We, in our capacity of operator of the website available at “https://www.recaro-cs.com” (hereinafter also called “website” or “online shop”), are the controller of the personal data referring to website users (“you”) within the meaning of the applicable data protection law, notably the European General Data Protection Regulation (“GDPR”).
In the following, we comply with our duty to provide information (Article 13 et seq. of the GDPR) by giving you a clear overview of the data that is processed during your visit on our website and the underlying legal basis. In addition, you receive information on the technical and organizational measures we have taken to protect your data and the rights you have vis-à-vis us and the competent supervisory authority .
1. Information on the Controller
RECARO Child Safety GmbH & Co.KG
95352 Marktleugast, Germany
Phone: +49 (0) 9255 77-0
2. Data Protection Officer
We have appointed a Data Protection Officer for our company:
Phone: +49 (0) 9255 77-9031
3. Processing of Your Personal Data
Use of Our Website for Information Purposes
When you call up our website to merely visit it, so-called “logfiles” are processed by automated collection by our systems.
The following logfiles are subject to automated processing:
• IP address of the accessing computer
• Type of Internet browser used
• Language of Internet browser used
• Version of Internet browser used
• Operating system including version
• Operating system interface
• Accessed pages
• Date and time of visit
• Time zone difference to Greenwich Mean Time (GMT)
• Access status/http status code
• Data volume transmitted
• Loading success or failure
The logfiles contain your IP address, but the last octet is replaced by random figures prior to storage. A link to you is thus impossible, and your data are not stored together with other personal data either.
Processing of the above-mentioned data is a necessary prerequisite for making our website available to you.
The legal basis for data processing for anonymization purposes is point (f) of Article 6(1) of the GDPR .
4. Use of Offers
When you place an order on our website, we need the following data in order to fulfill the contract with you:
• First name, last name and (invoice and delivery) address to send your order and invoice
• E-mail address to send you an order confirmation and make contract documents available to you immediately after order placement
• Your phone number for the purpose of contacting you
• Your date of birth to verify your age because we want to make sure that you have the legal capacity to conclude contracts
• Your payment information to process the payment of your order
• Company data (voluntary)
To send your order to you, we pass your address data on to our shipping/logistics service provider for delivery purposes.
The legal basis for the processing of these data is point (b) of the Article 6(1) of the GDPR. We store your data only as long as this is required for contract fulfilment. Apart from this, we store your data only to comply with our contractual or statutory obligations (e.g. duties under tax law). In this case, we block you data to such an extent that they are processed only for the necessary purposes.
In addition to these data, we store the timing (date and time) of the transmission of your data to us as well as your IP address. The processing of these data is necessary for the pursuit of our legitimate interests (point (f) of Article 6(1) of the GDPR) to ensure the security of our systems and prevent fraud . The additional data are erased as soon as they are no longer needed, at the latest when the contract with you has been fulfilled.
b. Payment Methods and Credit Checks
When you select a payment provider on our website for payment purposes, this provider, too, receives your personal data, e.g. your name, your address and your bank account data.
PayPal: When you pay with PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg) on our website, PayPal receives your payment data for payment transaction processing and may carry out a credit check. Please find information thereon at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#rAnnex.
Credit card: When you pay with your credit card on our website, your credit card provider receives the information that you have placed an order with us. Your credit card provider may carry out a credit check. More detailed information is available on your credit card provider’s respective website.
Direct Debiting/Advance Payment: When you pay by direct debiting on our website, our primary bank receives your bank account data for the purpose of payment transaction processing.
Heidelpay [PayPal, credit card, instant money transfer]: Your bank account or credit card data are processed by the payment service provider Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany (hereinafter called “Heidelpay“) for the purpose of electronic payment transactions. The legal basis for data processing is point (b) of Article 6(1) of the GDPR.
