For questions about data protection, we can be reached via e-mail at firstname.lastname@example.org.
The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and the European Council of April 27, 2016 on the protection of natural persons regarding the processing of personal data, the free movement of data traffic and the resolutions of Directive 95/46/EC (“General Data Protection Regulation”, GDPR), the Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).
I. What is considered personal data? How does PARTS4YOU use the data of website visitors or users of the offer on the PARTS4YOU website? Which legal bases apply to the processing of the data? Is profiling taking place?
Personal data and consent
Personal data is any information relating to an identified or identifiable natural (i.e. “concerned”) person; wherein a natural person is considered to be identifiable if they can be identified as such, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
Personal data can be a name, an e-mail address or a phone number, for example. But also data about hobbies, memberships or which web pages were viewed by someone can be regarded as personal data.
Personal data will only be collected, used and passed on by us if this is permitted by law or if the users consent to the data collection.
Consent shall be considered any expression of will, voluntarily and in an informed and unambiguous manner, in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he / she agrees with the processing of personal data concerning him or her.
Visits to the PARTS4YOU website
We (or the web space provider) collect data about every visit to the PARTS4YOU website (so-called server log files) (“access data”). Access data includes:
name of the accessed web page, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user’s operating system, referrer URL (previously visited page), IP address and the requesting provider; if a mobile device was used, the access data can also be:
country code, language, device name, operating system and version, GPS location data
We use this access data only for statistical evaluations and for the purpose of operation, security and optimization of our offer on the PARTS4YOU website. However, we reserve the right to check this access data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete evidence. The storage of this data is done so a potential abuse of our offer can be prevented, and such data can, in case of need, be used to clarify past offenses. In this respect, the storage of this data is required to protect the person responsible for the processing. A disclosure of this data to third parties does not take place unless there is a legal obligation to disclose it or the disclosure serves law enforcement.
Stored data when signing up and using our offer on the PARTS4YOU website
If the user signs up on the PARTS4YOU website and creates a customer account, the following data will be collected and stored (“Registration data”)
First and last name, e-mail address, date of birth (if applicable)
The user can manage this data at any time under the item ‘Settings’ in the menu.
The registration data entered in the registration as well as any further specified profile data are only used via the PARTS4YOU website and with our support to the extent that this processing is necessary for the fulfillment of a contract with us or for the implementation of pre-contractual measures, such as using the PARTS4YOU website, as well as the execution and processing of user inquiries.
When contacting us (for example, via e-mail), the information of the user is stored for the purpose of processing the request as well as in the event that follow-up questions arise.
We produce a newsletter to inform users about who we are and to make them aware of our offers.
To subscribe to our newsletter, only an e-mail address is required. If a user subscribes to the newsletter, his / her e-mail address will be transmitted to us or to the e-mail provider to be named by us and stored there. After subscribing, the user will receive an e-mail to confirm the registration (“double opt-in”).
By subscribing to the newsletter, the IP address, device name, e-mail provider as well as first and last name of the user and date of registration with us or with our e-mail provider will be stored. The sole purpose of this storage is to have proof in case a third party abuses an e-mail address and subscribes to the newsletter without the knowledge of the authorized person.
The e-mail provider receives and processes on our behalf, if necessary, the data required for the subscription, e.g. e-mail address, IP address and device name.
The user may at any time revoke his / her consent to the storage of data, e-mail address and their use for the purposes of receiving the newsletter. The revocation can take place via a link in the newsletters themselves or by notifying us on any of the above contact options or, if applicable, directly to the e-mail provider and at no cost (with the exception of any applicable transmission costs).
Legal basis for the processing of data
The processing of data when using our offer is usually based on the legal basis of Art. 6 (1) b. GDPR, e.g. the data will be processed because it is necessary for the fulfillment of the contract between you and us or to perform any pre-contractual measures that are required upon your request.
Furthermore, data processing by us, for example in the case of newsletters, can be referred to Art. 6 (1) a. GDPR and is based on your consent to the processing of your personal data for specific purposes.
Furthermore, in special cases, we process your data on the basis of Art. 6 (1) c. GDPR, if processing is required to fulfill a legal obligation that we or other responsible parties are subject to or on the basis of Art. 6 (1) e. GDPR, if processing is required for the performance of a task that is in the public interest or in the exercise of official authority delegated to us or to the person responsible.
Moreover, the legal basis of Art. 6 (1) f. GDPR - for example in the case of data collection when visiting the PARTS4YOU website or the transmission of data to our partners and service providers – relevant if the processing is necessary for the protection of our legitimate interests or those of a third party and does not outweigh your interests or fundamental rights and freedoms, which require the protection of personal data. A legitimate interest lies e.g. then, if there is a relevant and proportionate relationship between you (or the data subject) and us (or the person responsible), such as if the data subject is our customer or service user or if the relationship is at his / her service.
