Data protection is very important to us. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the above-mentioned portal. This declaration describes how and for what purpose your data is collected and used and what choices you have in relation to personal data.
1. Data controller
The data controller for the collection, processing and use of your personal data within the meaning of the GDPR is:
AL-KO Vehicle Technology Group GmbH
Ichenhauser Str. 14
Telephone: + 49 (8221) - 970
2. Data Protection Officer
If you still have any questions or concerns about data protection, please contact our Data Protection Officer:
AL-KO Vehicle Technology Group GmbH
Ichenhauser Str. 14
3. Personal data
Personal data is information about factual or personal circumstances of an identified or identifiable natural person. This includes, for example, your name, your telephone number, your address and all continuance data that you provide to us during registration and when creating your customer account.
3.1 Source and type of the personal data we process
We process personal data that we receive from you in the course of our business relationship. In addition we process – insofar as is necessary for the provision of our service – personal data that we have legally received from other companies of the AL-KO Vehicle Technology Group GmbH or from other third parties (e.g. for the fulfilment of orders, for the performance of contracts or on the grounds of consent given by you). On the other hand we process personal data that we have legally obtained from publicly accessible sources and which we are permitted to process.
3.2 Collection, processing and use of your personal data
Data protection is very important to us. Therefore, we strictly adhere to the legal provisions of the GDPR and Germany’s Telemedia Act when collecting, processing and using your personal data. We collect, store and process your data for the entire processing of your purchase, including any subsequent warranties, for our services, technical administration and our own marketing purposes. Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent. The service providers we use for order processing, for example (such as carriers, logistics providers, banks), receive the data necessary for orders and order processing. The data thus disclosed may only be used by our service providers for the fulfilment of their task. For your order we need your correct name, address and payment details. We need your e-mail address so that we can confirm receipt of your order and communicate with you. We also use this for your identification (customer login). Furthermore, you will receive your order and dispatch confirmation via your e-mail address. Your personal data will be deleted if there are no legal obligations to retain it and if you have asserted a claim for deletion, if the data is no longer required to fulfil the purpose for which it was stored or if its storage is not permitted for other legal reasons.
3.3 Customer account
You can place orders as a guest or by creating a customer account. If you register with us on the website, we will set up password-protected direct access to your continuance data stored with us (customer account). Here you can view data about your completed, open and recently shipped orders and manage their data. You undertake to treat the personal log-in details confidentially and not to make them accessible to any unauthorised third party. We cannot accept any liability for misuse of passwords unless we are ourselves responsible for the misuse.
3.4 Contacting us
If you contact us (e.g. by service hotline or e-mail), we store your details for processing the enquiry and in case follow-up questions arise. We only store and use other personal data if you consent to this or if this is legally permissible without special consent.
4 Disclosure of personal data
The only third parties that we pass your personal data on to are service partners involved in the processing of the contract, such as the transport service provider commissioned with the delivery and the credit institution commissioned with payment matters.
4.1 Payment provider:
4.1.1 Mollie B.V.
If you choose one of the payment methods offered by the payment provider Mollie, the payment will be processed by the payment provider Mollie B.V., to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, IBAN, BIC, invoice amount, currency and transaction number, if applicable). Your data will be passed on in accordance with Art. 6 (1) lit. b GDPR exclusively for the purpose of payment processing with the payment provider Mollie B.V. Your data will only be passed on insofar as is actually necessary for processing the payment.
PayPal is an online payment provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties and also to receive payments. PayPal also accepts trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.
If you choose to pay by PayPal, you will be redirected to PayPal at the end of the ordering process. Your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.
The transfer takes place in accordance with Art. 6 (1) lit. b GDPR and only insofar as this is necessary for the payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. Personal data that is related to the respective order is also necessary for the processing of the purchase contract.
The purpose of transmitting the data is payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest for the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is for identity and credit checks.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
4.2 Credit checks and transmission to credit agencies
Before concluding a purchase contract, our credit rating service provider will carry out a credit check on you on our behalf. The processing of your data in the context of the credit check is based on Article 6 (1) lit. b and lit. f GDPR. In principle, our company has a legitimate interest in carrying out a credit check if you wish to select an unsecured payment method (instalment purchase/purchase on account). The credit check offers you a choice of different payment methods and at the same time our company can protect itself against default on payments on account and by direct debit. Credit checks also serve your and our security, as fraud and other crimes can be prevented.
As part of the credit check, our payment service provider checks all available data. This determines which payment methods can be offered to you for your order. Among other things, all previous orders in your customer account are checked. In addition, the system also checks whether the delivery address differs from the billing address, whether it is a new delivery address or whether the order is to be delivered to a Packstation. In addition to the data we hold, data from external service providers may also be required. For this purpose, we transmit the personal data required for a credit check (first name and surname, your address and, if applicable, your date of birth) to the following credit rating service provider:
Klarna Bank AB, German Branch, Chausseestraße 117, 10115 Berlin.
