){kind=logo}
){kind=logo}
){kind=logo}
Home
Close )
)
The translation was done by machine and is for informational purposes only. In case of discrepancies, inconsistencies, or contradictions between the German version and this version translated into English (especially due to delays related to the translation), the German version shall prevail.
1. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Company: Best4Tires GmbH (or B4T for short)
Managing Director: Armin Heß, Moritz Blum
Address: Best4Tires GmbH, Rathausstraße 52-58, 56203 Höhr-Grenzhausen, Germany
Contact: Website: https://www.best4tires.com/ Email: info@best4tires.com, Tel.: 02684 9450-0, Fax: 02684 9450-156
Competent Court: District Court Montabaur
Commercial Register Number: 12794
VAT ID: DE 157837971
2. Name and Address of the Data Protection Officer
The data protection officer of the controller is:
Rudolf Schwaderlapp
Address: Schwaderlapp Rechtsanwälte, Hubertusstr. 14, 56235 Ransbach-Baumbach, Germany
Contact: Tel: +49 2623 98990, Email: datenschutz@schwaderlapp-ra.de
3. General Information on Data Processing
3.1 Scope of Processing of Personal Data
We collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by legal regulations.
3.2 Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3.3 Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or performance of a contract or for the assertion of legal claims.
4. Provision of the Website and Creation of Log Files
4.1 Hosting and Administration
Our homepage is hosted by external service providers. These service providers are:
Firstcolo GmbH, Kruppstraße 105, 60388 Frankfurt am Main – Hosting Webshop
BMF Media Information Technology GmbH, Peter-Dörfler-Straße 32, 86199 Augsburg – Hosting Webshop
Hetzner Online GmbH, Industriestr. 25, 91710 Guntenhausen – Hosting Homepage and Business Portal
We are supported in the administration of the website by Diva-e Digital Value Excellence GmbH, St.-Martin-Straße 72, 81541 Munich. Necessary contracts have been concluded with the service providers.
4.2 Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
1. The IP address of the user (anonymized)
2. Directory protection user
3. Date and time of access
4. Websites accessed by the user's system via our website
5. Protocols
6. Status code
7. Data volume
8. Referrer
9. User Agent
10. Accessed hostname
11. The browser type and version used (if provided by the user)
12. The operating system
13. Number of visits
14. Duration of stay on the website
15. The previously visited website (if provided by the user)
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
4.3 Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files is done to ensure the functionality of the website. Additionally, the data is used to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
4.4 Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
4.5 Duration of Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session is ended. In the case of storage of data in log files, this is the case after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that an assignment of the calling client is no longer possible.
4.6 Objection and Removal Possibility
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
5. Additional Functions and Offers on Our Website
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. We also use other common functions for analyzing and marketing our offers, which are presented in more detail below. For this purpose, you usually need to provide additional personal data, or we process such additional data that we use to perform the respective services. The principles of data processing mentioned under section 3 apply to all data processing purposes described here. In some cases, we use external service providers to process your data. We have concluded so-called order processing contracts with these service providers in accordance with Art. 28 GDPR. The service providers are carefully selected by us, bound by our instructions, and regularly monitored. Furthermore, we may pass on personal data to third parties if, for example, participation in promotions, competitions, contract conclusions, or similar services are offered by us together with partners. Depending on the service, your data may also be collected by the partners on their own responsibility. You will receive more detailed information when you provide your data or in the description of the respective offers and/or services. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the respective offer and/or service.
5.1 Use of Cookies and Other Technologies
5.2 Technology for Consent Management
5.2.1 Usercentrics Consent Tool
We use the Usercentrics service from Usercentrics GmbH (Sendlinger Str. 7, 80331 Munich, Germany) for consent management. This software enables us to obtain and manage the consents of website visitors for data processing.
Legal basis: The use of this tool is based on Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation) in conjunction with Art. 7 para. 1 GDPR.
Necessity: Without this software, the functionality of the website is not guaranteed (technical cookie).
