Skip to content

Data protection

Privacy Policy according to GDPR

 

Date: 28.06.2022

 

The protection and security of your data is an important concern for us, komponentenwerk GmbH & Co. KG, which we take into account in all our business processes. In this privacy policy, we would therefore like to give you an overview of the data protection relevant aspects of our products and services. In the following we explain:

  • What data we collect when you use our online offering.
  • How you can contact us regarding data protection.
  • For what purposes this data is processed by us and third-party companies.
  • What rights and choices you have regarding the processing of your data.

 

I. Name and address of the data controller

The controller in terms of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

 

komponentenwerk GmbH & Co. KG.

Alte Ratinger Landstraße 23

42489 Wülfrath

Germany

Tel.: 0800 - 39 72 787

E-Mail: shop@experience-parts.com

Website: www.experience-parts.de

II. Name and address of the data protection officer

The data protection officer of the controller is:

 

Mr. Matthias Baumgärtel

Tel.: 0170-6651825 or 02293-8162802

E-Mail: datenschutz@experience-parts.de

 

III. General information on data processing

1. Scope of the processing of personal data

We process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

 

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, storage may take place if this has been provided for by the European or national legislator in Union law regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

IV. Children

Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or guardians.

 

V. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • The user's IP address
  • Date and time of access

The log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website, or the link to the website to which the user switches, contains personal data.

 

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

 

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

 

Storage in log files is done to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. Data analysis for marketing purposes does NOT take place in this context.

 

Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

 

In the case of data storage in log files, this is the case after 30 days at the latest. Storage beyond this is possible.

 

5. Right to object and erasure

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

 

VI. Plugins and Tools

 

1. Facebook

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Facebook plugins are marked with a Facebook logo or the addition "Social Plug-in from Facebook" or "Facebook Social Plugin". When you visit our website, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website by it. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.

 

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plugins, for example by clicking the "Like" button ("thumbs up" sign) or leaving a comment, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends or third parties. Facebook can use this information for the purpose of advertising, market research and demand-oriented design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

 

For the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and setting options for protecting your privacy, please refer to Facebook's data protection notices https://www.facebook.com/policy.php.

 

2. Twitter

This website uses the buttons of the service Twitter. These buttons are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). They are recognizable by terms like "Twitter", combined with a stylized bird. With the help of the buttons, it is possible to share a post or a page within our website on Twitter or to follow us on Twitter.

When you access our website with such a button, your browser establishes a direct connection with the servers of Twitter. The content of the Twitter buttons is transmitted by Twitter directly to your browser. We have no influence on the scope of the data that Twitter collects with the help of this plugin. To our knowledge, your IP address and the URL of the respective page accessed are transmitted, but not used for purposes other than the display of the Twitter button.

To prevent Twitter from collecting the above data on our website, log out of Twitter before visiting our website. To prevent general access by Twitter to your data on our and other websites, you can exclude Twitter social plugins by using an add-on for your browser (e.g. Twitter Blocker).

For more information, please refer to Twitter's privacy policy https://twitter.com/de/privacy.

 

VII. Use of Cookies

Web analysis with Google Analytics  

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

 

VIII. E-mail contact

1. Description and scope of data processing

If contact is made via the provided e-mail address, the personal data of the user transmitted with the e-mail will be stored.

 

In this context, no data will be passed on to third parties. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data, if the user has given consent, is Art. 6 Para. 1 lit. a GDPR.

 

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves us solely for processing the contact. In the case of contact by e-mail, this is also the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

 

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

 

5. Right to object and erasure

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

 

To revoke your consent and object to storage, please send us an e-mail to datenschutz@experience-parts.de, a fax to 0213-1512505 or by post to komponentenwerk GmbH & Co. KG, Alte Ratinger Landstraße 23, 42489 Wülfrath.

 

All personal data stored in the course of contact will be deleted in this case.

IX. Email advertising with newsletter subscription

If you subscribe to our newsletter, we use the data required for this purpose or separately communicated by you to regularly send you our e-mail newsletter based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time and can do so either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address, unless you have expressly consented to further use of your data or we reserve the right to further data use, which is permitted by law and about which we inform you in this statement.

X. Payment services and payment procedures, credit check


1. Description and scope of data processing


For the payment of our products and services, you can choose between the payment options provided on the online marketplace or the Klarna invoice payment method offered by the financing service Klarna.
The data you enter for payment in the checkout process will primarily be processed within the framework of your order and the associated payment processing and, if necessary, passed on to third parties, in particular the payment service providers.
The data you provide for payment during the order process will be processed accordingly for payment processing and transmitted to the provider of the selected payment method.

For example, with the Klarna invoice payment method, Klarna checks and evaluates the customer's data and, if there is a legitimate reason, exchanges data with other companies and credit agencies. If the customer's creditworthiness is not guaranteed, Klarna can refuse to provide its service to the customer.


2. Legal basis for data processing


The legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR. At the same time, an additional legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.


3. Purpose of data processing


The processing of data within the scope of payment processing is particularly necessary for the provision of order processing on our website. It thus serves to fulfill a contract with the user or to carry out pre-contractual measures.
The implementation of business and customer-related internal security measures, for the purpose of minimizing and controlling the risks of money laundering and terrorist financing, serves to fulfill legal requirements under the Money Laundering Act.
The SCHUFA and/or Bürgel inquiries made in individual cases or measures for fraud prevention in the case of credit card transactions also serve to minimize the risk of payment default and prevent credit card misuse. In these purposes lies our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.


4. Duration of storage


The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. With regard to data collected for the fulfillment of a contract or for the implementation of pre-contractual measures, this is the case when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contracting party to comply with contractual or legal obligations, such as those arising from limitation periods for warranty claims or from tax retention obligations.


5. Right to object and erasure


Until the data is finally recorded by submitting the order, you can manually change the data, remove it from the input mask or change the payment method according to your wishes. Subsequently, processing is absolutely necessary for the processing of the order.

XI. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing exists, you can request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) any available information about the origin of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or

(4) if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You can demand that the controller immediately erase the personal data concerning you, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.

(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union law or Member State law to which the controller is subject.

(6) The personal data concerning you have been collected in relation to the offer of information society services pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 para. 1 GDPR, he shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist insofar as processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defense of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the controller.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

8. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.