English

I. Name and address of the Controller

The Controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection-related provisions, is:

Company: Best4Tires GmbH (B4T for short)

Managing Directors: Armin Heß, Sascha Fechtner

Address:
Best4Tires GmbH
Rathausstraße 52-58
56203 Höhr-Grenzhausen, Germany

Contact:
Website: https://www.best4tires.com/
Email: info@best4tires.com
Phone: 02684 9450-0
Fax: 02684 9450-156

Responsible court:
Montabaur District Court
Commercial Register No.: 12794
VAT ID: DE 157837971 

II. Name and address of the Data Protection Officer

The Controller’s Data Protection Officer is:
Rudolf Schwaderlapp
Schwaderlapp Rechtsanwälte
Hubertusstr. 14
56235 Ransbach-Baumbach
Germany
Tel: +49 2623 98990
Email: privacy@best4tires.com

III. General information about data processing

Scope of processing for personal data

Fundamentally, we collect and use personal data concerning our users only where this is necessary in order to provide a functional website as well as our content and services. As a rule, personal data concerning our users is collected and used only with the user’s consent. Exceptions apply in cases where it is not possible to obtain prior consent for practical reasons and where processing of the data is permitted by statutory provisions.

Legal basis for processing personal data

Where we obtain consent from the Data Subject for the processing of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis. Where processing of personal data is necessary for the performance of a contract to which the Data Subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing that is necessary to perform pre-contractual measures. Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the Data Subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. Following a consideration of whether the interests of the company (or of a third party) or the interests, basic rights, or basic freedoms of the Data Subject take precedence, Art. 6 (1) (f) GDPR can be used as the legal basis for the processing.

Data erasure and storage period

The Data Subject’s personal data is erased or blocked as soon as the purpose of the storage no longer applies. It can be stored after this time where required by European or national legislators in Union directives, laws or other regulations to which the Controller is subject. The data shall also be blocked or erased if a storage period defined by the abovementioned norms expires, unless there is a need to continue storing the data for the purpose of a contract conclusion, contract fulfilment or to secure legal claims.


IV. Providing the website and creating logfiles

Hosting and administration

Our website is hosted by external service providers. These service providers are

  • Firstcolo GmbH, Kruppstraße 105, 60388 Frankfurt am Main – Hosting Webshop

  • BMF Media Information Technology GmbH, Peter-Dörfler-Straße 32, 86199 Augsburg – Hosting Webshop

  • Hetzner Online GmbH, Industriestr. 25, 91710 Guntenhausen – Hosting Homepage und Business Portal

For administering the web presence, we are supported by

  • Diva-e Digital Value Excellence GmbH, St.-Martin-Straße 72, 81541 Munich.

The necessary contracts have been concluded with these service providers.

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system accessing it.

The following data is collected:

(1)   User’s IP address (anonymized)

(2)   Directory protection user

(3)   Date and time of access

(4)   Websites that the user’s system accesses through our website

(5) Logs

(6) Status code

(7) Data volume

(8) Referrer

(9) User Agent

(10) Accessed hostname

(11) Chosen browser type and browser version (where provided by the user!)

(12) Operating system

(13) Number of visits

(14) Time spent visiting the website

(15) Previous website visited (where provided by the user!)

This data is also saved in our system’s logfiles. The data is not saved together with other personal data concerning the user.

Legal basis for data processing

The legal basis for temporarily storing this data and the logfiles is Art. 6 (1) (f) GDPR. 

Purpose of data processing

The system must temporarily save the IP address so that the website can be accessed by the user’s computer. The user’s IP address must be saved for the duration of the visit. Data is saved in logfiles in order to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context. These purposes also establish our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.

Length of storage

The data is erased as soon as it is no longer needed in relation to the purposes for which it was collected. Where data is collected in order to provide the website, this is the case when the respective session ends. Where data is saved in logfiles, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, users’ IP addresses shall be erased or anonymized so that they can no longer be allocated to the accessing client.

Objection and rectification rights

Collecting the data in order to provide the website and saving the data in logfiles is necessary in order to operate the website. Consequently, the user does not have a right to object to this.


V. Technical cookies / tools

Usercentrics Consent Tool

For consent management, we use the Usercentrics service from Usercentrics GmbH (Sendlinger Str.7, 80331 Munich, Germany). This software allows us to collect and manage website visitors’ consent for data processing. The legal basis for using this tool must be ensured according to Art. 6 (1) (c) GDPR (fulfilling a legal obligation) and Art. 7 (1) GDPR.

Without this software, we cannot guarantee the functionality of the website (technical cookie).

