Privacy Policy

Privacy Policy

 

SCOPE OF PERSONAL DATA PROCESSING

We generally only collect and use our users’ personal data to the extent necessary for providing a functioning website and for our content and products and services. Our users’ personal data are routinely collected and used only after the user’s consent has been obtained. An exception is made in cases where it is not possible to obtain the consent beforehand for factual reasons and processing of the data is permitted by statutory provisions.

Personal data are only collected if you voluntarily communicate that to us in the context of your order. We exclusively use the data you have provided to process and complete your order unless you have given further consent. Upon complete processing of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after the retention period for tax and business records has expired insofar as you have not explicitly consented to further use of your data.

DISCLOSURE OF PERSONAL DATA

 

Your data will be passed on to Autodoc GmbH, Josef-Orlopp-Str. 55, 10365 Berlin, Germany for the purpose of contract formation and processing. Your data will be passed on to the shipping company engaged to carry out the shipment to the extent required to deliver the goods. We will pass your payment data on to the financial institution engaged for the payment or to the payment service selected in the ordering process in order to process payments.

PAYMENT PROCESSING USING PAYPAL

 

If you select payment using PayPal, credit card using PayPal, direct debit using PayPal or – if offered – “purchase on account” using PayPal, we will forward your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) in the context of payment processing. PayPal reserves the right to perform a credit check for the payment options of credit card using PayPal, direct debit using PayPal or – if offered – “purchase on account” using PayPal. PayPal will use the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The information on creditworthiness may contain probability values (so-called scores). To the extent that scores are included in the result of the credit check, they are based on a scientifically recognized mathematical, statistical procedure. Among others, address data are included in the calculation of the scores. Please refer to the Privacy Policy for PayPal Services for more legal information relating to data protection, including with regard to the credit reference agencies used.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

 

To the extent that we obtain the consent for the processing procedures of personal data from the data subject, Art. 6 (1) (a) of the General Data Protection Regulation of the EU (GDPR) serves as the legal basis.
During the processing of personal data, which is necessary for the performance of a contract, the contracting party of which the data subject is, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing procedures needed to carry out pre-contractual measures. To the extent that personal data need to be processed to comply with a legal obligation that is binding on our company, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is needed to protect a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interests, Art. 6 (1) (f) GDPR shall serve as the legal basis for the processing.

DELETION OF DATA AND DURATION OF STORAGE

 

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases. The data may be stored beyond the foregoing if provided for by the European or national legislator in legal Union regulations, laws or other regulations which the controller is subject to. Blocking or deletion of the data shall also take place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity to continue to store the data in order to enter into a contract or perform a contract.

PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

DESCRIPTION AND SCOPE OF DATA PROCESSING

 

Each time our website is viewed, our system automatically collects data and information about the computer system of the accessing computer.

The following data are collected in this process:

1. Information about the type of browser and the version used
2. The user’s operating system
3. The user’s Internet service provider
4. The user’s IP address
5. Date and time of the access
6. Websites from which the user’s system has accessed our website
7. Websites that are accessed from our website by the user’s system

The log files contain IP addresses or other data permitting association with a user. This may be the case, for example, if the link to the website from which the user accesses the website or the link to the website from which the user transfers contains personal data.

The data are also stored in the log files of our system. The user’s IP addresses or other data permitting an association of the data with a user are not affected by the foregoing. Storage of this data together with other personal data of the user does not take place.

LEGAL BASIS FOR THE DATA PROCESSING

Article 6 (1) (f) GDPR serves as the legal basis for the temporary storage of the data and the log files.

PURPOSE OF THE DATA PROCESSING

 

The temporary storage of the IP address by the system is needed to permit delivery of the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

Storage in log files takes place in order to ensure the website’s ability to function. In addition, the data helps us optimize the website and ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this process.

Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.

DURATION OF STORAGE

 

The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected. In the event of collection of the data to provide the website, this is the case when the respective session is ended.

In the event that the data are stored in log files, this will be the case after not later than seven days. Storage extending beyond that limit is possible. In this case, the user’s IP address will be erased or masked, so that it can no longer be associated with the viewing client.

OPTION OF OBJECTION AND REMOVAL

 

Collection of the data for provision of the website and storage of the data in log files is essential for the operation of the website. Therefore, the user has no option of objection.

