I. General information
- This policy applies to the online store operating at the following URL: www.autoeuro-teile.de.
- The owner of the online store and the Administrator of personal data is the company: PHU "AUTO-EURO TEILE" Łukasz Konopka, Zalesie 52, 08-500 Ryki, NIP: 5060043599, REGON: 060201884.
- The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the owner of the company.
- Contact e-mail address of the online store Administrator and Data Administrator: firstname.lastname@example.org.
- Contact telephone number of the Website Administrator and Data Administrator: +49 176 75897461.
- The administration of your personal data takes place mainly in the online store in relation to data provided voluntarily when submitting inquiries and placing orders.
- The online store www.autoeuro-teile.de performs the functions of obtaining information about users and their behavior in the following way:
- By voluntarily entering data in forms that are entered into the Administrator's systems,
- By saving cookies on end devices (so-called "cookies").
- As a matter of principle, we only collect and use personal data of our users insofar as this is necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
- Personal data is only collected if you voluntarily provide it to us as part of your order. We use the data provided by you without your consent only to process your order. After completion of the contract and full payment for the goods, your data will be blocked for further use and deleted after the expiry of the tax and commercial data storage period, unless you have expressly consented to the further use of your data.
- Legal basis for the processing of personal data:
- Provided we obtain the data subject's consent to the processing of personal data, the legal basis is Article 6 (1) (a) GDPR,
- When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures,
- Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis,
- In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis,
- If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing.
- Data deletion and storage duration:
- The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
II. Purposes of personal data processing
- Fulfillment of product orders - To order a product, the Customer must provide his/her personal data in one of the order steps: Name, Surname, Address, Postal code, City, Telephone number, E-mail. Optional data is provided: Date of birth and company data: NIP, company name. These data are required so that the online store staff can accept your order for delivery.
- Handling inquiries via the contact form - To obtain information regarding orders, the customer uses the contact form, providing his/her contact details in the form fields: Name and surname, E-mail address, Telephone number. The form is available in the "Contact" tab in the online store.
- Adding an opinion about a product - The customer voluntarily provides his/her personal data: E-mail address, name and surname for the purpose of submitting an opinion about the product. This is an option for people who have already purchased this product in our store
- Subscription to the newsletter - In order to receive information about promotions and new products, the Customer voluntarily subscribes to the newsletter when creating a customer account.
- The owner of the online store with the address www.autoeuro-teile.de provided his contact and location details in the "Contact" tab, i.e.: Company headquarters address, Telephone numbers, E-mail address, Location on the map, Contact form. This data was made available for the purpose of submitting inquiries about products by our potential customers and finding our location. Therefore, we do not use databases of e-mail addresses and telephone numbers for any form of personal data processing other than contact with the customer.
III. Transfer of personal data
- When sending parcels via forwarding companies, we provide these companies with your data, i.e. name and surname, home address, telephone number and e-mail address. The data will be transferred to our designated shipping service providers and, where necessary, to processors (company employees, including drivers) so that they can complete the shipment and communicate with you for information and tracking purposes.
- Insofar as data processing is necessary to fulfill the contractually agreed delivery of goods, the legal basis is: Article 6 (1) (b) GDPR. In addition, the legal basis for the associated data processing is Article 6 (1) (f) GDPR (balancing of interests, based on our interest in enabling you to have a smooth delivery at the best possible times for you).
- We delete all of the aforementioned data at the latest after the statutory warranty period has expired, unless applicable law obliges or entitles us to further storage of the data.
- In order to process the payment, we transfer your data for the payment ordered to a credit institution (bank) or other payment service selected in the ordering process.
IV. Payment processing via the provider PayPal
- Personal data provided when placing an order are necessary to identify the person who placed the order. These data are: Name and surname, Residential address, Telephone number and E-mail address. They are verified by the owner of the online store.
- PayPal - allows payment methods:
- payment using funds in your account,
- payment via credit card linked to the user's account.
V. Provision of the website and creation of log files
- Legal basis for data processing:
- The legal basis for the temporary storage of the data and the log files is Article 6 (1) (f) GDPR.
- Purpose of data processing:
- Temporary storage of the IP address by the system is necessary to enable the website to be displayed on the user's computer. For this purpose, the user's IP address must remain saved for the duration of the session,
- Saving in log files takes place to ensure proper operation of the website. In addition, we use data to optimize the website and ensure the security of our IT systems. We do not use the data collected here for marketing purposes. Our legitimate interest in data processing according to Article 6 (1) (f) GDPR also lies in these purposes.
