Data Privacy Policy

This Data Privacy Policy is translated from German. The German wording shall be decisive. In case of any inconsistencies between the German and the English wording, the German wording shall therefore prevail. This agreement shall be governed by the laws of the Federal Republic of Germany.

You find the German Policy here: https://shop.wiest-autohaeuser.de/datenschutz/

As Autohaus J. Wiest & Söhne GmbH (hereinafter: “the company”, “we” or “us”), we would like to inform you (hereinafter: “you”, “visitor” or “customer”) in the following about data processing and storage and at the same time comply with the legal obligations, in particular from the European Data Protection Regulation (hereinafter: GDPR).

In our data protection information, we inform you transparently about the type, scope, purpose, duration as well as the legal basis of the processing of personal data when using our website within the meaning of Art. 13 and 14 GDPR. Personal data is all data that can be related to you personally, e.g. IP address, name, address, GPS data, telephone number, e-mail address and user behavior. Explanations of further technical terms of the GDPR can be found in the section “Definitions”.

Our privacy notices apply in particular to our website, as well as our presences on social media platforms (e.g. our Facebook fan page).

This data protection notice can be accessed at any time https://shop.wiest-autohaeuser.de/datenschutz/.

For better clarity and transparency, we have structured the content for you as follows:

Table of Contents

1. General information

1.1 Person responsible for data processing in the sense of Art. 4 No. 7 GDPR

Name:                      Autohaus J. Wiest & Söhne GmbH
Street:                      Hilpertstraße 6
Postal Code City: D-64295 Darmstadt
Tel:                            +49 (0) 6151 864-0
Email:                      kontakt@wiest-autohaeuser.de

1.2 Contact details of the data protection officer

Questions about data protection, the processing of your personal data and your rights and claims under data protection law can be sent by e-mail to datenschutz@wiest-autohaeuser.de or directly to our external data protection officer at:

Dr. Sebastian Skradde
Attorney at Law/External Data Protection Officer
Zollstockgürtel 67
50969 Cologne
info@skradde.com

Primarily, the legal bases of the GDPR (Regulation (EU) 2016/679) form the legal basis for the processing of personal data. This is available at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We process your personal data in accordance with the following legal bases of the GDPR:

  • Art. 6 para. 1 p. 1 lit. a GDPR: Based on your consent for the processing of your personal data for specific purpose fulfillment, e.g. when subscribing to our newsletter.
    • Art. 6 para. 1 p.1 lit. b GDPR: In the context of pre-contractual obligations as well as contract performance, the processing of your data is necessary. Ex: Processing of your order in our webshop, shipping processing via an external shipping service provider.
    • Art. 6 para. 1 p. 1 lit. c GDPR: If a legal obligation exists. We may be obliged to process your data due to a legal obligation. Ex.: Obligations under tax law to retain data, legal obligation to document consent given for data processing.
  • Art. 6 para. 1 p.1 lit. f GDPR: To protect our legitimate interests, which does not restrict your fundamental rights and outweighs your interests. Ex: security measures to protect our website, customer-friendly design of our internet presence.

The processing may also be based on several of the aforementioned legal bases. You will be informed about the specific legal bases in the relevant sections.

In addition to the regulations of the GDPR at EU level, national data protection regulations of member states may also apply on the basis of specification clauses. In Germany, these include in particular:

1.4 Data subject rights

According to the GDPR, you as a data subject have the following rights with regard to your personal data:

  • Right to information,
  • Right to correction or removal,
  • Right to restriction of processing,
  • Right to data transferability,
  • Right of revocation,

If you have given your consent to the processing of your personal data, you may revoke it at any time. Such revocation will affect the permissibility of the processing of your personal data after you have expressed it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.

  • Right to object,

You may object to data processing that is carried out on the basis of a balance of interests pursuant to Art. 6 (1) p. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time.

  • You have the right to complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 GDPR.

The data protection supervisory authority responsible for us is:

Hessian Commissioner for Data Protection and Freedom of Information.
P.O. Box 3163
65021 Wiesbaden
poststelle@datenschutz.hessen.de

1.5 Data security/ TSL encryption

We use the widespread TSL (Transport Socket Layer) procedure in conjunction with the highest encryption level supported by your web browser to call up our website. As a rule, this is a 256-bit encryption. You can see whether the individual web pages of our website are transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your web browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

1.6 Duration of storage of personal data

In our data protection information, you will find details on the duration of the storage of your personal data, as well as from which point in time the data will be blocked or deleted. If no explicit storage period is specified for the respective data processing, the personal data will be stored until the purpose is achieved or the legal basis for the storage no longer applies, unless the storage is provided for by legal regulations to which we are subject (e.g. retention periods of tax law (§ 147 AO) or commercial law (§ 257 HGB)). The storage period of personal data for verification and documentation obligations is generally 3 years. If the purpose of the data processing is achieved before then, the personal data will be blocked and deleted after the legal obligations have expired.

1.7 Transmission of personal data

In the course of processing your personal data, it may be transmitted as well as disclosed to natural or legal persons (companies), authorities, institutions or other bodies. The recipients include, for example, IT service providers, payment service providers, banking institutions, tax advisors, lawyers, collection agencies or tax authorities. The transfer of your data may also take place within our group of companies.

If we use external service providers to process your data, they are carefully selected, bound by our instructions and subject to regular monitoring. In certain cases, we and the external service provider may also share responsibility for data processing. Likewise, your data may be collected by the external service providers under their own responsibility.

You will receive more detailed information when you provide your personal data as well as in the following within the framework of this data protection notice.

1.8 Data processing and transfer to third countries

Processing or transfer may also take place in so-called third countries, i.e. outside the European Economic Area (EEA). This is the case, for example, if the company headquarters or server location of the recipient is located there. Third countries are e.g. the USA, but also Great Britain.

According to Art. 44 GDPR, a level of protection comparable to the GDPR should be ensured when processing or transferring personal data to a third country.

The European Commission has certified an adequate level of data protection to some third countries (e.g. Switzerland, Canada, Argentina, Israel) by so-called adequacy decisions according to Art. 45 GDPR. You can access a list of these third countries and the adequacy decisions at: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

We would like to point out that the European Court of Justice (ECJ, 16.7.2020 – C-311/18 “Schrems II”) has declared the EU Commission’s adequacy decision on the EU-US Privacy Shield invalid. Therefore, data transfers to the US cannot be based on the Privacy Shield.

