Privacy Policy

1. Person responsible

With this privacy policy, Wegmann automotive GmbH, Rudolf-Diesel-Straße 6, 97209 Veitshöchheim, (hereinafter also referred to as "Wegmann"), as the controller, fulfils its legal obligation to provide information in accordance with Art. 13 of the General Data Protection Regulation ("GDPR") with regard to the processing of personal data on our homepage (https://shop.wegmann-automotive.com, hereinafter also referred to as "website"). We therefore explain below which of your personal data we process and how. Please contact us if you have any further questions. Our contact details can be found above and at the end of this document.

Our contact details as the person responsible are:

Wegmann automotive GmbH
Managing Director: Felix Bode, Markus Vogler
Rudolf-Diesel-Straße 6
97209 Veitshöchheim
Phone: +49 (0) 931-3 2104-0
E-Mail: datenschutz@wegmann-automotive.com
Register court: County court Würzburg, HRB 11135

2. Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as your name, your address, your telephone number, your email address, your bank details or your date of birth.

2.1 Processing of personal data

A processing of personal data is any operation or set of operations which is performed on personal data, whether or not by automated means. Data processing includes, in particular, the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

We process personal data in accordance with the specifications and requirements set out below as part of automated processing based on a relevant legal authorisation.

Automated decision-making in individual cases, including profiling in accordance with Art. 22 GDPR, does not take place.

2.2 Collection of personal data when visiting our website

When you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data in particular, which is technically necessary for us to display our website to you and to ensure stability and security.

• IP address
• Date and time of the enquiry
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HHTP status code
• Amount of data transferred in each case
• Website from which the request originates (referrer, if applicable)
• Operating system and its interface, screen resolution and colour depth
• Type, language and version of the browser software

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interest").

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you generally have to provide additional personal data that we use to provide the respective service. These are presented in this document.

Use of cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website if you give us your consent to do so.

Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.

On the one hand, we use technically necessary cookies. These cookies are necessary for the proper functioning of our website and cannot be switched off in our system. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interest"). However, you can of course configure your browser settings according to your wishes and also reject such technically necessary cookies. We would like to point out that you will then not be able to use our website.

Otherwise, Art. 6 para. 1 sentence 1 lit. a GDPR is the legal basis for the use of cookies ("consent"). You can differentiate whether you give us consent for all cookies, only for certain types of cookies (e.g. performance cookies, statistics cookies, advertising/tracking cookies) or no consent at all.

This consent is voluntary. You can refuse it without giving reasons, without having to fear any disadvantages as a result. You can also revoke this consent at any time with future effect at Privacy Settings without any disadvantages for you. However, we would like to point out that if you do not give your consent or revoke it, you may not be able to use all the functions of this website to their full extent. We will provide you with further information on the use of cookies in the following sections, insofar as cookies are used.

Overview of cookies used

Overview of the cookies used by https://shop.wegmann-automotive.com

In the overview below you will find detailed information on all cookies used on the website of https://shop.wegmann-automotive.com:

In the cookie banner of this website, which is opened automatically when you visit, a corresponding click window ensures that these cookies are not activated without your consent for the cookies that are not technically necessary. You can therefore activate individual cookies in the cookie banner and deactivate them again at any time. If you activate a cookie, this constitutes consent (Art. 6 para. 1 lit. a GDPR) for this cookie to collect and process the personal data specified in the table above for the purpose for which it is used. You will also be informed about the storage period in this table.

If a cookie is deactivated in the cookie banner, this constitutes the revocation of the consent given (Art. 7 para. 3 GDPR), which means that the collection and processing of personal data by this cookie will cease from the time of deactivation. We would like to point out that if you reject individual cookies, you may not be able to use all the functions of this website.

4. Google (Universal) Analytics and Google Analytics 4

This website uses Google (Universal) Analytics and Google Analytics 4, web analytics services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland ("Google").