USE OF COOKIES

DESCRIPTION AND SCOPE OF DATA PROCESSING (ANALYSIS OF SURFING BEHAVIOUR)

 

We use cookies permitting an analysis of the user’s surfing behaviour on our website. The following data can be transmitted in this manner:

1. Search terms entered
2. Frequency of page views
3. Use of website functions

The data collected in this way are pseudonymised by technical precautions. Therefore, it is no longer possible to associate the data with the user viewing the website. The data are not stored together with other personal data of the users.

DESCRIPTION AND SCOPE OF THE DATA PROCESSING (SHOPPING CART FUNCTION)

 

Some cookies are persistently stored on your computer to enable us to recognize your computer on your next visit (persistent cookies). Our partners are not permitted to collect, process or use personal data by means of cookies through our website. Most browsers accept cookies by default. You can allow or disallow temporary and persistent cookies independently of each other in the security settings. If you deactivate cookies, certain functions on our website may not be available to you and some websites may not be displayed correctly. Temporary cookies must be allowed in order to use our shopping cart! The data stored in our cookies are not linked to your personal data (name, address, etc.). We will not link the data stored in our cookies with your personal data (name, address, etc.) without your explicit consent.

DATA COLLECTION BY THE USE OF GOOGLE ANALYTICS

 

Our website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information collected may include information about the operating system, the browser, your IP address, the website you viewed previously (the referrer URL) and the date and time of your visit to our website. The information on the use of our website created by this text file is transmitted to a Google server in the USA and stored there. Google will use this information to analyse your use of our website, to compile reports on the website activity for the website operator and to provide other services associated with the use of the website and use of the Internet. If required by law or to the extent that third parties process data on Google’s behalf, Google will also pass this information on to such third parties. This use will take place in an anonymized or pseudonymised form. You can obtain more detailed information concerning this directly from Google. Please click here.

LEGAL BASIS FOR THE DATA PROCESSING

 

Art. 6 (1) (f) GDPR forms the legal basis for processing personal data involving the use of cookies.

PURPOSE OF THE DATA PROCESSING

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the use of the analysis cookies, we learn about how the website is used, so that we can constantly optimise our products and services.
Our legitimate interest in processing personal data pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.

DURATION OF STORAGE, OPTION OF OBJECTION AND REMOVAL

 

Cookies are stored on the user’s computer and transmitted to our site from there. Therefore, you as the user have full control of the use of cookies. By changing the settings in your Internet browser, you can deactivate or limit the transmission of cookies. Cookies already stored may be erased any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that you will no longer be able to fully use all the functions of the website.
The transmission of flash cookies cannot be disallowed in the settings of the browser, but this can be done by changing the settings of the flash player.

NEWSLETTER

DESCRIPTION AND SCOPE OF DATA PROCESSING

 

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask are transmitted to us.
In addition, the following data are collected during the registration:

1. The IP address of the accessing computer
2. Date and time of the registration

As part of the registration process, your consent is obtained and reference is made to this data privacy statement for the purpose of processing the data.
The data are exclusively used to deliver the newsletter.

We use the MailChimp mailing list provider to send our newsletter. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA (“Rocket”). Rocket is governed by the so-called “Privacy Shield framework”, a data privacy agreement between the European Union and the United States.
The data stored during registration is transmitted to Rocket and stored by Rocket. The data entered during registration is not transmitted to other third parties. After you have registered, MailChimp will send you an email confirming your registration. Furthermore, MailChimp provides diverse analysis options relating to how the delivered newsletter is opened and used, such as the number of users an email was sent to, whether emails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are only group related and are not used by us for any individual analysis. MailChimp also uses the Google Analytics analysis tool by Google, Inc. and incorporates it in the newsletter in some circumstances. You can find more details on Google Analytics in this data privacy statement under “Data collection by the use of Google Analytics.”
You can find more information about data privacy at MailChimp under: http://mailchimp.com/legal/privacy/.

LEGAL BASIS FOR THE DATA PROCESSING

 

If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data processing after registration for the newsletter by the user.

PURPOSE OF THE DATA PROCESSING

 

The user’s email address is collected for delivery of the newsletter.

The collection of other personal data as part of the registration process serves to prevent abuse of the services or of the email address used.

DURATION OF STORAGE

 

The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected. Accordingly, the user’s email address shall be stored as long as the subscription to the newsletter is active.

