Datenschutz

Data protection statement for the klickparts mobile app

This data protection statement applies to the use of our klickparts mobile app (“app”) and services we offer through it.

Alongside easy, efficient operability, we consider the protection of your personal data to be a top priority. The protection of your privacy is a key concern for us when processing personal data and we take this into account in all our business processes. 

Therefore our processing of personal data collected during a visit to our Website always takes place in line with the respective provisions governing data protection.

This data protection statement will tell you which of your personal data are collected and retained when you visit our Website or use our services offered through the Website. You will also receive information on how and on what legal basis your data are used, what rights you have with regard to the use of your data, and which contact methods are available to you.

1. Controller

The controller responsible for processing your personal data in accordance with Article 4(7) GDPR is 

2. Processing of personal data and purposes of the processing

Which data do we collect?

Data collected when you download our app

When you download our app, certain necessary information is transmitted to the app store you have chosen to use (e.g. Google Play or Apple App Store). This information includes your username, email address, your customer account number, the time of the download, payment information if required, and the individual reference number of your end device. These data will only be processed by the respective app store and are outside our control. 

Automatic data collection 

When you use our app, we will automatically collect specific data; these data are necessary in order to use our app. They include: Internal device ID, time of access. 

These data are transmitted to us automatically, but we do not store them; they are used (1) to provide you with our app and the related functions, (2) to improve the functions and performance features of our app, and (3) to prevent and eliminate misuse and malfunctions. This data processing is justified because (1) the processing is necessary for us to provide our app (point (b) of Article 6(1) GDPR), or (2) we have a legitimate interest in ensuring the functionality and smooth operation of our app and being able to offer a service that reflects the market and your interests. For further information on the balancing of interests pursuant to point (f) of Article 6(1) GDPR, please contact us using the contact details provided in this data protection statement.

Data collected when you use our app

You can opt to transmit data pertaining to you within our app. We use these data, including personal data, for the following purposes:

• Registration

If you have not already registered on our website and you do not have access data, we provide you with the option of registering on our app by using the appropriate login screen. This gives you the opportunity to use a personal login in future. At the same time, we create a customer account for you. 

As part of the registration process, we collect your e-mail address and a password of your choice (encrypted). In addition, you can add further data within your customer profile at any time on a voluntary basis.

The purpose of retaining your personal data in the customer account is to make your business transactions – in particular purchase – easier, quicker, and more personal in future, through access to and provision of your data. We process the data you provide during registration for the purpose of checking your access credentials. The legal basis to this extent is point (f) of Article 6 (1) GDPR. We delete your customer account and the associated data within 2 weeks after deactivation of your customer account, but at the earliest after complete processing of the contracts concluded via the customer account. We delete inactive customer accounts after 3 years of inactivity. We use the following as an activity indicator: last login.

• When performing a contract

If a contract is performed through our App, the personal data mentioned above for the creation of a customer account (including the data supplemented voluntarily) are mandatory for the fulfillment of the contract. The legal basis is point (b) of Article 6 (1) GDPR. Further information is required for proper performance of the contract (e.g. Name, invoice address, delivery address, sales tax identification number, contract term, location, phone number if applicable). The data from conclusion of the contract will also be used for any necessary processing of warranty cases or other complaints. In addition to this, the data may also be passed on to external auditors and/or tax consultants for consulting and auditing purposes. Subsequently, data that fall under the retention obligations stipulated in Sections 146 et seq. of the Fiscal Code of Germany (“Abgabenordnung”) and Section 257 of the German Commercial Code (“Handelsgesetzbuch”) will be archived and then erased when the obligatory retention periods expire.

You shall be contractually obliged to this extent to provide us with these data. Without these data, we are unable to perform the contract.  

We use the e-mail address you give when placing an order/making a purchase to provide you with further information about similar goods or services by e-mail (“existing customer mail-ing”). You can object to the existing customer mailing at any time by contacting us at datenschutz@klickparts.com. 