Profiling and automated decision making
Profiling means any kind of automated processing of personal data that consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects related to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts, or relocation of that natural person. Examples of such profiling are, amongst other things, data analysis (e.g. based on statistical methods) with the aim of displaying personalized advertising or providing the user with specific buying tips.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on him / her or similarly significantly affects him / her. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, (ii) permitted by the European Union or member state legislation to which the person responsible is subject, and this legislation contains appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject; or (iii) with the express consent of the data subject. In such exceptional cases, the person responsible shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the person responsible, expressing his or her own position and contesting the decision.
II. Will data be shared with third parties?
A transfer of data only takes place if we are legally authorized or obligated to do so, the data subject has effectively given his / her consent and has not revoked it or if this is necessary for the enforcement of our rights.
III. Which services and offers of third parties and cookies are used?
Integration of services and contents of third parties
It may happen that content from third parties, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are included in the offer. This always assumes that the providers of this content (hereinafter referred to as “third party provider”) perceive the IP address of the users. This is because without the IP address they could not send the contents to the browser of the respective user. The IP address is therefore required for the presentation of this content. As far as possible, we will use only content whose respective third-party providers use the IP address only for the delivery of the content and clearly indicate that. However, we have no control if the third parties store the IP address for statistical purposes, for example. As far as we are aware of such behavior, users will be informed.
A transfer of data only takes place if we are legally authorized or obligated to do so, the data subject has effectively given his / her consent and has not revoked it or if this is necessary for the enforcement of our rights.
When the user visits the PARTS4YOU website, so-called session cookies are used, which are automatically deleted from the user’s hard disk as soon as the browser window is closed. Session cookies are needed to assign consecutive page views to users who access the platform at the same time.
Users can view many of the company’s online ad cookies through the US-American site http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad- choices/ manage.
We use Google Analytics, a web analytics service provided by Google Inc., Mountain View, CA, USA (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on the user’s device and allow an analysis of the use of our offer by them. The information generated by the cookie about the use of the offer by users when using the website such as
browser type / version; operating system; referrer URL (previously visited page); host name of the accessing computer (IP address) and time of server
are usually transmitted to and stored by Google on a server in the United States, however, due to the activation of IP anonymization on the PARTS4YOU website, the IP address of Google’s users is shortened beforehand within member states of the European Union or other contracting states of the Agreement on the European Economic Area. The full IP address is therefore not transmitted to a Google server in the US and shortened there. IP anonymization is active on the PARTS4YOU website. On our behalf, Google will use this information to evaluate users’ use of the PARTS4YOU website, to compile reports on website activity and to provide us with other offers related to the use of the website and Internet usage.
The IP address sent by Google’s browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; however, the user is cautioned that in this case he / she may not be able to use all the functions of the PARTS4YOU website to the full extent. In addition, users can prevent the collection of data generated by the cookie and its use by us (including the IP address) to Google and the processing of this data by Google by using the browser plug-in available under the following link, download and install: http://tools.google.com/dlpage/gaoptout?hl=de.
IV. Your rights: information, correction, deletion, limitation of processing, revocation, data portability, right of appeal
Right to information
Every user has the right to information about the personal data stored about him / her at any time. To access this information, the user may, for example, contact email@example.com.
This right to information includes a confirmation as to whether personal data are being processed about the data subject and, should that be the case, to the following information:
the processing purposes; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed to, in particular to recipients in third countries or to international organizations; if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration; the existence of a right to rectification or deletion of the personal data relating to him / her or to a limitation of processing by the person responsible or a right to object to such processing; the existence of a right of appeal to a supervisory authority; if the personal data are not collected from the data subject, all available information on the source of the data; the existence of automated decision-making, including profiling (according to GDPR) and - at least in these cases - meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
In particular, the right to information does not exist if the data is stored only because it cannot be deleted due to statutory or constitutional retention requirements, or solely for purposes of data security or data protection control and the disclosure of information would require a disproportionate effort and processing for other purposes excluded by appropriate technical and organizational measures.
Each user has the right to revoke his / her consent to the use, processing or transmission of his / her data at any time in writing or via e-mail to us. To do this, the user can contact firstname.lastname@example.org.
In the case of a revocation, we will no longer process the stored data of the user and we will delete it immediately. This does not apply if compelling legitimate reasons for the processing can be demonstrated, which outweigh the interests, rights and freedoms of the users or the processing for the assertion, exercise or defense of legal claims.
We will therefore continue to use these data should they still be required for the execution of the contractual relationship.
Correction and completion of data
The user or the data subject has the right to demand that we rectify these incorrect personal data without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement. To do this, you can contact email@example.com.
Deletion (“right to be forgotten”)
The user has the right to have personal data stored by us deleted immediately. To do this, the user can contact firstname.lastname@example.org.