Google (Universal) Analytics and Google Analytics 4 use methods that enable your use of the website to be analysed, such as so-called "cookies", i.e. text files that are stored on your computer. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there.

We use Google (Universal) Analytics and Google Analytics 4 to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. We also receive information about the functionality of our website.

In so far as data is processed by Google outside the EU/EEA in the context of website analysis and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with Google to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. On 10 July 2023, the European Commission also adopted an adequacy decision for the EU-U.S. Data Privacy Framework. It thus certifies that the United States of America (USA) has an adequate level of protection for personal data transferred from the European Union (EU) to US companies as data importers within this framework. Google LLC is certified for the EU-U.S. Data Privacy Framework.

The data sent by us and linked to cookies is automatically deleted after 2 months. Data that has reached the end of its retention period is automatically deleted once a month.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future by calling up the cookie settings Privacy Settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking

a. do not give your consent to the setting of the cookie or

b. download and install the browser add-on to deactivate Google Analytics here: https://chromewebstore.google.com/detail/deaktivierungs-add-on-von/fllaojicojecljbmefodhfapmkghcbnh?hl=de&pli=1

For more information on the terms of use of Google Analytics and data protection at Google, see https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de

5. Matomo Cloud

We also use the "Matomo" service offered by InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769) to optimise and analyse our online offering. Matomo also uses "cookies" - text files that are stored on your end device. The information collected by the cookies is generally sent to a Matomo server in Germany and stored there, so that technically no transfer to a third country takes place. If data is transferred to InnoCraft's registered office outside the EEA, this is protected by an EU adequacy decision for New Zealand.

We have set Matomo so that IP addresses are only processed in abbreviated form in order to limit direct personal identification. IP anonymisation means that the end of your IP address is replaced by zeros immediately after collection.

Under the terms of the contract data agreement that we have concluded with Matomo as the website operator, Matomo uses the information collected to analyse website usage and website activity and provides services related to Internet usage.

The data collected by Matomo on our behalf is used to analyse the use of our online offering by individual users, e.g. to create reports on website activity in order to improve our online offering.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent at any time with effect for the future:

The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites.

Here you can find more information on the use of data by the Matomo Cloud: https://matomo.org/matomo-cloud-privacy-policy/

6. Google Tag Manager

This website uses the Google Tag Manager from Google. Tags are small code elements that are used to measure traffic and visitor behaviour, record the impact of online advertising and social channels, set up remarketing and targeting and test and optimise websites, among other things. Google Tag Manager allows companies to manage website tags via a single interface. The Google Tag Manager itself does not process any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out by the user, this remains in place for all tracking tags that are implemented with Google Tag Manager.

For more information about Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html.

This consent is voluntary. You can refuse it without giving reasons and without fear of any disadvantages. You can also revoke this consent at any time in text form (e.g. letter, e-mail) with future effect to the contact details shown above, without any disadvantages for you.

7. Integration of YouTube videos

We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned under "Collection of personal data when visiting our website" be transferred. We have no influence on this data transfer.

Cookies are only set if you give us your consent to do so. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR ("consent"). This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages as a result. You can also revoke this consent at any time in text form (e.g. letter, e-mail) with future effect to the contact details shown above without any disadvantages for you.

By visiting the website, YouTube then receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy at https://www.google.de/intl/de/policies/privacy.

Legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interest"), the setting of cookies only takes place with your consent. The legal basis is then Art. 6 para. 1 sentence 1 lit. a GDPR ("consent").

8. Store finder

Our website uses a store finder so that you can quickly find our products at a specialist retailer near you.

For this purpose, we use the map material from Google Maps by Google Inc. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function and thus find the nearest retailer for our products based on your location.

