I. Data controller
Data controller within the meaning of the General Data Protection Regulation:
Tuningkit Technologies GmbH & Co. KG
Phone: +49 (0) 07161 1587 870
Fax: +49 (0) 07161 1587 899
E-mail: [email protected]
II. Data Protection Officer
Contact details of our Data Protection Officer:
An der Dünung 48
Phone: +49 (0) 800-5891262
E-mail: [email protected]
III. Purposes and legal basis of data processing
Informational use of the website
When you use our website solely for informational purposes, in other words if you do not register, log in, place an order or otherwise provide us with information about yourself, we do not process any personal data except for the data provided by your browser to permit you to visit the website as well as information transmitted to us by cookies used for preparing statistical analyses of how our site is used.
a. Technical operation of the website
(i) Creation of logfiles
For the purpose of technical website operation, we may need to process certain automatically transmitted information about you in order for your browser to display our website and for you to use it. This information is automatically collected and stored in our server logfiles every time our website is accessed. The following information is collected:
- browser type and version
- operating system used
- referring URL (the previously visited page)
- host name of the accessing computer (IP address)
- time of the server inquiry.
These data are not combined with data from other sources and will be deleted following their statistical analysis.
The legal basis for the temporary storage of this data is Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring our ability to technically operate the website for you and in safeguarding its functionality. We also have a legitimate interest in optimising our website and in safeguarding the security of our information technology systems.
Below you will find further information on the cookies we use and your browser’s settings.
These cookies are essential for us to operate our website. They include cookies that allow you to log into the customer area or place something into the shopping cart.
These cookies make it possible to collect anonymised data about how our visitors use the site. These are then evaluated by us in order to improve the functionality of the website, for example, and to show you interesting offers.
These cookies are used for certain features offered by our website, e.g. to suggest improved navigation to our website, to show you personalised and relevant information (e.g. “interest-based advertisements”).
These cookies remember your visit to our website, the pages you visited and the links you clicked. We will use this information to customise the advertising you see on our website to better reflect your interests.
These cookies from some of our advertising partners help make our website more interesting to you. We also save cookies from partner companies on your hard drive for this purpose. These are temporary cookies that are deleted automatically after a specific period of time has elapsed. Cookies from partner companies are usually deleted after a few days or after up to 24 months, in some cases even after several years. The cookies placed by our partner companies do not contain any personal data either. They merely collect pseudonymous data under a user ID. This pseudonymous data will at no point in time be combined with your personal data.
The data collected through analytical/performance cookies, functional cookies, targeting cookies and third-party cookies will be pseudonymised and/or anonymised by technical means. As a result, the data can no longer be attributed to the user visiting the site. The data will not be stored together with other personal data concerning the user.
How can I configure my browser's cookie settings?
Every browser manages cookie settings differently. This approach is described in every browser’s Help menu, which provides instructions on how to change your cookie settings. To find it, click the link below that corresponds to your browser:
- Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari™: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
- Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Opera™: https://help.opera.com/en/latest/web-preferences/#cookies
b. Statistical analysis of website use and improving reach
For the purpose of performing statistical analyses of how our website is used, we use Google Analytics, Criteo, Google DoubleClick, Google Tag Manager and Google Ads, and therefore cookies which allow us to analyse your navigation of our website. This helps us improve the quality of our website and its contents. We learn how the website is used and can continuously optimise our offer as a result.
The information obtained through the statistical analysis of our website will not be combined with any other data collected about you during your visit to our website.
The legal basis for processing your personal data to perform statistical analyses of how our website is used is Art. 6 (1) (f) GDPR; we have a legitimate interest in offering a website with an appealing, technically functional and user-friendly interface and a needs-based design.
You can prevent the installation of cookies by adjusting the relevant setting in your browser software; however, we would like to point out that you may not be able to use all the functions of this website to their full extent in this case.
You can opt out of the communication to Google of data collected by the cookie in connection with your use of our website (including your IP address) and the processing of such information by Google by downloading and installing a browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=en.
Alternatively, click here to opt out of Google Analytics.
On our pages, technology provided by Criteo (Criteo GmbH, Unterer Anger 3, 80331 Munich, Germany) places cookies to collect information in purely anonymised form about the surfing activity of visitors to the website which is then used for marketing purposes.