An immediate deletion takes place in the following cases:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject revokes the consent on which the processing is based and lacks any other legal basis for the processing; the data subject objects to the processing and there are no legitimate grounds for processing; the personal data was processed unlawfully; the deletion of personal data is required to fulfill a legal obligation under European Union or national law, to which the person responsible is subject; the personal data has been collected in relation to information society services offered directly to a child under the age of sixteen or without the consent of the parental responsibility.
Upon termination of the user relationship, the user data stored in the internal database are deleted regularly. Excluded from deletion are data when the processing of the data is required to assert, exercise or defend legal claims; for example, the processing of the contract with PARTS4YOU (see also point V. below) or if deletion conflicts with statutory retention periods.
Furthermore, deletion will not take place if it is required in each case (i) to fulfill a legal obligation which requires processing under the applicable law or to perform a task which is in the public interest or in the exercise of public authority, which was transferred to the person responsible; (ii) to exercise the right to freedom of expression and information; (iii) for reasons of public interest in the field of public health; or (iv) for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes, as far as the right to deletion is likely to render impossible or seriously affect the achievement of the objectives of such processing.
In the case of non-automated data processing, deletion must also not take place if, due to the special type of storage, it would not be possible or if it would be only with a disproportionate effort and the interest for deletion of the data subject is considered too low. The deletion is replaced by the restriction of processing.
Furthermore, we carry out a restriction of processing and no deletion of the data, as long as and to the extent that we have the reason to believe that a deletion would affect your legitimate interests or those of the data subject. We will inform you or the data subject about the restriction of processing, unless the information proves to be impossible or would require a disproportionate effort.
See also the following point “Restriction of processing” and point V. below.
Restriction of processing
You also have the right to request the restriction of processing. To do this, you can contact email@example.com.
You can only enforce the right to restrict processing if one of the following conditions is met: (i) the accuracy of the personal data is disputed by the data subject for a period of time that enables the person responsible to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data; (iii) the person responsible no longer needs the personal data for processing purposes but the data subject requires them to assert, exercise or defend legal claims; or (iv) the data subject has objected to processing until it has been established that the data subject’s legitimate reasons are greater than those of the data subject.
In the event that you have obtained a restriction of processing, you will be informed accordingly before the restriction is lifted.
The restriction of processing may continue in certain cases rather than the deletion of data. See in particular the previous item “Deletion (“Right to be forgotten”)”.
Right to data portability
You have the right to receive personal data you provide to us in a structured, common and machine-readable format. To do this, you can contact firstname.lastname@example.org.
You also have the right to submit such data to another person responsible without hindrance by the person responsible to whom the personal data has been provided, given that the processing is based on consent or on a contract of which the data subject is a party and processing takes place by automated methods.
In exercising your right to data portability, you have the right to obtain that your personal data be transferred directly from one person responsible to another, as far as technically feasible.
This right shall not apply to the extent that the rights and freedoms of other persons are affected or to any processing required for the performance of a task of public interest or in the exercise of official authority delegated to the person responsible.
Right of appeal
Each user has a right of appeal to a supervisory authority of his / her choice.
The supervisory authorities in Germany are the (data protection) authorities responsible according to the respective law of the federal states.
V. Duration of storage of personal data; deletion periods
As a rule, we only store your personal data for as long as they are necessary to carry out the contract or the respective purpose and limit the retention period to an absolutely necessary minimum.
For longer-term contractual relationships, such as when using our offer, these storage periods may vary, but are limited to the duration of the contractual relationship or in terms of inventory data, to the maximum on the statutory retention periods (including the Commercial Code (HGB) and Tax Code (AO)).
Criteria for the storage duration are whether the data are still current, the contractual relationship with us still exists or whether a request has already been processed or a transaction is completed or not and whether statutory retention periods for the personal data concerned are relevant or not.
VI. Data security, scope
For the best possible protection of users’ data, the PARTS4YOU website offers a secured SSL connection between the user’s server and the browser, meaning that the data is transmitted encrypted.
We expressly point out to the user that the data protection and data security for data transmissions in open networks such as the Internet cannot be completely guaranteed according to the current state of the art. The user knows that the provider can view the offer page stored on the web server and possibly also other data stored there by the user from a technical point of view at any time. The user is completely responsible for the security and protection of the data transmitted by him / her to the internet and stored on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorized access by third parties.
VII. Person responsible and contact person for data protection
The person responsible for the PARTS4YOU website as the natural or legal person, public authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data is:
Kö-Höfe 60F, 40212 Düsseldorf
Registered at the District Court Düsseldorf under HRB 87501,
If you have any questions regarding the collection, processing or use of personal data when exercising your rights (for example, in the case of information, correction, deletion of data or revocation of granted consent), we can be contacted at the above-mentioned contact details.
As of: February 2018