• When registering for our newsletter

When creating a customer account and elsewhere on our Website and in our App, you have the option of giving consent to receive the newsletter. To register for our email newsletter, we use the double opt-in process, i.e. you will first receive a generic email to confirm your registration. If you do not confirm this within 48 hours, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will save your e-mail address until you unsubscribe. The purpose of this storage is to be able to send you the newsletter. Furthermore, at the time of registration and confirmation, we store your IP addresses, the times of your registration and the e-mails sent as part of the DOI process in order to prevent misuse of your personal data and to be able to provide proof of correct sending. The legal basis for the processing of these data to send you the newsletter is point (a) of Article 6 (1) GDPR. Without your data, we are unable to send you our newsletter. 

To send the newsletter, we use only your email address as well as other data voluntarily provided by you to send the newsletter and other information on a regular basis (e.g. offers). 

At the end of every newsletter, there is a link which you can use at any time to unsubscribe from our mailing list. You can also unsubscribe by sending an email request to datenschutz@klickparts.com. This withdraws your consent to receive our newsletter. You can exercise this right of withdrawal at any time with immediate effect, without affecting the legality of any past processing which took place on the basis of the consent.

If you have given us your consent to personalization of the newsletter, we analyze your usage behavior for each newsletter by using cookies and similar technologies to analyze your interaction with the newsletter (e.g. opening, clicks and read duration). We then use this information to customize future communication. Personalization in the newsletter is based on an analysis of your interaction with the newsletter, your voluntarily provided master data and your IP address. For this purpose, we use the following e-mail marketing tool:

Mailingwork GmbH

The following data will be processed in the email marketing tool from Mailingwork for marketing and optimization purposes: 

• E-mail delivery
• E-mail opening
• Time of opening and clicks
• End device used for opening, clicking and booking

Clicking behavior within the e-mail            

The legal basis for this data processing is your consent, in accordance with point (a) of Article 6 (1) GDPR. You have the right to withdraw your consent at any time. You can withdraw your consent at any time by unsubscribing from the newsletter.

• Contact form

If you have any questions, we provide the option of contacting us via a form provided on the Website. The following information is required to allow us to answer your questions:

• First name and surname (optional),
• valid email address.

We store this information for verification purposes for a period of up to 10 years. The purpose of collecting the data provided in the contact form is to identify the requester, and to be able to reply to the request properly and via the requested communication channel. This is also our legitimate interest. The legal basis for data processing is point (f) of Article 6 (1) GDPR. Permissions

• Permissions

Our app uses push notifications which are intended to display personalized offers and the respective status of your orders on your device. For this purpose, we ask you in advance whether we may send you push notifications on your device in the future.

The processing and use of your data for sending out push notifications is based on your consent in accordance with point (a) of Article 6 (1) GDPR.

3. Cookies 

With our app we enable you to access our website adapted to mobile devices. After successful registration and login you are therefore on the website of Zeppelin Baumaschinen, where we use cookies. These are small files which your browser, in this case the in-app-browser automatically cre-ates and which are stored on your device (tablet, smartphone, etc.) when you visit our Website via our app. 

Cookies are used to make your visit to our Website/app easier and more enjoyable. This is why we use session cookies to detect that you have already visited individual pages on our Website, or that you have already signed into your customer account. They are automatically deleted after you leave our Website or the app. 

Google Analytics

In order to tailor our app to your needs and for continuous optimization of the site, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html). Pseudonymized user profiles are created and cookies used in this context. The information generated by the cookie through your use of the app, e.g.

• browser type/version,
  
• operating system used,
• referrer URL (previously visited site),
• hostname of the accessing computer (IP address),
• time of server request,

is transferred to a Google server in the USA and stored there. The information is used to analyze use of the app. This information may also be sent to third parties, insofar as this is a statutory requirement. Your IP address is never combined with other Google data. IP addresses are rendered anonymous to prevent attribution (IP masking).

The transfer of personal data to the USA will only take place with your express prior consent. The legal basis for the storage of cookies and further analysis of the data over a period of 25 months is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookie settings.

Showing videos (YouTube)

In several places on our App, we have embedded videos which are provided by a third party. This concerns videos from the “YouTube” platform. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html).