In the absence of an adequacy decision, appropriate safeguards for the protection of the data subject must be provided to compensate for the lack of data protection in a third country. Art. 44 et seq. GDPR contain a catalog of legal measures to ensure adequate safeguards.

To ensure an adequate level of data protection, the European Commission has published, among other things, so-called standard contractual clauses, which are based on an implementing decision of the EU Commission. These model clauses contain suitable guarantees within the meaning of Art. 46 (1) sentence 1 lit d GDPR. By including the standard data protection clauses in contractual agreements, the contracting parties undertake to comply with the European level of data protection when processing personal data, even if the data is stored, processed and managed in third countries. The decision and the corresponding standard contractual clauses are available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

We provide information on the details in the respective sections of this privacy notice.

2. Cookies

We use so-called cookies on our website. These are data records that are created when you visit our website and stored on your end device (laptop, tablet, smartphone or similar). When you visit our website again, the information in the data records is sent back to the server and then evaluated. In cookies, information is stored that arises in each case in connection with the end device used. This does not mean, however, that we gain immediate knowledge of your identity.

Storage of and access to information in accordance with the TTDSG:
In principle, your consent is required for the storage of cookies on your terminal device in accordance with § 25 (1) TTDSG. Consent is not required if this is absolutely necessary for the provision of a telemedia service expressly requested by you, § 25 para. 2 no. 2 TTDSG. Cookies are considered technically necessary if certain components (e.g. our webshop) or functions (e.g. payment function of the webshop) of our website cannot be executed if they are omitted.

With regard to their function, a distinction is made between cookies:

  • Technically necessary cookies: these cookies are mandatory for the display of the website, the provision and use of basic functions and to ensure a high security standard. No information about you is processed for marketing purposes.
    Examples:
    • Shopping cart cookie to store the products selected in our web store.
    • Basically cookies that are deleted after closing a web browser (so-called session cookies).
    • Cookies for security measures, e.g.: Cookies that detect repeated failed login attempts and thus protect against identity theft;
    • Cookies to store preferences essential for the use of our website (e.g. language selection, country of website access);
    • User input cookies: temporary storage of input.
  • Non-essential cookies: these include advertising cookies, targeting cookies, integration of third-party content and services. These are used, for example, to integrate interest-based advertising and services from third parties on our website or to measure the reach or success of these integrated offers.

Processing of personal data according to the GDPR:
If personal data (e.g. IP address) is processed with and/or after the storage of cookies, the requirements of the GDPR must be complied with for this processing. In particular, the data processing is carried out on the basis of a legal basis according to Art. 6 para. 1 p. 1 lit. a – f GDPR (see section: Relevant legal bases).

Storage period:
With regard to the storage period, a distinction is made between session cookies and permanent cookies. Session cookies are deleted again as soon as you close your web browser. Permanent cookies are stored beyond the individual session. These cookies automatically recognize when you call up a website again via your web browser and process the stored data. These cookies are automatically deleted after a defined time in each case.

Objection options:
Most web browsers accept cookies automatically. However, you can configure your web browser so that no cookies are stored on your end device or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

You can restrict or completely prevent the setting of cookies in your browser settings. If cookies have already been set, you can arrange for them to be deleted automatically when you close the browser window. You can find out how to delete cookies in the most common web browsers and change the cookie settings here, among other things:

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
Apple Safari: https://support.apple.com/kb/ph21411?locale=de_DEMicrosoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

General note on consent:
If you have expressly consented to the use of cookies, the storage and processing of personal data will be carried out in accordance with Art. 6 para. 1 p. 1 lit. a GDPR and § 25 para. 1 TTDSG. This applies in particular to the use of advertising or targeting cookies. You can revoke this consent at any time.

Via our Cookie Consent Tool, you have the option to make settings regarding your cookie preferences (see also section Cookie Consent Tool). That is, with the exception of technically necessary cookies, you can prevent the use of individual or all cookies or revoke consent. You can find more information under this link: Cookies & Settings insert as well as in this privacy policy.

Used Cookies

Essenziell

Essenzielle Cookies ermöglichen grundlegende Funktionen und sind für die einwandfreie Funktion der Website erforderlich.

WooCommerce

NameWooCommerce
Offererowner of this website
purposeHelps WooCommerce detect when cart content/data changes. Contains a unique code for each customer, so WooCommerce knows where to find the cart data in the database for each customer. Allows the customers to hide the shop notifications.
Cookie Namewoocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_, woocommerce_recently_viewed, store_notice[notice id]
Cookie runtimeSitzung / 2 Tage

WPML

NameWPML
Offererowner of this website
purposeSaves the current language.
Cookie Name_icl_*, wpml_*, wp-wpml_*
Cookie runtime1 Tag

Delivery country setting

NameDelivery country setting
OffererWIEST Autohäuser GmbH
purposeSaving the delivery country selection to correctly display the VAT of that country.
Data protectionhttps://shop.wiest-autohaeuser.de/datenschutz/
Host(s)shop.wiest-autohaeuser.de
Cookie Nameaelia_customer_country
Cookie runtimeSitzungsende

Statistiken

Statistik Cookies erfassen Informationen anonym. Diese Informationen helfen uns zu verstehen, wie unsere Besucher unsere Website nutzen.

Google Analytics

NameGoogle Analytics
OffererGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
purposeGoogle cookie for website analysis. Generates statistical data about how the visitor uses the website.
Data protectionhttps://policies.google.com/privacy?hl=en
Cookie Name_ga,_gat,_gid
Cookie runtime2 Jahre

Marketing

Marketing-Cookies werden von Drittanbietern oder Publishern verwendet, um personalisierte Werbung anzuzeigen. Sie tun dies, indem sie Besucher über Websites hinweg verfolgen.

Google Tag Manager

NameGoogle Tag Manager
OffererGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
purposeGoogle cookie to control advanced script and event handling.
Data protectionhttps://policies.google.com/privacy?hl=en
Cookie Name_ga,_gat,_gid
Cookie runtime2 Jahre

Google Tag Manager / Google Ads

NameGoogle Tag Manager / Google Ads
OffererGoogle LLC
purposeGoogle cookie to control advanced script and event handling. In our case for Google Ads Conversion Tracking. To record the orders that come from Google Ads.
Data protectionhttps://policies.google.com/privacy?hl=en
Host(s)www.googletagmanager.com

Externe Medien

Inhalte von Videoplattformen und Social-Media-Plattformen werden standardmäßig blockiert. Wenn Cookies von externen Medien akzeptiert werden, bedarf der Zugriff auf diese Inhalte keiner manuellen Einwilligung mehr.