We use the so-called two-click solution. This means that when you visit our website, no personal data is initially passed on to the provider. Our maps are integrated in "extended data protection mode", i.e. no data about you as a user is transferred to the provider if you do not click on our map.Only when you click on our map will the data mentioned under "Collection of personal data when visiting our website" as well as the address / location information entered as part of the store search and the (start) address entered as part of the route planning be transmitted. In addition, the provider then receives the information that you have accessed the corresponding subpage of our website. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or customising its website.Such an analysis is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR ("consent"). This consent is voluntary. You can refuse it without giving reasons, without having to fear any disadvantages as a result. You can also revoke this consent at any time with future effect (see above) without any disadvantages for you.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy at https://www.google.de/intl/de/

9. Making contact

When you contact us by e-mail or via our contact form, the data you provide will be processed by us. The only mandatory information is your name and email address. This information is required so that we can respond to your enquiry accordingly. You can provide further personal data on a voluntary basis if you wish (for example, if you ask us to call you back, we need your telephone number; if you want us to send you information material by post, we need your address). Your personal data will be stored by us in order to answer your questions and fulfil your requests. We delete the data arising in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.

The legal basis for contacting us is Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interest"), for the use of our contact form you can give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Diese Einwilligung ist freiwillig. Sie können sie ohne Angabe von Gründen verweigern, ohne dass Sie deswegen Nachteile zu befürchten hätten. Sie können diese Einwilligung zudem jederzeit in Textform (z.B. Brief, E-Mail) mit Zukunftswirkung an oben dargestellte Kontaktdaten widerrufen, ohne dass Ihnen daraus Nachteile drohen.

10. LinkedIn Insight-Tag

This website uses the LinkedIn Insight tag of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl., Dublin, 2, Ireland ("LinkedIn"), provided you have given your consent. The LinkedIn Insight tag is a small JavaScript code snippet that we have added to our website to enable detailed campaign reporting and to gain valuable information about visitors to our website. In particular, we use the LinkedIn Inside tag to track conversions, retarget our website visitors and gain additional information about LinkedIn members who view our adverts.

In particular, the LinkedIn Insight tag enables the collection of data on visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. The IP addresses are truncated or (if they are used to reach members across devices) hashed. The members' direct identifiers are removed within seven days in order to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days. LinkedIn does not share any personal data with us, but only provides reports (in which you are not identified) on website audience and ad performance. LinkedIn also provides retargeting for website visitors so that we can use this data to display targeted adverts outside our website without identifying the member. We also use data that does not identify you to improve the relevance of adverts and reach members across devices. LinkedIn members can also control the use of their personal data for advertising purposes in their account settings.

LinkedIn also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 lit. a GDPR, we would like to point out in particular that there may not be an adequate level of data protection in the USA without an adequacy decision and without suitable guarantees, as data protection laws do not comply with the requirements of the GDPR and, in particular, data subjects' rights may not be enforceable.

The above will only take place if you give us your consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR ("consent"). This consent is voluntary. You can refuse it without giving reasons, without having to fear any disadvantages as a result. You can also revoke this consent at any time with future effect at Privacy Settings without any disadvantages for you.

For more information on the processing of personal data by LinkedIn and on your rights and options for protecting your privacy in this regard, please refer to LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy.

11. Facebook Pixel

This website uses the Facebook pixel of Meta Platforms Ireland Limited, 6 Serpentine Ave, Dublin, D04 H0C9, Ireland, provided you have given your consent.

This allows users of the website to be shown interest-based adverts ("Facebook ads") when they visit the Facebook social network or other websites that also use the process. We are interested in showing you adverts that are of interest to you in order to make our website more interesting for you.

We use Facebook Pixel to process information about the activities of website visitors outside of Facebook. This includes information about the website visitor's device, the web pages visited, purchases made, adverts clicked on by the website user and information about how the visitor uses our website. This happens regardless of whether you as a visitor to our website have a Facebook account or are logged in to Facebook. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to find out and store your IP address and other identifying features.

The Facebook pixel collects these five types of data:

Http headers - everything that is present in HTTP headers. HTTP headers are a standard web protocol that is sent between any browser request and any server on the Internet. HTTP headers contain IP addresses, web browser information, page location, document, referrer and website visitor information.

