up2parts GmbH takes the protection of your personal data very seriously and adheres strictly to all applicable legislation and regulations concerning data protection, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).
Please find below information on how we collect and use your personal data, e.g. if you visit our website or contact us otherwise (e.g. as a customer). You may access this policy at any time on our website.
1. Data controller
The service provider and data controller within the meaning of the Data Protection Act is up2parts GmbH, Dr.-Müller-Str. 26, 92637 Weiden i. d. OPf., Germany. Telephone: +49 (0)961 6000-0 Fax: [+49] 961 60 00-7900, info(at)up2parts.com. Our data protection officer, Ms. Marina Stich, can be contacted at up2parts GmbH, Dr.- Müller-Str. 26, 92637 Weiden i. d. OPf., Germany. Telephone: +49 (0)961 6000-7309, Fax: [+49] 961 60 00-7900, info(at)up2parts.com.
2. Your rights
2.1 You have the right to demand information from us at any time about the data we have stored about you and about their origin, the recipients or categories of recipients to whom those data are transferred and the purpose of storage.
2.2 You have the right to demand of us prompt rectification of incorrect personal data about you or restriction of processing. Taking account of the purposes of processing, you also have the right to demand completion of incomplete personal data – including by means of an additional declaration.
2.3 You have the right to demand of us prompt erasure of personal data about you. Among other things, we are obliged to delete them if the purposes for which they were collected or otherwise processed are no longer necessary or you have withdrawn your consent.
2.4 You have the right to receive the personal data about you that you have provided to us in a structured, standard and machine-readable format and you have the right to transfer those data to another data controller without hindrance if processing is based on your consent or processing is carried out with the aid of automated procedures.
2.5 If you have given your consent to the use of your data, you may withdraw it at any time.
2.6 If we process your personal data on the basis of legitimate interests, you may object to that processing.
2.7 Please submit all requests for information, inquiries and objections regarding data processing by email to info(at)up2parts or to the address specified under section 1.
2.8 In the case of breaches of data protection law, you have a right to lodge a complaint with the relevant supervisory authority. The relevant supervisory authority for issues of data protection is the Bavarian State Office for Data Protection Supervision (address and contact: https://www.lda.bayern.de/de/impressum.html)
3. Data security
We use technical and organizational measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction and access by unauthorized persons. Your data are transferred in encrypted form; the encryption protocol used is TLS 1.2.
4. Collection of personal data for information purposes, cookies
4.1 If the website is used purely for information purposes, i.e. if you do not go beyond simply using the website and do not make contact with us or otherwise transfer information to us, we collect the user data that your browser sends to us automatically to facilitate your visit to the website. Storage is for exclusively system-related and statistical purposes (on the basis of Art. 6(1) section (b) GDPR) and, in exceptional cases, for reporting of criminal acts (on the basis of Art. 6(1) section (e) GDPR).
4.2 The data collected in accordance with section 4.1 are
- IP address
- Date and time of request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Data volume transferred
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
4.3 In addition, cookies are stored on your computer when you use the website. Cookies are small text files that are associated with the browser you are using and are stored on your hard drive, and which provide certain information to the body that sets the cookie (in this case, us). Cookies do not do any damage to your computer and do not contain any viruses. Cookies are used to make our website more user friendly, more effective and more secure. Most of the cookies we use are what are known as “session cookies”. They are erased automatically at the end of your visit. Other cookies remain on your end device until you delete them. These cookies make it possible to recognize your browser on your next visit.
4.5 You can configure your browser settings to meet your needs and (for example) to reject acceptance of cookies. Please note, however, that you may not be able to use all the functions of this website.
4.6 This stored information is held separately from any other data provided to us. In particular, the cookie data are not linked to your other data.
5. Collection and processing of personal data when making contact and for marketing purposes
5.1 Collection and processing of personal data (this includes, for example, your name, telephone number and email address) is carried out if you expressly communicate these data to us via our contact form for the purpose of making contact with us. These personal data are used exclusively for the purposes of processing your inquiries and on the basis of Art. 6(1) section (f) GDPR.
5.2 Use for marketing purposes is carried out only on condition of consent given by you and on the basis of Art. 6(1) section (a) GDPR. Your data held by us for the purposes of providing the newsletter are stored by us until you cancel your subscription and they are deleted on cancellation of the newsletter.