The following data is processed: date and time of access, browser information, device information, geographic location, cookie preferences, URL of the page visited.

Here, Usercentrics is the recipient of your personal data and is contracted to process data on our behalf.

The processing takes place in the European Union. You can find more information about your objection and rectification rights from Usercentrics under: https://usercentrics.com/de/datenschutzerklaerung/

The collected data shall be erased after a maximum period of 3 years.



VI. Use of analysis tools

Google Analytics
Description and scope of data processing / purpose of data processing:

On our website, we use the analysis service Google Analytics and the necessary Google Tag Manager. The resulting data is used to optimize our website and improve it for you. Google Tag Manager is necessary in order to use Google Analytics.

Google Analytics is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data on website use on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data.

Type of data:

During your visit to our website, the following data is processed:

  •   Accessed pages

  •   Orders, including sales volume and products ordered

  •   Fulfilment of “website targets” (e.g. contact inquiries and newsletter signups)

  •   Your behaviour on the pages (e.g. time spent, clicks, scrolling behaviour)

  •   Your approximate location (country and city)

  •   Your IP address (in shortened form so it cannot be clearly allocated)

  •  Technical information such as browser, internet service provider, end device and screen resolution

  •  Origin of your visit (e.g. which website or ad brought you to us)

  •  Website interactions

  • Repeat visits

Data such as your name, address and general contact information is never provided to Google Analytics.

The collected data is sent to servers in the United States. Because of the current legal situation, we must therefore notify you that the same level of data protection cannot be guaranteed in the United States as in the EU. We do not have any knowledge about the details of potential data processing that is handled by the service provider in the United States, nor can we influence this. We cannot exclude the possibility that public authorities will gain access to your personal data without our knowledge. Likewise, the assertion of your data protection rights is not guaranteed in the United States.

Standard contractual clauses provided by the EU Commission have been concluded as the legal basis for data processing in third countries. These contracts obligate service providers to meet the European data protection level when processing your personal data.

The recorded data is saved with a randomly generated user ID that allows the pseudonymized profiles to be analysed.

Length of storage:

User-related data is erased automatically after 14 months. Other data is stored on an open-ended basis in aggregated form.

Legal basis:

The legal basis for processing the data is the user’s consent pursuant to Art. 6 (1) (a) GDPR.

Right to object:

You can object to the collection at any time with a one-time installation of the browser add-on to disable Google Analytics or by refusing cookies in the “cookie banner”.

Google Tag Manager
Description and scope of data processing / purpose of data processing:

Our website uses the organizational tool Google Tag Manager. This tool allows us to utilize, integrate and administer the various tools.

Google Tag Manager is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data.

You can find more information about Google Tag Manager in the FAQs under: https://support.google.com/tagmanager/?hl=de#topic=3441530

Type of data: 

Google Tag Manager itself does not collect any data. The data is collected and processed by the individual analysis tools. Please see the information for the tool to see how this works.

The collected data is sent to servers in the United States. Because of the current legal situation, we must therefore notify you that the same level of data protection cannot be guaranteed in the United States as in the EU. We do not have any knowledge about the details of potential data processing that is handled by the service provider in the United States, nor can we influence this. We cannot exclude the possibility that public authorities will gain access to your personal data without our knowledge. Likewise, the assertion of your data protection rights is not guaranteed in the United States. 

Standard contractual clauses provided by the EU Commission have been concluded as the legal basis for data processing in third countries. These contracts obligate service providers to meet the European data protection level when processing your personal data. 

Length of storage:

User-related data is erased automatically after 14 months. Other data is stored on an open-ended basis in aggregated form.

Legal basis:

The legal basis for processing the data is the user’s consent pursuant to Art. 6 (1) (a) GDPR.

Right to object:

You can object to the collection at any time by refusing cookies in the “cookie banner”.

Google Ads & remarketing
Description and scope of data processing / purpose of data processing:

Our website uses the organizational tool Google Ads. Google Ads is an online program used to advertise Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In addition, the remarketing function within the Google AdWords service is used. The remarketing function allows ads based on your interests to be shown to you on other websites within the Google advertising network. To do this, your surfing behaviour on our website is analysed, e.g. which offers you viewed. As a result, even after your visit to our website, personalized ads can be displayed to you on the online search engine Google itself, known as “Google Ads”, and on other websites. This requires Google to save a cookie in your browser whenever you visit Google services or websites within the Google advertising network. The cookie documents your visits. It serves as a unique identifier for your web browser and is not used to identify you personally. 