Processed data:
Date and time of access
Browser information
Device information
Geographical location
Cookie preferences
URL of the visited page
Usercentrics is the recipient of your personal data and acts as a processor for us. The processing takes place in the European Union. Further information on objection and removal options against Usercentrics can be found in the Usercentrics privacy policy. Storage duration: The collected data will be deleted after a maximum of 3 years.
5.3 Use of Analysis and Tracking Tools
5.3.1 Hotjar
We use Hotjar to better understand the needs of our users and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users' experiences (e.g., how much time they spend on which pages, which links they click, what users like and dislike, etc.) and enables us to build and maintain our service based on user feedback. Hotjar uses cookies and other technologies to collect data about our users' behavior and their devices. This includes:
IP address of a device (anonymized storage)
Screen size of the device
Device type (unique device identifiers)
Browser information
Geographical location (country only)
Preferred language of the website
Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually prohibited from selling the data collected on our behalf. Service provider: Hotjar Germany GmbH, Gontardstraße 11, 10178 Berlin, Germany. Legal basis: Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future in the "cookie banner." Further details can be found in the Hotjar privacy policy: https://www.hotjar.com/legal/policies/privacy/.
5.3.2 Google Analytics
We use the analysis service Google Analytics and the necessary Google Tag Manager on our website. The data obtained from this is used to optimize our website and improve it for you. Google Analytics is provided by Google Ireland Limited. Google processes the data on website usage on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data. Processed data:
Pages accessed
Orders including revenue and ordered products
Achievement of "website goals" (e.g., contact requests, newsletter registrations)
Behavior on the pages (duration of stay, clicks, scrolling behavior)
Approximate location (country and city)
IP address (shortened)
Technical information (browser, internet provider, device, screen resolution)
Source of the visit (website or advertising material)
Website interactions
Repeated visits
Data transmission: We take appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. These security measures serve to ensure an adequate level of data protection in the third country. Storage duration: User-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. Legal basis: Art. 6 para. 1 lit. a GDPR. You can object to the collection at any time by installing the browser add-on to disable Google Analytics or by rejecting cookies in the "cookie banner."
5.3.3 Google Tag Manager
We use the organization tool Google Tag Manager on our website to use, integrate, and manage various tools. The Google Tag Manager is provided by Google Ireland Limited. Google processes the data on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data. Data processing: The Google Tag Manager itself does not collect any data. The data is collected and processed by the individual analysis tools. Data transmission: The collected data is transmitted to servers in the USA. We take appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. These security measures serve to ensure an adequate level of data protection in the third country. Storage duration: User-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. Legal basis: Art. 6 para. 1 lit. a GDPR. You can object to the collection at any time by rejecting cookies in the "cookie banner." Further information can be found in the Google Tag Manager FAQs: https://support.google.com/tagmanager/?hl=de#topic=3441530.
5.3.4 Sentry
We use the tool Sentry on our website to improve the quality and stability of our application. Sentry collects data generated by error reports and performance monitoring tools. Both data provided by the user and information collected by Sentry from devices and usage behavior are collected and processed. This includes:
Device information: IP address, device type, unique device identifiers, browser type, operating system, installed software, general location information, referring URLs.
Usage data: Information about how the user and their device interact with the website or service (visited pages, used features, purchased services, clicked links, access times and durations).
Cookies and similar tracking technologies: Sentry uses cookies to store preferences, collect aggregated data on website and service interactions, and offer personalized content.
Error reports: Information about errors that occurred, including stack traces, log data, and metadata about the error.
Performance data: Information about application performance (loading times, response times, resource usage).
Communication data: Content of requests and correspondence related to errors and performance issues.
The data is used for error analysis, performance monitoring, and improving application stability. The data is stored on Sentry's servers. Service provider: Sentry Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Data transmission: Your personal data is transmitted to third countries, particularly the USA. We take appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. These security measures serve to ensure an adequate level of data protection in the third country. Further details can be found in the Sentry privacy policy: https://sentry.io/privacy/. Legal basis: Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future in the "cookie banner."