Google DoubleClick cookie
Our website still uses DoubleClick, Google’s online marketing tool. DoubleClick places cookies in order to display ads that are relevant to users, improve campaign performance reports or to prevent users from seeing the same ad more than once. Google uses a cookie ID to collect information about which ads are displayed in which browser to prevent these from being displayed multiple times. In addition, DoubleClick may use cookie IDs to track conversions related to ad enquiries. This could be the case if a user sees a DoubleClick ad and uses the same browser to open the advertiser’s website and make a purchase at a later point in time. According to Google, DoubleClick cookies do not contain any personal information.
The marketing tools used cause your browser to automatically establish a direct connection to the Google server. Since we have no influence on the scope or further use of the data collected by Google using this tool, we are providing you with the information we have at our disposal: The use of DoubleClick means that Google receives the information that you have visited the corresponding section of our website or have clicked on one of our ads. If you are registered with a service provided by Google, it can connect the visit to your account. Even if you are not registered with Google or are not logged in, it is still possible that the provider will discover and store your IP address.
There are several ways for you to prevent your participation in this tracking process: a) by changing your browser settings accordingly, whereby rejecting third-party cookies, in particular, will prevent you from seeing third-party ads; b) by deactivating conversion tracking cookies by configuring your browser settings so that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.de/settings/ads, however this setting is deleted if you delete your cookies; c) by deactivating the interest-related ads of providers who are part of the self-regulation campaign “About Ads” using the link http://www.aboutads.info/choices, however this setting is deleted if you delete your cookies; d) by permanently deactivating plugins in your Firefox, Internet Explorer or Google Chrome browser by clicking the link http://www.google.com/settings/ads/plugin. Please note that, in this case, you may not be able to use all the functions of this website to their full extent.
You can find additional information regarding DoubleClick by Google at https://www.google.com/doubleclick as well as additional information regarding Google’s policies on data privacy, in general, at: https://policies.google.com/privacy?hl=en. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
Google Tag Manager
We use the Google Tag Manager by Google on our website. The Google Tag Manager is a solution that lets marketers manage website tags through an interface. The Google Tag Manager service itself (which implements the tags), is a cookie-free domain that does not collect any personal data. The Google Tag Manager service triggers other tags which, in turn, may collect data. Google Tag Manager does not access this data however. If tags have been disabled at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
We use the online advertising programme “Google Ads“ and the conversion tracking feature offered as part of Google Ads. Google conversion tracking is an analytical service offered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies expire after 30 days, do not contain any personal data and are therefore not used for the purpose of personal identification.
If you visit certain pages on our website and the cookie has not expired, Google and we can recognise that you have clicked on the ad and been forwarded to this page. Since each Google Ads customer gets a different cookie, it is not possible to track cookies across the websites of Ads customers.
The information obtained with the help of conversion cookies is used to generate conversion statistics for Ads customers who have opted in favour of conversion tracking. This service reveals to customers the total number of users who have clicked on their ad and been forwarded to a page with a conversion tracking tag where they purchased a product, for example. However, they do not receive any information which can be used to identify users personally.
Google Web Fonts
To ensure that the fonts displayed on this website have a uniform appearance, the site only uses web fonts provided by Google. When you visit a page, your browser downloads the web fonts it needs into your browser’s cache in order to display texts and fonts correctly.
To do so, the browser you use must establish a connection to Google’s servers. This tells Google that our website was accessed via your IP address.
The legal basis for processing your personal data in order to use Google Web Fonts is Art. 6 (1) (f) GDPR; we have a legitimate interest in offering a website with a uniform, appealing and user-friendly interface.
If your browser does not support Web Fonts, your computer will use a default font.
Measure conversions with the Facebook Pixel action tracker
On our website we use the “Facebook Pixel” action tracker from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). We use this to help track the actions of users after they have seen or clicked on a Facebook ad. It allows us to collect data on the efficiency of Facebook ads for statistical and marketing purposes. The data collected through this tool are anonymous to us, which means that we are unable to see the personal data of individual users. These data are stored and processed by Facebook, however, so we are providing you with the information we have at our disposal. Facebook can combine these data with your Facebook account and also use it for its own advertising purposes, in accordance with Facebook’s Data Policy https://www.facebook.com/about/privacy/. You can permit Facebook and its partners to display ads both on and off the Facebook platform. Furthermore, a cookie can be stored on your computer for this purpose.
The legal basis for processing your personal data to measure conversions on our website with the Facebook Pixel action tracker is Art. 6 (1) (f) GDPR; we have a legitimate interest in offering a website with an appealing, technically functional and user-friendly interface and a needs-based design.
c. Use of CloudFlare
CloudFlare functions are used on our website. The provider is CloudFlare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.