- Duration of storage:
- The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended,
- If the data is stored in log files, this is the case after seven days at the latest. Any further storage is possible. In this case, the users' IP addresses are deleted or alienated so that they can no longer be assigned to the accessing client.
- Opposition and removal option:
- The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.
VI. Selected data protection methods used by the Administrator
- The places of logging in and entering personal data are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login details entered in the store are encrypted on the user's computer and can only be read on the target server.
- Personal data stored in the database are encrypted in such a way that only the Administrator who has the key can read them. Thanks to this, the data is protected in the event of the database being stolen from our server.
- User passwords are stored in hashed form. The hash function works in one direction - it is impossible to reverse its operation, which is currently the modern standard for storing users passwords.
- The online store administrator periodically changes his administrative passwords to improve the quality of security.
- In order to protect data, the Administrator regularly makes backup copies.
- An important element of data protection is the regular updating of all software used by the Administrator to process personal data, which in particular means regular updates of programming components.
- The online store called www.autoeuro-teile.de is hosted (technically maintained) on the server of the hosting company: www.cyberfolks.pl.
- Registration details of the hosting company: H88 S.A. with its registered office in Poznań, Franklina Roosevelta 22, 60-829 Poznań, entered into the National Court Register by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number 0000612359, REGON 364261632, NIP 7822622168, share capital PLN 210,000.00 fully paid.
- The hosting company:
- uses data loss protection measures (e.g. disk arrays, regular backups),
- applies adequate measures to protect processing sites in the event of fire (e.g. special fire extinguishing systems),
- applies adequate measures to protect processing systems in the event of a sudden power failure (e.g. double power supply paths, generators, UPS voltage maintenance systems),
- uses measures to physically protect access to data processing places (e.g. access control, monitoring),
- uses measures to ensure appropriate environmental conditions for servers as elements of the data processing system (e.g. control of environmental conditions, specialized - air conditioning systems),
- uses organizational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.),
- appointed a Data Protection Inspector.
- To ensure technical reliability, the hosting company keeps logs at the server level. The following may be saved:
- resources identified by the URL identifier (addresses of requested resources - pages, files),
- query arrival time,
- time of sending the response,
- name of the client station - identification carried out via the HTTP protocol,
- information about errors that occurred during the HTTP transaction,
- URL address of the page previously visited by the user (referrer link) - if the page was accessed via a link,
- information about the user's browser,
- IP address information,
- diagnostic information related to the process of self-ordering services via recorders in the online store,
- information related to the handling of e-mail addressed to the Hosting Administrator and sent by the Hosting Administrator.
VIII. Your rights and additional information about how your data is used
- In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform the contract concluded with you or to fulfill the obligations imposed on the Administrator. This applies to such recipient groups as authorized employees and collaborators who use the data to fulfill orders and check the operation of the online store.
- Your personal data are processed by the Administrator no longer than is necessary to perform related activities specified in separate regulations (e.g. on accounting). With regard to marketing data, the data will not be processed for longer than 3 years.
- You have the right to request from the Administrator:
- access to your personal data,
- their corrections,
- processing restrictions,
- and transfer of personal data.
- You have the right to object to the processing of your personal data for the purposes of legitimate interests pursued by the Administrator, including profiling. However, the right to object will not be possible if there are valid legitimate grounds for processing, interests, rights and freedoms that override you, in particular the establishment, exercise or defense of claims.
- You may lodge a complaint against the Administrator's actions to the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
- Providing personal data is voluntary, but necessary to operate the online store.
- Activities involving automated decision-making may be undertaken in relation to you, including profiling, in order to provide services under the concluded contract and for the purpose of conducting direct marketing by the Administrator.
- Personal data is not transferred to third countries within the meaning of personal data protection regulations. This means that we do not send them outside the European Union.
IX. Information in forms
- The online store www.autoeuro-teile.de collects information provided voluntarily by the user, including personal data, if provided.
- This online store may save information about connection parameters (connection time, IP address).
- This online store, in some cases, may save information in the form that facilitates the linking of data with the e-mail address of the user completing the form. In this case, the user's email address appears inside the URL of the page containing the form.
- The data provided in the form is processed for the purposes resulting from the function of a specific form. The data is sent in order to process a service request, make business contact between a store customer and a seller, or register a customer in the store. The description of the form fields clearly informs what a specific field is used for.
X. Description and scope of data processing
- Every time our website is called up, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
- Information about the browser type and the version used,
- The user's operating system,
- The user's Internet service provider,
- The user's IP address,
- Date and time of access,
- URL addresses of the websites through which the user's system reached our website,
- URL addresses of the websites that your system accesses through our website.