5.4 Use of Marketing Tools
5.4.1 Google Ads & Remarketing
We use the organization tool Google Ads on our website. Google Ads is an online advertising program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Additionally, the remarketing function within the Google Ads service is used. The remarketing function allows you to be presented with interest-based advertisements on other websites within the Google advertising network. Your browsing behavior on our website is analyzed, e.g., which offers you have viewed. This allows us to present you with personalized advertising even after your visit to our website on the Google search engine itself, so-called "Google Ads," and on other websites. For this purpose, Google stores a cookie in your browser when you visit Google services or websites in the Google advertising network. This cookie records your visits. The cookie is used to uniquely identify your web browser and not to identify you personally. Further information on Google Remarketing and the Google privacy policy can be found at Google Privacy & Terms. Processed data:
Pages accessed
Orders including revenue and ordered products
Behavior on the pages (duration of stay, clicks, scrolling behavior)
IP address (shortened)
Technical information (browser, internet provider, device, screen resolution)
Source of the visit (website or advertising material)
Website interactions
Repeated visits
Data transmission: The collected data is transmitted to servers in the USA. We take appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. The contract text of the EU standard data protection clauses and the adequacy decisions can be found on the websites of the European Commission. These security measures serve to ensure an adequate level of data protection in the third country. Storage duration: User-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. Microsoft stores your data from the UET tag for 180 days. Further details on data processing can be found in the privacy policy of Microsoft Corporation: www.microsoft.com/en-us/privacy/privacystatement. Legal basis: Art. 6 para. 1 lit. a GDPR. You can deactivate the use of cookies by Google and thus revoke your consent for the use of the Google Ads & Remarketing service by following the link below and downloading and installing the provided plug-in: www.google.com/settings/ads/plugin.
5.4.2 Microsoft Bing Ads
On our website, we use technologies from Bing Ads, operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Conversion Tracking is used, whereby Microsoft sets a cookie on your device if you have accessed our website via a Microsoft Bing ad or another way. Microsoft and we can thus recognize that you have clicked on an ad, been redirected to the website, and reached a predetermined target page ("Conversion Site") linked to the ad. Furthermore, Microsoft and we can see that you have accessed the website via another way and made a purchase or used a service defined as a conversion.
We also use Microsoft retargeting technology, which collects and stores information about your user behavior on our website. Cookies may be used for this purpose. The cookies enable Microsoft to collect, process, and use information from the cookies to create usage profiles from the data using pseudonyms. These usage profiles are used to analyze visitor behavior, enabling us to display relevant advertising and offers to you who have already shown interest in our website and its content/offers through Bing Ads. No personal information about the user's identity is processed.
Data transmission and processing: Due to the marketing tool used, your browser automatically establishes a direct connection with Microsoft's server. We have no influence on the scope and further use of the data collected by Microsoft through the use of this tool. Here are the known processes:
By embedding Microsoft, Microsoft receives the information that you have accessed the corresponding part of our website or clicked on an ad from us.
If you are registered with a Microsoft service, Microsoft can assign the visit to your account.
Even if you are not registered with Microsoft or not logged in, the provider may obtain and store your IP address.
Processed data:
Pages accessed
Orders including revenue and ordered products
Behavior on the pages (duration of stay, clicks, scrolling behavior)
IP address (shortened)
Technical information (browser, internet provider, device, screen resolution)
Source of the visit (website or advertising material)
Website interactions
Repeated visits
Data transmission: The collected data is transmitted to servers in the USA. We take appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. The contract text of the EU standard data protection clauses and the adequacy decisions can be found on the websites of the European Commission. These security measures serve to ensure an adequate level of data protection in the third country.
Storage duration: User-related data is automatically deleted after 13 months. Other data remains stored in aggregated form indefinitely. Microsoft stores your data from the UET tag for 180 days. Further details on data processing can be found in the privacy policy of Microsoft Corporation: www.microsoft.com/en-us/privacy/privacystatement.
