1. Information on the collection of personal data
(2) The controller in terms of Art. 4 no. 7 of the EU General Data Protection Regulation (GDPR) is Brabus GmbH, Brabus-Allee, 46240 Bottrop, Germany, firstname.lastname@example.org (see the legal notice in our website). Our data protection officer is available under email@example.com or by postal letter to our company (please add “Att: Data Protection Officer“).
(3) When you contact us by email or contact form, we will store the data you have disclosed to us there (your email address, possibly your name and telephone number) to answer your questions. (Art. 6 subs.1 GDPR) We erase the data collected in this context when its storage is no longer necessary, or we restrict the processing of this data if statutory retention periods have to be observed.
(4) In case we have recourse to service providers which we have engaged to perform certain individual tasks in the context of the services we offer or in case we want to use your data for advertising purposes, we inform you about the details of the relevant processing activities below. In this context, we also inform you of the criteria which we have fixed for the duration of data storage.
2. Your rights
(1) As to the personal data concerning you, you are entitled to the following rights in the relationship with us:
− Right to information/ access (Art. 15 GDPR),
− Right to rectification or erasure (Art. 16 and Art. 17 GDPR),
− Right to restriction of processing (Art. 18 GDPR),
− Right to object to data processing (Art. 21 GDPR),
− Right to data portability (Art. 20 GDPR).
(2) Moreover, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 subs. 1 lit. e) GDPR (data processing in the public interest) or Art. 6 subs. 1 f) GDPR (data processing based on the weighing of interests), including profiling based on those provisions (Art. 21 GDPR). If you object to the processing, we will only continue to process your data if we can prove mandatory legitimate reasons for the processing that override your interests, rights and freedoms or when the processing serves to establish, exercise or defend legal claims.
(3) If you have given your consent to our processing of your personal data, you have the right to withdraw this consent at any time. The withdrawal of your consent is however without prejudice to the lawfulness of the processing of your personal data that has taken place until the time of your withdrawal. Moreover, the withdrawal is without prejudice to any further processing of this data which is based on another legal basis such as for compliance with legal obligations.
(4) Finally, you have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority.
(5) We kindly ask you to communicate your claims or declarations to the following address if possible: firstname.lastname@example.org.
3. Collection of personal data when you visit our website
(1) When you use our website for mere information purposes which means when you do not register or otherwise disclose or transfer information to us, we only collect the personal data which your browser transfers to our server. If you want to visit our website, we collect the following data which is necessary for us in technical respect to display our website to you and ensure its stability and security (the legal basis for this is Art. 6 subs. 1 sentence 1 lit. f) GDPR:
− IP address
− Date and time of the request
− Time zone difference compared to Greenwich Mean Time (GMT)
− Content accessed (specific page accessed)
− Access status / http status code
− Data volume transferred from time to time
− Website from which the request is made
− Operating system and its surface
− Language and version of the browser software
(2) In addition to the aforesaid data, cookies are stored on your computer when you use our website. Cookies are small text files which are allocated to the browser you use and stored on your hard drive and which provide the body which places the cookie (here: our company) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to generally render the Internet presentation of services more user-friendly and more effective.
- Session cookies (see b)
− Persistent cookies (see c).
b) Session cookies are automatically deleted when you close your browser. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. The use of session cookies is necessary so that we can make the website available to you. The legal basis for processing your personal data using session cookies is Art. 6 subs. 1 lit. f) GDPR. You may object to the use of session cookies, but please note that some functions of our website cannot be offered without cookies.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. With the help of cookies it is possible for us to track your usage behaviour and thereby improve our service for you. They should also enable you to optimize your surfing on our website. The use of persistent cookies takes place with your consent. The legal basis for data processing is Art. 6 subs. 1 a) GDPR. You can revoke your consent at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation. You can set your Internet browser so that our cookies cannot be stored on your end device or cookies that have already been stored are deleted. If you do not accept cookies, this can lead to restrictions in the function of the Internet pages.
With your consent, we also integrate cookies from third parties. In this case, the corresponding data packages are stored by third parties in your browser or transmitted to them. You can also generally prevent the use of third-party cookies by setting your browser accordingly. The legal basis for the processing of your personal data using third-party cookies is Art. 6 subs. 1 a) GDPR. Also in this case you can revoke your consent at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
The following third-party cookies are used:
- Google Analytics
- Google tag manager
- Google Maps
f) The flash cookies we use are not administered by your browser but by your flash plug-in. In addition, we use HTML5 storage objects which are stored on your terminal. These objects store the required data, regardless of the browser you use, and they do not expire automatically. If you do not want flash cookies to be administered, you have to install an appropriate Add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/en-US/firefox/addon/clear-flash-cookies/) or the Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects if you set your browser to private mode. We also recommend that you delete your cookies and the browser history manually at regular intervals.
