DATA PRIVACY STATEMENT

All personal data are treated confidentially. Our data protection practices comply with the German Federal Data Protection Act (FDPA) and the General Data Protection Regulation (GDPR). We inform you about the data protection details below:

RESPONSIBLE PARTY WITHIN THE MEANING OF THE FDPA AND GDPR

TECAR INTERNATIONAL TRADE GmbH
Essener Straße 110, DE-22419 Hamburg
Germany
Phone: (040) 535 91-0
Fax: (040) 535 91-500
info@tecar-international.com

DATA PROTECTION OFFICER

The data protection officer of the responsible party is:

GDI Gesellschaft für Datenschutz- und Informationssicherheit mbH,
Dipl. Inform. Olaf Tenti
Fleyer Str. 61, 58097 Hagen
Germany
Tel. 02331/ 3568320
E-Mail: info@gdi-mbh.eu

1. THE REASONS FOR DATA COLLECTION

We collect and process your data so we can make our website available to you and to provide you with the best possible services through the convenient access to our services.

2. WHAT DATA ARE COLLECTED, PROCESSED OR USED?

2.1 VISITING OUR WEBSITE

When you access our webpages, our servers automatically collect general information, especially for the purpose of establishing the connection, the functionality and for system security. The information includes the type of browser used, the operating system used, the domain name of the internet service provider, the connection data of the used computer (IP address), the website from which you are visiting us (referrer URL), the pages that you visit in our website as well as the date and duration of your visit. From these data, we cannot infer the identity of certain persons owing to pseudonymization. These data are not combined with other data sources.

2.2 CONTACT FORM

If you contact us through the contact form, you must include your name and e-mail address in the message you send to us. All the other details are voluntary and therefore you do not have to provide them. The data are stored to process your inquiry and we will not forward them without your consent. We delete the data received in this context after storage is no longer necessary or we limit the processing if legal storage obligations apply. The legal foundation for the processing of your personal data is Art. 6 Para. 1 Letter b) of the GDPR.

2.3 COOKIE USAGE

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.
Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).
Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.
Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
Which cookies and services are used on this website can be found in this privacy policy.

2.4 CONSENT MANAGEMENT BY CCM19

CCM19
Our website uses CCM19 to obtain your consent for the storage of certain cookies on your device or for the use of specific technologies and to document the former in a data protection compliant manner. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany (hereinafter referred to as “CCM19”).
When you access our website, a connection with the servers of CCM19 is established to obtain your consent and other declarations related to the use of cookies. Subsequently, CCM19 will store a cookie in your browser to be able to allocate the granted consent or revocation. The data generated using this system will be archived by us until you ask us to delete it, delete the CCM19 cookie yourself or the purpose for the archiving of the data no longer applies. This shall be without prejudice to any mandatory statutory archiving periods.
We use CCM19 to obtain the consent mandated by law for the use of cookies. The legal basis for this is Art.6 (1)(1)(f) GDPR.

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. DELETION

Personal data are deleted or blocked as soon as the storage purpose no longer applies or you request the deletion. The data are deleted even when the storage period prescribed by the above-mentioned norm expires unless there is a requirement to keep storing the data to conclude or fulfill a contract or you have given your consent for this.

4. DATA SECURITY

We secure our website and other systems by taking technical and organizational measures against loss, destruction, access, change or dissemination of your data by unauthorized persons. Depending on the browser used, data are transmitted with 128-bit to 256-bit SSL encryption. In spite of regular checks and continuous improvement of our security measures, full protection against all dangers is not possible.

5. Google Web Fonts (local)

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?

6. WEB ANALYSIS & DATA COLLECTION

6.1 WEB ANALYSIS BY MATOMO (FORMERLY PIWIK)

On our website, we use the open source software tool Matomo of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (formerly PIWIK, www.matomo.org) to analyse the surfing behaviour of our users. We are running Matomo without it saving cookies on your device at any time. We solely rely on IP adresses for tracking purposes which are anonymized before being saved in our systems

The software runs here exclusively on our website servers. A storage of the personal data of users only takes place there. The data is never forwarded to third parties .