CloudFlare offers a globally distributed content delivery network with DNS. At the technical level, transfers of information between your browser and our website are routed through the CloudFlare network. That puts CloudFlare in a position to analyse the data traffic between users and our website in order to identify and prevent attacks on our services, for example. CloudFlare may also store cookies on your computer for optimisation and analytical purposes.
The legal basis for processing your personal data in conjunction with the use of CloudFlare is Art. 6 (1) (f) GDPR; we have a legitimate interest in identifying and preventing attacks on our services, in particular.
d. Use and application of affilinet
Components offered by affilinet are integrated into this website. Affilinet is a German affiliate network that offers affiliate marketing. Affilinet is operated by affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany.
Affiliate marketing is a type of Internet-based marketing which enables commercial operators of websites, referred to as merchants or advertisers, to show advertisements, which are mostly paid for by means of per-click or per-sale commissions, on third-party websites, i.e. distribution partners, which are also referred to as affiliates or publishers. The merchant provides an advertising medium, i.e. an advertising banner or other suitable means of Internet advertising, via the affiliate network, after which this medium is subsequently integrated into the affiliate’s own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.
Affilinet places a cookie on the individual’s IT system. Cookies have already been explained above. Affilinet’s tracking cookie stores absolutely no personal data. The only information stored is the identification number of the affiliate, i.e. the partner referring potential customers, the serial number of the visitor to the website and the ad clicked. This data is stored in order to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. Affilinet.
The legal basis for processing your personal data in conjunction with the use of Affilinet is Art. 6 (1) (f) GDPR; we have a legitimate interest in making our marketing as appealing as possible and in improving our products and services.
As already explained above, the data subject may prevent our website from storing cookies at any time by adjusting the settings of their Internet browser accordingly and, in doing so, permanently blocking cookies from being stored. This browser setting would also prevent Affilinet from placing a cookie on the data subject’s IT system. In addition, cookies already placed by Affilinet can be deleted at any time via an Internet browser or other software.
e. Social links
The website contains links to services such as Google+, YouTube, Facebook, Twitter and Xing. When you click on the link, you will be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. Since the conduct of third parties is by nature beyond our control, we no longer have any influence on the collection, processing and use of any personal data (such as the IP address or the URL of the page containing the link) transferred to a third party when the link is clicked. For information on how your data is handled when you use the websites of other providers, please refer to the respective data protection information of those providers.
Active use of the website
In addition to the purely informational use of our website, you can also actively use our website to order one of our products, to register for our newsletter or to contact us. In addition to processing your personal data for purely informational purposes, as explained above, we will also process other personal data of yours that we need to process your order or to process and respond to your enquiry.
a. User enquiries
In order to process and respond to enquiries you send to us, e.g. via the contact form, to our e-mail address or by telephone, we process the personal data provided by you in this context.
For enquiries submitted via the contact form, you must provide your first name, surname and e-mail address. Providing your phone number and invoice number is voluntary.
If you send an enquiry to one of our e-mail addresses, we will always process your e-mail address in order to send you an answer, as well as any other information you send us within the context of your message.
When we receive enquiries via Facebook, we process the name provided in connection with your Facebook account and any other information you send us within the context of your message.
When we receive telephone enquiries, we process the personal data you provide us with over the phone.
The legal basis for the processing of your personal data in connection with user enquiries in order to respond to such enquiries is Art. 6 (1) (f) GDPR. We have a legitimate interest in providing correct responses to customer enquiries.
b. Registration and user account
You can create a user account in order to use our website and our online shop. To do so, you must first register. This requires that you provide your first name, surname, e-mail address and a password of your choice. Once you have successfully registered on our site, you carry out certain activities and make purchases via your user account. Registered users also have the option of changing or the data provided during registration at any time if necessary.
We use something referred to as a double opt-in approach for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If we do not receive confirmation from you within 24 hours, your registration will automatically be deleted from our database.
We process your data for the purposes specified above on the following legal basis:
- for the performance of a contract or to take steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR, if you use the user account for making purchases in our online shop and
- to preserve our legitimate interests in accordance with Art. 6 (1) (f) GDPR. We have a legitimate interest in offering you a user-friendly, personalised website.
c. Online shop and order placement
When you visit our online shop, we give you the opportunity to place an order for a product from our product range. You can select items from our product range in the online shop and place them in the shopping cart. The shopping cart stores information about all items and item quantities. To simplify your order placement experience, we even store incomplete orders for you so you can finish placing your order on your next visit.