6. Collection and processing of personal data for orders, opening a customer account, customer support, use for direct marketing
6.1 Personal data are collected on the basis of Art. 6(1) sentence 1 letter b) GDPR when you provide them voluntarily to execute a contract or open a customer account. If you order or register as the contact person of a legal entity, data processing is carried out in accordance with Art. 6(1) sentence 1 letter f) GDPR to safeguard our legitimate interests in communication with a contact person of the legal entity. These data are used – without your express consent – only to process a contract and answer your inquiries and to provide the services you have ordered. On completion of processing of the contract and full payment of the purchase price, your data are stored in accordance with the retention periods stipulated by tax and commercial law and erased on expiry of those periods.
6.2 Your personal data will also be processed based on Art. 6 para. 1 lit. f GDPR in order to create a contact in our ERP and CRM system for you and/or the company you are working for. Your personal data will be processed for the purpose of customer support, acquisition and handling of orders, e.g. sending documents by email (e.g. written documentation of our business relationship, offers, complaints).
6.3 The email address you provide to us on conclusion of contract is also used for our own marketing purposes to advertise similar goods or services to those ordered by you in the form of our newsletter. You can object to the use of your email address at any time without incurring any costs other than the basic communication costs. Your objection (and thus your cancellation of our newsletter) can be provided to us using the link provided in the newsletter or by sending us a corresponding message. When you submit your objection, your email address is deleted immediately. The basis for processing is our legitimate interests, Art. 6(1) section (f) GDPR.
7. Collection and processing of personal data in relation to applications
7.1 We also collect personal data if you make an employment application to us. Processing of personal data is necessary for us to carry out the application process, including creation of an electronic applicant file, administration of your application and organization of interviews – in short, processing is a prerequisite for conclusion of an employment contract with you. Processing is carried out on the basis of Art. 6(1) section (b) GDPR.
7.2 We also use your data on the basis of Art. 6(1) section (f) GDPR to consider you for possible future vacancies, and we store your data for this purpose for a limited period of one year following an unsuccessful application. You may object to this use of your personal data at any time.
7.3 If you register for our job subscription service, we will notify you on the basis of Art.6(1) section (a) GDPR of any vacancies at up2parts by email. Cancellation of your subscription is possible at any time.
8. Recipients/categories of recipients of personal data,“thirdcountry” (i.e. non-EU) data transfers, legitimate interests pursued by us in this context
8.2 For fulfillment of contract, we forward your data to the shipping company commissioned to provide delivery, insofar as this is necessary to deliver the ordered goods. For processing of payments, we give the payment data required to the financial institution appointed to carry out payment and to any payment service provider appointed by us or to the payment service selected by you in the order process.
8.3 These are:
8.3.1 Microsoft Irland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland
8.3.2 84codes AB, Hälsingegatan 49, 113 31 Stockholm
8.3.3 Auth0 , 10800 NE 8th, St Suite 700, Bellevue, WA 98004
8.3.4 Mailgun Technologies Inc
8.3.5 Atlassian Pty Ltd, c/o Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104
8.3.6 Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St. Julian's STJ 3141, Malta
9. Period for which the personal data are stored
If your data are no longer required, they are erased on expiry of the retention obligations under tax and commercial law (these can be up to 10 years for invoices).
10. Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google LLC ("Google"). Google Analytics uses what are known as “cookies”: text files that are stored on your computer and that facilitate analysis of your use of the website. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there. If IP anonymization is activated on the website, however, your IP address will first be truncated within Member States of the European Union or in other states that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to compile reports on website activities and to provide other services associated with website and Internet use to the website operator. The IP address sent by your browser in the context of Google Analytics will not be linked to other Google data. You can prevent storage of the cookies by means of a corresponding setting in your browser software; please note, however, that in this case you may not be able to use all of the functions of this website to their full extent. In addition, you can prevent recording of the data generated by the cookie and related to your use of the website (including your IP address) by Google and processing of those data by Google by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on or within browsers on mobile devices, you
can prevent Google Analytics from collecting your information by clicking on the following link. An opt-out cookie is set to prevent the collection of your information on future visits to this site:
Deactivate Google Analytics
Data processing is carried out on the basis of Art. 6(1) section (f) GDPR. We have a legitimate interest in analyzing use of our website for optimization purposes.