TrustedShops

NameTrustedShops
OffererTrustedShops GmbH
purposeShow reviews to products bought from customers.
Host(s)widgets.trustedshops.com

Google Maps

NameGoogle Maps
OffererGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
purposeWird zum Entsperren von Google Maps-Inhalten verwendet.
Data protectionhttps://policies.google.com/privacy
Host(s).google.com
Cookie NameNID
Cookie runtime6 Monate

3. Provision of our website

3.1 Log files/ Hosting

When you call up our website, the web browser you use automatically sends information to the servers on which our website is hosted. The following information is temporarily stored in so-called log files:

  • Anonymized IP address of the requesting end device,
  • Time and date of access,
  • name and URL of the accessed file (referrer URL),
  • browser used and, if applicable, the operating system of the end device.

The IP address is anonymized at server level before being stored in the log files. In the process, the last three digits of the IP address are replaced by a random value. According to the hoster’s own information, it is not possible to establish a personal reference.

Service providers/services:
Our website is hosted on the server systems (host server) of Raidboxes GmbH, Hafenstraße 32, 48153 Münster (hereinafter: Raidboxes).

Order data processing:
Raidboxes processes personal data on our behalf. Therefore, we have concluded an order processing contract with Raidboxes in accordance with Art. 28 GDPR.

Purpose:
The processing of this personal data serves to display and provide our website, to ensure the security and stability of the website and for administrative purposes.

Legal basis(s):
The storage of, as well as access to, information on the terminal device used is carried out in accordance with § 25 (2) No. 2 TTDSG. This is technically necessary for the provision of our website.

According to Art. 6 para. 1 p. 1 lit. f GDPR, we have a legitimate interest in data processing for the display and provision of our website, to ensure the security and stability of the website.

Further information on data protection at Raidboxes can be found at: https://raidboxes.io/legal/privacy/

3.2 Content Delivery System WordPress

A Content Delivery Network (CDN) is used for our website, which delivers the web content to the respective end device when our website is called up. A CDN shortens the loading times of web content (e.g.: Java script libraries, fonts, HTML, CSS or image files), as the files are transferred via fast servers that are close to the location or have a low load. For the delivery of the content, among other things, your IP address is transmitted.

Service provider/services:
Content delivery system WordPress by Automattic Inc, 60 29th Street #343, 94110 San Francisco, USA, (hereinafter: Automattic).

Purpose:
WordPress is one of the most popular content delivery systems. The purpose is the error-free provision and functioning of the website via an already known and established system, which has security and presentation advantages over a self-programmed website.

Legal basis(s):
The storage of, as well as access to, information on the terminal device used is carried out in accordance with § 25 (2) No. 2 TTDSG. This is technically necessary for the provision of our website.

The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest consists in an error-free function of the website, as well as in the interest of an appealing and fast presentation and a secure and optimized provision of our website.

Data processing and transfer to third countries:
Automattic has its corporate headquarters in the USA (third country) and stores the data on US servers. Automattic uses so-called standard contractual clauses according to Art. 46. para. 2 and para. 3 GDPR as the basis for data processing, respectively data transfer to a third country. The decision and the corresponding standard contractual clauses are available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information, please refer to the WordPress privacy policy: https://automattic.com/privacy/

3.3 Woocommerce

For our webshop we have integrated the WooCommerce plugin, a WordPress-based store system. The WooCommerce plugin (hereinafter: WooCommerce) is provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA.

WooCommerce offers us extensive design options and a high level of functionality for our webshop. In doing so, we can adapt the webshop to our individual requirements. For example, the most common payment methods and merchandise management systems can be integrated via an interface.

WooCommerce uses cookies and technologies, such as web beacons (invisible pixel files), which are set during your website visit. e.g.: cookies are set when you add an item to the shopping cart in the webshop. This cookie ensures that the item remains in the shopping cart as you proceed, even if you leave our website and return at a later time. In addition, we can show you the most recently accessed items.

Purpose:
The purpose of using the store system is to provide a user-friendly, professional and functional presentation of our web store. The aim is to provide you with simple and easy access to our offer, so that you can easily and quickly get to your desired products.

Legal basis(s):
The storage of, as well as access to, information on the terminal device used is carried out in accordance with § 25 (2) No. 2 TTDSG. This is technically necessary for the provision of our web store as well as the core components (presentation of goods on sub-pages, ordering process).

According to our own information, no personal data is stored or processed from our website visitors. We have a legitimate interest for the processing of the IP address according to Art. 6 Para. 1 lit. f GDPR. This consists of a customer-friendly shopping experience in our webshop, the storage of relevant data for contract preparation and processing, as well as the optimization of our webshop and service offering.

You can find more information about data protection with WooCommerce at https://automattic.com/privacy/ and general information about WooCommerce at https://woocommerce.com/

3.4 WPML

Our website is available in a German and English language version. You can change the language setting on our website using a selection button.

Services/Service Provider:
For the corresponding display, we integrate the plugin WPML of the company OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong, (hereinafter: WPML).

WPML sets cookies that recognize the user’s language selection and stores the selection during the website visit. Details of the cookies used can be found at https://wpml.org/documentation/support/browser-cookies-stored-wpml.

Purpose:
Due to the international nature (shipping abroad), the language customization option is required for English-speaking visitors to our website. The customer’s language selection is thereby to be stored during the entire visit to our website.

Legal basis(s):
The storage of as well as access to information on the terminal device used is carried out in accordance with § 25 (2) No. 2 TTDSG. For the provision of the telemedia service explicitly requested by you (Our Webshop), the cookies set are technically necessary for the bilingual display of our website as well as the storage of the language setting.

According to WPML, no personal data is processedhttps://wpml.org/documentation/privacy-policy-and-gdpr-compliance/#data-collected-by-the-wpml-plugin-and-add-ons-you-use.

Further information on data protection can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/.

When you call up our website, a so-called “cookie banner” is displayed due to the integration of a corresponding JavaScript code. This offers the possibility to give explicit consent for cookies/services requiring consent. The cookie consent tool ensures that cookies/services requiring consent are only loaded after you have given your consent.