You can find more information about Google Remarketing and the Google privacy policy under www.google.com/privacy/ads/

Type of data: 

When you visit our website, the following data is processed:

  • Pages retrieved

  • Orders, including the sales volume and the products ordered

  • Your behaviour on the pages (for instance dwell time, clicks, scrolling behaviour)

  • Your IP address (in abbreviated form so it cannot be clearly allocated)

  • Technical information like browser, internet service provider, end device and screen resolution

  • Origin of your visit (e.g. which website and/or which ad brought you to us)

  • Website interactions

  • Repeat visits

The collected data is sent to servers in the United States. Because of the current legal situation, we must therefore notify you that the same level of data protection cannot be guaranteed in the United States as in the EU. We do not have any knowledge about the details of potential data processing that is handled by the service provider in the United States, nor can we influence this. We cannot exclude the possibility that public authorities will gain access to your personal data without our knowledge. Likewise, the assertion of your data protection rights is not guaranteed in the United States. 

Standard contractual clauses provided by the EU Commission have been concluded as the legal basis for data processing in third countries. These contracts obligate service providers to meet the European data protection level when processing your personal data. 

Length of storage:

User-related data is erased automatically after 14 months. Other data is stored on an open-ended basis in aggregated form.

Legal basis:

The legal basis for processing the data is the user’s consent pursuant to Art. 6 (1) (a) GDPR.

Right to object:

You can disable the use of cookies by Google and revoke your provided consent for us to use the Google Ads & Remarketing service by clicking on the following link and downloading and installing the provided plug-in: www.google.com/settings/ads/plugin


Microsoft Bing Ads
Description and scope of data processing / purpose of data processing:

Our website uses technologies from Bing Ads, which are operated by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We implement Microsoft Conversion Tracking; Microsoft saves a cookie on your end device if you reached our website through a Microsoft Bing ad or in another way. That allows us and Microsoft to see that you clicked on an ad, were forwarded to the website, and reached a predetermined target page (“conversion site”) that was linked to the ad. In addition, we and Microsoft can see if you retrieved the website in some other way and performed/executed a purchase or service that is defined as a conversion. 

We also use Microsoft retargeting technology, which gathers information about your user behaviour on our website and saves it. Cookies may be used for this purpose. The cookies allow Microsoft to collect, process and use information from the cookies in order to create usage profiles from the data, utilizing pseudonyms. These usage profiles are used to analyse user behaviour, which allows us to show you ads and offers that are relevant to you using Bing Ads, since you have already demonstrated an interest in our website and our content/offers. No personal information about the user’s identity is processed.

On the basis of the implemented marketing tool, your browser automatically creates a direct connection with the Microsoft server. We do not have any influence over the scope or further use of the data beyond the abovementioned purposes, which is collected by Microsoft using this tool. Accordingly, we inform you based on our level of knowledge: When Microsoft is integrated, Microsoft is notified that you have retrieved the corresponding portion of our website or clicked on one of our ads. If you are registered with a Microsoft service, Microsoft can allocate the visit to your account. Even if you are not registered with Microsoft and/or have not logged in, there is a possibility that the provider may obtain your IP address and save it.

In particular, when you use our website, Microsoft saves the UET Tag ID, Microsoft cookie, browser information, device information, user behaviour and contact with ads.

Your data is saved on servers within the EU or the United States of America and may be shared with service providers and their subsidiaries that provide technologies or services to support, operate and maintain certain Microsoft online services. Your data is transferred to servers in the United States on the basis of concluded standard contractual clauses.

You can find more information about data processing in the Microsoft Corporation privacy policy: privacy.microsoft.com/en-us/PrivacyStatement

Type of data: 

When you visit our website, the following data is processed:

  • Pages retrieved

  • Orders, including sales volume and the products ordered

  • Your behaviour on the pages (for instance dwell time, clicks, scrolling behaviour)

  • Your IP address (in abbreviated form so it cannot be clearly allocated)

  • Technical information like browser, internet service provider, end device and screen resolution

  • Origin of your visit (e.g. which website and/or which ad brought you to us)

  • Website interactions

  • Repeat visits

The collected data is sent to servers in the United States. Because of the current legal situation, we must therefore notify you that the same level of data protection cannot be guaranteed in the United States as in the EU. We do not have any knowledge about the details of potential data processing that is handled by the service provider in the United States, nor can we influence this. We cannot exclude the possibility that public authorities will gain access to your personal data without our knowledge. Likewise, the assertion of your data protection rights is not guaranteed in the United States. 