- The log files contain IP addresses or other data that enable assignment to a user. This could be the case, for example, if the link to the website from which the user came to the website or the link to the website to which the user switched contains personal data.
- The data is also stored in the log files of our system. This does not affect the user's IP addresses or other data that enable the data to be assigned to a user. This data is not stored together with other personal data of the user.
XI. Online store Administrator logs and hosting Administrator logs
- Information about user behavior on this website may be subject to logging in to the back-end of the online store and the hosting back-end, i.e. the place where it is physically maintained. This data is used to administer it.
XII. Important marketing techniques
- The hosting administrator uses remarketing techniques that allow advertising messages to be tailored to the user's behavior in the store, which may give the illusion that the user's personal data is used to track him, but in practice, no personal data is transferred from the hosting administrator to advertising administrators. The technological condition for such activities is to enable cookies.
- The hosting administrator uses a solution that examines user behavior by creating "heat maps" and recording behavior on the store. This information is anonymized before it is sent to the Service Administrator so that he does not know which natural person it concerns. In particular, entered passwords and other personal data are not recorded.
XIII. Information about cookies
- Cookies (so-called "cookies") are IT data, in particular text files, which are stored on the website User's end device and are intended for using subpages and plug-ins of this website. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.
- The entity that places cookies on the end device of the User of this website and obtains access to them is the Administrator of the website.
- Cookies are used for the following purposes:
- maintaining the website user's session (after logging in), thanks to which the user does not have to re-enter the login and password on each subpage,
- achieving the objectives set out in the "Important Marketing Techniques" section above.
- This websitee uses two basic types of cookies: "session cookies" and "persistent cookies". "Session" cookies are temporary files that are website on the User's end device until logging out, leaving the website or turning off the software (web browser). "Permanent" cookies are website on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
- Software for browsing websites (web browser) usually allows cookies to be stored on the User's end device by default. Website users can change settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help or documentation of your web browser.
- Cookies placed on the end device of the User of this website may also be used by entities cooperating with the Website Administrator, in particular the following companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA).
XIV. Managing cookies - how to express and withdraw consent in practice?
- To manage cookie settings, select the web browser you use from the list below and follow the instructions contained in the browsers' technical documentation:
- Internet Explorer,
XV. Legal basis and revocation
- Legal basis:
- The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR,
- We use all other tools, especially those for marketing purposes, on the basis of your consent in accordance with Article 6 (1) (Sentence 1) (a) . Data processing using these tools only takes place if we have received your prior consent.
- Obtaining your consent:
- The data processing is necessary in order to provide you with the legally required consent management and to comply with our documentation obligations,
- The legal basis for using the consent management tool is Article 6 (1) (Sentence 1) (f) GDPR, based on our interest in fulfilling the legal requirements for cookie consent management.
XVI. Withdraw your consent or change your selection
- You can revoke your consent for certain tools at any time. There you can also change the selection of the tools you want to consent to use, as well as additional information on the cookies and the respective storage period.
XVII. Rights of the data subject
- You are always entitled to the rights of the data subject formulated in (Art. 15 - 21, Art. 77 GDPR):
- Right to withdraw your consent,
- Right to object to the processing of your personal data (Art. 21 GDPR),
- Right to information about your personal data processed by us (Art. 15 GDPR),
- Right to correction of your incorrectly stored personal data (Art. 16 GDPR),
- Right to erasure of your personal data (Art. 17 DSGVO)
- Right to restrict the processing of your personal data (Art. 18 GDPR),
- Right to data portability of your personal data (Art. 20 GDPR),
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
- To exercise the rights described here, you can contact us at any time. This also applies if you want to receive copies of guarantees confirming the adequate level of data protection. If the appropriate legal requirements are met, we will comply with your request.
- Your requests to assert your data protection rights and our responses to them will be kept for documentation purposes for up to three years and, in individual cases, for the purpose of asserting, exercising or adjudicating legal claims. The legal basis is Article 6 (1) (Sentence 1) (f) GDPR, based on our interest in defending against any civil law claims under Article 82 GDPR, avoiding fines under Article 83 GDPR and fulfilling our accountability under Article 5 (2) GDPR .
XVIII. Data security
- We use appropriate technical and organizational security measures to protect your data against accidental or intentional use, partial or total loss, destruction or unauthorized access by third parties. Our security measures are constantly improved in line with technological developments.
Contact to the administrator: mobile phone +49 176 75897461 , e-mail: email@example.com