Privacy policy

PRIVACY POLICY (Datenschutzerklärung)

V-Car-Tech GmbH

Online Shop

This Privacy Policy applies additionally to your orders placed through our website. In all other respects, the provisions of our Privacy Policy for the visit and use of our website apply; those provisions can be found there.

NAME AND CONTACT DETAILS OF THE DATA CONTROLLER

(§ 5 TMG / Art. 13 GDPR (DSGVO))

These data protection notices apply to data processing by:

Data Controller (Verantwortlicher):

V-Car-Tech GmbH

Obere Lichtenplatzer Straße 336

42287 Wuppertal

Germany

Represented by the Managing Director: Dipl. Wirt.-Ing. Gert Cöllen

Email: support@v-car-tech.com

Phone: +49 (0) 202 / 560 - 388

COLLECTION AND STORAGE OF PERSONAL DATA, AND THE NATURE AND PURPOSE OF ITS USE FOR ORDERS PLACED THROUGH OUR WEBSITE

You can place orders on our website either as a guest, without registering, or register as a customer in our shop for future orders. Registration has the advantage that, in the event of a future order, you can log into our shop directly with your email address and password without having to re-enter your contact details.

Your personal data is entered into an input form, transmitted to us, and stored. When you place an order via our website, we collect the following data in the first instance, both in the case of a guest order and in the case of registration in the shop:

-   Salutation, first name, last name

-   A valid email address

-   Postal address

-   Optional: telephone number (landline and/or mobile)

The collection of this data serves the following purposes:

-   to identify you as our customer;

-   to process, fulfil, and handle your order;

-   for correspondence with you;

-   for invoicing;

-   for the handling of any existing liability claims and the assertion of any claims against you;

-   to ensure the technical administration of our website;

-   to manage our customer data.

During the order process, your consent to the processing of this data will be obtained.

Data processing occurs upon your order and/or registration and is, pursuant to Art. 6(1)(1)(b) GDPR (DSGVO), necessary for the purposes stated for the appropriate handling of your order and for the mutual fulfilment of obligations arising from the purchase contract.

The personal data collected by us for the processing of your order will be stored until the expiry of the statutory retention period and then deleted, unless we are obliged to retain it for a longer period pursuant to Art. 6(1)(1)(c) GDPR (DSGVO) due to tax and commercial retention and documentation obligations (under HGB, StGB, or AO), or unless you have consented to further storage pursuant to Art. 6(1)(1)(a) GDPR (DSGVO).

DISCLOSURE OF DATA

Your personal data is disclosed by us to third parties exclusively to the service partners involved in the processing of the contract, such as the logistics company commissioned with delivery and the credit institution commissioned with payment matters. In cases where your personal data is disclosed to third parties, the scope of the data transmitted is limited to the necessary minimum.

Your personal data will not be transmitted to third parties for purposes other than those stated above.

We will only pass your personal data on to third parties if:

-   you have given your express consent to do so pursuant to Art. 6(1)(1)(a) GDPR (DSGVO);

-   the disclosure is necessary pursuant to Art. 6(1)(1)(f) GDPR (DSGVO) for the assertion, exercise, or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;

-   in the event that there is a legal obligation for disclosure pursuant to Art. 6(1)(1)(c) GDPR (DSGVO); and

-   this is legally permissible and required pursuant to Art. 6(1)(1)(b) GDPR (DSGVO) for the processing of contractual relationships with you.

During the order process, your consent to the passing of your data to third parties will be obtained.

USE OF PAYMENT SERVICE PROVIDERS

To process your order, we work with the following payment service providers. In the context of payment processing, we pass your order data — restricted to the purpose of payment — to the payment service provider you have selected, insofar as this is necessary for payment processing. The following payment service providers are available for payment. The legal basis for the transfer of data is Art. 6(1)(1)(b) GDPR (DSGVO) in each case.

Google Pay

If you choose the "Google Pay" payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment is processed via the "Google Pay" application by charging a payment card stored with Google Pay or a verified payment system (e.g. PayPal) stored there.