Standard contractual clauses provided by the EU Commission have been concluded as the legal basis for data processing in third countries. These contracts obligate service providers to meet the European data protection level when processing your personal data. 

Length of storage:

User-related data is erased automatically after 13 months. Other data is stored on an open-ended basis in aggregated form. Microsoft stores your data from the UET Tag for 180 days.

Legal basis:

The legal basis for processing the data is the user’s consent pursuant to Art. 6 (1) (a) GDPR.

Right to object:

You can object to data collection and storage at any time with effect for the future. In order to object to the collection and storage of your data with effect for the future, you can click on the following link: account.microsoft.com/privacy/ad-settings

VII. Payment service provider
Payone

For handling our payment transactions, we use the payment service provider Payone, Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main.

In the course of the payment transaction, Payone processes the following data concerning you:

  • Master data (name, address)

  • Financial data (account number, routing number, credit card number)

  • Invoice amount

The legal basis pursuant to the GDPR here is Art. 6 (1) (b) GDPR (performance of a contract).

You can object to the storage of the data at any time, but this will limit the functionality of the website. Data that is subject to retention periods shall be erased after the period elapses.

Concardis

For handling our payment transactions, we use the payment service provider Concardis, Concardis GmbH, Helfmann-Park 7, 65760 Eschborn.

In the course of the payment transaction, Concardis processes the following data concerning you:

  • Master data (name, address)

  • Financial data (account number, routing number, credit card number)

  • Invoice amount 

The legal basis pursuant to the GDPR here is Art. 6 (1) (b) GDPR (performance of a contract).

You can object to the storage of the data at any time, but this will limit the functionality of the website. Data that is subject to retention periods shall be erased after the period elapses.


VIII. Contact form and email contact

Description and scope of data processing

Our website provides a contact form that can be used to contact us electronically. If a user exercises this option, the data entered on the input screen is transferred to us and saved. This data includes:

  • Gender (optional)

  • Last name (required)

  • First name (required)

  • Phone number (optional)

  • Email address (required)

  • Street address (optional)

  • Postal code (optional)

  • Country (required)

  • Message/text

  • File attachment (image)

At the time when the message is sent, the following data is also saved:

A list of the corresponding data follows. Some examples:

(1) User’s IP address

(2) Date and time of registration 

In the course of the message submission, your consent is obtained for processing of the data, with reference to this Privacy Policy.

Alternatively, you can contact us via the provided email address. In this case, the user’s personal data transferred with the email shall be saved.

In this context, no data is shared with third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing 

The legal basis for processing the data, where consent is obtained from the user, is Art. 6 (1) (a) GDPR. 

The legal basis for processing data provided in the context of an email is Art. 6 (1) (f) GDPR. If the aim of the email contact is to conclude a contract, an additional legal basis for the processing is Art. 6 (1) (b) GDPR.

Purpose of data processing

We process data from the input screen solely for the purpose of establishing contact. In the event that contact is established via email, this also represents the necessary legitimate interest for processing the data. 

Other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of the information technology systems. 

Length of storage

The data is erased as soon as it is no longer needed in relation to the purposes for which it was collected. For personal data from the input screen on the contact form and data provided via email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the relevant matter has been conclusively resolved.

Any additional personal data collected during the submission process shall be deleted after a maximum period of seven days.

Objection and rectification rights

The user has the right to revoke consent for processing of the personal data at any time. If the user contacts us via email, he or she can object to the storage of the personal data at any time. In this case, the conversation cannot be continued.

IX. Chat software – “Userlike”

Best4Tires GmbH uses chat software from Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany. You can use the chat as a contact form in order to chat with our employees practically in real time and to submit orders directly. When the chat starts, the following personal data is collected:

  • Chat logs

  • Email address 

  • Name 

  • Location (country, city) 

  • Browser type 

  • Operating system 

  • Device 

  • Number of page views 

  • Number of page visits

  • Referrer

  • URL (where the chat started) 

  • Survey before and after the chat 

  • Topic of the chat

  • Chat status (new, pending, finished)

  • Chat evaluation after the chat

  • Length of the chat

  • Date of the chat

  • User-generated content

  • Links to social profiles (LinkedIn, Facebook, Twitter) 

  • Profile picture from social network data fields that the company provides to Userlike 

  • IP address

Depending on the course of the conversation with our employees, other personal data can be collected during the chat if you enter it. The type of data depends strongly on your inquiry or on the problem you describe to us. Processing all this data allows us to give you a fast, efficient way to contact us, thereby improving our customer service. Once they provide their consent by using the WhatsApp campaigns via Userlike, Best4Tires customers are specifically contacted with corresponding news about offers.

