Privacy Policy

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller:

Name/Company: Alessio Difonzo – Italdrive
Street No.: Berliner Straße 4
Postal Code, City, Country: 30916 Isernhagen
Owner: Alessio Difonzo
Phone Number: +49 (0) 174 19 36 334
Email Address: info@italdrive.de

Types of data processed:

– Inventory data
– Contact data
– Content data
– Contract data
– Payment data
– Usage data
– Meta/communication data

Processing of special categories of data (Art. 9 para. 1 GDPR):

No special categories of data are processed.

Categories of data subjects:

– Customers, prospective customers, visitors and users of the online offering, business partners.
– Visitors and users of the online offering.
Hereinafter, the data subjects are collectively referred to as "users".

Purpose of processing:
Note: Please cross out the inapplicable purposes or add your own purposes for processing.

– Provision of the online offering, its content, and shop functions.
– Provision of contractual services, service, and customer care.
– Answering contact inquiries and communicating with users.

 

Status: August 2019

 

1. Terminology Used
1.1. "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2. "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

1.3. "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

2. Applicable Legal Bases
In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

3. Amendments and Updates to the Privacy Policy
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or any other individual notification.

4. Security Measures
4.1. In accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, ensuring the availability of and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, deletion of data and reaction to threats to the data. We also take the protection of personal data into account during the development, or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

4.2. Security measures include, in particular, the encrypted transfer of data between your browser and our server.

5. Disclosure and Transmission of Data
5.1. If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this will only take place on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as payment service providers, is necessary for the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for it, or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisors, customer service, accounting, billing and similar services that allow us to efficiently and effectively fulfill our contractual obligations, administrative tasks and duties).

5.2. If we commission third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.

6. Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transmitting data to third parties, this will only happen if it is necessary for the fulfillment of our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special conditions of Art. 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the USA through the "Privacy Shield") or adherence to officially recognized specific contractual obligations (so-called "standard contractual clauses").

7. Rights of the Data Subjects
7.1. You have the right to request confirmation as to whether data concerning you is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.

7.2. You have the right, in accordance with Art. 16 GDPR, to request the completion of data concerning you or the correction of inaccurate data concerning you.

7.3. In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted without undue delay, or, alternatively, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR.

7.4. You have the right to receive the data concerning you, which you have provided to us, in accordance with Art. 20 GDPR, and to request their transmission to other controllers.

7.5. Furthermore, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

8. Right of Withdrawal
You have the right to withdraw consents granted in accordance with Art. 7 para. 3 GDPR with effect for the future.

9. Right to Object
You can object to the future processing of your data at any time in accordance with Art. 21 GDPR. The objection can be made, in particular, against processing for direct marketing purposes.

10. Cookies and Right to Object to Direct Marketing
10.1. "Cookies" are small files that are stored on users' computers. Various information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after their visit within an online offering. Temporary cookies, or "session cookies" or "transient cookies," are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie can, for example, store the content of a shopping cart in an online shop or a login status. "Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved if users revisit it after several days. Similarly, user interests that are used for reach measurement or marketing purposes can be stored in such a cookie. "Third-party cookies" are cookies from providers other than the controller who operates the online offering (otherwise, if they are only the controller's cookies, they are called "first-party cookies").

10.2. We use temporary and permanent cookies and explain this in our privacy policy.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to functional restrictions of this online offering.

10.3. A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that in this case, not all functions of this online offering may be usable.

11. Deletion of Data
11.1. The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal retention obligations prevent their deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax law reasons.

11.2. In accordance with legal requirements, data is stored for 6 years in particular according to § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years according to § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

12. Order Processing in the Online Shop and Customer Account
12.1. We process our customers' data within the framework of order processes in our online shop to enable them to select and order the chosen products and services, as well as their payment and delivery or execution.

12.2. The data processed includes inventory data, communication data, contract data, payment data, and the data subjects are our customers, prospective customers, and other business partners. The processing is carried out for the purpose of providing contractual services within the operation of an online shop, billing, delivery, and customer services. We use session cookies to store shopping cart content and permanent cookies to store login status.

12.3. Processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as required is necessary for the establishment and fulfillment of the contract. We disclose data to third parties only in the context of delivery, payment, or within the framework of legal permissions and obligations to legal advisors and authorities. Data will only be processed in third countries if this is necessary for the fulfillment of the contract (e.g., at the customer's request for delivery or payment).