4. Use of our web shop
(1) When you want to place an order in our web shop, it is necessary for the purposes of contract conclusion that you enter your personal data which we need for processing and executing your order. Required fields which are indispensable for executing the contracts are specifically marked, all other information is voluntary. We process the data you have disclosed to us for the purpose of executing your order. For this purpose, we may also transfer your payment data to our main bank. The legal basis for this is Art. 6 subs. 1 sentence 1 b) GDPR.
(2) You can also voluntarily open a customer account which enables us to store your data for subsequent purchase orders. If you create an account under “My account”, the data you enter there is stored until consent is revoked by you. You can delete all other data including your user account in the customer area at any time. We may also process the data you have entered to inform you about other interesting products from our portfolio or send you emails with technical information.
(3) We are obliged under commercial and tax law to store your address, payment and order data for a period of ten years. However, after expiry of [two years], we will restrict the processing of your data, i.e. your data is then used for no purpose other than compliance with the applicable statutory obligations. The legal basis for this is Art. 6 subs. 1 lit. 1 f) GDPR.
(4) To prevent unauthorised third-party access to your personal data, in particular your financial data, the order process is encrypted by means of TLS technology.
(1) You can subscribe to our newsletter by giving your consent and we will then inform you in the newsletter about our current interesting offers. The goods and services which are advertised in the newsletter are specified in the declaration of consent.
(2) To enable subscription to our newsletter, we use the so-called double opt-in procedure; this means that, after you have subscribed, we will send you an email to the email address you have entered in the subscription in which we will ask you to confirm that you want us to send you the newsletter. If you do not confirm your subscription within 24 hours, the data you have entered will be blocked and deleted automatically after one month. In addition, we also store the IP address you have used from time to time as well as the time of subscription and confirmation. The purpose of this procedure is to evidence your subscription and, where required, clarify any potential misuse of your data.
(3) The only required field to be filled in by you to enable transmission of the newsletter is your email address. The entry of any other specifically marked data is voluntary and we use such data to be able to address you personally. After you have confirmed the subscription, we will store your email address for sending you the newsletter. The legal basis for this is Art. 6 subs. 1 sentence 1 a) GDPR
(4) You may at any time revoke your consent to the transmission of the newsletter and unsubscribe. You can revoke your consent by clicking the link which is contained in every newsletter email or via this form on the website or by sending an email to [Newsletter@brabus.com] or by sending an appropriate message to the contact data stated in the legal notice on our website.
(5) Please be aware that we analyse your user behaviour when we send you the newsletter. For such purpose, the email sent to you contains so-called web beacons or tracking pixels which are one-pixel image files which are stored on our website. For analysing your user behaviour, we combine the data mentioned in § 3 and the web beacons with your email address and a personal ID. Also the links which you have received in the newsletter contain this ID. Based on the data we have obtained by these procedures, we prepare a user profile to tailor the newsletter to your personal interests. We thereby gather information about when you read our newsletters, which links you click and we conclude therefrom what are your personal interests. We combine this data with your activities on our website.
(6) You may at any time object to the tracking by clicking the special link which is contained in every email or by communicating your objection to us via any other contact channel. The information is stored as long as you stay subscribed to our newsletter. After you have unsubscribed, we will only store the data for mere statistical purposes and in anonymized form. The said tracking is also impossible when the standard settings of your email program are such that the display of images is generally deactivated. In this case, you cannot see the complete newsletter and you may possibly be unable to use all functions and features. When you activate the display of images manually, the aforementioned tracking is initiated.
6. Use of Google Analytics
(1) This website uses Google Analytics which is a web analysis service of Google LLC. (”Google”). Google Analytics uses so-called “cookies“ which are small text files that are stored on your computer and enable to analyse how you use the website. The information generated by the cookie about how you use this website is, as a rule, transferred to a server of Google in the USA and stored there. However, if the IP anonymisation feature is activated on this website, Google will shorten your IP address within the EU Member States or in other countries party to the Agreement on the European Economic Area before it is transferred. Only in exceptional cases will the full IP address be transferred to a server of Google in the USA and shortened there. Google, acting on instruction and behalf of the operator of this website, uses this information to analyse how you use the website, to compile reports about the website activities and render further services relating to the use of the website and the use of the Internet to the website operator.