All of our employees have been and continue to be trained on the topic of data protection, and on the secure and trustworthy handling of customer data. All of our employees are obligated to maintain confidentiality and have signed a corresponding addendum in their employee contracts that obligates them to maintain confidentiality and observe data protection rules. 

When the website https://www.best4tires.com/de/ is opened, the chat widget is loaded by AWS Cloudfront in the form of a JavaScript file. The chat widget technically represents the source code that runs on your computer and allows the chat to take place. 

Moreover, B4T saves a transcript of the chat for a period of 6 months. This is used to avoid potentially extensive explanations about the history of your inquiry and for consistent quality control of our chat offering. Processing according to your consent is permissible pursuant to Art. 6 (1) (a) GDPR. If you do not wish this to occur, you can inform us of this using the contact information provided below. In this case, any saved chats shall be erased by us without delay.

You can find more information in the http://www.userlike.com/terms#privacy-policy data protection provisions of Userlike UG (haftungsbeschränkt).

X. Newsletter & Pardot

You have the option of subscribing to the newsletter on our website and obtaining additional information here.

For registration in compliance with data protection rules, we use a double opt-in process. That means after you register, you will receive an email at the address you provided, where you must confirm that you wish to receive the newsletter. The respective IP address and the time of your registration as well as the confirmation are saved for this purpose. The legal basis for this is your consent pursuant to Art.6 (1) (a) GDPR.

The data is erased once the purpose has been accomplished. Following a successful registration, the data is saved for the duration of the subscription. 

In order to send out our newsletter and to process your data accordingly, we use the Salesforce tool Pardot. Pardot and/or Salesforce Inc. is a company in the United States (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 64105). In addition to sending out the newsletter, the software allows us to identify users’ reading habits and to adapt the content accordingly for you.

The collected data is sent to servers in the United States. Because of the current legal situation, we must therefore notify you that the same level of data protection cannot be guaranteed in the United States as in the EU. We do not have any knowledge about the details of potential data processing that is handled by the service provider in the United States, nor can we influence this. We cannot exclude the possibility that public authorities will gain access to your personal data without our knowledge. Likewise, the assertion of your data protection rights is not guaranteed in the United States. 

Standard contractual clauses provided by the EU Commission have been concluded as the legal basis for data processing in third countries. These contracts obligate service providers to meet the European data protection level when processing your personal data. 

XI. Social media and forwarding to third parties

General

B4T maintains various online profiles on social networks and processes personal data concerning the users in this context. 

Moreover, our homepage contains links to third-party sites, including Google Maps. The same circumstances apply here as for the social networks, so in the following we will refer only to social networks.

The collected data is sent to servers in the United States. Because of the current legal situation, we must therefore notify you that the same level of data protection cannot be guaranteed in the United States as in the EU. We do not have any knowledge about the details of potential data processing that is handled by the service provider in the United States, nor can we influence this. We cannot exclude the possibility that public authorities will gain access to your personal data without our knowledge. Likewise, the assertion of your data protection rights is not guaranteed in the United States. 

Standard contractual clauses provided by the EU Commission have been concluded as the legal basis for data processing in third countries. These contracts obligate service providers to meet the European data protection level when processing your personal data. 

Moreover, as a rule, user data is processed within the social network for market research and advertising purposes. Processing the data allows user behaviour and interests, for instance, to be determined, which in turn can be used to customize the ads. To this end, cookies are saved on the users’ devices. If you are logged in to the corresponding platform, the data for that account may be processed.

The respective privacy policies of the networks explain how exactly your data is processed. 

Instagram

The Controller has integrated components from the service known as Instagram on this website. Instagram is a service that is considered an audiovisual platform, allowing users to share photos and videos as well as further distributing such data in other social networks. 

The operating company for the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

More information and the applicable privacy policy for Instagram can be found under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

The Controller uses the provided service Instagram, which utilizes the technical platform and services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and is part of the Meta Group.

This data is used to optimize the website and for more efficient communication with interested parties and potential customers. The legal basis here is the protection of our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

Facebook

The Controller has integrated components from the service known as Facebook on this website. Facebook is a service that is considered an audiovisual platform, allowing users to share photos and videos as well as further distributing such data in other social networks. 

The operating company for the services is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and is part of the Meta Group.

Our website also uses the social network’s retargeting technology, which allows us to show you relevant ads and offers on Facebook if you have already expressed your interest in our website and our content/offers and are a member of Facebook. To do this, our pages integrate a conversion tracking pixel or retargeting pixel from Facebook that notifies Facebook when you visit our website and which parts of our offering interested you.