Pixel-specific data - this includes the pixel ID and the Facebook cookie.

Button click data - this includes any buttons clicked by visitors to the website, the labels of these buttons and any pages accessed as a result of clicking on the button.

Optional values - Developers and marketers can optionally send additional information about the visit via personalised data events. Examples of personalised data events are the conversion value, page type, etc.

Form field names - these include the names of website fields such as "Email", "Address" and "Quantity", which are filled in when a product or service is purchased. The pixel does not record any field values.

Facebook also processes your personal data in the USA. Before giving your consent in accordance with Art. 49 para. 1 lit. a GDPR, we would like to point out in particular that there may not be an adequate level of data protection in the USA without an adequacy decision and without suitable guarantees, as data protection laws do not comply with the requirements of the GDPR and, in particular, data subjects' rights may not be enforceable.

The above will only take place if you give us your consent.The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR ("consent"). This consent is voluntary. You can refuse it without giving reasons, without having to fear any disadvantages as a result. You can also revoke this consent at any time with future effect at Privacy Settings without any disadvantages for you.

For more information on the processing of personal data by Facebook and your rights and options for protecting your privacy in this regard, please refer to Facebook's privacy policy at www.facebook.com/about/privacy/.

No social plugins

We do not use social plugins. We only use links to our social media pages.

13. CAPTACHA

We use CAPTCHA to protect our website from spam and misuse. CAPTCHA prevents automated software (so-called bots) from carrying out abusive activities on the website, i.e. it checks whether the entries made actually originate from a human being. To determine this, the following data is collected and processed:

• Referrer (address of the page on which the captcha is used)
• IP address of the user
• Google account (if the user is logged in to Google, this is recognised and assigned)
• Input behaviour of the user (e.g. answering the CAPTCHA question, input speed in the form fields, order in which the user selects the input fields)
• Browser, browser size and resolution, browser plugins, date, language setting
• Display instructions (CSS) and scripts (Javascript) of the website
• Mouse or touch events within the page

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interest").

14. Newsletter

With your consent, you can subscribe to our newsletter on our website https://shop.wegmann-automotive.com/#Newsletter, which we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR ("consent").

This consent is voluntary. You can refuse it without giving reasons, without having to fear any disadvantages as a result. You can also revoke this consent at any time in text form (e.g. letter, e-mail) with future effect to the contact details shown above and unsubscribe from the newsletter without any disadvantages for you.

We send our newsletter using the provider CleverReach. We have concluded an order processing contract with CleverReach GmbH & Co KG, Schafjückenweg, 226180 Rastede, Germany, in accordance with Art. 28 GDPR. CleverReach GmbH & Co; KG is bound by our instructions and is regularly monitored. All requirements of Art. 28 GDPR are observed.

If you do not wish to have your user behaviour analysed, you can unsubscribe from the newsletter.

15. Transaction-related emails and product recommendations

When you complete an order, as a customer of Wegmann automotive GmbH you will receive transaction-related emails such as order confirmations, processing information, shipping information and product recommendations. You can object to these product recommendations at any time via the unsubscribe link in the product recommendation email.

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for similar products to those you have already purchased from our range by e-mail. You can object to this use of your e-mail address at any time by sending a message to info@wegmann-automotive.de or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

16. Prize draws and surveys

If you take part in one of our surveys, we will use your data for market and opinion research. We always use the data anonymised for internal purposes. If surveys are not conducted anonymously, the personal data will only be collected with your consent. The GDPR does not apply to anonymous surveys.

In exceptional cases of personal data, the legal basis for the aforementioned data processing is Art. 6 para. 1 a) GDPR.

In the context of competitions, we use your data for the purpose of organising the competition and notifying the winners. Detailed information can be found in the conditions of participation for the respective competition.

The legal basis for the aforementioned data processing is Art. 6 para. 1 b) GDPR.

