DATA PROTECTION
1. General information
The information below provides a basic overview of what happens to your personal data when you visit this website. Personal data means any data which can be used to personally identify you. For detailed information on data protection, please refer to the privacy policy below.
Data collection on this website
Who is responsible for data collection on this website? Data are processed on this website by the website operator. You can find contact details for the website operator under “Information on the data controller” in this privacy policy. How do we collect your data? We collect your data when you provide it to us. This includes, for example, data you enter in a contact form. Other data are collected by our IT systems either automatically or after obtaining your consent when you visit the website. These are primarily technical data (for example your browser, your operating system or the time you visit the page). These data are collected automatically when you visit this website. What do we use your data for? Some of these data are collected to ensure proper functioning of the website. Other data may be used to analyse how visitors use the site. What rights do you have regarding your data? You have the right at any time to receive information about the origin, recipients and purpose of your stored personal data free of charge. You also have the right to request that these data be corrected or deleted. If you have given us your consent to process your data, you can withdraw your consent to future data processing at any time. Under certain circumstances, you also have the right to obtain restriction of processing of your personal data. You also have the right to lodge a complaint with the responsible supervisory authority. You can contact us regarding this or any other questions on data protection at any time.
Analytics tools and third-party tools
When you visit this website, we can perform statistical analysis on your browsing behaviour. This is carried out using analytics programs. Detailed information on these analytics programs can be found in the privacy policy below.
2. Hosting
External hosting
This website is hosted by an external service provider (hosting company). The personal data collected on this website is stored on the hosting company’s servers. This includes in particular your IP address, contact enquiries, metadata, communications data, contract data, contact details, names, website visits and other data generated via a website. We use a hosting company for the purpose of performance of a contract with our potential and existing customers (Article 6(1)(b) of the GDPR) and in the interest of secure, fast, efficient delivery of our online services by a professional provider (Article 6(1)(f) of the GDPR). Our hosting company will only process your data to the extent that this is necessary for the fulfilment of its service obligations, and will follow our instructions concerning these data. We use the following hosting company: Alfahosting GmbH Ankerstraße 3b 06108 Halle (Saale) Managing directors: Daniel Hagemeier, Ralph Cammerrath
3. General and mandatory information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with data protection legislation and this privacy policy. If you use this website, we will collect various items of personal data Personal data means any data which can be used to personally identify you. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose we do so. Please note that the transfer of data over the internet (e.g. email communications) can be subject to security vulnerabilities. It is not possible to provide absolute protection against data access by third parties.
Information on the data controller
The data controller responsible for data processing on this website is: Stiller Karosseriebau und Fahrzeuglackierung Dipl.-Ing. Patrick Stiller Sessendrupweg 70 48161 Münster-Nienberge Telephone: 02533 4841 Email: info@stiller-karosserie.de Data controller means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. name, email address, etc.).
Data storage period
Unless an alternative data storage period is specifically stated in this privacy policy, we will retain your personal data until the purpose of the data processing no longer applies. If you submit a valid request for deletion of your data or withdraw your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). In the latter case, your data will be deleted when these reasons no longer apply.
Information on transferral of data to the USA and other third countries
We use tools from companies based in the USA or other third countries that do not have adequate data protection legislation. If these tools are active, your personal data may be transferred to these third countries and processed there. Please note that it is not possible to guarantee that these third countries offer a level of data protection comparable to that in the EU. US companies, for example, are obliged to hand over personal data to security agencies, and you as a data subject cannot take legal action to prevent this. It cannot therefore be ruled out that US authorities (e.g. intelligence services) may process, analyse and permanently store personal data concerning you located on US servers for surveillance purposes. We have no influence over these processing activities.
Withdrawal of your consent to data processing
Many data processing procedures can only be performed with your express consent. If you have previously given your consent, you can withdraw it at any time. This does not affect the legality of data processing performed before you withdraw your consent.
Right to object to the collection of data in special cases and to direct marketing (Article 21 of the GDPR)
IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. THE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS PERSONAL DATA CONCERNING YOU UNLESS WE ARE ABLE TO DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) OF THE GDPR). WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) OF THE GDPR). WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) OF THE GDPR).