Based on the implemented marketing tool, your browser automatically creates a direct connection to the Facebook server. We do not have any influence over the scope or further use of the data beyond the abovementioned purposes, which is collected by Facebook using this tool. Accordingly, we inform you based on our level of knowledge: When Facebook is integrated, Facebook is notified that you have retrieved the corresponding portion of our website or clicked on one of our ads. If you are registered with Facebook, Facebook can allocate the visit to your account. Even if you are not registered with Facebook and/or have not logged in, there is a possibility that the provider may obtain your IP address and save it.

In particular, when you use our website, Facebook saves the IP address, Facebook user ID, device information, browser information, location information, usage data, user behaviour, marketing information, interactions with ads, interactions with products, interactions with website services, viewed ads and online shop content.

Your data is saved on servers within the EU until it is no longer needed for the purposes of the processing, and will not be shared with third parties outside the Facebook network. It may be transferred to a third country pursuant to the GDPR, such as the United States, within the Facebook network. Your data is transferred to servers in the United States on the basis of concluded standard contractual clauses.

You can object to data collection and storage at any time with effect for the future. To object to the collection and storage of your data with effect for the future, you can click on the following link: www.facebook.com/ads/preferences

More information and the applicable privacy policy for Facebook can be found under https://www.facebook.com/about/privacy?tid=331684847184.

This data is used to optimize the website and for more efficient communication with interested parties and potential customers. The legal basis here is the protection of our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

Whatsapp 

Description and scope of data processing / purpose of data processing:

We also offer you the option of submitting your inquiries via the chat service WhatsApp and receiving corresponding responses to your query via WhatsApp. This service is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatsApp”), a subsidiary of Facebook. When you communicate with us through WhatsApp, we as well as WhatsApp learn your telephone number and the fact that you contacted our customer hotline.

Type of data: 

When you visit our website, the following data is processed:

  • Phone number

  • Account information (profile name)

  • Location information

  • Device and connection-specific information 

  • Usage information

  • Protocol and problem-solving information

The abovementioned data is also forwarded by WhatsApp to Facebook servers in the United States and processed by WhatsApp and Facebook according to the WhatsApp privacy policy, which includes processing for their own purposes, such as improving the WhatsApp service. Please note that WhatsApp also accesses the address book in the implemented device and the contact information saved there. You can find more information about the purpose and scope of this data collection and the further processing of this data by WhatsApp and Facebook, as well as the related rights and settings options to protect your privacy, in the WhatsApp privacy policy under: https://www.whatsapp.com/legal/#privacy-policy.

Length of storage:

User-related data is automatically erased 90 days after the account is erased. Other data can be anonymized (by erasing the link between the identifier and the account).

Legal basis:

The basis for this processing and for transfers to WhatsApp in this context is Art. 6 (1) S. 1 (b) GDPR where your request relates to an existing contractual relationship with us or serves to initiate such a contractual relationship. Otherwise, this data processing takes place on the basis of Art. 6 (1) S. 1 (f) GDPR, where our legitimate interest is the careful processing of your specific request and solving any technical problems. We account for your interests in that communication via WhatsApp serves only as an additional option. Naturally you can also contact us by other means, for instance by telephone, email or via our contact form on the website, as described above in this section. In addition, where possible we use a separate device for communications via WhatsApp, where only the contact information for the requester communicating with us via WhatsApp is saved; that means WhatsApp receives data only from requesters who voluntarily use the service. 

Right to object:

You can disable the use of cookies by Google and revoke your provided consent for us to use the WhatsApp service by clicking on the following link: https://www.whatsapp.com/contact/forms/382532939919295/

LinkedIn

LinkedIn is a social network that allows users to maintain existing contacts or establish new contacts.

The service provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

We also use the retargeting tool LinkedIn Conversion Tracking from LinkedIn Ireland. To do this, the LinkedIn Insight Tag is integrated into our website, which allows LinkedIn to collect statistical, pseudonymized data about the access and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, this information allows us to show visitors interest-specific, relevant offers and recommendations once they visit our website and demonstrate an interest in specific products, information and offers. This anonymous information is saved in a cookie.

You can find more information and the applicable privacy policy under https://www.linkedin.com/legal/privacy-policy.

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Personal data is processed through the Controller’s own LinkedIn account and by LinkedIn. Use of the provided services and their functions takes place on the user’s own responsibility.

This data is used to optimize the website and for more efficient communication with interested parties and potential customers. The legal basis here is the protection of our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

Xing

Xing is a social network that allows users to maintain existing contacts or establish new contacts.

