Data Protection Statement

The controller as defined by the General Data Protection Regulation, other data protection laws applicable in Member States of the European Union and other provisions relating to data protection is Geba-Autoteile GmbH, Wiedstrasse 8, 53560 Vettelschoss, represented by the General Manager Frank Herrmann (hereinafter referred to as the "controller" or "we" or "us")

 

A. General information about data processing

 

1) Personal data

Personal data is individual items of information about personal or material circumstances of a particular or identifiable natural person. This includes information such as name, address, telephone number and e-mail address, but also the IP address assigned to a connection. Information not directly associated with a person - for example favourite internet sites or the number of uses of a site - are not personal data.

 

2) Scope of processing of personal data

As a matter of principle we collect and use personal data of our users only insofar as is necessary for provision of a functional website and for our content and services. Collection and use of our users' personal data takes place regularly only after consent from the user. An exception is made in cases where it is not possible to obtain consent in advance for objective reasons and processing of the data is permitted by statutory regulations.

 

3) The legal basis for processing personal data

Insofar as we obtain consent from the data subject for processing operations for personal data, Art. 6 (1) a General Data Protection Regulation (GDPR) is the legal basis for processing personal data.

Where it is necessary to process personal data for fulfilment of a contract, the contracting party for which is the data subject, Art. 6 (1) b GDPR is the legal basis. This also applies for processing operations required to carry out pre-contractual measures.

Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) c GDPR is the legal basis.

If the vital interests of the data subject or of another natural person necessitate processing of personal data, Art. 6 (1) d GDPR is the legal basis.

If processing is necessary to safeguard a justified interest of our company or of a third party and the interests, basic rights and fundamental freedoms of the data subject do not outweigh the aforementioned justified interest, Art. 6 (1) f GDPR is the legal basis for processing.

 

4) Deletion of data and duration of storage

Personal data of the data subject is deleted or blocked as soon as the purpose of storage no longer applies. Storage beyond this may take place if this is provided for by the European or national legislator in EU regulations, laws or other rules to which the controller is subject. Blocking or deletion of data is also carried if a storage period prescribed by the above-mentioned standards expires, unless further storage of the data is necessary for conclusion of a contract or fulfilment of a contract.

 

B. Provision of the website and creation of log files

Each time our website is accessed, we record data and information by means of an automated system.

The following data is collected in this process:

  1. Information about the browser type and version used
  2. The user's operating system
  3. The user's internet service provider
  4. The user's IP address
  5. Time and date of access
  6. Websites from which the user's system has come to our website (referrer)
  7. Websites accessed by the user's system via our website

This data is stored in our system's log files. This data is not stored together with the user's other personal data.

 

Legal basis for data processing

The legal basis for temporary storage of the data and log files is Art. 6 (1) f GDPR

 

Purpose of data processing

Temporary storage of the IP address by the system is necessary to facilitate provision of the website for the user's computer. For this purpose the user's IP address must be stored for the duration of the session.

The storage in log files is carried out to ensure the functional capability of the website. The data also serves to optimise the website and security of our IT systems. There is no analysis of the data for marketing purposes in this connection.

These purposes also include our justified interest in data processing in accordance with Art. 6 (1) f GDPR.

 

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was obtained. When data is recorded for provision of the website this is the case when the respective session ends.

When data is stored in log files this is the case after seven days at the latest. Storage beyond this is possible. In this case the IP addresses of users are deleted or scrambled so that assignment of the accessing client is no longer possible.

 

Option for objection and elimination

Recording of data for provision of the website and the storage of data in log files is necessary for operation of the website. Therefore, the user has no right of objection.

 

C. Use of cookies

Our website uses cookies in several places. Cookies are small text files that are kept on your computer and stored by your browser. This makes it possible to store on your PC specific information related to you, the user, when you visit our website. Cookies help to determine the frequency of use and the number of users on a website and to design the website for you in the most convenient and efficient way possible.

We use session cookies which are only stored for the duration of your visit to our website. Session cookies are deleted automatically after the end of your visit.

The following data is stored and transferred in session cookies:

- Language settings

- Log-in data

We also use permanent cookies to obtain information about visitors who visit our website repeatedly. The purpose of these cookies is to offer you optimum user guidance and to recognise you and present you with the most diversified website possible and to present you with new content in the case of repeated use. The content of the permanent cookie is limited to the identification number. Name, IP address etc. are not stored. No individual profile is created relating to your user habits.

When our website is accessed the user is informed about the use of cookies for analytical purposes and his consent is obtained for processing of the personal data used in this connection. A reference to the data protection statement is also displayed in this connection.

 

Legal basis for data processing

The legal basis for processing personal data with the use of cookies necessary for technical reasons is Art. 6 (1) f GDPR.