The video content is visualized exclusively through the provider’s use of “enhanced data protection mode”. As a result, only by clicking on a video can a cookie be stored on your device to collect data for YouTube, and this data may be collected and processed further. We have no influence over this data collection and processing.

If you have a YouTube account and are signed into it when you open YouTube in our App, information can be attributed to your YouTube account in relation to the visit to our App and clicking on videos. If you wish to prevent this, you must sign out of your YouTube account before using our App and watching the videos.

More information is provided in the Google privacy policy, available at https://www.google.com/intl/en/policies/privacy/.

YouTube videos are integrated on the basis of your consent in accordance with point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookie settings. 

If you do not wish to transfer data to YouTube, do not click on the videos embedded on our App. 

Google Retargeting/Remarketing 

In this App, we use the remarketing function or “similar audiences” function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.google.de/contact/impressum.html). The purpose of this function is to present you, as a visitor to our Website via our app, with interest-based advertising as part of the Google network. When you visit the website, your browser stores cookies, which are small text files, on your computer; these make it possible to recognize you when you access websites that belong to the Google advertising network. On these websites you can then be presented with advertisements based on content you have previously accessed on websites that use the Google remarketing function. According to its own statements, Google does not combine the data collected as part of remarketing with any of your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used for remarketing. Your data will also be processed by Google in the USA. Your data will only be transferred to the USA with your express consent.

The use of the remarketing function or “similar target groups” function is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookie settings.

Use of Google AdWords conversion tracking 

We use Google AdWords – another offer from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to draw attention to our attractive offers by means of advertising materials (so-called Google AdWords) on external websites. These advertising materials are delivered by Google via so-called “ad servers.” Ad Server cookies are used to evaluate performance parameters such as ad impressions, clicks and conversions. This allows us to determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. If you access our Website via a Google ad, a cookie is stored on your PC by Google AdWords. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The following analysis values are generally stored for this cookie, whereby the data is also processed by Google in the USA:

• Unique cookie ID
  
• Number of ad impressions per placement (frequency)
• Last impression (relevant for post-view conversions)
• Opt-out information (marking that the user no longer wants to be addressed)

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been forwarded to this page. Each AdWords customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. We do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations made available by Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular we cannot identify users based on this information. Your data will only be transferred to the USA after granting of your express consent. The legal basis for the storage of cookies by Google is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookies settings.

You can find further information and view the Google Privacy Policy at: https://www.google.de/policies/privacy.

Google Tag Manager

Our Website uses Google Tag Manager, a solution offered by Google Ireland Limited (Gordon House, Barrow St, Dublin 4, Ireland). Google Tag Manager allows various codes and services to be managed and more easily integrated into the website. Google Tag Manager is a cookie-free domain that requires transmission of the IP address to Google and triggers other tags that may collect data under certain circumstances. Google Tag Manager does not access these data. Insofar as a deactivation has been implemented by the user on a domain or cookie level, this applies to all tracking cookies that are implemented with Google Tag Manager. Your IP address can also be processed by Google in the USA. To ensure an adequate level of data protection, we have concluded the so-called standard contractual clauses with Google. 

The legal basis for the aforementioned processing of personal data is point (f) of Article 6 (1) GDPR.

GetSiteControl Widget  

We also use the GetSiteControl tool from the provider GetWebCraft Ltd. (Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus) on our website for the implementation of visual elements (“widgets”). This tool is used to display pop-ups and overlay windows on the website. These can be controlled according to specific rules (e.g. number of page visits), and they use cookies for this purpose. Visitors to our website can start a chat dialog with us using these widgets, for example to ask questions or give feedback. If you visit a webpage on our website that contains a widget of this type, your browser will establish a direct connection with the GetWebCraft Limited servers. The data you enter in the widget are stored directly on GetWebCraft Limited’s servers by GetWebCraft Limited, and processed by us for the purposes of the communication that you initiate (including answering your inquiries and providing advice on product selection).

The legal basis for the storage of cookies by Google is granted consent (point a) of the first sentence of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookie settings.

