to store personal data with regard to pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.

8. Rights as a data subject

Subject to possible restrictions under national law, as a data subject, you have the right to access, rectification, erasure, restriction of processing and data portability with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of our legitimate interests. You can also lodge a complaint with a supervisory authority. Your rights in detail:

  • You can withdraw your consent to the processing of your personal data by us at any time. As a result, we may no longer process your personal data based on this consent in the future. The withdrawal of consent has no effect on the lawfulness of processing based on consent before its withdrawal.
  • You have the right to obtain access to your personal data that is being processed by us. In particular, you may request information on the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, where possible the envisaged period for which the personal data will be stored or the criteria used to determine that period, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the personal data’s source (where they are not collected from you), the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details. Your right to access shall not adversely affect the rights and freedoms of others. Your right to access may be limited by national law.
  • You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • You have the right to obtain from us the erasure of personal data concerning you under certain conditions (e.g. when the personal data are no longer necessary in relation to the purposes for which they were processed or when they are no longer required for overriding legitimate grounds, such as the detection/prevention of fraud), unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. The right to erasure may be limited by national law.
  • You have the right to obtain from us restriction of processing your personal data to the extent that the accuracy of the data is disputed by you, the processing is unlawful, but you oppose the erasure of the personal data, we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing.
  • You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (“right to data portability”).
  • You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the registered office of the controller.
  • If your personal data is processed on the basis of our legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. This also applies to profiling. If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can exercise your rights as a data subject via our Privacy Contact page. In addition, you are of course free to contact the SpartaCrypto Privacy Team or the controller who is responsible for the processing of your personal data at any time (for further information, see section 2. Controller above). You can find all necessary information and contact details in our SpartaCrypto Privacy Center. The exercise of the above data subjects’ rights (e.g. right to access or erasure) is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee (at most our actual costs), in accordance with the applicable statutory regulations, or refuse to process the application.

Managing your communication preferences

If you would like to change your preferences regarding SpartaCrypto communications (including marketing communications), you can do so at any time. If you do not wish to receive email marketing communications from us, you can also unsubscribe by clicking on the link in the email you received. For technical reasons, the implementation may take a few days. For information on how to manage your cookie and similar technology preferences, see the next section 9. Cookies & similar technologies.

9. Cookies & similar technologies

When you use our Services, we and selected third parties use cookies and similar technologies to provide you with a better, faster and safer user experience or to show you personalized advertising. Cookies are small text files that are automatically created by your browser and stored on your device when you use the Services. You can find detailed information about the use of cookies and similar technologies and your choices in our User Cookie Notice. The cookies and similar technologies used in connection with the Services have different functions:

  • They may be technically necessary for the provision of our Services
  • They help us optimize our Services technically (e.g. monitoring of error messages and loading times)
  • They help us improve your user experience (e.g. save font size and form data entered)
  • They allow us to show you more relevant advertisements

We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). We take appropriate security measures to prevent unauthorized access to our cookies and similar technologies. Please see our User Cookie Notice for more information and your choices with respect to cookies and similar technologies, or go directly to Advertising and related preferences (users in the EEA, Switzerland and the United Kingdom) or AdChoice – SpartaCrypto Advertising Preferences (all other users) to manage your respective preferences. You are also free to disable the use of cookies and similar technologies if this is supported by your device. You can manage your cookie settings in your browser or device settings. You can find information about third party cookies (and similar technologies) related to advertising and how to prevent their use on the following websites:

  • www.youronlinechoices.com
  • www.aboutads.info/choices (only available in English)
  • www.networkadvertising.org/choices (only available in English)

If you decide not to allow third parties to process your personal data for advertising purposes via cookies (and similar technologies), this does not mean that we will not show you advertisements. It simply means that these advertisements will not be personalized for you using cookies, web beacons, or similar technologies.

10. Data security

We protect your personal data through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access and unauthorized disclosure and alteration. To this end we use firewalls and data encryption, for example, as well as physical access restrictions for our data centers and authorization controls for data access. You can find further information on our data security in our Security Center.

11. Other important information regarding data protection

This section contains important additional information about the protection of personal data in connection with the use of our Services, including whether you are required to provide personal data.

What happens when you share your personal data on our sites or applications?

Other users have access to the information you share on SpartaCrypto or disclose to other users. For example, other users can see your bids, purchases, items for sale, saved interests, sellers and searches, storefronts, feedback, ratings, product reviews and associated comments. Other users can also see any information you choose to share in your profile. When you use our Services, your public user ID may be displayed and available to the public and associated with all of your public SpartaCrypto activity. Notices sent to other users about suspicious activity and notice violations on our sites may refer to your public user ID and specific items. Accordingly, if you use a username that allows others to identify you, these others may be able to identify your SpartaCrypto activities. To help protect your personal data, we allow only limited access to other users’ contact, shipping and financial information as necessary to facilitate your transactions and collect payments. However, when users are involved in a transaction, they have access to each other’s name, user ID, (alias) email address and other contact and shipping information. For example, we may allow users to exchange telephone numbers in order to contact each other prior to completing a transaction (e.g. a seller may opt to share their telephone number with a buyer so that the buyer may call with questions about a listed item). In this case, sellers are prohibited from using a buyer’s telephone number for other purposes (e.g. completing a transaction off SpartaCrypto or adding the buyer to a marketing list).