If you order goods through our online shop, we collect your personal data in order to accept and process your e-commerce order and send you the ordered goods. You can place an order in our online as the registered user of a user account. In this case, we process your e-mail address, password or any other information you provided in connection with the user account. Additionally, you can also place an order via a guest account. For all orders, we process your title, name, address, e-mail address and any payment data (e.g. credit card number) you provide to us.
We process the data you provide in accordance with Art. 6 (1) (b) GDPR for the initiation and execution of contracts, in particular for offer preparation and the fulfilment and processing of your order, as well as for customer relationship management. Non-provision of any mandatory data could result in our inability to conclude a contract.
d. Compliance with legal regulations
We also process your personal data in order to fulfil other legal obligations which apply to us in connection with the processing of the order. These include, in particular, retention periods under commercial, trade or tax law.
We process your personal data for the fulfilment of a legal obligation to which we are subject pursuant to Art. 6 (1) (c) GDPR, in connection with commercial, trade or tax law, insofar as we are obligated to record and store your data.
e. Legal remedy
We also process your personal data to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to defend ourselves against or prosecute criminal offences.
For this purpose, we process your personal data in order to safeguard our legitimate interests in accordance with Art. 6 (1) (f) GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offences.
f. Use for marketing purposes
Use of data for e-mail marketing and right to object
When we receive your e-mail address in connection with contract conclusion and the provision of our products, we reserve the right to regularly send you interesting offers by e-mail for similar products from our product range unless you have objected to this. You can object to this use of your e-mail address at any time by sending a message through the contact options listed in Section I or by using the unsubscribe link provided for this purpose in the advertising e-mail; you will not incur any costs for this other than for transmission costs at the basic rates.
If you have provided us with your e-mail address in connection with the purchase of goods or services and we send you personalised advertising, we process your data to send e-mail advertising to safeguard our legitimate interests in accordance with Art. 6 (1) (b) GDPR in conjunction with Art. 7 (3) of the Federal Act against Unfair Competition (UCA). Our legitimate interest is based on our economic interest in performing marketing activities and target group advertising.
g. Sending an application
If you submit an application to us, we process your personal data in connection with your application. Your application documents could contain special categories of personal data.
Processing of personal data
Applicant data generally comprises the following: first name and surname, your academic degree if applicable, date and place of birth, contact details (address, e-mail, phone and/or mobile phone number), application documents (cover letter, CV, transcripts), language skills, other skills. We also process data sent when you contact us by e-mail.
In line with legal requirements, we base the decisions we make during the application process on the personal data you provide. For example, we use your professional qualifications to decide whether to let you continue to the next stage of the selection process and we use an interview to gain a personal impression of you in order to decide whether to offer you the job you applied for.
We process your personal data on the following legal basis:
- Data processing for the purpose of reaching a decision on the establishment of an employment relationship, Art. 88 (1) GDPR in conjunction with Section 26 (1) (1) of the German Federal Data Protection Act (BDSG).
Processing of special categories of personal data
In accordance with Art. 9 GDPR, special categories of personal data comprise data that could reveal a person’s racial or ethnic origin, political opinions, religious (e.g. information about religious affiliation/denomination) or philosophical beliefs or trade union membership, and the processing of biometric data for the purpose of uniquely identifying a natural person (e.g. photos), data concerning a person’s health (e.g. Information concerning the degree of severe disability) or data relating to a person’s sex life or sexual orientation. If your CV contains special categories of personal data, we do not collect such data intentionally. We specifically ask that you please refrain from sending us data of this nature.
If you, voluntarily and contrary to our express request, send us application documents containing special categories of personal data in accordance with Art. 9 (1) GDPR (e.g. your photo or details concerning your religious affiliation/denomination), we will store them on the basis of your consent pursuant to Art. 88 (1) GDPR in conjunction with Section 26 (3) (2) BDSG. The same also holds true if you provide us with other special personal data during the application process. By voluntarily submitting this data, you agree to the storage of this special personal data as part of the application process.
We do not take this special personal data into account when reaching our selection, unless we are required by law to take this special personal data into account. It is possible, for example, that some job advertisements may give preferential treatment to people with disabilities in accordance with prevailing legal provisions. In these cases, provision of this information is always voluntary and subject to your express consent, which you give by voluntarily submitting this data.
We process your special personal data on the following legal basis:
- In accordance with Art. 9 (1) GDPR based on your consent pursuant to Art. 88 (1) GDPR in connection with Section 26 (3) (2) BDSG.
Some parts of our webpages contain links to third-party websites. These websites are subject to their own principles of data protection. We are not responsible for the operation of such sites nor the way in which they handle data. If you send information to or through this kind of third-party sites, you should check the privacy policies of these sites before sending them any information that can be linked to you.