Right to lodge a complaint with the responsible supervisory authority
In the event of infringements of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract, transmitted to yourself or to a third party in a commonly used, machine-readable format. If you request direct transmission of data to another data controller, this will only occur if it is technically feasible.
SSL and TLS encryption
For security reasons and to protect confidential content (such as enquiries you send to us as the website operator) during transmission, this website uses SSL or TLS encryption. You can recognise an encrypted connection in that your browser’s address line changes from “http://” to “https://” and from the lock icon in the address bar of your browser. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, erasure and rectification
Under applicable legislation, you have the right to receive at any time information about the origin, recipients and purpose of your stored personal data free of charge and may have the right to rectification or erasure of these data. You can contact us about this or any other questions concerning personal data at any time.
Right to restriction of processing
You have the right to obtain restriction of processing of your personal data. You can contact us about this at any time. You have the right to restrict processing in the following cases:
- If you contest the accuracy of personal data stored by us, we usually require time to verify this. During the period of verification, you have the right to obtain restriction of processing of your personal data.
- If processing of your personal data has taken/is taking place unlawfully, you can request restriction of data processing instead of erasure of your data.
- If we no longer need your personal data, but you require them for the exercise, defence or establishment of legal claims, you have the right to request restriction of processing of your personal data instead of erasure.
- If you have objected to processing pursuant to Article 21(1) of the GDPR, an assessment will be made as to whether our interests override yours. Pending verification of whose interests have primacy, you have the right to obtain restriction of processing of your personal data.
If you have restricted processing of your personal data, apart from being stored, these data may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
4. Data collection on this website
Cookies
Our websites use cookies. Cookies are small text files and do not damage your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are deleted automatically when you leave the website. Permanent cookies remain on your device until you delete them or your browser deletes them automatically. In some cases, cookies from third parties may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payments). Cookies perform various different functions. Many cookies are required for technical reasons, because some website functions will not work without them (e.g. the shopping cart or video display). Other cookies are used to evaluate user behaviour or display advertising. Unless another legal basis is specified, cookies required to perform the electronic communication process (required cookies), to provide specific functions which you wish to use (functional cookies, e.g. for the shopping cart), or for website optimisation (e.g. cookies for measuring the web audience) are stored on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in storing cookies to ensure its services are free of technical errors and technically optimised. If you have been asked for your consent to store cookies, these cookies are stored exclusively on the basis of this consent (Article 6(1)(a) of the GDPR). This consent can be withdrawn at any time. You can configure your browser so that you are informed when a cookie is saved and only permit cookies in individual cases, so that cookies are only accepted in specific cases or are always rejected, or so that cookies are deleted automatically when you close your browser. If you disable cookies, you may not be able to use the full functionality of this website. Where third party cookies are used or where cookies are used for analytics purposes, we will notify you separately in this privacy policy and may ask for your consent.
Obtaining consent using Borlabs Cookie
Our website uses Borlabs Cookie cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies, and to document this in a manner which complies with data protection legislation. This technology is provided by Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs). When you visit our website, a Borlabs cookie is saved in your browser. This cookie stores information on the consent you have given or withdrawal of this consent. These data are not passed on to the Borlabs Cookie provider. The data collected are stored until you ask us to delete them, you delete the Borlabs cookie, or the purpose of the data storage no longer applies. Statutory retention periods are not affected. For more details of data processing by Borlabs Cookie, see https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/. Borlabs Cookie consent technology is used to obtain the legally required consent to the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.
Contact form
If you contact us by email, telephone or fax, your enquiry, including all personal data collected in relation to it (name, enquiry), will be stored and processed by us for the purpose of processing your enquiry. We will not share these data with anyone without your consent. Where your request relates to the performance of a contract or is necessary to take steps prior to entering into a contract these data are processed on the basis of Article 6(1)(b) of the GDPR. In all other cases, this processing is based on our legitimate interest in effective processing of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) where this has been requested. We retain the data you enter on the contact form until you request their erasure, withdraw your consent to their storage, or the purpose for their storage no longer applies (e.g. after completing the processing of your request). Any mandatory statutory provisions – in particular provisions on data retention periods – remain unaffected.
