Privacy Policy – Dashboard (Partners & Affiliates)

This privacy policy informs partners and affiliates about how Highcovery processes personal data when using our Dashboard at dashboard.highcovery.com to manage businesses, products, and affiliate activities, and to connect them to our platform. This statement applies exclusively to Dashboard users and outlines the data collection and processing within the Partner and Affiliate Dashboard.

For comprehensive information on the processing of personal data in connection with the use of our website and mobile applications, please refer to our Web & App Privacy Policy.

I. Data Controller

The data controller according to the GDPR is:
Highcovery
Sportstraße 6, 50737 Cologne
Email: leonardo@highcovery.com
Phone: +49 221 27645575

II. Purposes and Legal Basis for Processing

Processing of Contact Data during Registration

  • - First and last name

  • - Email address

  • - Company

  • - Company address (including verification documents)

  • - Phone number

Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(a) GDPR (consent)

Verification of Business Data

To prevent misuse, the business address is manually verified using business registration or similar documents.
Legal basis: Art. 6(1)(b) GDPR

Processing of Business Data in the Dashboard

To display your data in the app and on the website, we process the following:

Businesses:

  • - Type, name, URL, address, opening hours

  • - API-based verification via locationiq.com

  • - Images, active/inactive status, delivery regions

Products:

  • - Name, type, price, THC content, genetics

  • - Product images, attributes, status

Legal basis: Art. 6(1)(b) GDPR

Payment Processing and Affiliate Payouts (Stripe)

For handling affiliate payouts and, where applicable, payments for chargeable features in the Dashboard, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).

In this context, the following data may be processed:

  • - Identification and contact data (e.g., name, email address, company)

  • - Payout and account details (e.g., IBAN, account holder, payout history)

  • - Commission and transaction data

  • - Technical data collected through Stripe.js (e.g., IP address, device information, browser version, date and time of access)

Stripe may use this information for fraud prevention, regulatory compliance, and secure transaction handling. Stripe may act as an independent controller for parts of this processing.

Legal basis:
- Art. 6(1)(b) GDPR (performance of partner/affiliate agreement)
- Art. 6(1)(f) GDPR (legitimate interests: secure payment processing and fraud prevention)
- Art. 6(1)(c) GDPR (legal obligations applicable to Stripe, e.g. anti-money laundering)

Further information is available in Stripe’s Privacy Policy: https://stripe.com/privacy

Usage Data in the Dashboard

  • - IP address

  • - Device and browser information

  • - Cookies (e.g., “hc_session”)

  • - Technical data generated when loading third-party scripts required for payment processing (e.g., Stripe.js)

Legal basis: Art. 6(1)(f) GDPR (legitimate interests: platform security and functionality)

Cookies and Tracking

  • - Essential cookies: required for login sessions and Dashboard functionality

  • - Cookies/technologies required by Stripe for secure payment processing

  • - Matomo: anonymous usage statistics

Legal basis: Art. 6(1)(f) GDPR (essential cookies) / Art. 6(1)(a) GDPR (tracking)

III. Data Transfer to Third Countries

Data transfers to third countries occur only when necessary for contract performance or based on consent. Stripe may transfer data to the United States or other third countries. Such transfers rely on appropriate safeguards, in particular the EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

IV. Data Retention

Data is stored only as long as legally or contractually required and will then be deleted, unless explicit consent or a legitimate interest allows longer retention.

V. Rights of the Data Subject

  • - Right of access (Art. 15 GDPR)

  • - Right to rectification (Art. 16 GDPR)

  • - Right to erasure (Art. 17 GDPR)

  • - Right to restriction of processing (Art. 18 GDPR)

  • - Right to withdraw consent (Art. 7(3) GDPR)

  • - Right to object (Art. 21 GDPR)