This credit rating service provider uses the aforementioned data transmitted by us as well as various internal and external credit agencies in order to make an appropriate assessment of your credit rating with regard to the respective order with the help of recognised mathematical-statistical procedures. In addition, the credit rating service provider uses the aforementioned data for the purpose of address verification or identity checks as well as for evaluations based thereon. Under certain circumstances, it may be possible to draw conclusions about hard negative features.
You have the right to request a human review of the automated decisions made as part of the credit check. You also have the right to express your own point of view and the right to challenge the decision. To do so, contact us in writing by post to the above address or by e-mail to email@example.com.
4.3 Transport service providers:
We work with external transport service providers (e.g. UPS) to deliver orders. They receive the following data from us for the execution of the respective order:
First name, last name, postal address
The legal basis for the processing is Art. 6(1) lit. b) GDPR.
5. General use of the website
5.1. Access data
We collect information about you when you use this website. We automatically collect information about your usage behaviour and interaction with us and record data about your computer or mobile device. We collect, store and use data about every access to our online content (‘server log files’). The access data includes the name and URL of the retrieved file, the date and time of the retrieval, the amount of data transferred, the notification of successful retrieval (HTTP response code), the browser type and version, the operating system, the referrer URL (i.e. the previously visited page), the IP address and the requesting provider.
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of the operation, security and optimisation of our online content, but also for the anonymous recording of the number of visitors to our website (traffic) as well as the extent and type of use of our website and services, as well as for accounting purposes in order to measure the number of clicks received from partners. This information allows us to provide personalised and location-based content and to analyse traffic, troubleshoot and improve our services. We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of a service or the billing of a service, e.g. if you use one of our offers. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links etc.).
5.2 Legal basis
We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
For the fulfilment of contractual obligations (Art. 6 (1) lit. b GDPR).
Personal data is processed (Art. 4 (2) GDPR) for the provision and procurement of company services, in particular for the execution of our contracts or pre-contractual measures with you and the completion of your orders as well as all activities required for operation and administration.
Further details of the purpose of the data processing can be found in the respective contract documents and the general terms and conditions.
For the purposes of legitimate interests (Art. 6 (1) lit. f GDPR)
We only process your data beyond the actual fulfilment of the contract insofar as is necessary to protect our legitimate interests or those of third parties. For example:
· Testing and optimising procedures for needs analysis and direct customer contact;
· Advertising or market and opinion research, insofar as you have not objected to the use of your data;
Assertion of legal claims and defence in legal disputes;
· Ensuring IT security and IT operations;
· Prevention and investigation of criminal offences;
· Measures for business management and further development of services and products.
Based on your consent (Art. 6 (1) lit. a GDPR)
Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Consent granted can be revoked at any time.
5.3. Google Analytics
We use Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses ‘cookies’, text files stored on your computer, to help the website analyse how users use the site. The information generated by the cookie about visitors’ use of this website is generally transmitted to a Google server in the USA and stored there.
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The IP address sent by your browser in the context of Google Analytics is not merged with other Google data. You can refuse to store cookies through the appropriate settings in your browser software; however, we must point out that in this case you may not be able to use all features of this website to their full extent.
You can also prevent the data generated by the cookie and relating to your usage of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en-GB. As an alternative to the browser plugin or for browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): Deactivate Google Analytics
5.4. Google Adwords
Our website uses Google conversion tracking. If you have accessed our website via an ad placed by Google, Google AdWords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Every Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are informed of the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users.
If you do not wish to participate in tracking, you can refuse to accept the cookie required for this – for example, by setting your browser to disable the automatic setting of cookies, or setting your browser to block cookies from Google lead services.
Please note that you must not delete the opt-out cookies if you do not want any measurement data to be recorded. If you delete all cookies in your browser, you must set the respective opt-out cookie again.
We use retargeting technologies from various providers. This enables us to make our online offer more interesting and tailored to you. Retargeting involves setting a cookie to collect pseudonymised interest data. Information about your surfing behaviour is collected anonymously for marketing purposes, stored in cookie text files on your computer and analysed using an algorithm. Targeted product recommendations can then be displayed to you as personalised advertising banners for our products on our partners' websites. This data will never be used to personally identify a visitor to this website. No direct personal data is processed and usage profiles are not combined with personal data.
The legal basis for this data processing is Art. 6 (1) (f) GDPR. By using targeting measures, we want to ensure that you are only shown advertising on your end devices for products that correspond to your actual or perceived interests.
If you no longer wish to receive personalised advertising banners for our products, you can object to this data collection and storage for the future as follows:
Clicking on the button displayed in each advertising banner will take you to the provider's respective website. There you will again be informed about how retargeting works and offered the option to unsubscribe (‘opt-out’). If you unsubscribe from a provider, a so-called ‘opt-out’ cookie is stored on your computer, which prevents the display of the respective provider’s advertising banners in the future. Please note that this opt-out can only be done from your computer and the respective ‘opt-out’ cookies must not be deleted from your computer.