Service Providers/Services:
We use the cookie consent tool Borlabs by Borlabs, Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.

Purpose:
The cookie consent tool also sets a technically necessary cookie that stores your cookie preferences for when you return to our website. For this purpose, an individual user ID, the language, the time and your cookie preferences are stored on the server side and by means of a cookie on the end device on the basis of the consent given. Personal user data is not processed here.

The purpose of the use is to obtain effective consent from our website visitors for cookies requiring consent and for cookie-based applications.

Legal basis(s):
The storage of information on the terminal device used takes place in accordance with § 25 (2) No. 2 TTDSG. For the provision of the telemedia service (website) expressly requested by you, the cookies set are technically necessary for obtaining and documenting cookie settings.

The legal basis for the processing of those data that are processed in the context of obtaining consent is Art. 6 para. 1 p. 1 lit. c GDPR. We are legally obliged to be able to prove that you have given your consent to the measurement procedure, Art. 7 (1) GDPR.

Storage period:
The cookies are stored until the consent granted is revoked. At the longest until the expiration of the respective cookie. The storage period of the respective cookies is indicated in the Cookie-Constent Tool: which you can access here:

Cookie Info &Settings

Further information on data protection can be found at Borlabs at https://de.borlabs.io/datenschutz/.

4. Contacting

As a visitor to our website, you have various options (contact forms, by e-mail, by telephone or by post) for making contact.

When contacting us, the data you voluntarily provide (time of contact, telephone number, IP address, name, e-mail address, address data, information about your request) will be stored and processed for the processing of your request.

In the context, the storage and processing of the data can take place via an e-mail service bar, our CRM software (Customer Relationship Management) or our host provider.

Purpose:
The purpose of the data processing is to process and respond to your request.

Legal basis(s):
The legal basis is Art. 6 para. 1 p.1 lit. a GDPR, if you have explicitly consented to data processing in the context of contacting us, e.g. via our contact form.

When you contact us, the processing of your data may be necessary according to Art. 6 para. 1 S.1 lit. b GDPR in the context of pre-contractual obligations as well as contract performance.

In addition, the data processing may be based on the legal basis Art. 6 para. 1 S.1 lit. f GDPR. Our legitimate interest is to offer interested parties and our customers various contact options, as well as quick accessibility for responding to concerns.

Storage period:
Your data will be deleted after the purpose has been achieved, the processing of your contact request. This depends on the circumstances that indicate that your request has been processed conclusively and the deletion does not conflict with any legal obligations to retain data. If there is no longer a legal reason to store the data, it will be deleted.

5. Customer account

During the registration process as well as when you use our website services, we store your IP address as well as the time of your respective activity on our website.

In our webshop you can create a customer account. In the registration process you have to provide the necessary personal data. Your access is only possible by entering the user name and the corresponding password.

To complete the registration process, you must “activate” your customer account. To protect against data misuse, we send an e-mail with an activation link to the e-mail address used during registration (double opt-in procedure). We then confirm the successful creation of your customer account by e-mail. [Please check:] If the customer account is not activated within 7 days, your specified data will be automatically deleted. In your customer account you can store certain personal data. The information can be viewed and changed by you at any time after registration.

Purpose:
As a registered customer, you have the possibility to place orders in our webshop conveniently and easily, as you can store the data required for the order process. Your customer account offers the possibility to view your orders as well as to save or change your contact data.

For the use of your data stored in the customer account for advertising purposes (e.g. newsletter dispatch), we will always obtain your additional express consent.

Legal basis(s):
The legal basis is Art. 6 para. 1 p.1 lit. a GDPR, if you consent to the processing of your personal data for the creation and management of your customer account. According to Art. 6 para. 1 p.1 lit. b GDPR, the data processing is necessary for the performance of our (pre-) contractual obligations, in particular for the performance of our contractual obligations and the processing of any warranty claims of our customers. According to Art. 6 para. 1 p.1 lit. c GDPR, as the data processing is based on our legitimate interest in protection against unauthorized use.

Storage period:
If you are no longer interested in your customer account, you can cancel it at any time. In the event that the customer account is terminated, we will delete the data stored there without delay, unless there are commercial or tax law reasons or other mandatory legal provisions within the meaning of Art. 6 para. 1 p.1. lit. c GDPR to the contrary. For this reason, it is your responsibility to save your data stored in the customer account in good time before the end of the contract in the event of termination.

6. Newsletter

You have the option to register for our newsletter on our website. If you register for our newsletter, we, or an external service provider commissioned by us, may process the following information (including personal data):

  • Contact data (e.g. e-mail address, telephone number).
  • Inventory data (e.g.: name, address data)
  • Usage data (e.g.: Date and time of registration, access times, page views, information on content interests)
  • Metadata (e.g.: IP address, device information, language settings)
  • Action data (e.g.: subscription, updates, unsubscription to the newsletter).

To subscribe to our newsletter, it is generally sufficient to provide your e-mail address. If necessary, we may ask you to provide additional information that enables a personal salutation in the newsletter or information that is specifically required for the respective newsletter campaign.

Purpose/Legal basis(s):
In the course of registering for the newsletter, you consent to the processing of your personal data in accordance with Art. 6 para. 1 p.1 lit. a GDPR. In the case of direct marketing, we may send existing customers advertising for similar products or services that have been advertised without prior consent in accordance with § 7 (3) UWG.

In addition, your explicit consent is required for the processing of measurement data (e.g.: click rates or opening rates). The legal basis for the processing of cookie and measurement data is your consent pursuant to Art. 6 para. 1 p.1 lit. a GDPR. The purpose of processing the cookie and measurement data (performance measurement) is to be able to track the success and reach of our newsletter.

In the event that consent is not required, the newsletter dispatch is based on the legitimate interest of professional customer communication and sales promotion with direct marketing, as well as the prevention of misuse of our newsletter in accordance with Article 6 para. 1 p.1 lit. f GDPR. We have a legitimate interest in being able to prove the consent you have given according to Art. 6 para. 1 S.1 lit. f GDPR.

Right of revocation:
You have the right to revoke your consent at any time with effect for the future and unsubscribe from the newsletter. You can revoke your consent simply by clicking on the link provided for this purpose in our newsletter. You can communicate your right of revocation of consent at any time to our contact details above, preferably by email to datenschutz@wiest-autohaeuser.de.