For the purpose of payment processing, the information provided by you during the order process, together with information about your order, is transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, with which a payment made is verified. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a one-time valid numeric token. In all transactions via Google Pay, Google acts solely as an intermediary to process the payment transaction. The execution of the transaction takes place exclusively in the relationship between the user and the originating website by charging the payment method stored with Google Pay.

For information about the processing of your personal data by Google and your rights, please refer to their privacy policy at:

www.payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

Shop Pay

We offer payment by Shop Pay on our website. This is a service of Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shop Pay"). For payment processing, the information provided by you during the order process is passed on to Shop Pay.

The data protection notices for Shop Pay can be found here:

www.shopify.com/legal/privacy

Apple Pay

If you choose the "Apple Pay" payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" feature of your iOS, watchOS, or macOS device by charging a payment card stored with Apple Pay.

For the purpose of payment processing, the information provided by you during the order process, together with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored with Apple Pay for the purpose of executing the payment.

Apple stores anonymised transaction data, in particular the purchase amount, the approximate date and time, and the indication of whether the transaction was completed successfully. Anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.

Further information about data protection for Apple Pay can be found at the following internet address:

www.support.apple.com/en-us/HT203027

PayPal

If you select payment via "PayPal" (by credit card, direct debit, or by invoice via PayPal), you will be redirected via an interface directly to the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") after confirmation of the conclusion of the contract, where you can enter your payment details, select your preferred PayPal payment method, and then complete the payment. We draw your attention to the fact that PayPal's privacy policy applies in this context. For information on the processing of your personal data by PayPal and your rights, please refer to the PayPal Privacy Statement at:

www.paypal.com/en/webapps/mpp/ua/privacy-full

We note for the avoidance of doubt that, if PayPal is to make advance payments, PayPal reserves the right to carry out a credit assessment on the basis of its legitimate interest in determining your creditworthiness (Art. 6(1)(1)(b) GDPR (DSGVO) in each case). For this purpose, PayPal may pass your payment data on to credit agencies. The result of the credit assessment in relation to the statistical probability of default may contain probability values (so-called score values) calculated using scientifically recognised mathematical-statistical methods, in the calculation of which address data is included, among other things. Your legitimate interests are, according to PayPal, taken into account in accordance with the statutory provisions. For more information, in particular about your rights, please refer to the applicable PayPal Privacy Statement at:

www.paypal.com/en/webapps/mpp/ua/privacy-full

EPS (Electronic Payment Standard)

EPS is a service of PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria. If you select this payment provider, no personal data is collected by a third party other than the Austrian bank at which the relevant account is held. When you select this payment method and your Austrian bank, you are connected directly to the online banking portal of that bank.

For more information on data processing by EPS, please see:

https://eps-ueberweisung.at/de/datenschutzhinweis/

Klarna

For the processing of your order, we also work with the online payment service provider Klarna AB, Sveavägen 46, 11134 Stockholm, Sweden, postal address Germany: Postfach 900162, 90492 Nuremberg (hereinafter "Klarna").

If you select the payment method "Klarna - Purchase on Account" (Klarna - Kauf auf Rechnung) in our online shop and grant the required consent, various personal data is automatically transmitted to Klarna. The data transmission is for the purpose of processing the payment and for identity and credit verification by Klarna. The legal basis is your consent (Art. 6(1)(1)(a) GDPR (DSGVO)).

The personal data transmitted to Klarna typically includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, and other data necessary for the processing of an invoice or instalment purchase, in particular the transmission of payment information such as bank details, card number, expiry date, and CVC code.

Klarna also passes your data on to affiliated companies (Klarna Group) and service providers or subcontractors, insofar as this is necessary for the fulfilment of contractual obligations or if data is to be processed on a commissioned basis. To decide on the establishment, performance, or termination of a contractual relationship, Klarna collects and uses data and information about your past payment behaviour as well as probability values for your future behaviour (so-called scoring). The calculation of the scoring is carried out on the basis of scientifically recognised mathematical-statistical methods.