V. Categories of recipients
First of all, our employees become aware of your personal data. In addition, we use carefully selected and commissioned service providers for some of our business processes, especially for IT services, contract handling, the cultivation of customer relations and services provided to customers and interested parties. In some cases, our service providers receive your personal data in their capacity as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients handle your data independently as it is transmitted to them by us.
Below is a list of the recipient categories regarding your personal data: Payment service providers, newsletter service providers, communication service providers, logistics service providers, credit reporting agencies, debt collection service providers, advertising and market research services, printing services, law firms, tax offices and auditing firms.
VI. Transfer to third countries
We may also transfer personal data to recipients domiciled outside the EEA, i.e. third countries. In this case, we will ensure that the recipient either has an adequate level of data protection (e.g. based on an adequacy decision by the EU Commission for the respective country or on the basis of EU Standard Contractual Clauses agreed with the recipient) or you have consented to the transfer.
We transfer your truncated IP address to the USA in connection with our use of tools from Google. This data transfer is based on the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield. Certification under the EU-US Privacy Shield guarantees the presence of an adequate level of data protection in accordance with European data protection law. Any data transfer performed using Facebook Pixel and the use CloudFlare are based on the EU-US Privacy Shield as well.
VII. Length of storage
Unless this data protection information contains special instructions regarding deletion, we will delete any of your personal data that is no longer necessary for the business relationship, in particular for the purpose of initiating and executing contracts, if there is no further legal obligation or legal justification for such storage. The storage periods set forth in the German Commercial Code (HGB) and the Tax Code (AO) are two to ten years. The length of storage is also affected by statutory periods of limitation. The statutory period of limitation is generally between 12 and 36 months, however it can also be up to 30 years.
VIII. Your rights as a data subject
Rights to information, reporting, deletion, restriction on processing and data transmission
Pursuant to Art. 15 GDPR, you have the right to obtain information at any time regarding whether and which of your personal data is stored by us and to whom we may have disclosed it. In addition, you have the right to rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR) and data portability (Article 20 GDPR) in accordance with legal provisions.
Right to object
Furthermore, pursuant to Art. 21 (1) GDPR, you may at any time object to any data processing that we perform on the basis of Art. 6 (1) (f) GDPR (on the basis of a balance of interests) for reasons relating to your particular situation. In particular, you may object to the use of your data for the purpose of direct marketing at any time with future effect.
Right of withdrawal
Once granted, you may withdraw your consent to us at any time and without stating the reason. Withdrawal of consent, however, shall not affect the legality of any processing done up to the time consent was withdrawn.
Assertion of rights
You may assert the aforementioned rights in writing to our company's Data Protection Officer, whose name and contact details are listed under Section II.
Please note that, if any doubt exists as to whether you are seeking to assert the rights specified here as the data subject, we reserve the right to request more detailed proof of your identity as the actual data subject seeking to assert these rights.
Right to lodge a complaint with the data protection authority
In accordance with the requirements of Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your usual place of residence, place of work or place of the alleged infringement if you consider that the processing of your personal data violates the GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
The data protection authority responsible for our company is:
Der Landesbeauftragte für den
Datenschutz und die Informationsfreiheit
(The State Commissioner for Data Protection
and the Freedom of Information)
Königstrasse 10 a
E-mail: [email protected]
IX. Scope of your obligations to provide data
In principle, you are under no obligation to provide us with your personal data. If you choose not to, however, we will not be able to provide you access to our website, answer your questions or enter into any contracts with you. Personal data that are mandatory are indicated with an asterisk (*); any other personal data you provide to us is done so on a voluntary basis.
X. Automated decision-making / profiling
We do not use automatic decision-making or profiling (automatic analysis of your personal circumstances).
Information about your right to object, Art. 21 GDPR
You have the right to object at any time to the processing of your data on the basis of Art. 6 (1) (f) GDPR (data processing on the basis of a balance of interests) or Art. 6 (1) (e) GDPR (data processing in the public interest) on grounds relating to your particular situation. This shall also apply with respect to profiling based on this provision within the meaning of Art. 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
- In individual cases, we also process your personal data for the purpose of conducting direct marketing. If you do not wish to receive advertising, you have the right to object to it at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will take your objection into account for the future.
We will no longer process your data for direct marketing if you object to their processing for this purpose.
The objection does not need to be written in any special form and, if possible, should be sent to our company’s contact details as listed in Section I.
Most recently updated in February 2019