(2) The IP address which is transferred by your browser in the context of Googly Analytics will not be combined with other data of Google.
(3) You can set your browser software to prevent the storage of cookies; please be aware that in this case you might be unable to use all functions and features of the website without restrictions. You can also prevent the collection and transfer of the data generated by the cookie regarding your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the supplementary feature “_anonymizeIp()“. This makes sure that only shortened IP addresses are processed further, which prevents IP addresses from being allocated to specific persons. This means that, if and to the extent the data collected from you refer to you personally, allocation of the data to you personally is prevented right from the beginning and the personal data is thus deleted immediately.
(5) We use Google Analytics to be able to analyse and continuously improve the use of our website. The statistics we gain thereby help us to improve our presentation and services and to offer you as the user a more interesting design. As to the exceptional cases where personal data is transferred to the USA, Google has agreed to respect and comply with the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 subs. 1 sentence 1 f) GDPR.
(6) Information provided by the third-party provider: Google LLC., 1600 Amphitheatre Parkway, Mountain View 94043 California, USA, Fax: +1 650 253 0001. User conditions: https://www.google.com/intl/de_de/+/policy/imprint.html policy privacy:
(7) This website uses Google Analytics also for the purposes of cross-device analysis of visitors, i.e. when they access the website from different terminals, which is implemented by means of a user ID. You can deactivate this analysis of your user behaviour in your customer account under “My data”, “personal data”.
7. Use of social media plug-ins
(2) We can neither influence the collected data or the data processing activities nor are we fully aware of the scope of data collection, the purposes of the processing or the duration of data storage. We do not know about the deletion of the collected data by the plugin provider either.
(3) The plug-in provider stores the data collected from you as a user profile and uses it for the purposes of advertising, market research and/or customized design of the provider’s website. This analysis serves in particular (also with regard to users who are not logged in) to provide customized advertising and inform other users of the social network about your activities on our website. You may oppose the preparation of these user profiles; if you want to exercise your right to oppose, you have to address your opposition to the relevant plug-in provider. We offer you the opportunity, via the plug-ins, to interact with the social networks and other users such that we can improve our presentation and services and offer you as the user a more interesting design. The legal basis for the use of plug-ins is Art. 6 subs. 1 sentence 1 f) GDPR.
(4) The data is transferred regardless of whether or not you have an account with the plug-in provider or are logged in there. When you are logged in to the plug-in provider, the data we have collected from you is directly allocated to your account with the plug-in provider. When you click the activated button and, for instance, place a link on the page, the plug-in provider will store this information in your user account, too, and will also publicly communicate this information to your contacts. We therefore recommend that you always log out after you have used a social network and especially before you activate the button because thereby you can prevent the allocation of the information to your profile with the plug-in provider.
(5) Further information on the purpose and scope of data collection and data processing by the plug-in provider is available in the privacy policies of the providers at the addresses listed below. They also contain further information on your rights and the possible settings to protect your privacy.
(6) Addresses of the relevant plug-in providers and URL and the information they provide on privacy:
(a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://facebook.com/policy.php; further information on data collection is available at https://www.facebook.com/privacy/explanation. Facebook has agreed to respect and comply with the EUUS Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(c) Instagram LLC, 1601 Willow Rd Menlo Park CA 94025 USA, https://help.instagram.com/155833707900388
(d) d) YouTube LLC, 901 Cherry Ave San Bruno, CA 94066 USA, https://policies.google.com/privacy?hl=de&gl=de
8. Facebook Fanpages
(1) We use Facebook to attract more attention to our own offerings and to stay in touch with customers. Facebook is a web-based platform of Facebook Ireland Limited, based in Ireland, which is developed to run a social network. By setting up a page on the Facebook platform we process the following statistical data of users:
Page activity and interaction (the total number of unique people who interacted with the page, broken down by type of interaction such as “Like” for the page and “Like” net (after subtracting the removed likes, as well as the location where the likes for our likes were made, the number of page recommendations, the number of clicks on the contact information and the call-to-action button on the page) Post coverage (the total number of individuals who have seen our page and posts, the number of people for whom the post was provided)
Further details about Facebook Insights can be found at: https://www.facebook.com/help/pages/insights
A general description of how Facebook processes the data collection and what data is involved can be found in:
For complete data guidelines, please click on the following link: https://www.facebook.com/full_data_use_policy
f you are logged in to Facebook, Facebook can save further data about your surfing behavior. You can minimize this information when you log out of Facebook. You can find more information here: https://www.facebook.com/about/privacy We use the statistics provided by Facebook to make contributions more attractive and effective. For example, we use the distribution by age and gender for a correct approach and preferred visiting times of the users for a time-optimized planning of our posts. Through information about the type of devices used by the visitors, the contributions can be visually and creatively adapted to the respective device. The described data processing takes place on the basis of the legitimate interests of BRABUS GmbH according to Art. 6 l f) DSGVO.