11. Use of Google Tag Manager
This website uses Google Tag Manager, a tag management system of Google LLC ("Google"). Google Tag Manager does not record any personal data. Tag Manager makes it easier to integrate and manage certain tags. Tags are small elements of code which, among other things, are used to measure traffic and user behavior, record the effect of online advertising and social media channels, to set up remarketing and alignment with target groups and to test and optimize websites. If you have set up deactivation, that deactivation will be observed by Google Tag Manager. For further information about Google Tag Manager, see: https://www.google.com/analytics/terms/tag-manager.
12. Use of Google Recaptcha
13. Use of Google Ads
Based on your consent (Art. 6(1) section (a) GDPR), we use the marketing and remarketing service Google Ads on our website, which is also operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can withdraw your consent to this at any time with effect from that point forward. Simply use one of the listed opt-out options. Google is directly responsible for some of the data processing.
With the help of Google Ads, we can target advertisements for our website in Google Search. Google Ads allows us to set specific keywords. An ad in Google's search engine results will only be displayed if you use the search engine to retrieve a keyword-related search result. In the Google AdWords network, the ads are distributed to topic-relevant web pages using an automated algorithm and according to previously defined keywords. If you click on a Google Ads ad and are thereby redirected to our website, Google will set a remarketing tag and a conversion cookie on your device. This may be a cookie or similar technology. If you then visit another website from the AdWords network, this remarketing tag will be read and you will receive an appropriate advertising message. The conversion cookie allows us to see how many people are interacting with one of our ads.
You can always prevent cookies from being set by our website through your browser settings. This also prevents the cookies associated with Google AdWords from being stored on your device. You can delete existing cookies already on your device.
You also have the ability to block interestbased advertising by Google. To do this, go to https://adssettings.google.com/authenticated and change the settings as you see fit. Finally, you can also set a corresponding opt-out cookie at http://optout.networkadvertising.org/?c=1#!/.
14. Use of Facebook Pixel
On our website, we use “Facebook Pixel” from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). We also use this tool based on your consent (Art. 6(1), sentence 1, section (a) GDPR). We use Facebook Pixel to provide you with personalized advertising on Facebook and to analyze your usage behavior on our website. You can withdraw your consent to this at any time with effect from that point forward. Simply use one of the listed opt-out options.
When you visit our website, Facebook Pixel is activated and a cookie is set by us on your device (what is known as a “first-party cookie”) through which data is collected. In addition, cookies are integrated directly by Facebook and other companies (“third-party cookies”). Web beacons and other storage technology may also be used. As a result, a “cookie” is stored on your device.
Facebook Pixel allows us to monitor the effectiveness of Facebook ads (“Facebook Ads”) and to analyze your interaction with our website for statistical and market research purposes. With the help of Facebook Pixel, we can recognize, for example, whether you have been redirected to our website after clicking on a Facebook Ad and how you have interacted with our website (this is referred to as “conversion”). With the help of Facebook Pixel, we can also assess you and other visitors to our website with regard to your placement in a target group for Facebook Ads. We therefore use Facebook Pixel to improve our contact with customers on Facebook, as Facebook Ads that are switched on by us are only displayed to those Facebook users who have also shown an interest in our offers or who have certain characteristics (e.g. interests in certain topics or products that are determined from the websites visited, what is referred to as “custom audiences via websites”). We also want to make sure that our Facebook Ads are of interest to you and not annoying.
Various event and conversion data are collected on our website, e.g. which subpages you visit or how you interact with our website. Thus, we evaluate your activity on our website and use this analysis for personalized advertising. If you log in to Facebook or if you are logged in to Facebook when visiting our website, the visit to our website is noted in your Facebook profile. The data are, however, converted (“hashed”) directly into chains of numbers when collected. These data therefore do not allow us to draw any conclusions about you. We would like to point out, however, that the data are also stored and processed by Facebook. Facebook may use this information for its own market research and advertising purposes. We have no control over that.
Facebook is certified under the EU-US Privacy Shield. This ensures that a level of protection comparable to European data protection law is observed (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The Facebook Data Policy applies to data processing by Facebook. It contains general information concerning the placement of Facebook Ads: https://www.facebook.com/policy.php. For more information about Facebook Pixel and how it works, visit the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
You can also prevent collection of data by Facebook Pixel and the use of your data for Facebook Ads. Furthermore, you may revoke your consent to this. Please click here: Disable Facebook Pixel If you disable Facebook Pixel, an “opt-out” cookie will be saved on your device. If you delete the cookies in this browser, you must click the link again. In addition, this opt-out only works within the browser you are currently using and only for our website. To decline these and other interest-based advertising, you can also visit the following websites: http://www.networkadvertising.org/choices/; http://www.youronlinechoices.com/
15. Use of Outbrain
We use Outbrain Pixel on our website. We asked you for your consent to do so during your first visit to our website, so that the legal basis for the associated data processing is your consent (Art. 6(1) section (a) GDPR). To help you understand what data processing is associated with Outbrain Pixel, here's how Outbrain generates personalized advertising.