The legal basis for processing personal data with the use of cookies for analytical purposes where the user has granted consent for this is Art. 6 (1) a GDPR.

 

Purpose of data processing

The purpose of using cookies required for technical reasons is to make the use of websites easier for users. Some functions of our website cannot be provided without the use of cookies. For this purpose the browser has to be recognised again even after going to another page.

We require cookies for the following purposes:

- Taking over language settings

- Noting search terms

The user data obtained by cookies required for technical reasons is not used to create user profiles.

Analytical cookies are used to improve the quality of our website and its contents. Analytical cookies allow us to discover how the website is used so that we can optimise what we offer continuously.

These purposes also include our justified interest in processing personal data in accordance with Art. 6 (1) f GDPR.

 

Duration of storage

Cookies are stored on the user's computer and transferred from it to our website. Therefore, as the user you have full control of the use of cookies. By changing the settings in your internet browser you can disable or restrict the transmission of cookies. Cookies already stored may be deleted at any time. This can even be done automatically. If cookies are disabled for our website, it may no longer be possible to make full use of all the functions in our website.

 

Option for objection and elimination

It is possible to use our website even without cookies. You can disable storage of cookies in your browser, limit them to certain websites or set your browser in such a way that you are notified as soon as a cookie is sent. Please note, however, that in this case you will have a restricted presentation of the site and restricted user guidance.

 

D. Making contact by e-mail / contact form

Our website provides a contact form which can be used to make contact electronically. Alternatively, you can make contact via the e-mail address provided.

If you use one of these two options to contact us, your e-mail address and the message entered will be transferred to us in any case. A telephone number must also be entered in the contact form. Furthermore, when the contact form is used the user's IP address as well as the time and date are stored.

At the time of submission your consent is obtained for data processing and your attention is drawn to the data protection statement.

The data is used exclusively for processing the conversation.

 

Legal basis for data processing

The legal basis for processing data where the user has granted consent for this is Art. 6 (1) a GDPR.

The legal basis for processing data transferred when an e-mail is sent is Art. 6 (1) f GDPR. If e-mail contact is made for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6 (1) b GDPR.

 

Purpose of data processing

The processing of personal data from the entry screen in the contact form only allows us to process the contact and to respond to the enquiry. Contact by e-mail also gives rise to a necessary justified interest in processing the data.

The other personal data processed during the submission process serves to prevent misuse of the contact form and to guarantee the security of our IT systems.

 

Duration of storage

The data is deleted after the periods in which we are required to preserve it for commercial and tax purposes.

The personal data collected additionally during the submission process is deleted after a period of seven days at the latest.

 

Option for objection and elimination

The user has the option at any time to revoke his consent for processing personal data. If the user makes contact with us by e-mail, he may refuse to allow storage of his personal data at any time. In such a case the conversation cannot be continued. Consent may be revoked by sending an e-mail or by making contact with us by telephone or by post.

All personal data stored when contact is made is deleted in this case.

 

E. Rights of the data subject

When your personal data is processed, you are the data subject as defined by the GDPR and you have the following rights in relation to us ("the controller"):

 

1) Right to information

You may demand from the controller confirmation as to whether personal data relating to you is processed by us.

If there is such processing, you may demand the following information from the controller:

a.         The purposes for which personal data is processed.

b.         The categories of personal data processed.

c.         The recipients or categories of recipients to whom personal data relating to you has been or will be disclosed.

d.         The planned duration of storage of your personal data or, if it is not possible to provide any concrete information about this, criteria for determining the duration of storage.

e.         The existence of a right to correction or deletion of your personal data, of a right to restriction of processing by the controller or a right to object to this processing.

f.          The existence of the right to lodge a complaint with a regulatory authority.

g.         All available information about the origin of the data if personal data is not obtained from the data subject.

h.        The existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – conclusive information about the logic involved as well as the implications and the intended effects of such processing for the data subject.

You have the right to demand information concerning whether personal data relating to you is transferred to a third country or an international organisation. In this connection you may demand to be informed about suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.

 

2) Right to correction

You have the right in relation to the controller to correction and/or completion insofar as personal data relating to you is incorrect or incomplete. The controller must make the correction immediately.

 

3) Right to deletion

3.1) You may demand from the controller that personal data relating to you be deleted immediately, whereupon the controller is required to delete this data immediately insofar as one of the following reasons applies:

a.         The personal data relating to you is no longer needed for the purposes for which it was obtained or otherwise processed.

b.         You revoke your consent on which the processing was based in accordance with Art. 6 (1) a GDPR or Art. 9 (2) a GDPR, and there is no other legal basis for the processing.

c.         You lodge an objection in accordance with Art. 21 (1) GDPR against the processing and/or there are no overriding justified grounds for the processing, or you lodge an objection against the processing in accordance with Art. 21 (2) GDPR.

d.         The personal data relating to you has been processed illegally.

e.         Deletion of the personal data relating to you is required for fulfilment of a legal obligation in accordance with EU law or the law of Member States to which the controller is subject.

f.          The personal data relating to you was obtained in relation to the services offered by the information society in accordance with Art. 8 (1) GDPR.