The personal data will be processed and stored until the revocation of consent, or the achievement of the purpose. For the exercise of our legitimate interest in documenting consent previously given, we store the e-mail address for up to three years after the exercise of your right of revocation. In that case, processing is limited to the purpose of providing evidence.

Deletion of personal data is possible at any time if the previous consent is confirmed at the same time.

A separate revocation of the processing of the cookie and measurement data is not possible. In this case, the consent to the entire newsletter mailing must be revoked, or it must be objected to.

Right of objection:
Insofar as the processing of your data is not covered by the consent, you have the right to object. You can send or inform us of your objection at any time (e.g. by e-mail to datenschutz@wiest-autohaeuser.de).

If the objection is to apply permanently for the future, e-mail address will be entered for this purpose in a so-called blocking list to exclude renewed registration and use of the newsletter.

We may commission an external service provider to send the newsletter. In the following section you will find further information about the service provider and the data processing.

7. Newsletter tracking – MailChimp

For the dispatch as well as the evaluation of newsletter campaigns, the automated e-mail dispatch or follow-up e-mails, we use the MailChimp service of the company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (hereinafter: MailChimp) back.

MailChimp stores your data provided as part of the newsletter registration. Among other things, the IP address and the date of registration are stored as proof of your registration. Your data will be entered in so-called mailing lists. In addition, your email address, name, physical address and demographic information, such as language or location are processed and stored.

This information is processed by Mailchimp for the purpose of sending e-mails as well as providing MailChimp services, e.g. analysis of newsletter campaigns. MailChimp also uses the transmitted data to improve its own services. For example, MailChimp can technically optimize the Newsletter dispatch or determine the regional user numbers.

Emails sent via MailChimp may contain so-called “web beacons” (invisible pixel files). These invisible pixel files are contained in the emails and are retrieved from Mailchimp’s servers when the email is opened. Therefore, an analysis of user reactions to our newsletter is possible. In this way, Mailchimp can recognize whether a newsletter has been opened, the time of opening the email and whether contained links have been clicked. With this data, usage profiles can be created. This data is stored and processed by MailChimp on their servers.

Order data processing:
Mailchimp processes personal data on our behalf. Therefore, we have concluded an order processing agreement in accordance with Art. 28 GDPR. In it, MailChimp undertakes to process the personal data only in accordance with our instructions. MailChimp offers such an order processing contract and included it as part of the General Terms and Conditions, available at: https://mailchimp.com/legal/data-processing-addendum/.

Purpose:
We use the services of Mailchimp to send, analyze and evaluate our newsletters. Based on the statistical collection and evaluation of results provided by Mailchimp, we can adjust future mailings to relevant content and targeted advertising.

Legal basis(s):
The storage of, as well as access to, information on the terminal device used takes place after your express consent in accordance with § 25 (1) TTDSG.

The data processing through the use of the services of MailChimp is based on your consent pursuant to Art. 6 para. 1 p.1 lit. a GDPR. In addition, the newsletter dispatch is based on the legitimate interest of professional customer communication and sales promotion with direct marketing according to Art. 6 para. 1 S.1 lit. f GDPR.

Data processing and transfer to third countries:
MailChimp has its corporate headquarters in the USA (third country) and stores the data on US servers. MailChimp uses so-called standard contractual clauses according to Art. 46. para. 2 and para. 3 GDPR as a basis for data processing, respectively data transfer to a third country. The standard contractual clauses of the EU Commission have been integrated as an addendum to the data processing, which automatically becomes part of the terms of use. The corresponding regulations are available in MailChimp’s data processing terms and conditions at :https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

Further information on data protection at MailChimp can be found at: https://mailchimp.com/legal/cookies/ and https://mailchimp.com/help/Mailchimp-european-data-transfers/.

8. Data processing in the performance of contractual obligations

In the context of the initiation, conclusion and performance of contractual relationships via our website, we process personal data.

This includes the following categories of data:

  • Inventory data; such as first name, last name, date of birth,
  • contact data; such as e-mail address, telephone number,
  • Contract data; such as information about orders placed, billing and delivery address,
  • Payment data; billing and payment data.

Purpose/Legal Basis(s):
The legal basis is Art. 6 para. 1 p.1 lit. a GDPR, if you voluntarily provide us with the data on the basis of the respective contractual relationship (e.g. in the customer account) and consent to the data processing.

The legal basis may also be Art. 6 para. 1 p.1 lit. b GDPR. The data processing is necessary for the performance of our (pre-) contractual obligations, our contractual obligations and the processing of any warranty claims arising from these contractual relationships.

8.1 Billbee

The processing of orders via our web store is carried out using the multichannel software of the company Billbee GmbH, Arolser Str. 10, 34477 Twistetal (hereinafter: Billbee). Billbee offers automation solutions and supports us in order processing, merchandise management.

Purpose:
Exclusively for the processing of customer orders, the necessary personal data (name, address, information of the orders and, if applicable, other personal data) are transmitted to Billbee and processed on our behalf.

Legal basis(s):
The transfer of personal data takes place insofar as this is actually necessary. According to Art. 6 (1) lit. b DSGV, the legal basis is the fulfillment of our obligations arising from the respective contractual relationship.

Order data processing:
Billbee acts on our behalf and processes the data relating to the orders exclusively on our instructions. This is based on the contract for commissioned processing (AVV) concluded in accordance with Art. 28 GDPR. Billbee uses other subcontractors for the execution of the order. A list of the subcontractors can be found in the sample GCU. A sample of the order processing contract can be found at: https://hilfe.billbee.io/article/748-muster-des-avvs-vertrag-zur-auftragsverarbeitung.

For more information, please visit https://www.billbee.io/rechtliches/datenschutz.

8.2 Payment processing via PayPal Plus

When processing payments, you can, among other things, use the services of the payment service provider PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: PayPal). If you select a payment option offered by PayPal, you will be redirected to a PayPal website as part of your order. For you, it is thereby recognizable that you are leaving our website and accessing external content. The collection, use and storage of your data there is the sole responsibility of PayPal as the site operator. 

The transmitted personal data are usually first name, last name, address, e-mail address, IP address, phone number, cell phone number or other data necessary for payment processing. Personal data necessary for payment processing is such data that is related to the respective order.

Automated decision making:
There is the possibility that PayPal independently transmits personal data also to credit agencies. This transmission takes place for purposes of identity and credit assessment. We have no influence on this decision-making and only receive the result of whether the payment has been made.