Legal basis: Art. 6 para. 1 lit. a GDPR. You can revoke your consent to data collection and storage at any time with effect for the future. To do this, click on the following link: account.microsoft.com/privacy/ad-settings.
5.4.3 Mailchimp
To keep you up to date, we use the service provider Mailchimp for sending current information. Mailchimp belongs to The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, which is part of Intuit Inc. This service provider enables us to contact you directly and, if necessary, optimize the offer by analyzing usage behavior. We use Mailchimp to keep you up to date. Specifically, we inform customers and interested parties about company events such as trade fairs and existing customers about offers and price changes.
Processed data:
First and last name
Email address
Mailchimp also collects the following personal data:
IP address
Device information
Information about the browser, operating system, and the application used to read the email
Further information about hardware and internet connection
Date and time
Data transmission: The collected data is transmitted to servers in the United States. We take appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. These security measures serve to ensure an adequate level of data protection in the third country. Further information can be found at this link: www.intuit.com/privacy/statement/.
Legal basis: Art. 6 para. 1 lit. a GDPR. You have the right to object to data processing or revoke your consent. To do this, contact us at privacy@best4tires.com.
5.4.4 Twilio Marketing Campaigns
Description and Purpose
Twilio Marketing Campaigns is a tool that allows us to conduct targeted marketing campaigns through various communication channels such as SMS, email, and social media. With Twilio, we can send personalized messages to our customers and prospects to inform them about current offers, events, and news. The tool helps us increase the reach of our marketing efforts and improve interaction with our customers.
Processed data:
Contact details (e.g., phone number, email address)
Communication content (e.g., messages, offers)
Usage data (e.g., open and click rates)
Legal basis: Art. 6 para. 1 lit. a GDPR. If the processing is based on your consent, you can revoke your consent at any time for the future in the "cookie banner."
5.4.5 Algolia
We use technologies from Algolia SAS to optimize search results. These are used for search result pages, product overview pages, editorial pages, and search suggestions. We set a temporary cookie in your browser, which allows us to pseudonymously identify you as a returning visitor to our website based on your cookie ID. Other access data, especially your IP address, is immediately anonymized. Tracking, also based on your previous purchases, your wishlist, and your shopping cart, allows us to display relevant and personalized search results to you.
Further details can be found in the Algolia privacy policy: https://www.algolia.com/de/policies/privacy.
Legal basis: Art. 6 para. 1 lit. a GDPR. If the processing is based on your consent, you can revoke your consent at any time for the future in the "cookie banner."
6. Use of Our Portal, Orders, and Payment Methods
6.1 Registration and Use of Our Portal
Our business customers have the option to register on our portal and benefit from other services in addition to ordering from our online shop. If you want to use our portal, you must register by providing your first and last name, email address, and a self-chosen password. Providing the previously mentioned data as well as the company name and address is mandatory. All other information (including your bank details and VAT ID) can be provided voluntarily by using our portal. For this service, we use the so-called double opt-in procedure, i.e., you will receive an email in which you must confirm that you are the owner of the specified email address and wish to receive notifications. You can unsubscribe from the notifications at any time, e.g., by clicking on the link in the email or contacting us at the provided contact details. Your provided data as well as the times of your registration for the service and your IP address will be stored by us until you unsubscribe from the notification service.
If you use our portal, we store the data required for contract fulfillment, including payment method information, until you permanently delete your account. We also store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. All information can be managed and changed in the protected customer area.
Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR.
To prevent unauthorized access by third parties to your personal data, especially financial data, the connection is encrypted using TLS technology.
6.2 Order Process, Delivery, and Scope of Data Processing
If not already collected during the registration process, we additionally collect the following data during the order process:
- Billing and delivery address
- Payment method
Legal basis: Contract fulfillment according to Art. 6 para. 1 lit. b GDPR.
6.2.1 Returns, Returns
In the case of returns and returns, we offer you the option to contact us directly and create and submit return labels via our portal. In the event of contact, we process the data to the extent necessary for processing the return.
