This privacy policy informs partners and affiliates about how Highcovery processes personal data when using our Dashboard at dashboard.highcovery.com to manage businesses, products, and affiliate activities, and to connect them to our platform. This statement applies exclusively to Dashboard users and outlines the data collection and processing within the Partner and Affiliate Dashboard.
For comprehensive information on the processing of personal data in connection with the use of our website and mobile applications, please refer to our Web & App Privacy Policy.
The data controller according to the GDPR is:
Highcovery
Sportstraße 6, 50737 Cologne
Email: leonardo@highcovery.com
Phone: +49 221 27645575
- First and last name
- Email address
- Company
- Company address (including verification documents)
- Phone number
Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(a) GDPR (consent)
To prevent misuse, the business address is manually verified using business registration or similar documents.
Legal basis: Art. 6(1)(b) GDPR
To display your data in the app and on the website, we process the following:
Businesses:
- Type, name, URL, address, opening hours
- API-based verification via locationiq.com
- Images, active/inactive status, delivery regions
Products:
- Name, type, price, THC content, genetics
- Product images, attributes, status
Legal basis: Art. 6(1)(b) GDPR
For handling affiliate payouts and, where applicable, payments for chargeable features in the Dashboard, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).
In this context, the following data may be processed:
- Identification and contact data (e.g., name, email address, company)
- Payout and account details (e.g., IBAN, account holder, payout history)
- Commission and transaction data
- Technical data collected through Stripe.js (e.g., IP address, device information, browser version, date and time of access)
Stripe may use this information for fraud prevention, regulatory compliance, and secure transaction handling. Stripe may act as an independent controller for parts of this processing.
Legal basis:
- Art. 6(1)(b) GDPR (performance of partner/affiliate agreement)
- Art. 6(1)(f) GDPR (legitimate interests: secure payment processing and fraud prevention)
- Art. 6(1)(c) GDPR (legal obligations applicable to Stripe, e.g. anti-money laundering)
Further information is available in Stripe’s Privacy Policy: https://stripe.com/privacy
- IP address
- Device and browser information
- Cookies (e.g., “hc_session”)
- Technical data generated when loading third-party scripts required for payment processing (e.g., Stripe.js)
Legal basis: Art. 6(1)(f) GDPR (legitimate interests: platform security and functionality)
- Essential cookies: required for login sessions and Dashboard functionality
- Cookies/technologies required by Stripe for secure payment processing
- Matomo: anonymous usage statistics
Legal basis: Art. 6(1)(f) GDPR (essential cookies) / Art. 6(1)(a) GDPR (tracking)
Data transfers to third countries occur only when necessary for contract performance or based on consent. Stripe may transfer data to the United States or other third countries. Such transfers rely on appropriate safeguards, in particular the EU Standard Contractual Clauses pursuant to Art. 46 GDPR.
Data is stored only as long as legally or contractually required and will then be deleted, unless explicit consent or a legitimate interest allows longer retention.
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
- Right to object (Art. 21 GDPR)