(3) Internal jobs, for example to provide the content of page Facebook as the operator of the platform collects information about their users and information related to the Facebook services. Such information includes, for example information about which products Facebook uses, what types of content are viewed and with which people the interaction occurs. The information is used to advertising cradles, providing, personalizing and improving products, providing measurements, analysis and other company services. When using the Facebook Fan page, please also take note of the data protection information of Facebook Inc. at the following link: https://www.facebook.com/privacy/
(4) ) Facebook Inc. is based in the USA. We cannot exclude the transmission and further processing of your personal data as operator of the Facebook fan page. In order to safeguard data protection compliant processing within the meaning of General Data Protection Regulation, Facebook Inc. has submitted to the EU-US Privacy shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
(5) Data of the usage analysis are saved by us pseudonymized for a maximum of 24 month. How long Facebook stores your data is currently unknown.
(6) ) You can disagree to this data processing by Facebook at any time, in which you no longer subscribe to our Facebook page (by selecting the functions “I do not like this page” and / or “Do not subscribe to this page” you can break your user profile to our fan page). The possibility to contradict the individual –above mentioned– data processing operations can be found here: https://www.facebook.com/settings?tab=ads
9. Integration of YouTube videos
(1) We have integrated YouTube videos in our online presentation which are stored at http://www.YouTube.com and can be started and played back directly from our website. All videos are integrated in an “enhanced data protection mode” which means that no data concerning you as the user is transferred to YouTube if you do not play back the videos. Only when you play back the videos, the data mentioned in subs. (2) will be transferred to YouTube. We cannot influence this data transfer.
10. Integration of Google Maps
(1) We use the services of Google Maps on our website. This enables us to show you interactive maps directly on our website and thus enables you to comfortably use the maps feature.
(3) Further information on the purpose and scope of data collection and data processing by the plug-in provider is available in the provider’s privacy policies which also contain further information on your rights and the possible settings to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data also in the USA and has agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
11. Security measures
(1) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood of risk realization and the varying severity of the risks for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of security appropriate to the risk.
(2) These measures include in particular but are not limited to the ability to ensure the confidentiality, integrity and availability of data by controlling physical access to the data as well as actual data access, data entry, data transfer, and the ability to ensure data availability and data separation. In addition, we have established procedures which ensure the protection of the rights of data subjects, the erasure of data and reaction to an endangerment of the data. Moreover, we consider the protection of personal data already in the development and/or selection of hardware, software and processes, according to the principle of data protection by design and by default (Art. 25 GDPR).
12. Cooperation with processors and third parties
(1) Where we disclose, transfer or otherwise grant access to, data to other persons and companies (processors or third parties) in the context of our data processing, this is in all cases done on the basis of a statutory authorisation (e.g. where the transfer of data to third parties such as payment services providers is necessary for contract performance according to Art. 6 subs. 1 b) GDPR, or when you have given your consent to the processing, or the processing is necessary for compliance with a legal obligation or the processing is carried out for the purposes of our legitimate interests, e.g. when we engage agents, web hosting companies etc.).
(2) When we engage third parties to process data based on a so-called contract for data processing on behalf, this is done on the basis of Art. 28 GDPR.
13. Transfer to third countries If we process data in a third country, i.e. a country outside the European Union (EU) or the European Economic Area (EEA) or such data processing in a third country occurs in the context of services provided by third parties engaged by us or in the context of disclosure or transfer of data to third parties, this is done only if this is required for the performance of our (pre-)contractual duties or based on your consent or to comply with a legal obligation or for the purposes of our legitimate interests. Subject to any existing statutory or contractual authorisations, we only process data, or have data processed, in a third country if the special requirements under Art. 44 et seqq. GDPR are satisfied. This means that the processing is based, for instance, on special safeguards such as the official recognition that the data protection level in the third country satisfies EU standards (which is for instance the case with the “Privacy Shield” for the USA) or on compliance with special officially recognized contractual obligations (so-called standard contractual clauses).