Your responsibilities over transactional information you receive through SpartaCrypto

When you complete a transaction with another user (or a transaction has been cancelled, failed, or subsequently invalidated), we will provide you with the other user’s personal data (such as name, username, (alias) email address, contact information, shipping and billing information, or return address). Independent from us, you are the controller of such data and responsible for any processing that you perform after we have shared this data with you, including compliance with any limitations imposed by this User Privacy Notice and our User Agreement. Unless you act for purely personal purposes, we recommend that you explain your data processing activities in your own privacy notice and protect the privacy of other users. As a seller, you must in any case comply with the applicable data protection laws and in particular protect the rights of other users as data subjects, e.g. give them the opportunity to access the personal data collected by you and demand that it be erased. You may only use the personal data that you have access to for SpartaCrypto transaction-related purposes, or for other Services offered through SpartaCrypto (such as shipping, fraud complaints, and member-to-member communications), and for purposes expressly consented by the user to whom the data relates. Using personal data of other users that you have access to for any other purpose, such as adding them to a mailing list without their express consent, constitutes a violation of our User Agreement.

Personal data relating to third parties

If you provide us with personal data relating to another person, you must obtain the consent of this person or the disclosure of the data to us must be otherwise legally permissible. You must inform the other person of how we process personal data in accordance with our User Privacy Notice.

Filtering of messages sent via our messaging tools

All messages sent via our messaging tools (including chat messages and emails sent to SpartaCrypto alias email addresses) are first received by us and then forwarded to the recipient. All messages are automatically filtered according to certain criteria. If necessary, conspicuous messages are checked manually by our customer service. In the event of a violation of our User Agreement (including any of our rules and policies), we reserve the right to block the transmission of the message and to restrict the purchase and sales functions of your SpartaCrypto account or to block your SpartaCrypto account. This is to protect our legitimate interests such as protecting against fraudulent or suspicious activities (e.g. spam, viruses, phishing, or other illegal activities) or enforcing our User Agreement and our other rules and policies (e.g. illegal and other prohibited content), including but not limited to enforcing the prohibition of purchases and sales outside of SpartaCrypto. Are you obliged to provide your personal data to us? Some of the personal data that you provide to us (e.g. data by which we can identify you) are required to enter into the User Agreement and the Payments Terms of Use. For example, under the Payments Terms of Use you must provide us with certain identification information including legal name, date of birth, and tax identification number or social security number so that we may fulfil our legal “Know Your Customer” (KYC) obligations. As described elsewhere in our User Privacy Notice and in the Payments Terms of Use, we may share this data with other SpartaCrypto group companies in order to facilitate transactions and with service providers, including payment processors, credit agencies and bureaus. Although the provision of any other personal data (e.g. address and shipping data) is voluntary, it may be necessary for the use of our Services, such as bidding, purchase and sales data to complete a transaction.

Children’s Privacy

Our services are not intended for the use by children. We do not knowingly collect personal data from users who are considered children under applicable national laws. Under our User Agreement, children are not permitted to use our Services.

Staying Signed in

When you sign in to your account on our Services, we give you the option to stay signed in to your account for certain amount of time. If you are using a public or shared computer, we encourage you to decline. You or any other user of the computer/browser you signed in on will be able to view and access most parts of your account and take certain specific actions during this signed in period without any further authorization. The specific actions and account activities that you or any other user of this computer/browser may take include:

  • Bid, buy or make an offer on an item
  • Check out or add items to your cart
  • Purchase an item with PayPal using Faster Checkout (if enabled in your account)
  • View the activity header
  • View or edit the Watch List or order details
  • View the profile page
  • Send member-to-member messages
  • Conduct after-sale activities, like leaving feedback, canceling orders, requesting returns or submitting claims

If you attempt to change your password or user ID, update any other account information or attempt other account activity beyond those listed above, you may be required to enter your password. You can typically end your signed in session by either signing out and/or clearing your cookies. If you have certain browser privacy settings enabled, simply closing your browser may also end your signed in session. If you are using a public or shared computer, you should sign out and/or clear your cookies when you are done using our Services to protect your account and your personal data.

12. Regional and State Privacy Disclosures

For additional regional disclosures for residents of certain U.S. states, including California, please review our State Privacy Disclosures page. For additional disclosures for specific regions or countries, including Brazil and mainland of People’s Republic of China, please review our Regional Privacy Disclosures page.