The software has been set up in such a way that the IP addresses are not fully stored, but 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). This prevents an allocation of the shortened IP address to the accessing computer.

You can object to the data collection and storage at any time with future effect by unchecking the checkbox below:

The legal foundation for the processing of your personal data is Art. 6 Para. 1 Letter f) of the GDPR.

The processing of your aforementioned personal data allows us to analyse the surfing behaviour of our users. By evaluating the data gathered, we are capable of compiling information about the usage of the individual components of our website. This helps us to constantly improve our website and its user friendliness. In these purposes lies also our legitimate interest in the processing of the data acc. to Art. 6 Para. 1 Letter f) of the GDPR. By making the IP address anonymous, the users’ interest to protect their personal data is sufficiently taken into account.

The data are deleted as soon as they are no longer needed for our recording purposes. In our case, this occurs after 12 weeks.

6.2 WEB ANALYSIS BY GOOGLE ANALYTICS

Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymization
Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Google Signals
We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your location, the progression of your search and YouTube progression as well as demographic data (site visitor data). This data may be used for customized advertising with the assistance of Google Signal. If you have a Google account, your site visitor information will be linked to your Google account by Google Signal and used to send you customized promotional messages. The data is also used to compile anonymized statistics of our users’ online patterns.

Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

7. RIGHTS OF THE AFFECTED PERSON

If your personal data are processed, you are an affected person within the meaning of the GDPR and you have the following rights vis-à-vis the responsible party:

7.1 RIGHT TO INFORMATION

You can request a confirmation from the responsible party stating whether we are processing your personal data.

If there is such processing, you can request the following information from the responsible party:

  • The purposes for which the personal data are being processed;
  • The categories of personal data that are being processed;
  • The recipients or categories of recipients to whom your personal data were or will still be disclosed;
  • The planned length of storage of your personal data or, if no specific information on this is possible, the criteria for establishing the length of storage
  • The existence of a right to correct or delete your personal data, a right to limit the processing by the responsible party or to an objection against this processing;
  • The existence of a right to complain to a supervisory authority;
  • All available information about the origin of the data when the personal data are not collected from the affected person.

7.2 RIGHT TO CORRECTION

You are entitled to correction and/or completion vis-à-vis the responsible party, provided your processed personal data are incorrect or incomplete. The responsible party must correct them at once..

7.3 RIGHT TO RESTRICTION OF PROCESSING

You can request the processing of your personal data to be restricted under these prerequisites:

  • If you dispute the accuracy of your personal data for a period of time that allows the responsible party to verify the accuracy of the personal data;
  • When the processing is unlawful and you reject the deletion of the personal data and request limiting the use of the personal data instead;
  • When the responsible party no longer needs the personal data for the processing purposes, but you need them for asserting, exercising or defending legal claims, or
  • When you have filed an objection against the processing acc. to Art. 21 Para. 1 of the GDPR and it is still uncertain whether the justified reasons of the responsible party outweigh yours.

If the processing of your personal data was restricted, these data may – apart from their storage – only be processed with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or owing to reasons related to an important public interest of the Union or a member state.

If the processing restriction was restricted acc. to the above-mentioned prerequisites, you will be notified by the responsible party before the restriction is lifted.

7.4 RIGHt TO DELETION

  • DELETION OBLIGATION
    You can request the responsible party to delete your personal data immediately and the responsible party is obligated to delete them at once if one of these reasons applies:

    • The purposes for which your personal data were collected or otherwise processed are no longer necessary.
    • You revoke your consent on which the processing was based acc. to Art. 6 Para. 1 Letter a) or Art. 9 Para. 2 Letter a) of the GDPR, and there is no other legal foundation for the processing.
    • You file an objection against the processing acc. to Art. 21 Para. 1 of the GDPR and there are no overriding legally justified reasons for the processing, or you file an objection against the processing acc. to Art. 21 Para. 2 of the GDPR.
    • Your personal data were illegally processed.
    • The deletion of your personal data is necessary to fulfil a legal obligation acc. to Union or member state legislation to which the responsible party is subject.
    • Your personal data were collected in relation to offered services of the information society acc. to Art. 8 Para. 1 of the GDPR.
  • INFORMATION TO THIRD PARTIES
    If the responsible party has made your personal data public and he is obligated to delete them acc. to Art. 17 Para. 1 of the GDPR, then taking the available technology and implementation costs into account, he takes reasonable measures (also technical ones) to inform those responsible for the data processing that process personal data that you, as affected person, have requested them to delete all links to these personal data or of copies or replications of these personal data.
  • EXCEPTIONS
    There is no right to deletion if the processing is necessary:

    • To exercise the right to the free expression of opinion and information;
    • To comply with a legal obligation that requires the processing according to the law of the Union or the member states to which the responsible party is subject, or to carry out a task that lies in the public interest or takes place in the exercise of public authority that was transferred to the responsible party;
    • Owing to reasons of public interest in the public health sector acc. to Art. 9 Para. 2 Letters h) and i) as well as Art. 9 Para. 3 of the GDPR;
    • To assert, exercise or defend legal claims. .

7.5 RIGHT TO BE INFORMED

If you have asserted the right to the correction, deletion or restriction of the processing vis-à-vis the responsible party, the latter is obligated to communicate to all recipients to whom your personal data were disclosed this correction or deletion of the data or restriction of the processing unless this turns out to be impossible or this entails an unreasonable effort. Vis-à-vis the responsible party, you are entitled to be notified about these recipients.

7.6 RIGHT TO DATA PORTABILITY

You are entitled to receive your personal data that you provided to the responsible party in a structured, common and machine-readable format. Additionally, you are entitled to transmit these data to another responsible party, without interference from the responsible party, to whom you provided the personal data as long as:

  • The processing is based on a consent acc. to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a) of the GDPR or on a contract acc. to Art. 6 Para. 1 Letter b) of the GDPR and
  • The processing is done with the help of automated methods.

In the exercise of this right, you are additionally entitled to see to it that your personal data are transmitted directly from one responsible party to another responsible party as far as this is technical feasible. The rights and freedoms of other persons may not be affected by this.

7.7 RIGHT TO OBJECT

For reasons resulting from your special situation, you are entitled at any time to file an objection against the processing of your personal data, which takes place owing to Art. 6 Para. 1 Letter e) or f) of the GDPR; this also applies to a profiling based on these provisions.

The responsible party no longer processes your personal data unless he can prove mandatory reasons worth protecting for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

If your personal data are processed to engage in direct advertising, you are entitled to file an objection against the processing of your personal data at any time for the purposes of such advertising; this also applies to the profiling as far as it is related to such direct advertising.

If you object to the processing for direct advertising purposes, then your personal data will no longer be processed for these purposest.

In connection with the use of services of the information society and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to objection using automated methods that use technical specifications.

7.8. RIGHT TO OBJECT TO THE LEGAL DATA PROTECTION DECLARATION OF CONSENT

You are entitled to revoke your legal data protection declaration of consent at any time. The revocation of the consent does not affect the legality of the processing that took place until the revocation due to the consent.

7.9 AUTOMATED DECISION IN THE INDIVIDUAL CASE, INCLUDING PROFILING

You are entitled not to be subject to a decision based exclusively on an automated processing – including profiling – that affects you legally or significantly affects you in a similar way. This does not apply if the decision:

  • Is necessary for concluding or fulfilling a contract between you and the responsible party,
  • Is permissible and these legal regulations contain reasonable measures to safeguard your rights and freedoms as well as your justified interests owing to the legislation of the Union or member states to which the responsible party is subject, or
  • Takes place with your express consent.

However, these decisions may not be based on special categories of personal data acc. to Art. 9 Para. 1 of the GDPR, if Art. 9 Para. 2 Letter a) or g) of the GDPR does not apply and reasonable measures were taken to protect your rights and freedoms as well as your justified interests.

7.10 RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY

Irrespective of another court or administrative law remedy, you are entitled to complain to a supervisory authority, especially in a member state of your place of residence, workplace or the place where the alleged violation occurred if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint was submitted notifies the complainant about the status and results of the complaint, including the possibility of a legal remedy acc. to Art. 78 of the GDPR.