12.4. Users can optionally create a user account, where they can, in particular, view their orders. During registration, the necessary mandatory information is communicated to the users. User accounts are not public and cannot be indexed by search engines. If users have canceled their user account, their data concerning the user account will be deleted, provided that their retention is not necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account remains until its deletion, followed by archiving in the event of a legal obligation. It is the responsibility of the users to back up their data if they cancel before the end of the contract.

12.5. In the context of registration and repeated logins as well as the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. This data is generally not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.

12.6. Deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of retaining the data is reviewed every three years; in the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); information in the customer account remains until its deletion.

 

13. Contact and Customer Service

13.1. When contacting us (via contact form or email), the user's information is processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b) GDPR.

14. Collection of Access Data and Log Files
14.1. On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

14.2. Log file information is stored for security reasons (e.g. for clarification of misuse or fraud) for a maximum duration of seven days and then deleted. Data whose further retention is required for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.

15. Online Presences in Social Media
15.1. Based on our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms to communicate with active customers, prospective customers, and users there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

15.2 Unless otherwise specified in our privacy policy, we process user data if they communicate with us within social networks and platforms, e.g., post contributions on our online presences or send us messages.

15.3. We use Google Analytics to ensure that ads displayed through Google's and its partners' advertising services are shown only to users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products, determined by the websites visited), which we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interests of the users and are not annoying.

 

16. Google Analytics
16.1. Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online services within the meaning of Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analysis service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie regarding users' use of the online services is generally transmitted to a Google server in the USA and stored there.

16.2. Google is certified under the Privacy Shield agreement, thereby offering a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

16.3. Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on activities within these online services, and to provide us with other services related to the use of these online services and internet usage. In doing so, pseudonymized user profiles can be created from the processed data.

16.4. We only use Google Analytics with IP anonymization activated. This means that users' IP addresses are truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

16.5. The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online services, as well as Google's processing of this data, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

16.6. Further information on data usage by Google, as well as settings and objection options, can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners ("Data usage by Google when you use our partners' websites or apps"), https://policies.google.com/technologies/ads ("Data usage for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information Google uses to show you ads").

17. Google Re/Marketing Services
17.1. Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online services within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the marketing and remarketing services (in short, "Google Marketing Services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

17.2. Google is certified under the Privacy Shield agreement, thereby offering a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

17.3. Google Marketing Services allow us to display advertisements for and on our website more specifically, to present users with ads that potentially match their interests. For example, if a user is shown ads for products they were interested in on other websites, this is referred to as "remarketing." For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, Google immediately executes a code from Google, and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content they were interested in, and which offers they clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and other details about the use of the online services. The IP address of the users is also recorded, whereby we inform you within the framework of Google Analytics that the IP address will be truncated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases will it be transmitted entirely to a Google server in the USA and truncated there. The IP address is not merged with user data within other Google services. The aforementioned information can also be combined by Google with information from other sources. If the user then visits other websites, ads tailored to their interests can be displayed to them.

17.4. User data is processed pseudonymously within the framework of Google Marketing Services. This means that Google, for example, does not store and process the user's name or email address, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google's perspective, ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the USA.

17.5. Among the Google Marketing Services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies cannot therefore be tracked across AdWords customer websites. The information collected with the help of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

 

18. Communication via Post, Email, Fax or Telephone
18.1 We use remote communication methods such as post, telephone or email for business transactions and marketing purposes. In doing so, we process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.

18.2 Processing is carried out on the basis of Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f GDPR in conjunction with legal requirements for commercial communications. Contact is only made with the consent of the contact partners or within the framework of legal permissions, and the processed data is deleted as soon as it is no longer required and otherwise upon objection/revocation or discontinuation of the legal basis or statutory archiving obligations.

 

19. Integration of Third-Party Services and Content
19.1. Within our online services, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online services within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offerings from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "Content"). This always assumes that the third-party providers of this content perceive the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymized information can also be stored in cookies on the users' devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online services, as well as be combined with such information from other sources.

19.2. The following overview provides a list of third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases already mentioned here, objection options (so-called opt-out).
– If our customers use third-party payment services (e.g., PayPal or Sofortüberweisung), the terms and conditions and privacy notices of the respective third-party providers apply, which can be found within the respective websites or transaction applications.

– External fonts from Google, LLC., https://www.google.com/fonts ("Google Fonts"). The integration of Google Fonts occurs through a server call to Google (usually in the USA). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

– Maps from the "Google Maps" service provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

– Videos from the "YouTube" platform by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.