Please note that Heidelpay may, if necessary, obtain a credit check and details and credit information on the basis of mathematical-statistical methods from credit agencies using address data. For this purpose, the personal data required for a credit check such as your name, date of birth, address and bank data are passed on to the following companies (non-exhaustive list): Schufa Holding AG, Bürgel Wirtschaftsinformationen GmbH & Co. KG, Arvato Infoscore GmbH, Deltavista GmbH, Universum Business GmbH, Bisnode International Group, Regis24 GmbH or Creditreform AG.
5. Contact Form
You can contact us electronically through our contact form, e.g. to give us feedback or ask questions. When you make use of this option, you transmit the following data to us:
• E-mail address (to contact you)
• First and last name (for fraud prevention purposes)
• Address (for fraud prevention purposes)
• Company data (voluntary)
• Phone number (voluntary)
In addition to the data you submit to us voluntarily, we store the timing (date and time) of the transmission of your data to us as well as your IP address. The processing of these data is necessary for the pursuit of our legitimate interests (point (f) of Article 6(1) of the GDPR) to ensure the security of our systems and prevent fraud . These additional data we collect during your contact initiation are erased as soon as they are no longer needed, at the latest when the matter in which you have contacted us has been clarified.
By sending the contact form, you agree to the processing of your data. The legal basis for the processing of your data for the purpose of handling your contact initiation is point (a) of Article 6(1) of the GDPR. The data are stored until they are no longer needed for the purpose of communicating with you and the matter in which you have contacted us has been extensively clarified.
When your contact initiation aims at concluding a contract with us, the additional legal basis for the processing of your personal data is point (b) of Article 6(1) of the GDPR. These data are stored as long as necessary for the fulfillment of the contract. Apart from this, we store your data only to comply with our contractual or statutory obligations (e.g. duties under tax law).
6. Contact by E-mail
You have the possibility to contact us by e-mail. The personal data you transmit to us in your e-mail are stored by us. The data are not passed on to any third parties. They are processed exclusively to respond to your contact initiation. The legal basis for the processing of your personal data is point (f) of Article 6(1) of the GDPR. The data are stored until they are no longer needed for the purpose of communicating with you and the matter in which you have contacted us has been extensively clarified.
When you e-mail aims at concluding a contract with us, the additional legal basis for the processing of your personal data is point (b) of Article 6(1) of the GDPR. These data are stored as long as necessary for the fulfillment of the contract. Apart from this, we store your data only to comply with our contractual or statutory obligations (e.g. duties under tax law).
You may withdraw your consent to the processing of your personal data at any time by notifying us by e-mail, sent to the following address: [MAILADRESSE ]. In this case, all personal data from the conversation with you is erased and continuation of the conversation is no longer possible.
Please note: You can determine yourself whether you want to completely disable the cookie saving function or limit it to certain cookies. You can select this in your Internet browser settings where you can also inspect and delete the cookies that have been saved.
When you block all cookies, not all functions of our website may be available to you.
The analytics service Google Analytics by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, U.S., (hereinafter called “Google Analytics”) has been implemented on our website.
Google Analytics places cookies saving the following information:
• Type of Internet browser used
• Internet browser version
• Operating system used
• Referrer (previously visited website)
• Your truncated IP address
• Time of server access
Cookie Name: utmc_
Cookie Purpose: Time stamp indicating when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit.
Storage Period: Until the termination of the browser session
Cookie Name: utma_
Cookie Purpose: Collects data on a user’s number of visits on the website and the date of the first and last visit.
Storage Period: 2 years
Cookie Name: _utmb
Storage Period: 30 minutes
Cookie Name: utmt_
Cookie Purpose: Used to reduce the request rate.
Storage Period: 10 minutes after placement/ renewal
Cookie Name: utmz
Storage Period: 2 years
We use the Google Analytics function that anonymizes your IP address prior to saving or processing. Your IP address is usually truncated within the European Union/the European Economic Area and only thereafter sent to Google servers in the U.S. Your information is processed on a pseudonymized basis, and we will not create any links to any other of your personal data.
We use the data collected in this manner for statistical purposes to optimize our website and offers. The legal basis for this is point (f) of Article 6(1) of the GDPR.