17. Application

If you apply to us on the https://shop.wegmann-automotive.com/Karriere/ website, the data you provide will be processed by us to check whether we wish to establish and implement an employment relationship with you.

During the application process, the usual correspondence data such as postal address, e-mail address and telephone numbers are stored in addition to the title, surname and first name. In addition, application documents such as letters of motivation, CVs, professional, training and further education qualifications and job references are recorded.

The applicant data sent to us will only be processed until the time of the recruitment decision if an employment relationship does not materialise. The data will be deleted four months after the rejection has been sent or after the application documents have been returned to the applicant.

Data will only be stored in an applicant pool if you give us your express consent to do so. Your data will be stored for a maximum period of two years. This consent is voluntary. You can refuse it without giving reasons and without having to fear any disadvantages as a result. You can also revoke this consent at any time in text form (e.g. letter, e-mail) with future effect to the contact details given above without any disadvantages for you.

If we enter into an employment relationship with you, the data you have provided to us will be processed to establish, implement and, if necessary, terminate the employment relationship.

The data may be processed for statistical purposes (e.g. reporting). It is not possible to draw conclusions about individual persons.

The legal basis is Section 26 of the Federal Data Protection Act ("BDSG") (Section 26 (8) sentence 2 BDSG).

18. Registration for the protected area on our website / creation of a customer account

You cannot register yourself for the protected area on our Wegmann website (https://shop.wegmann-automotive.com/account/login ). The access data for the protected area is created by Wegmann and sent to the registered business partner. Registration and activation takes place as part of a contractual business relationship.

We may also process the data you provide in order to send you emails with technical information about your account.

When you register to use our personalised services, personal data is collected and processed, in particular your name, address, contact and communication data, insofar as this is necessary. If you are registered with us, you can access content and services that we only offer to registered users. You also have the option of changing or deleting the data provided during registration at any time.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR ("Necessity for contract fulfilment").

19. Data processing for data collection and use for contract processing

19.1 Data processing when contacting us and registering as a customer

In addition to company data, we also collect personal data (e.g. contact person in your company to process the order) if you voluntarily provide us with this data as part of your registration in preparation for an order or when contacting us by e-mail.

19.2 Data processing when opening a customer account

You can open a customer account with us. If you have given your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR by deciding to open a customer account, we will use your data for the purpose of opening and maintaining the customer account. This is exclusively data requested when opening the customer account.

After the order contract has been fully processed or your customer account has been deleted, your personal data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Deleting your customer account is possible at any time and can be done by sending a message to the contact option described below.

19.3 Transfer to Shopware eCommerce software

Our webshop is a Shopware eCommerce solution. Shopware stores cookies in your browser to ensure the basic functions of the shop. Cookies are used, for example, to enable shopping basket content, login status and CSRF protection. Shopware cannot be used without allowing these cookies in the browser. Shopware only stores IDs in your browser, the assignment to the respective information takes place in the application area.

Shopware uses the session cookie to decide whether you have an active shopping basket and whether you are logged in. This serves as identification between your browser and the server. No other information is stored in the browser apart from the session ID.

In addition, Shopware generates an individual CSRF cookie when you visit the shop so that you can use the individual areas of the shop.

In addition, an SLT cookie is set that enables us to recognise you when you return to our online shop, even if the session has already expired. The SLT cookie can be deactivated in the basic settings of your browser.

When you add a product to the wish list, a cookie with the name "sUniqueID" is created to save the contents of the wish list. The saved products are stored.

In addition, information on the "last viewed items" is saved in the browser's local storage. Further information on Shopware can be found here:

shopware AG, Ebbinghoff 10, 48624 Schöppingen, https://www.shopware.com/de/datenschutz/

19.4 Forwarding to shipping service providers

For the fulfilment of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR, we pass on your data necessary for shipping to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. The goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany) or Schäflein (Schäflein Spedition GmbH, Am Etzberg 7, 97520 Röthlein, Germany.