Responsibility:
PayPal does not act on our behalf, but processes the personal data on its own responsibility. There is no commissioned processing within the meaning of Art. 4 No. 8 GDPR. PayPal acts as an independent payment service provider and transfers the payment amount to our bank account based on your order. It cannot be ruled out that PayPal may pass on personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.

Purpose:
The transfer of data is suitable to facilitate payment processing and to prevent fraud.

Legal basis(s):
The legal basis for the data transfer may be your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. We also have a legitimate interest according to Art. 6 para. 1 p.1 lit. f GDPR to offer our customers an alternative to payment via bank transfer and thus to enable a speedy and secure alternative to contract processing. In this context, we pass on the personal data to PayPal, as this is necessary for the fulfillment of the contract, Art. 6 para. 1 p.1 lit. b GDPR.

Revocation options:
You have the option to revoke your consent to the processing of personal data at any time vis-à-vis PayPal. We would like to point out that a revocation does not affect personal data that must be processed, used or transmitted in order to process payments in accordance with the contract.

Notwithstanding this, you are also entitled to the right of revocation in accordance with the GDPR, see section Data subject rights.

Further information can be found in PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

9. Web analysis and marketing services

We use various web analysis services of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its subsidiary Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”) on our website.

Due to the integration of Google services, Google collects and processes personal data. According to Google’s own information, data such as the IP address, log data, location-based information, application numbers, cookies and similar technologies are processed. Google can create usage profiles based on the stored data and evaluate them for marketing purposes, market research and optimization and design of its own services. Information on the cookies provided can be found at https://policies.google.com/technologies/types.

Data processing and transfer to third countries:
Google’s parent company has its corporate headquarters in the USA (third country) and also stores data on US servers. Google uses so-called standard contractual clauses according to Art. 46 (2) and (3) GDPR as the basis for data processing, or data transfer to a third country. The standard contractual clauses of the EU Commission have been integrated into the provisions on data processing, which are part of the Terms of Use. For more information on the standard contractual clauses, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de and https://business.safety.google/adsprocessorterms/.  

We would like to point out that when you call up our website and log in to your Google account at the same time, further data may be added to your account and processed by Google. You can prevent this process by logging out of your Google account before accessing our website or by making the appropriate privacy settings in your Google account.

Information on data protection settings at Google can be found at: https://safety.google/privacy/privacy-controls/.

Below you will find further information on the services used.

9.1 Google Analytics

On our website, we use the web tracking tool Google Analytics from Google. Google Analytics uses cookies and web beacons (invisible pixel files), which are stored on your terminal device. Google processes the collected information on our behalf in order to evaluate your user behavior on our website and to compile reports on website activities. The purpose of our use of the tool is to analyze your user interactions on our website and to improve our offer through the statistics and reports obtained.

We use Google Analytics only with activated IP anonymization (“anonymize IP”). The information generated by the cookies and web beacons is transferred to Google servers, which are also located in the USA, and stored there. Due to IP anonymization, your IP address is truncated and incompletely transmitted by Google within member states of the European Union or in other contracting states of the EEA. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there.

Order processing according to Art. 28 GDPR:
We have concluded the “Google Ads Data Processing Terms” with Google for order processing pursuant to Art. 28 GDPR. The contractual partner is Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland. Google processes the data on our behalf in order to evaluate usage behavior on our website and to provide us with reports on website activity. Google may share this information if required to do so by law or if subcontractors process this data on Google’s behalf. In the context of order processing, Google is entitled to engage third parties. You can access a list of these companies at: https://privacy.google.com/businesses/subprocessors/

Legal basis(s):
The storage of, as well as access to, information on the terminal device used is based on your express consent in accordance with § 25 (1) TTDSG.

The legal basis for the processing of personal data described here is your express consent pursuant to Art. 6 para. 1 p.1 lit. a GDPR. The legal basis for the processing of those data that are processed in the context of obtaining consent is Art. 6 para. 1 S.1 lit. c GDPR. We are legally obliged to be able to prove that you have given your consent, Art. 7 (1) GDPR.

Storage period:
Your personal data will be deleted or anonymized after 14 months (shortest storage period).

Revocation options:
The revocation of your consent is possible at any time with effect for the future. This is possible by installing the following browser add-on from Google: http://tools.google.com/dlpage/gaoptout?hl=de.

In addition, you can revoke your consent to the use of cookies from Google Analytics at any time via our Cookie Consent Tool (see Cookie Consent Tool section).

You can find more information about Google Analytics and data protection at http://www.google.de/intl/de/policies/privacy/

https://privacy.google.com/businesses/adsservices/

 9.2 Google Ads and Google Conversion Tranking

We use the marketing tool Google Ads as well as the analysis tool Conversion Tracking from Google to evaluate the advertising campaigns. Google Ads can be used to display banner advertisements tailored to your interests in order to inform you about our products or our company. The advertisements are recognizable, for example, within search results of the Google search engine by the reference “Advertisement”.

If one of our Google ads is displayed to you and clicked on, a redirect to our website takes place. During this process, a cookie for conversion tracking is stored on your end device. The stored cookie allows Google and us to recognize that you were redirected to our website as a result of the Google ad. Likewise, the renewed visit to our website is recognizable for us and Google if the set cookie has not yet expired on the end device.

We use Google Ads with the additional application Google Conversion Tracking. This is a tool with which we can check the success of our Google Ads advertising campaigns and optimize future advertising campaigns. For this purpose, the advertisements are provided with a technical provision, e.g. an ID, with which we can determine how a user interacts after clicking on the advertisements and whether one of our services is actually used. This provides us with a statistical evaluation of the success of the ads (total number of users of our ads), which ads are particularly popular and, if applicable, further information about referrals to our offers.

Order processing pursuant to Art. 28 GDPR:
We have concluded the “Google Ads Data Processing Terms” with Google for order processing pursuant to Art. 28 GDPR. The contractual partner is Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland. Google processes the data on our behalf in order to evaluate your use of the website and to provide us with reports on website activity. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Within the scope of order processing, Google is entitled to commission third parties. You can access a list of these companies at: https://privacy.google.com/businesses/subprocessors/

Purpose:
By integrating Google Ads, we pursue the purpose of placing interest-based and targeted advertisements.

Legal basis(s):
The storage of as well as the access to information on the end device used takes place after your express consent in accordance with § 25 (1) TTDSG.