6.2.2 Forwarding Your Email Address to Shipping Service Providers
If you order through our online shop, you will receive an order and shipping confirmation via your email address, as well as, depending on the respective transport service provider, notification of package announcements and possible delivery options. If you do not want this, contact us at privacy@best4tires.com to have the email address blocked for forwarding by us.
6.2.3 PTV Axylog
As an interface to our shipping service provider, we use PTV Axylog. It enables us to have real-time transport visibility and control, thereby optimizing our delivery processes. The service provider is PTV Logistics GmbH, Stumpfstraße 1, 76131 Karlsruhe.
Legal basis: Legitimate interest according to Art. 6 para. 1 lit. f GDPR as well as contract fulfillment according to Art. 6 para. 1 lit. b GDPR. You have the right to object to the forwarding of your email address or to have it blocked at any time. Contact us at privacy@best4tires.com.
6.3 Payment Methods
Below we would like to inform you about the payment methods, payment conditions, and the associated processing of your personal data. The following two payment options are available to you when placing an order. Please also note the respective data protection regulations of the involved payment service provider.
6.3.1 Payone
To process our payment transactions, we use the payment service provider Payone, Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main. During the payment process, Payone processes the following data from you:
Master data (name, address)
Financial data (account number, bank code, credit card number)
Invoice amount
Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of a contract).
You can object to data storage at any time, but the functionality of the site will then be limited. Data subject to retention periods will be deleted after these periods have expired.
6.3.2 Nexi
To process our payment transactions, we use the payment service provider Nexi, Nexi Germany GmbH, Helfmann-Park 7, 65760 Eschborn. During the payment process, Nexi processes the following data from you:
- Master data (name, address)
- Financial data (account number, bank code, credit card number)
- Invoice amount
Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of a contract).
You can object to data storage at any time, but the functionality of the site will then be limited. Data subject to retention periods will be deleted after these periods have expired.
6.4 Other Digital Services
6.4.1 Salesforce
As part of our customer relationship management, we use the tool "Salesforce." Your customer data, which you have provided during registration, will be passed on to this service provider. This tool helps us efficiently manage and optimize our customer relationships. It helps us process customer inquiries faster, create personalized offers, and improve communication with our customers.
Provider: salesforce.com Inc., One Market Street, Suite 300, San Francisco, CA 94105, USA.
Data transmission to third countries: The data is transmitted to a server in the United States. We implement appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. The corresponding document can be found at: Salesforce Data Processing Addendum: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf. These oblige the service providers to comply with the European data protection level when processing your personal data.
Legal basis: Art. 6 para. 1 lit. a GDPR. The data is passed on based on the customer's consent, which is given during registration. You have the right to object to data processing or revoke your consent. To do this, contact us at privacy@best4tires.com.
6.5 Storage4Tires
In addition to the option to register on our portal and order from our online shop, you have the option to use another digital service. Through our portal, we offer a digital storage service for the efficient management and organization of tire storage. The processing of data within the framework of this service includes all data related to tire storage and the associated processes. This includes, among other things, the recording, storage, and processing of customer data, relevant information about tire specifications, and storage locations.
This service can only be used after concluding a corresponding contract.
Legal basis: Contract fulfillment according to Art. 6 para. 1 lit. b GDPR.
7. Contact Methods
7.1 Contact Form and Email Contact
Description and scope of data processing
On our website, there is a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. This data includes:
Gender (optional)
Name (mandatory)
First name (mandatory)
Phone number (optional)
Email address (mandatory)
Address (optional)
Postal code (optional)
Country (mandatory)
Message/Text
File attachment (image)
At the time of sending the message, the following data is also stored:
The user's IP address
Date and time of registration
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.
Alternatively, contact can be made via the email address provided under I. In this case, the user's personal data transmitted with the email will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The processing of personal data from the input mask serves solely to process your contact. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data. The personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. The personal data additionally collected during the sending process will be deleted no later than seven days after the conversation is ended.