We only pass on the name of the recipient and the delivery address to the service provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR.

Details on data protection from the shipping service provider commissioned by us and its privacy policy can be found on the DPD website at https://www.dpd.com/de/de/datenschutz/ and from Schäflein at https://www.schaeflein-spedition.de/datenschutz/.

19.5 Forwarding to the service provider Proclane

We use a special service provider who hosts the web shop we operate using software provided for this purpose.

This is done via the service provider "Proclane" (the controller is PROCLANE Commerce GmbH, Willy-Brandt-Straße 57, 20457 Hamburg, Germany). Name, address and any other personal data will be passed on to Proclane in accordance with Art. 6 para. 1 lit. b GDPR exclusively for processing the online order. Your data will only be passed on if this is actually necessary for processing the order. Details on Proclane's data protection and the Proclane privacy policy can be found on the Proclane website at www.proclane.com/datenschutz.

20. Duration of processing

The maximum duration of storage depends on the purpose of the data processing. The duration of storage depends in particular on the period for which storage is required to fulfil the purpose. The data is also processed to fulfil legal obligations (e.g. retention obligations under commercial and tax law in accordance with Section 257 of the German Commercial Code ("HGB") and Section 147 of the German Fiscal Code ("AO") for up to ten years).

21. Recipient of the data

We transfer your data to the specialist departments within Wegmann, insofar as this is necessary

Your personal data may be transferred to the companies of the Wegmann Group (an overview can be found at the following link: https://shop.wegmann-automotive.com/Unternehmen/Standorte-WEGMANN-Gruppe/#nav-wegmann-gruppe) if this is necessary for the fulfilment of the contractual relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR ("Necessity for the fulfilment of the contract").

The authorisation basis for any further data transfer within the Wegmann Group (an overview can be found at the following link: https://shop.wegmann-automotive.com/Unternehmen/Standorte-WEGMANN-Gruppe/#nav-wegmann-gruppe ) is Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interest"). This states that data processing is lawful if the processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by the interests or fundamental rights of the data subject. Recital 48 of the recitals to the GDPR specifies the legitimate interest for the transfer within a group of companies. Accordingly, the transfer within a group of companies for internal administrative purposes with regard to the processing of customer data is to be qualified as a legitimate interest of ours within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. All requirements of Art. 28 GDPR are observed.

22. Location of the data processing measures

All processing of your personal data takes place either in Germany or in member states of the European Union. Your personal data will not be transferred by us to countries outside the member states of the European Union (so-called third countries) or to other international organisations, unless otherwise stated in this document.

23. Security / Technical and organisational measures

We take all necessary technical and organisational measures, taking into account the provisions of Art. 24, 25 and 32 GDPR, to protect your personal data from loss, destruction, access, modification or dissemination by unauthorised persons and misuse.

We comply with the legal requirements for the pseudonymisation and encryption of personal data, the confidentiality, integrity, availability and resilience of systems and services in connection with processing, the availability of personal data and the ability to restore it quickly in the event of a physical or technical incident, and the establishment of procedures for the regular review, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing.

We also comply with the provisions of Art. 25 GDPR with regard to the principles of "privacy by design" (data protection through technology design) and "privacy by default" (data protection through data protection-friendly default settings).

24. Your rights

You have a right to free information about your personal data and, if the legal requirements are met, a right to rectification, blocking and erasure of your data, to restriction of processing, to data portability and a right to object.

Insofar as we base the processing of your personal data on the legitimate interest, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

You also have the option to lodge a complaint with the competent supervisory authority

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18,
91522 Ansbach,
Deutschland
Phone: +49 (0) 981 180093-0
Telefax: +49 (0) 981 180093-800
E-Mail: poststelle@lda.bayern.de

Please contact us or our external data protection officer if you have any questions about the processing of your personal data or any questions relating to the aforementioned rights, their assertion or suggestions:

Status: December 2023