In addition, you can prevent Google’s collection and processing of the data generated by the cookie and referring to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).
You can either disable the saving of Google cookies yourself directly in your browser settings or prevent the processing of your data by clicking on the following link to trigger an “opt-out”: [Bitte den Link setzen]. An “opt-out cookie” will be placed to prevent collection of your user data on this website.
Google’s private policy is available at the following link: https://policies.google.com/privacy?hl=de.
8. Icon Links to Social Networks
On our website, we use small icons referring to our website on third-party platforms (Facebook, Instagram, Pinterest, YouTube). They are all hyperlinks, which means that no data from you will be transmitted automatically. Transmission will only take place when you click on the icons and a new tab with the third party’s website opens in your browser.
9. Other Third-Party Content Integrated in Our Website
To ensure an attractive design of our website, we integrate YouTube videos from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter called “YouTube”) in our website. In this connection, we use the extended data protection mode , which means that information about you will be shared with YouTube only when you activate the video by clicking the “play” button.
The legal basis for the integration of the YouTube service in our website and the associated processing of your data is point (f) of Article 6(1) of the GDPR.
10. Applicant Data
Our website contains information on vacant positions in our team, and you can submit your application to us by e-mail. We process your data to carry out the application process; this means that the employees responsible for applicant preselection see your application. Your data are not passed on to any third parties, and we do not use your data for any other purposes.
Your applicant data are stored by us. If we reject your application, we store the data only as long as necessary, but no longer than for a period of six months, unless you allow us to store your applicant data for a longer period for the purpose of contacting you after expiry of the original period, if applicable.
The legal basis for the processing of your data is Section 26 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and Article 88 of the GDPR.
11. Your Rights
When we process your data, you are a “data subject ” within the meaning of the GDPR. You have the following rights: right of access , right to rectification, right to restriction of processing, right to erasure, right to notification and right to data portability. In addition, you have a right to object and a right to withdraw consent.
Please find details on the individual rights below:
a. Right of Access
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed.
Where we process your personal data, you have the right of access to the following information:
• the purposes of the processing;
• the categories of personal data processed;
• the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of a right to request rectification or erasure of your personal data or restriction of processing of your personal data by us or one of the rights to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• where the personal data are not collected directly from you, any available information as to their source;
• the existence of automated decision-making, including profiling pursuant to Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for you.
Where your personal data have been transferred to a third country or an international organization, you furthermore have the right to request information on the existence of appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
b. Right to Rectification
You have the right to request rectification and/or completion of the data concerning you that we have stored if such data are inaccurate or incomplete. We will rectify or complete the data without delay.
c. Right to Restriction of Processing
Under certain conditions, you have the right to request restriction of processing of your personal data from us. To obtain such restriction, at least one of the following conditions must be fulfilled:
• You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
• We no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defense of legal claims.
• You have objected to processing pursuant to Article 21(1) of the GDPR pending verification whether our legitimate grounds override your interests.
d. Right to Erasure
You have the right to request erasure of your personal data if we have the obligation to comply with such request. This is the case where one of the following conditions is fulfilled:
• Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, and there is no other legal ground for the processing.
• You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
• Your personal data have been unlawfully processed.
• The personal data must be erased to ensure compliance with a legal obligation in European Union or Member State law to which we are subject.
• Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
Where we have made your personal data public and are obliged pursuant to the above-mentioned grounds to erase them, we, taking account of the technology available to us and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers processing your personal data that you have requested that we erase all links to or copies or replications of those personal data.
However, you do not have a right to erasure to the extent to which processing is necessary for the following reasons (exceptions):
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by European Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
• for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defense of legal claims.
e. Right to Notification
Where you have exercised your right to rectification, erasure or restriction of processing, we are obliged to communicate any rectification or erasure of your personal data or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
f. Right to Data Portability
Where the conditions listed below apply, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and the right to obtain transfer of those data to another controller:
(1) The processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1).
(2) The processing is carried out by automated means.
When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where technically feasible and not adversely affecting the freedoms and rights of others.