The service provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

You can find more information and the applicable privacy policy under https://privacy.xing.com/de/datenschutzerklaerung.

Personal data is processed through the Controller’s own Xing account and by Xing. Use of the provided services and their functions takes place on the user’s own responsibility.

This data is used to optimize the website and for more efficient communication with interested parties and potential customers. The legal basis here is the protection of our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

YouTube

YouTube is a video portal on which users can upload and view video content.

The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. 

You can find more information and the applicable privacy policy under https://policies.google.com/privacy.

Personal data is processed through the Controller’s own YouTube account and by Google Ireland Limited. Use of the provided services and their functions takes place on the user’s own responsibility.

This data is used to optimize the website and for more efficient communication with interested parties and potential customers. The legal basis here is the protection of our legitimate interests pursuant to Art. 6 (1) (f) GDPR.


XII. Other services

Salesforce

Description and scope of data processing:

Our portal uses the customer relationship management tool known as Salesforce.

The provider is the American company salesforce.com Inc., One Market Street, Suite 300, San Francisco, CA 94105, USA. 

The collected data is sent to servers in the United States. Because of the current legal situation, we must therefore notify you that the same level of data protection cannot be guaranteed in the United States as in the EU. We do not have any knowledge about the details of potential data processing that is handled by the service provider in the United States, nor can we influence this. We cannot exclude the possibility that public authorities will gain access to your personal data without our knowledge. Likewise, the assertion of your data protection rights is not guaranteed in the United States. 

Standard contractual clauses provided by the EU Commission have been concluded as the legal basis for data processing in third countries. These contracts obligate service providers to meet the European data protection level when processing your personal data. 

A standard contractual clause (SCC) ensures the legal basis for data processing with recipients outside the European Union. In this clause, Salesforce agrees to meet the data protection level required by the GDPR. The corresponding document can be found under: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.

Where consent has been provided by the user, the legal basis for processing interested parties’ data is Art. 6 (1) (a) GDPR.  

Mailchimp

Description and scope of data processing

In order to keep you up to date, we use the service provider Mailchimp to send current information. Mailchimp is part of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, which belongs to Intuit Inc.

This service provider allows us to contact you directly and to optimize the offering as needed by analysing your usage behaviour.

To this end, the following data is shared with Mailchimp:

  • First/last name

  • Email address

Mailchimp also collects the following personal data:

  • IP address

  • Device information

  • Information about the browser, operating system and the application used to read the email

  • Additional information about the hardware and internet connection

  • Date and time  

The collected data is sent to servers in the United States. Please note that the same level of data protection cannot currently be guaranteed in the United States as in the EU.

Legal basis for data processing

The legal basis for processing data concerning existing customers, where consent has been obtained from the user, is Art. 6 (1) (a) GDPR.

The legal basis for processing data concerning interested parties, where consent has been obtained from the user, is Art. 6 (1) (a) GDPR. 

Purpose of data processing

We use Mailchimp to keep you up to date. For instance, we provide customers and interested parties with detailed information about company events like trade fairs, and inform existing customers about offers and price changes. 

Length of storage

Please note that users’ data may be processed outside the European Union. Transferring the data outside the area of the EU may produce risks for the users, e.g. that users’ rights are more difficult or impossible to assert.

Objection and revocation option

You have the right to object to data processing and/or to revoke your consent. To do so, contact us at privacy@best4tires.com.

Hotjar

We use Hotjar to better understand the needs of our users and to optimize this service and the experience. Hotjar is a technology service that helps us better understand our users’ experiences (e.g. how much time they spend on which pages, which links they click on, what users like and don’t like, etc.), and it allows us to develop and update our service on the basis of user feedback. Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their devices. That includes the IP address of a device (which is processed during your session and saved in anonymized form), the device’s screen size, the device type (unique device identifiers), browser information, geographic location (country only) and the preferred language for displaying our website. Hotjar saves this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

The service provider is Hotjar Germany GmbH, Gontardstr. 11, 10178 Berlin, Germany.

The legal basis for processing the data, where consent has been obtained from the user, is Art. 6 (1) (a) GDPR.

Further details can be found under: https://www.hotjar.com/legal/policies/privacy/.

Google Maps

Our website provides a link to our location in Google Maps. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of the American company Alphabet Inc. The link allows you to conveniently use the map function.

The legal basis for processing the data, where consent has been obtained from the user, is Art. 6 (1) (a) GDPR.

OpenStreetMap

OpenStreetMap is a map provider. We use OpenStreetMap to allow you to track your delivery.