Legal basis: Art. 6 para. 1 lit. a GDPR for the processing of data via the contact form. Art. 6 para. 1 lit. f GDPR for the processing of data transmitted in the course of sending an email. If the email contact aims at concluding a contract, Art. 6 para. 1 lit. b GDPR serves as the legal basis for processing.
You can revoke your consent to the processing of personal data at any time by contacting privacy@best4tires.com. If you contact us via email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.
7.2 Chat Software – "Userlike"
Description and scope of data processing
Best4Tires GmbH uses the chat software of the company Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, Germany. You can use the chat like a contact form to chat with our employees in real-time and place orders directly. When starting the chat, the following personal data is collected:
Chat logs
Email address
Name
Location (country, city)
Browser type
Operating system
Device
Number of page views
Number of page visits
Referrer
URL (with which the chat was started)
Survey before and after the chat
Chat topic
Chat status (new, pending, closed)
Chat rating after the chat
Chat duration
Chat date
User-generated content
Links to social profiles (LinkedIn, Facebook, Twitter)
Profile picture from social networks
IP address
Depending on the course of the conversation with our employees, further personal data may be collected in the chat, which you enter. The nature of this data depends heavily on your request or the problem you describe to us. The processing of all this data serves to provide you with a quick and efficient contact option and thus improve our customer service. After giving consent by using WhatsApp Campaigns via Userlike, Best4Tires will specifically inform customers about offers through corresponding news.
Technical implementation
By accessing the website https://www.best4tires.com/de/, the chat widget is loaded in the form of a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code that is executed on your computer and enables the chat.
Storage duration and deletion
Best4Tires stores the chat logs for six months. This serves the purpose of saving you extensive explanations about the history of your request and for continuous quality control of our chat offer. The processing is carried out according to your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not wish this, please let us know using the contact details provided below. Stored chats will then be deleted immediately.
Further information
Further information can be found in the privacy policy of Userlike UG (limited liability).
7.3 Newsletter & Pardot
You have the option to subscribe to our newsletter on our website and receive further information. For data protection-compliant registration, we use the so-called double opt-in procedure. This means that after your registration, you will receive an email to the specified address, where you must confirm that you want to receive the newsletter. For this purpose, the respective IP address and the time of registration and confirmation are stored.
Legal basis: Your consent according to Art. 6 para. 1 lit. a GDPR.
Data processing and storage: The data will be deleted after the purpose has been achieved. In the case of successful registration, the data will be stored for the duration of the subscription.
Use of Pardot: For sending our newsletter and the associated processing of your data, we use the Salesforce tool Pardot. Pardot is provided by Salesforce Inc., a company from the USA (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 64105). In addition to sending, the software also enables us to recognize the reading habits of users and adjust the content accordingly.
Data transmission to the USA, legal basis: The collected data is transmitted to servers in the USA. We implement appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. These security measures serve to ensure an adequate level of data protection in the third country.
8 Social Media and Forwarding to Third Parties
8.1 Social Media Platforms
We have various presences on social media platforms, and our website contains corresponding links to these social media presences. We operate online presences on Facebook, Instagram, LinkedIn, TikTok, Xing, and YouTube (more information in the following list).
Use of Social Media Platforms: We use the technical platform and services of the providers for these information services. Please note that you use our presences on social media platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).
Collection and Processing of Data: When visiting our presences, the providers of social media platforms collect, among other things, your IP address and other information stored on your device in the form of cookies. This information is used to provide us, as the account operators, with statistical information about interactions with us.
The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, particularly the USA. As a legal basis for the processing of personal data in third countries, so-called standard contractual clauses have been concluded, provided by the EU Commission (with the exception of Xing, as this provider is based within the EU).
Unknown Data Processing by Social Media Platforms: We do not know how social media platforms use the data from your visit to our accounts and your interaction with our posts for their own purposes, how long this data is stored, and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the page as a non-registered and/or non-logged-in user.
Measures to Protect Your Data: When accessing a post or the account, the IP address assigned to your device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can track how you have navigated the web. Through buttons embedded in websites, the platforms can track your visits to these websites and assign them to your profile. Based on this data, content or advertising can be tailored to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device, and restart your browser.