Email, telephone and fax enquiries
If you contact us by email, telephone or fax, your enquiry, including all personal data collected in relation to it (name, enquiry), will be stored and processed by us for the purpose of processing your enquiry. We will not share these data with anyone without your consent. Where your request relates to the performance of a contract or is necessary to take steps prior to entering into a contract these data are processed on the basis of Article 6(1)(b) of the GDPR. In all other cases, this processing is based on our legitimate interest in effective processing of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) where this has been requested. We retain the data you provide during your contact enquiry until you request their erasure, withdraw your consent to their storage, or the purpose for their storage no longer applies (e.g. after completing the processing of your request). Any mandatory statutory provisions – in particular statutory provisions on data retention periods – remain unaffected.
Communication via WhatsApp
The communication services we use to communicate with our customers and other third parties include the instant messaging service WhatsApp. WhatsApp is provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Communication is end-to-end encrypted (peer-to-peer), which ensures that neither WhatsApp nor other third parties are able to gain access to the content of communications. WhatsApp does, however, have access to metadata produced in the course of this communication process (e.g. sender, recipient and time). In addition, please note that WhatsApp states that it shares its users’ personal data with its US parent company Facebook. More details on data processing can be found in the WhatsApp privacy policy at: https://www.whatsapp.com/legal/#privacy-policy. Our use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with customers, sales leads and other business and contractual partners (Article 6(1)(f) of the GDPR). If we have requested your consent to this, we process your data exclusively on the basis of this consent. Your consent to future processing can be withdrawn at any time. We retain the content of communications sent via WhatsApp until you request its erasure, withdraw your consent to its storage, or the purpose for its storage no longer applies (e.g. after completing the processing of your request). Any mandatory statutory provisions – in particular provisions on data retention periods – remain unaffected. We use the WhatsApp Business version of WhatsApp. We transfer data to the US on the basis of the European Commission’s standard contractual clauses. Details can be found at: https://www.whatsapp.com/legal/business-data-transfer-addendum.
5. Analytics tools and advertising
Google Analytics
This website uses functions provided by web analytics service Google Analytics. The service is provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator is provided with a range of usage data, including page views, dwell time, operating systems used and user origin. These data may be collected by Google into a profile assigned to a user or their device. In addition, Google Analytics can record actions such as mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the data sets collected and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable users to be recognised for the purpose of analysing user behaviour (e.g. cookies and device fingerprinting). Information collected by Google on the use of this website will usually be transferred to and stored on a Google server in the USA. Use of this analytics tool is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Where consent has been requested (e.g. consent to cookie storage), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR. This consent can be withdrawn at any time. We transfer data to the US on the basis of the European Commission’s standard contractual clauses. Details can be found at: https://privacy.google.com/businesses/controllerterms/mccs/. IP anonymisation We have activated the IP anonymisation feature on this website. This means that your IP address will be truncated by Google within a Member State of the European Union or a signatory to the Agreement on the European Economic Area prior to transmission to the US. In exceptional cases only, your full IP address may be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity and provide additional services relating to website and internet use for the website operator. Google will never link the IP address provided by your browser in the context of Google Analytics with other Google data. Browser plugin You can prevent your data from being collected and processed by Google by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information about how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. Demographics in Google Analytics Diese Website nutzt die Funktion „demografische Merkmale“ von Google Analytics, um den Websitebesuchern passende Werbeanzeigen innerhalb des Google-Werbenetzwerks anzeigen zu können. Dadurch können Berichte erstellt werden, die Aussagen zu Alter, Geschlecht und Interessen der Seitenbesucher enthalten. Diese Daten stammen aus interessenbezogener Werbung von Google sowie aus Besucherdaten von Drittanbietern. Diese Daten können keiner bestimmten Person zugeordnet werden. Sie können diese Funktion jederzeit über die Anzeigeneinstellungen in Ihrem Google-Konto deaktivieren oder die Erfassung Ihrer Daten durch Google Analytics wie im Punkt „Widerspruch gegen Datenerfassung“ dargestellt generell untersagen. Data storage period User and event level data stored by Google which are linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 2 months. For details see: https://support.google.com/analytics/answer/7667196?hl=de https://support.google.com/analytics/answer/7667196?hl=de
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements on the Google search engine or on third-party websites when a user enters specific search terms in Google (keyword targeting). In addition, advertisements targeted on the basis of user data available to Google (e.g. location data and interests) can be displayed (audience segment targeting). As a website operator, we can perform quantitative evaluation of these data by, for example, analysing which search terms have resulted in our advertisements being displayed and analysing how many advertisements were clicked on. Our use of Google Ads is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in marketing its services/products as effectively as possible. We transfer data to the US on the basis of the European Commission’s standard contractual clauses. Details can be found at: https://policies.google.com/privacy/frameworks und https://privacy.google.com/businesses/controllerterms/mccs/.