3.2) If the controller has disclosed personal data relating to you and the data controller is required to delete it in accordance with Art. 17 (1) GDPR, he must take reasonable measures, including measures of a technical nature, taking into account the available technology and implementation costs, to inform the parties responsible for the data processing that you as the data subject have demanded from them deletion of all links to this personal data or copies or replications of this personal data.

3.3) The right to deletion does not exist insofar as the processing is necessary

a.         To exercise the right to freedom of expression and information

b.         To fulfil a legal obligation that requires the processing under the law of the EU or of the Member States to which the controller is subject or to carry out a task that is in the public interest or that is carried out in the exercise of official authority that has been transferred to the controller

c.         For reasons of public interest in the sphere of public health in accordance with Art. 9 (2) h and i as well as Art. 9 ( 3) GDPR

d.         For archiving purposes in the public interest, scientific or historic research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right stated in (1) is expected to make realisation of these objectives impossible or seriously impede them or

e.         For assertion, exercise or defence of legal claims

 

4) Right to restriction of processing

Under the following conditions you can demand restriction of processing of personal data relating to you:

a.         If you dispute the correctness of the personal data relating to you for a duration that allows the controller to check the correctness of the personal data.

b.         The processing is illegal and you reject deletion of the personal data and instead demand restriction of use of the personal data.

c.         The controller no longer needs the personal data for the purposes of processing but you nevertheless require it for assertion, exercise or defence of legal claims.

d.         If you have lodged an objection against processing in accordance with Art. 21 (1) GDPR and it is not yet established whether the controller's justified interests outweigh your reasons.

If processing of the personal data relating to you has been restricted, this data may – apart from storage – be processed only with your consent or for assertion, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or for reasons of an important public interest of the European Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restrictions are lifted.

 

5) Right to be informed

If you have asserted the right to correction, deletion or restriction of processing in relation to the controller, the latter is required to notify all recipients, to whom the personal data relating to you has been disclosed, about this correction or deletion of data or restriction of processing unless it proves to be impossible or entails inordinate expenditure.

You have the right in relation to the controller to be informed about these recipients.

 

6) Right to data portability

You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, common, machine-readable format. You also have the right to transfer this data to another controller, without obstruction by the controller to whom you have provided the personal data, insofar as

a.         The processing is based on consent in accordance with Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract in accordance with Art. 6 (1) b GDPR and

b.         Processing is carried out by an automated process.

When exercising this right you also have the right to arrange to receive the personal data relating to you direct from another controller insofar as this is technically feasible. Rights and freedoms of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data required to carry out a task in the public interest or which is carried out in the exercise of official authority that has been transferred to the controller.

 

7) Right of objection

You have the right, for reasons arising from your particular situation, to lodge an objection at any time to processing of personal data relating to you which takes place on the basis of Art. 6 (1) e or f GDPR; this also applies to profiling based on these provisions.

After an objection the controller will no longer process the personal data relating to you unless he can prove compelling reasons for the processing that warrant protection that outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data relating to you is processed for the purpose of direct advertising, you have the right at any time to lodge an objection against the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is directly connected with such direct advertising.

If you object to processing for the purposes of direct advertising, the personal data relating to you will no longer be used for these purposes.

You have the option in connection with the use of services of the information society – notwithstanding Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.

 

8) Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.

 

9) Automated decision-making in the individual case including profiling

You have the right to refuse to be subject to a decision based exclusively on automated processing – including profiling – that has a legal effect for you or which affects you substantially in a similar way. This does not apply if the decision

a.         Is necessary for conclusion or fulfilment of a contract between you and the controller.

b.         Is permissible on the basis of legal regulations of the European Union or Member States to which the controller is subject and these legal regulations include appropriate measures to safeguard your rights and freedoms as well as your justified interests.

c.         Is taken with your express consent.

However, these decisions must not be based on specific categories of personal data in accordance with Art 9 (1) GDPR insofar as Art 9 (2) a or g does not apply and appropriate measures have been taken for the protection of rights and freedoms as well as your justified interests.

With regard to the cases stated in a. and c. the controller must take suitable measures to safeguard rights and freedoms as well as your justified interests which includes as a minimum the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

 

10) Right to lodge a complaint with a regulatory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a regulatory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The regulatory authority with which the complaint has been lodged will inform the complainant about the progress and the outcome of the complaint including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

Copyrights © 2016 - GEBA Autoteile GmbH