The cookies used for retargeting purposes and the information they contain are stored for the period of time specified in the cookie and then automatically deleted.
5.6. Google Display & Video 360
Provided you give us your consent, we use the online marketing practice Google ‘Display & Video 360’ to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.). The data collected in this way is used by Display & Video 360 to link advertising contacts and clicks on advertisements with a resulting use of our website. This allows us to determine whether Internet users who have seen our ads visit our website and which products they are interested in. This helps us to create reports on advertising campaigns or to improve them.
Pseudonymous online identification numbers (online ID) such as cookie IDs, IP addresses, device IDs, advertising IDs / IDFAs (e.g. on Android or Apple smartphones) are used for data collection. The online IDs are truncated within member states of the European Union or in other signatories to the Agreement on the European Economic Area and are only transferred in full to a Google server in the USA and truncated there in exceptional cases. The above information may also be combined by Google with such information from other sources. When the user subsequently visits other websites, they can be shown ads tailored to their presumed interests based on their user profile.
User data is processed pseudonymously within the Google advertising network. Google therefore does not store or process users’ names or email addresses, for example. The relevant data relating to cookies is stored within pseudonymous user profiles. So, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without pseudonymisation. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.
5.7. Cookie consent with OneTrust
We use the cookie consent technology from OneTrust to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection-compliant manner. The provider of this technology is OneTrust, represented in two main offices in the USA and England: Atlanta, GA, USA (Co-Headquarters), 1200 Abernathy Rd NE, Building 600, Atlanta, GA 30328 United States, +1 (844) 847-7154 as well as London, England (Co-Headquarters), Dixon House, 1 Lloyd’s Avenue, London, EC3N 3DQ, +44 (800) 011-9778. When you enter our website, a OneTrust cookie is stored in your browser, which stores the consents you have given or the revocation of these consents.
The collected data will be stored until you request us to delete it or you delete the OneTrust cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
5.8 Facebook pixel
We use the so-called ‘Facebook pixel’ of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA to create so-called ‘Custom Audiences’. This serves the purpose of optimising our advertisements on the Facebook social network so that we only play relevant advertisements there and can measure the success of our Facebook advertising campaigns. The Facebook pixel allows Facebook to identify the visitors of these as a target group for the display of advertising on the Facebook social network.
A direct connection to the Facebook servers is established via the Facebook pixel implemented on this website when visiting this website. In the process, the fact of your visit to our website and which pages you have called up is transmitted to the Facebook server. In addition, individual information and parameters required to optimise our advertisements, to increase relevance and to measure success are transmitted. In particular, this is information about so-called ‘conversion events’ on this website (e.g. whether a registration or a purchase has taken place).
5.9 Google Tag Manager
Google Tag Manager is a solution from Google Inc. that enables marketers to manage website tags via a single interface. The tool tag manager itself, which implements the tags, is a cookie-less domain and does not collect any personal data. The tool releases other tags, which may collect data. Google Tag Manager does not access this data. If disabled at a domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
6. Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
We transmit your personal data in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can present security vulnerabilities. Complete protection of data from access from third parties is not possible.
To secure your data, we maintain technical and organisational security measures that we constantly adapt to the state of the art. We also do not guarantee that our content will be available at all times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
7. Retention period of personal data processed by us
Where necessary, we process and store your personal data for the duration of our business relationship including, for example, the preparation and conclusion of a contract. In addition, we are subject to various storage and documentation obligations dictated i.a. by the German Commercial Code (HGB) or the German Fiscal Code (AO). The storage or documentation periods specified therein are between two and ten years.
Finally, the storage duration is also dictated by the statutory periods of limitation which, for example, according to §§ 195 ff. of the German Civil Code (BGB) is generally 3 years, but in certain cases can also be up to thirty years.
8. Your rights as a data subject
In connection with the processing of personal data by AL-KO Vehicle Technology Group GmbH, you are entitled to data subject rights:
the right of access to your personal data stored by us (Article 15 GDPR), in particular you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the source of your data if it has not been collected directly from you;
the right to have inaccurate data rectified or to have correct data completed (Article 16 GDPR);
the right to have your data stored by us deleted (Article 17 GDPR), insofar as we do not have to comply with any legal or contractual retention periods or other legal obligations or rights to continue storing the data;
the right to restrict the processing of your data (Article 18 GDPR), insofar as you dispute the accuracy of the data, the processing is unlawful but you object to its erasure; the controller no longer requires the data but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
the right to data portability (Article 20 GDPR), i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to request the transfer to another controller;
the right to lodge a complaint with a supervisory authority (Article 77 GDPR). As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our company headquarters for this purpose.
the right to object (Article 21 GDPR). You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. We will then no longer process personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
If personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
To exercise your data protection rights, please contact us in writing at firstname.lastname@example.org or at the address mentioned in point 1.
Status: November 2020
Datenschutzhinweise AL-KO Store.pdf