Processing by Us: As the provider of the information service, we only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information according to the general principles of our data processing described in this privacy policy.
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR.
Exercising Your Rights: To exercise your rights, you can contact both us and the provider of the social media platform. If one party is not responsible for answering or needs information from the other party, we or the provider will forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profile creation and data processing when using the website. For questions about processing your interaction with us on our page, write to the contact details provided above.
Further Information: The information that the social media platform receives and how it is used is described by the providers in their privacy policies (link provided in the following list). There you will also find information about contact options and settings for advertisements. Further information about social networks and how to protect your data can also be found at www.youngdata.de.
8.2 Social Media Presences:
8.2.1 Facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
https://Facebook.de
https://www.facebook.com/about/privacy?tid=331684847184
8.2.2 Instagram
Instagram LLC, Building 14 First Floor Menlo Park, CA, USA
https://instagram.com
https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/
8.2.3 LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
LinkedIn Deutschland: Einloggen oder anmelden
https://de.linkedin.com/legal/privacy-policy
8.2.4 TikTok
TikTok Technology Limited
10 Earlsfort Terrace
Dublin, D02 T380, Ireland
https://www.tiktok.com/de-DE/
https://www.tiktok.com/legal/page/eea/privacy-policy/de
8.2.5 Xing
New Work SE, Am Strandkai 1, 20457 Hamburg
XING - Finde den Job, der zu Dir passt. Oder lass Dich finden!
https://privacy.xing.com/de/datenschutzerklaerung
8.2.6 YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
YouTube
https://policies.google.com/privacy
8.3 Social Media Marketing
Advertising with Facebook (Pixel and Conversion Tracking): Through our social media presence on Facebook, we use the opportunity to advertise our products and services. The goal is to reach a broad network that we cannot reach through other conventional marketing channels (e.g., flyers).
Use of the Facebook Pixel: We use advertising measures from Facebook Inc. ("Facebook") on our website. By embedding the so-called "Facebook Pixel" on our website, we can display our advertising measures ("Facebook Ads") to users of our website and the social network Facebook and measure and evaluate the success ("Conversion Tracking"). This connection between Facebook and our website is technically established via the "Facebook Pixel".
Legal basis: The processing of your data is carried out according to Art. 6 para. 1 sentence 1 lit. a GDPR, i.e., the embedding is only done with your consent.
Data Transmission and Processing: Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool. Here are the known processes:
By embedding the Facebook Pixel, Facebook receives the information that you have accessed the corresponding website of our online presence or clicked on an ad from us.
If you are registered with a Facebook service, Facebook can assign the visit to your account.
Even if you are not registered with Facebook or not logged in, the provider may obtain and use your IP address and other identification features for profile creation.
Storage and Data Protection: The collected information is stored on Facebook servers, including in the USA. We implement appropriate security measures, including the conclusion of EU standard data protection clauses, when personal data is processed outside the EU and there is no adequacy decision by the European Commission. These security measures serve to ensure an adequate level of data protection in the third country.
Remarketing Function "Custom Audiences": We also use the remarketing function "Custom Audiences," which also uses the Facebook Pixel. This function allows interest-based advertisements to be displayed when you visit our website or other websites that also have the Facebook Pixel embedded. This way, we can show you advertisements that are of interest to you, making our website more interesting for you and marketing our offer.
Revocation of Your Consent: You can revoke your consent at any time without affecting the legality of the processing carried out based on the consent until the revocation. You can revoke your consent most easily via our cookie banner or at www.facebook.com/ads/preferences (only logged-in users).
8.4 Integration of Third-Party Services
Integration of YouTube Videos: We have integrated YouTube videos into our online offer, which are stored on YouTube.com and can be played directly from our website. These are all embedded in "extended data protection mode," which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos are the data mentioned above (such as IP address and timestamp) transmitted. We have no influence on this data transmission.
Legal basis: Art. 6 para. 1 lit. a GDPR, i.e., the embedding is only done with your consent.