You have the option of revoking your consent to the handling of personal data at any time with Klarna. For details on data collection by Klarna, please refer to Klarna's privacy policy at:

www.cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

Visa

When paying by credit card (Visa), we pass your payment data on to Visa Inc. as part of the payment processing. For the European region, the responsible entity is Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, United Kingdom).

Visa also processes data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be associated with various risks for the lawfulness and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, in particular the USA) or for the transfer of data there, Visa uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR (DSGVO)). Standard Contractual Clauses are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, Visa undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses at, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

For more information about the data processed through the use of Visa, please refer to the privacy policy at:

https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html

Mastercard

When paying by credit card (Mastercard), we pass your payment data on to Mastercard Inc. as part of the payment processing. For the European region, the responsible entity is Mastercard Europe SA (Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium).

Mastercard also processes data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be associated with various risks for the lawfulness and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, in particular the USA) or for the transfer of data there, Mastercard uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR (DSGVO)). Standard Contractual Clauses are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, Mastercard undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses at, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

For more information about the data processed through the use of Mastercard, please refer to the privacy policy at:

https://www.mastercard.de/de-de/datenschutz.html

Maestro

When paying by debit card (Maestro), we pass your payment data on to Mastercard Inc. as part of the payment processing. For the European region, the responsible entity is Mastercard Europe SA (Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium).

Mastercard also processes data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be associated with various risks for the lawfulness and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, in particular the USA) or for the transfer of data there, Mastercard uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR (DSGVO)). Standard Contractual Clauses are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, Mastercard undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses at, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

For more information about the data processed through the use of Maestro/Mastercard, please refer to the privacy policy at:

https://www.mastercard.de/de-de/datenschutz.html

American Express

We use American Express, a globally operating financial services provider, on our website. The service provider is the American company American Express Company. For the European region, the responsible entity is American Express S.A. (Avenida Partenón 12-14, 28042 Madrid, Spain).

American Express also processes data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be associated with various risks for the lawfulness and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, in particular the USA) or for the transfer of data there, American Express uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR (DSGVO)). Standard Contractual Clauses are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, American Express undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses at, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

For more information about the data processed through the use of American Express, please refer to the Privacy Policy at:

https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklaerung/

DATA SUBJECT RIGHTS (Betroffenenrechte)

You have the right:

-   pursuant to Art. 15 GDPR (DSGVO), to request access to your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from you directly, and the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;

-   pursuant to Art. 16 GDPR (DSGVO), to request without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data stored by us;

-   pursuant to Art. 17 GDPR (DSGVO), to request the erasure of your personal data stored by us, insofar as the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;

-   pursuant to Art. 18 GDPR (DSGVO), to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful but you refuse its erasure, and we no longer need the data but you require it for the establishment, exercise, or defence of legal claims, or you have lodged an objection to processing pursuant to Art. 21 GDPR (DSGVO);

-   pursuant to Art. 20 GDPR (DSGVO), to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of this data to another controller;

-   pursuant to Art. 7(3) GDPR (DSGVO), to withdraw your consent once given at any time. This means that we may no longer continue the data processing based on that consent in the future; and

-   pursuant to Art. 77 GDPR (DSGVO), to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual place of residence, your place of work, or our registered office for this purpose.

RIGHT TO OBJECT (Widerspruchsrecht)

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(1)(f) GDPR (DSGVO), you have the right pursuant to Art. 21 GDPR (DSGVO) to object to the processing of your personal data, insofar as there are grounds relating to your particular situation, or if the objection is directed against direct marketing. In the latter case, you have a general right to object which will be implemented by us without specification of a particular situation.

If you wish to exercise your right of withdrawal or your right to object, a simple email to support@v-car-tech.com is sufficient.

DATA SECURITY (Datensicherheit)

During your visit to the website, we use the widely used SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, we fall back on 128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form is indicated by the closed key or padlock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.