Privacy Policy
As of: 01 July 2026
Thank you for your interest in GLOBALBACK. The protection of your personal data is important to us. Below, in accordance with the General Data Protection Regulation (GDPR), we inform you about which data we process and for what purpose.
1. Controller
The controller responsible for data processing on this website is:
Detlef Eschner (sole proprietorship)
Moerserstr. 62, 47239 Duisburg, Germany
Phone: +49 2151 6006849
E-mail: email@globalback.de
There is no legal obligation to appoint a data protection officer. For all questions regarding data protection, you can reach us using the contact details above.
2. General principles and legal bases
We process personal data only insofar as this is necessary to provide a functional website and our services. The legal bases are in particular:
- Art. 6(1)(b) GDPR – for the performance of a contract or pre-contractual measures,
- Art. 6(1)(c) GDPR – for compliance with legal obligations,
- Art. 6(1)(f) GDPR – to safeguard legitimate interests (e.g. secure and stable operation of the website).
3. Hosting
Our website is hosted by an external service provider:
STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany.
The servers are located in Germany. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. The legal basis is Art. 6(1)(f) GDPR (interest in the secure and efficient provision of our offering).
4. Server log files
When you access the website, the hosting provider automatically collects information in what are known as server log files, which your browser transmits. These are in particular the browser type and version, the operating system used, the referrer URL, the host name of the accessing computer, the time of the server request and the IP address.
This data is not merged with other data sources. Processing is carried out on the basis of Art. 6(1)(f) GDPR for the technically error-free presentation and for security. Storage takes place within the framework of our hosting provider's standard settings.
5. Cookies
Our website uses exclusively a technically necessary session cookie. It serves to maintain your session – for example when logging in to your account – and is automatically deleted at the latest when you close the browser.
This cookie is strictly necessary for the operation of the functions you have expressly requested. Consent is not required for this (Section 25(2) no. 2 TDDDG, Art. 6(1)(f) GDPR).
We use no analytics, tracking, statistics or marketing cookies and do not integrate any corresponding third-party services.
6. QR code generation
If you generate QR codes on our website, this takes place entirely in your browser (locally). No data is transmitted to third parties or external services for this purpose.
7. Orders and contract processing
In the context of an order, we process the data you provide for the establishment, performance and processing of the contract. This includes in particular your e-mail address, optionally your telephone number and the order details.
Providing an e-mail address is necessary for order processing and for the delivery of your GLOBALBACK-ID. The legal basis is Art. 6(1)(b) GDPR.
8. GLOBALBACK Cloud (registration and entries)
When you create an entry in the GLOBALBACK Cloud, we process the data you provide, in particular name, e-mail address, telephone number and details of the items you register (e.g. serial numbers, components).
An e-mail address is required for a cloud entry, as it serves for allocation and for verifying authenticity. The legal basis is Art. 6(1)(b) GDPR.
Providing a telephone number is voluntary. When entering it, you decide yourself whether this number should be displayed publicly: if you activate this option, the number is visible to anyone who looks up the associated GBID on globalback.de or on a connected check portal. This publication is based solely on your express consent (Art. 6(1)(a) GDPR), which you can withdraw at any time with effect for the future by removing the number or deactivating the public display in your account. If you do not provide a telephone number or deactivate the public display, the number is not shown to finders; contact is then made exclusively via our anonymised messaging function.
Logging in to your account is carried out via an e-mail-based login procedure (magic link). Access tokens are stored exclusively in encrypted form (as a hash value).
9. Status query via connected check portals
The entries stored in the GLOBALBACK Cloud can be queried not only via globalback.de but also via further check portals operated by us, currently: seriennummern-check.de, ebike-check.online, checkme.website and checkmich.online. These portals are operated by the same controller (see section 1).
In a query, only the identification number, the status of the item and – provided you have activated the public display of your telephone number (see section 8) – the telephone number are displayed. Further personal data of the owner (in particular name and e-mail address) is not disclosed in this process.
We reserve the right to make the mere status query available in future via a technical interface (API) also to connected or cooperating check portals of external operators. In this case, only the aforementioned, already publicly available information (identification number, status and, where applicable, the telephone number released by you) is provided. Insofar as such an external operator is independently responsible under data protection law, it is itself responsible for the processing on its portal.
The legal basis for providing the status is Art. 6(1)(b) and (f) GDPR (enabling the authenticity and status check as well as the return of lost items); the display of a telephone number is based on your consent under Art. 6(1)(a) GDPR and can be withdrawn at any time.
10. Anonymous contact by finders
If a person finds an item marked with a GBID, they can send a message to the owner via our platform. In doing so, we process the information entered by the finder (e.g. message and voluntarily provided contact details) and forward it to the owner. The owner's contact details are not disclosed to the finder. The legal basis is Art. 6(1)(f) GDPR (enabling the return of lost items).
11. E-mail dispatch
We handle the dispatch of e-mails (e.g. confirmations, login links, finder messages) via the e-mail server of our hosting provider STRATO. In doing so, the data required for delivery (in particular e-mail address and message content) is processed.
12. Payment service provider Stripe
For the processing of payments (including credit card and PayPal via Stripe) we use the payment service provider Stripe. The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (hereinafter „Stripe“).
When you initiate a payment via Stripe, we pass on the data required for this to Stripe insofar as this is necessary for the performance of the contract. This includes in particular name, e-mail address, order number, payment method and payment data (e.g. credit card or bank account details), invoice amount, currency as well as date, time and transaction number.
The legal basis for the processing is Art. 6(1)(b) GDPR (performance of the contract concluded with you) and Art. 6(1)(f) GDPR (our legitimate interest in secure and efficient payment processing and in the prevention of fraud). The provision of this data is necessary for a payment via Stripe; without it we cannot carry out such a payment.
We have concluded a data processing agreement with Stripe in accordance with Art. 28 GDPR. As part of the payment processing, data may be transferred to Stripe, Inc. in the USA. For this purpose, Stripe has implemented measures for international data transfers based in particular on the EU Standard Contractual Clauses (SCC).
Your data is stored until the payment processing is completed; this also includes the period required for handling refunds, receivables management and fraud prevention. Further information on data protection at Stripe can be found at stripe.com/privacy.
13. Retention period
We store personal data only for as long as is necessary for the respective purposes:
- Contract and cloud data are stored for the duration of the contract (term of the GBID or cloud entry) and removed after expiry or after deletion of the entry.
- Invoice and accounting data are subject to statutory retention obligations (under commercial and tax law, up to ten years). For the duration of this retention, processing is restricted; the data is subsequently deleted.
14. Your rights as a data subject
Under the GDPR you have in particular the following rights:
- right of access (Art. 15 GDPR),
- right to rectification (Art. 16 GDPR),
- right to erasure (Art. 17 GDPR),
- right to restriction of processing (Art. 18 GDPR),
- right to data portability (Art. 20 GDPR),
- right to object to processing (Art. 21 GDPR).
To exercise your rights, a message to the contact details above is sufficient.
15. Right to lodge a complaint with the supervisory authority
Without prejudice to any other legal remedies, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.
16. Data security
For security reasons, this website uses SSL or TLS encryption. You can recognise an encrypted connection by „https://“ in the address bar of your browser. This means that the data you transmit to us cannot be read by third parties.
This privacy policy will be adjusted in the event of changes to our processing activities or to the legal situation.