Google Maps: A link to our location on Google Maps is available on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of the American Alphabet Inc. Through this link, we enable you to use the map function conveniently. Here, too, the extended data protection mode applies. Only when you click on the link and give your consent in the cookie banner can data be processed. We have no knowledge of and no influence on the collection and use of your data by Google.
Legal basis: Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out based on the consent until the revocation. You can revoke your consent most easily via our cookie banner.
OpenStreetMap: OpenStreetMap is a map provider we use to enable you to track the shipment of the delivery. The provider of OpenStreetMap is the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, UK.
Legal basis: Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out based on the consent until the revocation. You can revoke your consent most easily via our cookie banner.
9 Rights of the Data Subject
If personal data concerning you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights against the controller:
9.1 Right to Information:
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing exists, you can request information from the controller about the following:
The purposes for which the personal data is processed.
The categories of personal data that are processed.
The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed.
The planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage duration.
The existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to this processing.
The existence of a right to lodge a complaint with a supervisory authority.
All available information about the origin of the data if the personal data is not collected from the data subject.
The existence of automated decision-making, including profiling, according to Art. 22 para. 1 and 4 GDPR, and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards according to Art. 46 GDPR in connection with the transfer.
9.2 Right to Rectification:
You have the right to rectification and/or completion against the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
9.3 Right to Restriction of Processing:
Under the following conditions, you can request the restriction of the processing of personal data concerning you:
If you contest the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data.
The processing is unlawful, and you oppose the deletion of the personal data and request the restriction of its use instead.
The controller no longer needs the personal data for processing purposes, but you need it to establish, exercise, or defend legal claims.
If you have objected to the processing according to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be processed – apart from being stored – with your consent or to establish, exercise, or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
9.4 Right to Deletion:
You can request the controller to delete the personal data concerning you without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:
The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing is based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
You object to the processing according to Art. 21 para. 1 GDPR, and there are no overriding legitimate reasons for the processing, or you object to the processing according to Art. 21 para. 2 GDPR.
The personal data concerning you has been unlawfully processed.
The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you has been collected in relation to the offer of information society services according to Art. 8 para. 1 GDPR.
9.5 Information to Third Parties:
If the controller has made the personal data concerning you public and is obliged to delete it according to Art. 17 para. 1 GDPR, the controller shall take appropriate measures, including technical measures, considering the available technology and the implementation costs, to inform controllers processing the personal data that you, as the data subject, have requested the deletion of all links to this personal data or copies or replications of this personal data.
9.6 Exceptions:
The right to deletion does not exist to the extent that processing is necessary:
To exercise the right to freedom of expression and information.
To fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.
For reasons of public interest in the area of public health according to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR.
For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Art. 89 para. 1 GDPR, to the extent that the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing.
To establish, exercise, or defend legal claims.
9.7 Right to Notification:
If you have exercised the right to rectification, deletion, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or deletion of the data or restriction of processing unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the controller.
9.8 Right to Data Portability:
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:
The processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR and
The processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this. The right to data portability does not apply to processing personal data necessary for performing a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.9 Right to Object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
You have the possibility, in the context of using information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
9.10 Right to Withdraw the Data Protection Consent Declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Data protection consents are voluntary and can be withdrawn at any time. You can also address a withdrawal to our data protection officer at the following contact: privacy@best4tires.com.
9.11 Automated Decision-Making in Individual Cases, Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
1. Is necessary for entering into, or performance of, a contract between you and the controller.
2. Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests.
3. Is based on your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
9.12 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The competent supervisory authority is:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34, 55116 Mainz
Phone: +49 (0) 6131 8920-0
Fax: +49 (0) 6131 8920-299
Website: https://www.datenschutz.rlp.de/
Email: poststelle(at)datenschutz.rlp.de
Modification of the directives
We may amend this data privacy statement from time to time. We will inform you of the updating of the data privacy statement but we also ask that you read this data privacy statement regularly.
This directive was last modified on 3rd January 2025.