Google conversion tracking
This website uses Google conversion tracking. The service is provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Mit Hilfe von Google-Conversion-Tracking können Google und wir erkennen, ob der Nutzer bestimmte Aktionen durchgeführt hat. Google conversion tracking enables us and Google to identify whether the user has performed specific actions. We can, for example, evaluate which buttons on our website have been clicked and how often and which products have been viewed or purchased particularly frequently. This information is used to generate conversion statistics. We are provided with information on the total number of users who have clicked on our ads and what actions they have taken. We are not provided with any information which can be used to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification. The use of Google conversion tracking is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Where consent has been requested (e.g. consent to cookie storage), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR. This consent can be withdrawn at any time. For more information on Google conversion tracking, please refer to Google’s privacy policy at: https://policies.google.com/privacy?hl=de.
Facebook pixel
This website measures conversions using visitor action pixels from Facebook. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook states that data collected will also be transferred to the USA and other third countries. This enables the behaviour of visitors to the site to be tracked when they are redirected to the provider’s site after clicking on a Facebook ad. This enables the effectiveness of Facebook advertisements to be analysed for statistical and market research purposes and optimisation of future advertising. The data collected are provided to us as operator of this website in anonymised form. We cannot use them to identify users. The data are, however, stored and processed by Facebook, which may be able to link them to the relevant user profile. Facebook can also use the data for its own advertising purposes in accordance with the Facebook data policy. This enables Facebook to display ads both on Facebook and on third-party sites. As the website operator, we have no control over how this data is used. The use of Facebook Pixel is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in effective advertising activities, including on social media. Where consent has been requested (e.g. consent to cookie storage), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR. This consent can be withdrawn at any time. We transfer data to the US on the basis of the European Commission’s standard contractual clauses. Details can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Where personal data are collected on our website and shared with Facebook using the tool described here, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 of the GDPR). Joint responsibility is limited to data collection and transmission of data to Facebook. We are not jointly responsible for processing by Facebook after transmission. Our joint obligations have been laid down in a joint processing agreement. The text of the agreement is available at: https://www.facebook.com/legal/controller_addendum. Under this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner which is in compliance with data protection legislation. Facebook is responsible for data security of Facebook products. Your can exercise your rights as a data subject (e.g. requests for information) with respect to the data processed by Facebook directly with Facebook. If you contact us to exercise your rights as a data subject, we are obliged to forward this to Facebook. You can find more information on protecting your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/. You can also disable the Custom Audiences remarketing feature under Ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To change this setting, you must be logged into Facebook. If you do not have a Facebook account, you can disable usage-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
6. Plugins and tools
Google Web Fonts (local hosting)
To ensure that fonts are displayed uniformly, this website uses web fonts provided by Google. Google fonts are installed locally. Your computer will not connect to a Google server. More information on Google web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google Maps
This website uses the Google Maps map service. The service is provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. To use Google Maps functions, your IP address must be stored. This information will usually be transmitted to and stored on a Google server in the US. The provider of this website has no control over this data transfer. If Google Maps is activated, to ensure that fonts are displayed uniformly Google can use Google web fonts. When you access Google Maps, to correctly display texts and fonts your browser loads the required web fonts into your browser cache. Google Maps is used for the purpose of making our online offering more appealing and to make it easier to find places described on our website. This represents a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where relevant consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR. This consent can be withdrawn at any time. We transfer data to the US on the basis of the European Commission’s standard contractual clauses. Details can be found at: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. More information on how Google handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.