The legal basis for the processing of personal data is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can make the corresponding setting in the cookie consent tool used. The legal basis for the processing of those data that are processed in the context of obtaining consent is Art. 6 (1) lit. c GDPR. We are legally obliged to be able to prove that you have given your consent to the measurement procedure, Art. 7 (1) GDPR.

In addition, you can find more information at: https://privacy.google.com/businesses/adsservices/.

Please also read the general information on data processing and storage by Google.

9.3 Google Tag Manager

On our website, we use the Google Tag Manager as a tag management system. The Tag Manager facilitates the implementation of web analytics tools such as Google Analytics or Google Ads. With this online tool, we can centrally integrate and manage tags (e.g. tracking codes, conversion pixel files) on our website. The Google Tag Manager itself does not use cookies and no data storage takes place. The tags are set for web analysis tools that record your website visit as well as your interactions on our website. The analysis of the data itself is not possible with the Google Tag Manager.

Due to the settings in our Google Tag Manager, only anonymized data is transmitted to Google. This is data about our use of the Google Tag Manager. As far as we know, Google also uses the data collected in this way (anonymized) for its own purposes. In this respect, we refer to the privacy policy of Google.

Order processing pursuant to Art. 28 GDPR:
We have concluded the “Google Ads Data Processing Terms” with Google for order processing pursuant to Art. 28 GDPR. The contractual partner is Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland. Google processes the data on our behalf in order to evaluate your use of the website and to provide us with reports on website activity. Google may share this information where required to do so by law, or where subcontractors process the information on Google’s behalf. Within the framework of order processing, Google is entitled to commission third parties. A list of these companies can be found at: https://privacy.google.com/businesses/subprocessors/.

For more information on Google Tag Manager, please see the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.

10. Data protection information for our Facebook fan page and Facebook Insights

We have set up a fan page for our company on the Facebook platform (hereinafter: Facebook) of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: Meta Platforms). Meta Platforms provides us with analytics services, Facebook Insights, page statistics that offer us insights into how users of Facebook interact with us and with content associated with us. The statistics are generated based on certain events that are logged by Facebook servers when users interact with pages and their associated content.

Events are generated from various data resources:

  • These can be actions taken on Facebook (e.g..: Subscribe or unsubscribe to Page, comment, share or respond to Page post, hide Page post or report it as spam) or
  • Information about actions, the persons who took the action, and technical information about the browser or app used.

For these purposes, cookies are stored on the end devices of the users, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).

According to Meta Platforms, it may process the following personal data in particular:

  • Device information (e.g., browser type, operating system, language settings, cookie data; see under “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy);
  • IP address;
  • Demographic information (e.g., age, gender, country/city);
  • Events (e.g., tagging a page or post with “Like” or “Unlike,” subscribing or unsubscribing to a page, commenting on, sharing, or responding to a page post, hiding a page post or reporting it as spam, click behavior, page views; see under “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy);
  • Cookie data and similar technologies (e.g., web beacons).

The extent to which we process your personal data when you visit our Facebook fan page depends on whether you have a Facebook account as well as whether you are logged into Facebook during your visit. If you have a Facebook account, Meta Platforms can associate the data with your account and create corresponding usage profiles about you.

If you do not have a Facebook account set up and visit our Facebook fan page, Meta Platforms may also store personal data based on the use of cookies or similar technologies (e.g. web beacons).

For a listing of how personal data is processed, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Meta Platforms provides us with Facebook Insights only anonymized statistics based on events about the use of our fan page. Based on this data, the specific users of a particular interaction are not identifiable to us.

Joint responsibility according to Art.: 26 GDPR:
The personal data is collected by Meta Platforms and us as joint controllers within the meaning of Art. 26 GDPR. We have entered into a joint responsibility agreement with Meta Platforms. Available at: (https://www.facebook.com/legal/terms/page_controller_addendum).

Below we inform you about the essential information agreement according to Art. 26 para. 3 GDPR.

Primary responsibility of Meta Platforms:
The agreement stipulates that Meta Platforms is responsible for fulfilling the obligations arising from the GDPR for data processing:

  • Fulfillment of information obligations pursuant to Art. 12 and 13 GDPR.
  • Data subject rights (including the right to information or deletion, objection to data processing or a revocation of consent given) pursuant to Art. 15 to 21 GDPR, as well as the duty to provide information pursuant to Art. 33 GDPR and the right to information pursuant to 34 GDPR can be asserted directly against Meta Platforms.
  • Meta Platforms takes appropriate technical and organizational measures in accordance with Art. 32 GDPR to ensure the security of processing.

Information on the legal basis and the purposes of processing for Meta Platforms’ data processing can be found at: https://www.facebook.com/about/privacy/legal_bases.

Despite agreed primary responsibility Meta Platforms, you may of course also assert your data subject rights under the GDPR directly against us. Pursuant to the Agreement, we will promptly forward data subject requests to Meta Platforms via a provided form.

We are responsible for ensuring that our processing of Insights Data is only carried out on a legal basis and to protect our legitimate interests. In addition, you will find the respective information and contact details in the sections “Responsible party according to Art. 4 No. 7 GDPR”, and “Data protection officer”.

Purpose/Legal Basis(s):
The legal basis for the processing of personal data is your consent pursuant to Art. 6 (1) lit. a GDPR. In addition, we have a legitimate interest in measuring the reach of our advertising campaigns, our posts and other activities as well as our Facebook fan page and optimizing them for the future, Art. 6 (1) lit. f GDPR. This purpose is also pursued by the statistical evaluations of the interactions of Facebook users on our Facebook fan page.

Data processing and transmission to third countries:
Meta Platforms also processes and transfers personal data to the USA (third country). To ensure an adequate level of data protection, we have concluded an agreement that includes the standard contractual clauses. The agreement is available at: https://www.facebook.com/legal/EU_data_transfer_addendum;

Further information on data protection on the Facebook platform can be found at: https://www.facebook.com/about/privacy;

Information as described in the Facebook Privacy Policy under “What types of information do we collect?” is available at: https://www.facebook.com/policy.

Information on the use of cookies and similar technologies is contained in the Cookie Policy of Meta Platforms: https://www.facebook.com/policies/cookies/

11. Plugins and integration of content from external service providers

We integrate additional services and content (hereinafter: external services) from external service providers on our website. In principle, the necessary data is retrieved from the servers of the respective service provider when activating, or using the external services. During this process, the IP address may be processed by the respective external service provider.