The provider of OpenStreetMap is the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, UK.

The legal basis for processing the data, where consent has been obtained from the user, is Art. 6 (1) (a) GDPR.

AWIN AFFILIATE NETWORK

We use your personal data to carry out affiliate marketing campaigns. That allows us to determine which operators of websites, apps and other technologies sent potential customers to our websites and apps, and we can pay these brokers a commission in exchange for their brokering activity. In so doing, we are pursuing our legitimate interest in carrying out an online advertising campaign that is compensated based on performance. We work with Awin, which supports us in executing these affiliate marketing campaigns. You can find the Awin privacy policy under www.awin.com/gb/legal/privacy-policy-gb, which contains information about your rights with regard to data processing.

In some cases Awin can maintain a limited profile for you. However, this does not include your identity, your online behaviour or other personal characteristics. This profile is used only to track whether a transfer is begun on one device and completed on a different device.  

In some cases, Awin and the broker of potential customers can receive and process your personal data for the purpose of carrying out affiliate marketing campaigns. We also receive personal data from Awin and the brokers of potential customers, which can be categorized as follows:

Cookie data: Data about the website, app, or other technology from which the potential customer was brokered, and technical information about your device.



XIII. Rights of the Data Subject

The following list includes all rights of the Data Subject pursuant to the GDPR. Rights that are not relevant for your own website do not need to be mentioned, so the list can potentially be shortened.

If personal data concerning you is processed, you are a Data Subject in the sense of the GDPR, and you have the following rights vis-à-vis the Controller:

Right of access

You can obtain confirmation from the Controller as to whether or not we process personal data concerning you. 

Where such processing exists, you can request access from the Controller to the following information:

(1)       the purposes for which the personal data is processed;

(2)       the categories of personal data processed;

(3)       the recipients or categories of recipient to whom the personal data has been or will be disclosed;

(4)       the envisaged period for which the personal data will be stored or, if specific information is not possible, the criteria used to determine that period;  

(5)       the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you by the Controller or to object to such processing;

(6)       the right to lodge a complaint with a supervisory authority;

(7)       where the personal data is not collected from the Data Subject, any available information as to its source;

(8)       the existence of automated decision-making, including profiling, referred to in Art. (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

You have the right to be informed whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request information about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.  

Right to rectification

You have the right to obtain rectification and/or completion from the Controller where the processed personal data concerning you is inaccurate or incomplete. The Controller shall perform rectification without undue delay. 

Right to restriction of processing

Under the following conditions, you can request restriction of processing for the personal data concerning you where:

(1)       you contest the accuracy of the personal data concerning you, for a period enabling the Controller to verify the accuracy of the personal data;

(2)       the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3)       the Controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or

(4)       you have objected to the processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the Controller override your grounds.

Where processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where processing has been restricted according to the above conditions, you shall be informed by the Controller before the restriction is lifted. 

Right to erasure

Erasure obligation

You can obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the processing.

(3)  You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. (2) GDPR.

(4) The personal data has been unlawfully processed.

(5) The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.

(6) The personal data has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

Information for third parties

Where the Controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the Data Subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data. 

Exceptions

The right to erasure does not apply to the extent that processing is necessary 

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 (h) and (i) as well as Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in point a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

 Right to be notified

If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller shall communicate such rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about those recipients by the Controller.

Right to data portability

You have the right to receive personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the Controller to which the personal data has been provided, where

(1) the processing is based on consent pursuant to Art. 6 Abs. (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. (1) (e), including profiling based on those provisions. 

The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to withdraw consent for data processing 

You have the right to withdraw your consent for data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 

Consent for data processing is voluntary and can be withdrawn at any time. You can also direct a withdrawal to our Data Protection Officer under the following contact address: privacy@best4tires.com.

Automated individual decision-making, including profiling 

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the Controller;

(2) is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In cases referred to in points (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.

 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

The responsible supervisory authority is: 

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz 

[State Data Protection and Freedom of Information Officer, Rhineland-Palatinate]

Hintere Bleiche 34
55116 Mainz
Phone: +49 (0) 6131 8920-0
Fax: +49 (0) 6131 8920-299
Website: https://www.datenschutz.rlp.de/
Email: poststelle(at)datenschutz.rlp.de

Modification of the directives

We may amend this data privacy statement from time to time. We will inform you of the updating of the data privacy statement but we also ask that you read this data privacy statement regularly.

This directive was last modified on 24th August 2023.


© 2023 Best4Tires GmbH. All rights reserved. Unauthorized reproduction and/or copying without written consent are expressly prohibited.