OPTION OF OBJECTION AND REMOVAL

 

The subscription to the newsletter can be cancelled any time by the user concerned. There is a corresponding button on the website under Newsletter for this purpose.

REGISTRATION

 

DESCRIPTION AND SCOPE OF DATA PROCESSING

On our website, we offer users the opportunity to register by providing personal data. In the process, the data are entered in an encrypted input mask, transmitted to a service provider and stored. The following data are collected as part of the registration process:

1. Email
2. Password
3. Form of address, first name, last name

The following data are stored at the time of registration:

1. The user’s IP address
2. Date and time of the registration

As part of the registration process, the user’s consent to processing of this data is obtained.

LEGAL BASIS FOR THE DATA PROCESSING

 

If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data processing.
If the registration is for the purpose of performing a contract, the contracting party of which is the user, or of carrying out pre-contractual measures, Art. 6 (1) (b) GDPR forms an additional legal basis for the data processing.

 

PURPOSE OF THE DATA PROCESSING

Registration by the user is necessary for the performance of a contract with the user or to carry out pre-contractual measures.

The registration data are used for the purpose of processing the order in our online shop

DURATION OF STORAGE

 

The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected.
This is the case for the data collected during the registration process for the purpose of performing a contract or carrying out pre-contractual measures if and when they are no longer needed to perform the contract. Even after the contract has been completed, it may be necessary to store the contracting party’s personal data in order to comply with contractual or legal obligations.

OPTION OF OBJECTION AND REMOVAL

 

As the user, you have the option at any time of cancelling the registration.  You may have the stored data concerning you changed at any time.
Cancellation by email or post:

Wemax Group GmbH & Co.KG
Französische Straße 12
10117 Berlin
[Germany]

Fax: +49 30 208 478 250
Email: privacy-policy@autoteiledirekt.de

If the data are needed to perform a contract or carry out pre-contractual measures, premature erasure of the data is only possible to the extent that the erasure does not violate any contractual or legal obligations.

CONTACT FORM AND EMAIL CONTACT

DESCRIPTION AND SCOPE OF DATA PROCESSING

 

There is a contact form on our website that can be used to contact us electronically. If the user makes use of this opportunity, the data entered in the input mask are transmitted to us and stored. These data comprise:

1. Order number
2. Phone number
3. First and last names
4. VIN
5. Model codes

The following data are also stored at the time the message is sent:

1. The user’s IP address
2. Date and time of the registration

For the purpose of processing the data, your consent is obtained and reference is made to this data privacy statement as part of the registration process.
Alternatively, you can contact us by using the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

The data are exclusively used to process the conversation.

We use the Zendesk ticket system, a customer service platform by Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA, to process customer enquiries. For this purpose, required data such as last name, first name, postal address, telephone number and email address are entered through our website in order to be able to respond to your need for information.  Zendesk is a certified participant of the so-called “Privacy Shield Frameworks” and therefore meets the minimum requirements for law compliant processing of order data.

You can find more detailed information about data processing by Zendesk in Zendesk’s privacy policy at http://www.zendesk.com/company/privacy.

6.1.1.Data collection, processing and use for the Trustpilot review platform

We offer the option of using the review service of www.trustpilot.de to write reviews on our service, which is subject to Trustpilot’s terms and data privacy provisions, published under https://uk.legal.trustpilot.com/end-user-privacy-terms and https://uk.legal.trustpilot.com/end-user-terms-and-conditions. When you write a review (you would need to register) on Trustpilot, your review will be published on our website, as well as on the websites of Trustpilot and their partners.

We pass on your email address, first name and last name, as well as the order number we have generated to Trustpilot A/S, Pilestræde 58, 5th Floor, 1112 Copenhagen, Denmark (support@trustpilot.com) for the purpose of use by Trustpilot. Trustpilot sends invitations to review to you on our behalf. Processing takes place on the basis of Article 6 (1) (f) GDPR and the legitimate interest in obtaining user reviews, thus creating a basis of trust for the use of the website. You have the right to object to this processing of personal data concerning you on the basis of Art. 6 (1) (f) GDPR for reasons arising from your specific situation at any time.

LEGAL BASIS FOR THE DATA PROCESSING

 

If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data processing.

Art. 6 (1) (f) GDPR forms the legal basis for processing the data transmitted while an email is being sent. If the email contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR forms an additional legal basis for the data processing.