15.1 Personalized advertising in the Outbrain
Widget Outbrain provides the Outbrain Widget, through which personalized ads are shown to you, to “Partner Websites”. The use of an Outbrain widget can be recognized by the text referring to Outbrain (e.g. “Recommended by Outbrain” or “from Outbrain” next to the recommendations). For example, if you visit the website of an online newspaper, you may see an ad in the Outbrain widget.
Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA is responsible for data protection matters related to this widget. In other words, Outbrain decides which data is processed and for what purpose, and therefore is your direct contact. The companies whose ads appear in the Outbrain widget do not have access to this data and do not decide how and what data is collected.
Outbrain uses the Outbrain widget to collect some information to show you personalized online advertising. If you visit a website that incorporates this Outbrain widget, your device will be assigned a unique user ID (Unique User Identifier; UUID). In addition, Outbrain will catalog and analyze the content you consume on the particular website. The recommendations are based on: (i) browsing history; (ii) similar web surfing patterns of other users; (iii) recommendations that are popular with Outbrain's target audience; (iv) a degree of randomness; and (v) target requirements provided or required by us or other Outbrain customers. Each of your devices receives its own UUID. Several devices therefore have multiple UUIDs. By assigning a UUID, Outbrain can combine the visited pages and the clicks on Outbrain's recommendations from that UUID. All this serves the purpose of providing interesting recommendations.
Outbrain also collects the following information: (i) IP address (anonymized to industry standards); (ii) User Agent Data: device type (e.g. iPhone), browser type (e.g. Chrome), operating system (e.g. iOS); (iii) the pages visited; (iv) the time of the visit; and (v) the referring URLs and other information typically transmitted during HTTP requests. Through this statistical information, Outbrain obtains information about how many users have visited a particular page on partner websites on which the Outbrain widget is installed, how long each user stayed on the page, the type of content on the page that the user clicked on, and how the user behaved on the page in general. This information is personal information only when connected to a user ID. You can find
additional information on data processing by Outbrain here: https://www.outbrain.com/de/legal/privacy. You can also opt out and prevent data processing there. As with any widget, you can also access your profile and opt out: https://my.outbrain.com/recommendations-settings/profile
15.2 Outbrain Pixel
We only use Outbrain Pixel on our website. This means that you will not see personalized advertisements from Outbrain on our website and the data processing that was just described does not occur. However, Outbrain Pixel does collect some information about you. We are responsible for this data processing and Outbrain acts on our behalf.
Therefore, we would like to inform you about this in detail: When we pay for an Outbrain ad and you click on that ad, you are redirected to our website. Outbrain Pixel then determines if your device has an Outbrain unique user ID. If there is a unique user ID associated with this device, we may re-address your unique user ID or find out the total number of unique user IDs that have reached our website. Furthermore, we use Outbrain Pixel to see which areas of the website were visited with the unique user ID. No identifiable personal information is collected, transmitted or stored.
If you do not have an Outbrain unique user ID, Outbrain Pixel will not capture any data at all. This data processing helps us to understand how our website is used and whether our ads contribute to our appeal to our customers. All data points, such as page views and clicks associated with a unique user ID, are stored for 13 months and then deleted. For example, if unique user ID 123 read an article on December 31, 2017, that article will no longer be part of the unique user ID 123 profile on February 1, 2018. You can find additional information on data processing by Outbrain here: https://www.outbrain.com/de/legal/privacy
If you have disabled processing of data by the Outbrain widget, Outbrain Pixel will not automatically collect data because your device has no unique user ID. Finally, you have the option of preventing the setting of cookies by the use of corresponding settings in your browser. You can also disable preference-based advertising using the preference manager that is available here: http://www.youronlinechoices.com/de/praferenzmanagement/
16. Use of Hotjar
You can object to the storage of a user profile and information about your visit to our website by Hotjar and to the setting of Hotjar tracking cookies on other websites via this link: https://www.hotjar.com/legal/compliance/opt-out