We would like to point out that when external services are integrated, so-called “web beacons” (invisible graphics) may be used for statistical or marketing evaluation.

In addition, pseudonymous information may be stored in cookies on your terminal device and contain technical information about your web browser as well as your operating system, websites or visit time as well as other information about the use of our online offer. In addition, it is possible that this information may also be combined with information from other sources.

When using the services of third parties, the terms and conditions as well as the data protection information of the respective providers apply, which can be found on the respective website or transaction applications.

11.1 Google Maps

On our website, we use the map service Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google collects and processes personal data through the integration of Google services. According to Google’s own information, data such as the IP address, log data, location-based information, application numbers, cookies and similar technologies are processed. By calling up the website, Google receives the information that you have called up the corresponding sub-page of our website. If you are logged into your Google account during this time, your data will be linked to your Google account. If you wish to prevent this association, you must log out of your Google account before activating Google Maps.

Purpose:
Google Maps allows us to show you interactive map views directly on our website and enable you to conveniently use the map function, e.g. for route planning.

Legal basis(s):
The legal basis for the use of the maps is Art. 6 para. 1 p. 1 lit. a GDPR, i.e. the integration only takes place after your consent.

Data processing and transfer to third countries:
Google’s parent company has its corporate headquarters in the USA (third country) and also stores data on US servers. Google uses so-called standard contractual clauses according to Art. 46. para. 2 and para. 3 GDPR as the basis for data processing, or data transfer to a third country. The EU Commission standard contractual clauses have been integrated into the provisions on data processing.

Further information on the purpose and scope of data collection, its processing and further information on privacy settings options: https://policies.google.com/privacy

Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Settings for the display of advertisements: https://adssettings.google.com/authenticated.

11.2 Google reCAPTCHA Service

We use the captcha service “reCAPTCHA” from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland to check form entries. So-called captcha services can detect whether form entries are made automatically by a computer program (bots). The data processed includes IP addresses, location information if applicable, as well as information on operating systems, device information or browser information. Likewise, data about visiting times on websites, previously accessed websites may be collected and processed. There is a possibility that the data may be merged by Google with other Google services.

Automated decision-making:
Google determines automatically whether it is a human input based on the determination of a score value. Only if the input reaches a certain score value, the input is evaluated positively and sent.

Legal basis(s):
The legal basis for the use of the cards is Art. 6 para. 1 p. 1 lit. a GDPR, i.e. the integration only takes place after your consent.

According to Art. 6 para. 1 p. 1 lit. f GDPR, we have a legitimate interest in the data processing for the protection of the website and our service offer against automated abuse attacks.

Data processing and transfer to third countries:
Google’s parent company has its corporate headquarters in the USA (third country) and also stores data on US servers. Google uses so-called standard contractual clauses according to Art. 46. para. 2 and para. 3 GDPR as a basis for data processing, respectively data transfer to a third country. The EU Commission standard contractual clauses have been integrated into the provisions on data processing.

Further information on the purpose and scope of data collection, its processing and further information on privacy settings options: https://policies.google.com/privacy  

Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Settings for the display of advertisements: https://adssettings.google.com/authenticated.

11.3 Aelia EU VAT Assistant plugin

For the indication and calculation of the applicable national VAT rate in our webshop we use the plugin Aelia EU VAT Assistant by Aelia, Diego Zanella, Sandgasse 15-19/1/2, 1190 Vienna, Austria.

In our webshop as well as during the order processing you can, respectively have to select the country of delivery. Based on your selection, the Aelia plugin calculates the applicable taxes and calculates the item price accordingly. The plugin sets corresponding session cookies to store the selection of the delivery country during the visit of our webshop as well as the order processing.

Purpose:
The purpose is to specify and calculate the corresponding national taxes that are incurred when shopping through our webshop. This is necessary for contract processing with contractual partners outside Germany

Legal basis(s):
The storage of, as well as access to, information on the terminal device used is carried out in accordance with § 25 (2) No. 2 TTDSG. For the provision of our website and the core components (calculation of national VAT) technically necessary.

No personal data is passed on to Aelia.

11.4 Trustbadge and buyer protection from Trusted Shops

We integrate the Trustbadge, or the Trusted Shops Widget and the services advertised with it (“Trusted Shops Buyer Protection”) of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, (hereinafter: Trusted Shops) into our website.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and for error analysis.

When you call up the Trustbadge, the web server automatically saves a so-called server log file and documents the call-up. The log file also contains your IP address, date and time of the retrieval, transferred data volume and access data of your provider. The purpose of storing the data in a security database is to check for security anomalies.

After order completion, your e-mail address, which is hashed by cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops’ overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Art. 6 para. 1 p. 1 lit. f GDPR. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will be given the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.

Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.

Joint responsibility according to Art. 26 GDPR:
Together Trusted Shops we are jointly responsible for data protection according to Art. 26 GDPR. We inform you in the following about the essential contractual contents according to Art. 26 (2) GDPR within the scope of this data protection notice.

Joint responsibility:
Within the scope of the joint responsibility existing between us and Trusted Shops GmbH, please preferably contact Trusted Shops GmbH in case of data protection questions and to assert your rights using the contact options provided in the data protection information linked below. Irrespective of this, however, you can always contact the responsible person of your choice. Your inquiry will then be passed on to the further responsible party for answering, if necessary.

Legal basis(s):
For the display of the trust badge, or the Trusted Shops widget, the processing of your IP address is technically necessary. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our overriding legitimate interests lie in the offer of buyer protection and the presentation and advertising with customer reviews.

Further information on data protection can be found at: https://legal.trustedshops.com/privacy  

12. Definitions

Our data protection information is based on the following definitions of Art. 4 GDPR:

“Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or sound recordings may also contain personal data).

“Processing” (Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. acquisition), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended purpose on which a data processing was originally based.

“Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor” (Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.

“Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor; this also includes other group-affiliated legal entities.

“Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given indication of his or her wishes in the specific case, in an informed manner and unambiguously in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data concerning him or her.

13. Up-to-dateness and amendment of this data protection declaration

This data protection declaration is currently valid and has the status December 2022. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print the current data protection declaration at any time on the website at https://shop.wiest-autohaeuser.de/datenschutz/.

Shopping Cart
Scroll to Top