PURPOSE OF THE DATA PROCESSING

 

Processing of the personal data from the input mask is exclusively for the purpose of processing the contact process. If we are contacted by email, the necessary legitimate interest in processing the data also lies in this contact.
The other personal data processed during the sending process serve to prevent abuse of the contact form and to ensure the security of our information technology systems.

DURATION OF STORAGE

 

The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is ended. The conversation is ended when the circumstances indicate that the matter concerned is finally resolved.
The personal data collected additionally during the sending process will be erased after not later than a period of seven days.

RIGHTS OF THE DATA SUBJECT

 

The following list comprises all the rights of the data subjects pursuant to GDPR. Rights that are not relevant for one’s own website do not need to be mentioned. In that regard, the list can be shortened.
If your personal data are processed, you are the data subject within the meaning of GDPR and you have the following rights vis-à-vis the controller:

RIGHT TO INFORMATION

 

You may request confirmation from the controller about whether personal data concerning you are being processed by us.
If such processing is taking place, you can request information from the controller about the following:

1. The purposes for which the personal data are being processed;

2. The categories of personal data that are being processed;

3. The recipients or the categories of recipients to whom the personal data concerning you were disclosed or are yet to be disclosed;

4. The planned duration of the storage of the personal data concerning you or, if it is not possible to obtain specific information about this, the criteria for determining the duration of storage;

5. The existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to objection to this processing;

6. The existence of a right to complain to a supervisory authority;

7. All available information about the origin of the data, if the personal data were not collected from the data subject;

8. The existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

 

You also have the right to request information about whether the personal data concerning you are being transferred to a third country or an international organization. In this regard, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

RIGHT TO RECTIFICATION

 

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller shall carry out the rectification without undue delay.

RIGHT TO RESTRICTION OF PROCESSING

 

You may request restriction of processing of the personal data concerning you under the following conditions:

1. If you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;

2. The processing is unlawful and you reject erasure of the personal data            and instead request restriction of the use of the personal data;

3. The Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or

4. If you have objected to the processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of the processing was restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

RIGHT TO ERASURE

OBLIGATION TO ERASE

 

You may demand that the controller erase the relevant personal data without undue delay, and the controller is obligated to promptly erase the data if one of the following applies:

1. The personal data concerning you are no longer necessary in relation to the purpose for which they were collected or otherwise processed.

2. You withdraw your consent on which the processing is based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal ground for the processing.

3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

4. The personal data concerning you have been unlawfully processed.

5. The personal data concerning you have to be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.

6. The personal data concerning you were collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

INFORMATION TO THIRD PARTIES

 

If the controller has made the personal data concerning you public and is obligated to erase them pursuant to Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of implantation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject request the erasure by such controllers of any links to, or copy or replication of, those personal data.

EXCEPTIONS

 

There is no right to erasure if the processing is necessary

1. To exercise the right of freedom of expression and information;

2. To comply with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3. For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;

4. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the right referred to in subsection (3) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

5. To establish, exercise or defend legal claims.

RIGHT TO NOTIFICATION

 

If you have claimed the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obligated to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you were disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed of these recipients by the controller.

RIGHT TO DATA PORTABILITY

 

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to have these data transmitted to another controller without hindrance from the controller to which the personal data were provided, if

1. The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or a contract pursuant to Art. 6 (1) (b) GDPR and

2. The processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another if this is technically feasible. This may not adversely affect the freedoms and rights of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

RIGHT TO OBJECT

 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; including profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
In the context of the use of information society services, you have the opportunity – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

RIGHT TO WITHDRAW THE DECLARATION OF CONSENT REGARDING DATA PRIVACY

 

You have the right to withdraw your declaration of consent regarding data privacy at any time. A withdrawal of consent does not affect the lawfulness of any processing done up to the time of withdrawal.

AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

1. Is necessary to enter into or perform a contract between you and the controller;

2. Is authorised by Union or Member State law to which the controller is subject, and these legal provisions also lay down suitable measures to safeguard your rights and freedoms and legitimate interests, or

3. Is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR unless Art. 9 (2) (a) or (g) GDPR apply and suitable measures have been taken to protect your rights and freedoms and legitimate interests.

In the cases referred to in sections 1 and 3, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

Customer Service