Privacy Policy (Data Protection Declaration)

Commodity Board Europe GmbH
Pestalozzistraße 25
22305 Hamburg
Germany
Email: info@commodity-board.com
Phone: +49 40 808 13 965

We take the protection of your personal data very seriously. In the following, we inform you about the processing of personal data when using our websites (including “Commodity Board News”, “CMBroker”, “CMB Supplier”), newsletters, digital products and other related services.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable regulations.

1. Controller

Commodity Board Europe GmbH
Pestalozzistr. 25
22305 Hamburg
Germany

Email: michael.guetlich@cmb-hamburg.com
Phone: +49 40 808 13 965

Data Protection Officer:
Michael Gütlich (reachable via the above contact details)

2. Definitions

Terms used in this Privacy Policy (e.g. “personal data”, “processing”, “controller”, “processor”, “recipient”, “consent”) follow the definitions of Art. 4 GDPR.

3. Categories of Personal Data We Process

We may process the following categories of data:

3.1 Registration and Account Data

Name, email address, company name, address
Phone number
User type (buyer, supplier, broker, member)
Login credentials (hashed)

3.2 Contract and Transaction Data

Orders, subscriptions, payment data
Contract history
Offers, bids, auction participation
Trade history (anonymised where required)

3.3 Technical Data

IP address, device information
Server log files
Cookies
Tracking IDs for usage analysis

3.4 Communication Data

Emails, contact form entries
Newsletter subscription data
Marketing preferences

3.5 Data from our Trading Platforms

Information provided by the user on CMBroker or CMB Supplier
Offers, requests, product specifications
Transportation & delivery data (without private information)

4. Legal Bases for Processing

We process data on the following legal bases:

Art. 6(1)(a) GDPR – Consent
Art. 6(1)(b) GDPR – Contract initiation/performance
Art. 6(1)(c) GDPR – Legal obligation
Art. 6(1)(f) GDPR – Legitimate interest (operation of websites, security, fraud prevention, analytics, marketing)

5. Processing Purposes

5.1 Providing Websites & Digital Platforms

Operation of:

Commodity Board News
CMBroker
CMB Supplier

5.2 Fulfilment of orders and subscriptions

5.3 User registration & account management

5.4 Trading, auction and contract processing

For registered, authorized brokers and suppliers.

5.5 Newsletter & marketing communication

Only with explicit consent.

5.6 Data analysis & forecasting (AI)

We use partly automated processes (incl. AI models) to analyse market trends, prices, forecasts.
No automated decision-making with legal effect occurs.

5.7 Security & fraud prevention

6. Cookies & Tracking Technologies

We use:

Session cookies
Third-party cookies
Analytics tools (Google Analytics, etc.)
reCAPTCHA
YouTube embeds

Legal bases:
Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR
Consent via cookie banner: Art. 6(1)(a) GDPR

7. Data Transfer to Third Parties

7.1 Transfer to Strategic Partners

We may transfer business contact data of our registered users (name, business email address, company name, position) to selected strategic partners for the purpose of:

providing extended market intelligence,
offering co-branded market insights or data services,
enabling sector-relevant information distribution,
improving the relevance of Commodity Board services.

Legal basis:
Your consent under Art. 6(1)(a) GDPR, obtained during registration or newsletter signup.

Users may withdraw consent at any time (Art. 7(3) GDPR).

7.2 Co-Branded Communication

If you register for newsletters or market updates, we may send co-branded communication including information from selected partners.
Your address remains with Commodity Board unless explicitly authorised otherwise.

Legal basis:

Art. 6(1)(a) GDPR (Newsletter consent)
Art. 6(1)(f) GDPR (co-branded information in existing newsletters)

7.3 Processors

We use service providers for:

hosting
newsletter systems
analytics
payment processing
communication channels (WhatsApp Business API)
All are bound by Art. 28 GDPR DPA contracts.

8. International Data Transfers

Transfers outside the EU only occur:

with adequacy decisions
or Standard Contractual Clauses (SCC)
or explicit consent

9. Storage Duration

Data is stored:

as long as necessary for the purpose
or until legal obligations end
or until the user revokes consent

10. User Rights

(As per your current detailed version — Art. 15–21 GDPR.)
Right to:

access
rectification
deletion
restriction
data portability
objection
withdrawal of consent
lodge a complaint

11. Newsletter Opt-In

Explicit double opt-in required.
Unsubscribing is possible anytime.

12. Deletion of Accounts

On request or in case of violation.

13. Data Security

SSL encryption, role-based access (RBAC), internal policies.

14. Changes to the Privacy Policy

We reserve the right to update this policy; users will be informed.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.