For information on privacy at GetWebCraft, see the company’s privacy policy at: http://www.getsitecontrol.com/privacy/.

Microsoft Ads

On our website, we use the Universal Event Tracking (UET) service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

If you access our website via an advertisement from Microsoft Advertising, Microsoft will place a cookie on your computer (storage period: 13 months), which enables us to collect and evaluate data about your use of our website in connection with a UET tag integrated into our website. Among other aspects, these data include your average length of visit to our website, information as to which areas of our website you have accessed and what actions you have performed, and which Microsoft Advertising advert brought you to our website. It is not possible for us to draw direct conclusions relating to you as an individual in this process.

The data captured using the cookie are transferred to a Microsoft server in the USA, and saved there for a maximum of 180 days. Your data will not be disclosed to third parties in this process. To ensure an adequate level of data protection, we have concluded the “standard contractual clauses” with Microsoft.

If you would not like your data to be processed as explained above, you can object to the processing of your data using the following link: http://choice.microsoft.com/de-DE/opt-out. Data capture requires the setting of a cookie; you may also deactivate the setting of this cookie in your browser settings.

The Universal Event Tracking service is used on the basis of your consent (point a) of the first sentence of Article 6(1) GDPR). You can withdraw your consent at any time in the cookies settings.

4. Other third-party providers

Tideways

To ensure the technical operation of our Website and app, we use the services of Tideways GmbH, Königswinterer Straße 116, 53227 Bonn, Germany. Tideways enables us to record statistical evaluations of the speed of the website and determine whether the website can be accessed; it also enables the identification and analysis of technical problems with the website. The information provided by the respective browser (e.g. browser, browser version) is collected. In addition, in the event of technical problems, we also collect personal information such as your email address, address information and IP address in order to identify and eliminate the cause of the problem. No personal data are collected for speed measurements and website availability. 

The legal basis for the use of Tideways is point f) of the first sentence of Article 6(1) GDPR.

Our legitimate interest in data processing lies in ensuring that our website functions properly, and that communication through the website is properly handled. In relation to the foregoing, we cannot attribute this information to you personally.

Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated to display our Trusted Shops quality mark and any collected reviews, as well as to offer Trusted Shops products to shoppers once they have placed an order.

This serves to safeguard our overriding legitimate interests in optimum marketing within the framework of a balancing of interests, by enabling safe buying in accordance with point f) of the first sentence of Article 6(1) GDPR. The Trustbadge and the services advertised with it are an offering from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is provided by a CDN provider (content delivery network) as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An adequate level of data protection is ensured. You can find further information on Trusted Shops GmbH’s data protection at https://www.trustedshops.de/impressum/#datenschutz. 

When the Trustbadge is accessed, the web server automatically stores a server log file which also contains your IP address, date and time of access, transferred data volume and the requesting provider (access data), and documents the access. Individual elements of access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after they are created.

Further personal data are transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order, or if you have already registered for use. The contractual agreement concluded between you and Trusted Shops shall apply. Personal data are automatically collected from the order data for this purpose. A neutral parameter – an email address hashed using the cryptological one-way function – is used to automatically verify whether you as a buyer are already registered to use a product. Before it is transmitted, the email address is converted into this hash value that cannot be decoded by Trusted Shops. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfillment of our and Trusted Shops’ overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with point f) of the first sentence of Article 6(1) GDPR. Further details, including about lodging objections, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.

LinkedIn Insight Tag

We also use the LinkedIn Insight Tag tool from LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). This tool places a cookie in your browser, which collects data including the following: IP address, device and browser properties and page events (e.g. page views). These data are encrypted, anonymized within seven days, and the anonymized data are deleted within 90 days.

We do not receive any personal data from LinkedIn, but only anonymized reports on the demographics of our target group and the performance of our advertisements. LinkedIn also offers the option of retargeting via the Insight Tag. We may use these data to display targeted advertising outside its website without identifying our website visitors. 

For more information, see LinkedIn’s Privacy Policy. You can find more information on conversion tracking here. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. 

LinkedIn Insight Tag is used on the basis of your consent (point a) of the first sentence of Article 6(1) GDPR). You can withdraw your consent at any time in the cookie settings.

Google Firebase

We use Google Firebase, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html). Google Firebase provides us with various services that enable us to offer a range of functionalities through our app. Specifically, we use the Firebase hosting. Google stores personal data for us, which can then be accessed via our app. The data are stored in order to provide our services to you on the legal basis outlined in point (b) of Article 6(1) GDPR.

We use Google as a processor. Data is disclosed to Google on the basis of Article 28(1) GDPR; or alternatively on the basis of our legitimate interest in the economic and technical benefits provided by the use of a specialized processor, pursuant to point (f) of Article 6(1) GDPR.

For further information on the balancing of interests pursuant to point (f) of Article 6(1) GDPR, please contact us using the contact details provided in this data protection statement.

5. Rights of data subjects

As a data subject in the sense of the GDPR, you are entitled to the following rights. To assert these rights, please contact us on:

datenschutz@klickparts.com or in writing to the above address of Zeppelin Baumaschinen GmbH.

Right of access

Pursuant to Article 15 GDPR, we must provide information about your personal data that we process.

Right to rectification 

If the information concerning you is no longer correct, you can request a correction in accord-ance with Article 16 GDPR. If your data is incomplete, you can request completion.

Right to restriction of processing 

In accordance with Article 18 GDPR, you have the right to request a restriction of the pro-cessing of your personal data.

Right to erasure 

In accordance with Article 17 GDPR, you may request the erasure of your personal data.

Right to data portability

Pursuant to Article 20 GDPR, you have the right to receive personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format. Within the limits of Article 20(1) GDPR, you also have the right to transfer those data to an-other controller nominated by you.

You may withdraw your consent to having your personal data processed for advertising purposes, including analysis of customer data for advertising purposes, at any time without statement of reasons.

Withdrawal of consent

You also have the right at any time to withdraw the provided declaration of consent with re-gard to data protection with immediate effect. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal there-of.

6. Automated individual decision-making or profiling measures

We do not use automated processing methods for decision-making – including profiling. 

7. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you infringes the applicable data protection law. The competent supervisory authority in our case is Landesamt für Datenschutzaufsicht, Promenadeplatz 18, 91522 Ansbach. You can use the following email address for email communication with the supervisory authority: poststelle@lda.bayern.de. 

8. Storage period for personal data/erasure of personal data

In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal da-ta is required to fulfill a legal obligation. Further information about the corresponding deletion periods can be found in the description of the individual data processing operations.

9. Disclosure of data to third parties/recipients of data

The personal data that we collect and retain shall never be used by us for sale, trade or loan. We will only pass on your data to third parties if we are legally obliged or to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of our Website or prod-ucts, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlaw-ful or unfair conduct). Data may also be disclosed for the enforcement of Terms and Condi-tions of Use or other agreements. We are also obliged to grant access to certain public bod-ies on request. These include law enforcement authorities, authorities which prosecute admin-istrative offenses, and tax authorities. These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is point (f) of Article 6 (1) GDPR.

We rely on contractually bound third-party companies and external service providers (“pro-cessors”) to supply our range of products and services. In such cases, personal data are dis-closed to these processors to enable further processing thereof. These processors are care-fully selected and regularly checked to ensure that your privacy remains protected. The pro-cessors may only use the data for the specified purposes, and are also contractually obliged to handle your data in compliance with this data protection statement and the German data protection laws.

10. Contact method/data protection officer

You can contact us through our data protection officer as follows with regard to access to your personal data, to have inaccurate data corrected, blocked or erased, or if you have further questions regarding the use of your personal data.

E-Mail:  datenschutz@klickparts.com 

Please note that access can only granted if you give us, in full: your first name and surname, your current and, if necessary, previous address, your date of birth, and your email address. This information is used exclusively for alignment purposes, which in turn ensures that no unauthorized third party can obtain your personal data. Any product, operation, and/or contract numbers which we have sent to you are also useful and helpful, but not necessary, in enabling us to identify the relevant data quicker.

March 2023