This right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
g. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on those provisions.
After such objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims.
Where we process your personal data for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC (Directive on privacy and electronic communications ), you may exercise your right to object by automated means using technical specifications.
h. Right to Withdraw Consent
Pursuant to Article 7(3) of the GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
i. Right to Lodge A Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you are of the opinion that the processing of your personal data infringes the GDPR.
An overview of the German states’ respective Data Protection Commissioners and their contact data is available at the following link:
As of: 25 May 2018. Datenschutz maßgeschneidert . www.datenschutz-stuttgart.com
PRIVACY NOTICE ON THE PROCESSING ACTIVITY OF PERSONAL DATA
Art. 13 Regulation (EU) 2016/679 of the European Parliament and of the European Council
The Company, as the Data Controller, undertakes to protect the confidentiality and the rights of the Data Subject and, according to the principles established by the aforementioned regulations, the processing activity of the data provided will be based on principles of correctness, lawfulness and transparency.
1. PURPOSES OF THE PROCESSING ACTIVITY
The privacy notice is provided only for the Company's website and not for other websites that may be consulted by the Data Subject through links. The Data Subject may voluntarily provide his personal data that will be processed and used by the Company for the purposes related to the requested service indicated by specific privacy notice reported or displayed on the pages of the website for particular services or requests.
The personal data of the Data Subjects will be processed by the Company for the purposes relating and/or connected to the provision by the Company of services for the navigation of the website, and specifically to provide the services requested by the Data Subjects when navigating the website, including the collection, storage and elaboration of data for the purposes of delivering the services and their subsequent operational and technical management.
This data – which is required to deliver the service – will also be processed electronically, stored in specific databases, and used strictly and exclusively in relation to navigating the website.
Given that providing the personal data for these purposes is necessary to maintain and deliver all the services connected to navigating the website, failure to provide such data will make it impossible to provide the specific services in question.
The Data Controller may also process the personal data without the consent of the Data Subjects in the following circumstances:
a) for the aggregate and anonymous analysis of the use of the services accessed, to identify user habits and propensities, to improve the services provided and to meet specific Data Subjects requirements, or to prepare initiatives for improving the services provided.
b) comply with the provisions of laws and regulations, national and foreign, or execute an order of the judicial authority or other authorities to whom the Data Controller is subject;
c) exercise the rights of the Data Controller with particular reference to the right to defense in court.
The processing activity is lawful as it is carried out for the compliance with the provisions of laws and regulations and the exercise of the rights of the Data Controller.
2. METHODOLOGY OF THE PROCESSING ACTIVITY
Data processing is carried out electronically and / or on paper, by recording, processing, archiving and transmission of data, even with the support of IT tools.
Tools and media used in carrying out the processing activities are appropriate to ensure the security and confidentiality of data.
In carrying out the processing activities, the Company undertakes to:
- ensure the accuracy and updating of the data processed, and promptly acknowledge any adjustments and / or additions requested by the Data Subject;
- adopt security measures to ensure adequate data protection, because of the potential impact that the processing involves the rights and freedoms of the data subject;
- notify the data subject, in the times and in the cases provided for by the binding legislation, of any violation of personal data;
- guarantee the compliance of processing operations with the applicable provisions of the law.
3. COMMUNICATION AND DISCLOSURE OF INFORMATION
Without prejudice to the communications made in fulfillment of legal obligations, the personal data of the data subject may be known, in addition to the Data Controller, by:
- Employees and collaborators of the Data Controller as authorized data processing personnel;
- national and foreign companies belonging to the same group to which the Data Controller belongs;
- authorities in general, administrations, public bodies and organizations, both national and foreign;
- service providers
- exclusively for the purposes listed above according to any consent provided by the data subject. Personal data are not subject to disclosure.
4. TRANSFERS ABROAD
Personal data will be stored and processed within the European Union.
In the event of any processing of personal data outside the European Union, the same will only occur after the adoption of adequate guarantees, as required by the binding legislation.
5. DATA RETENTION POLICY
The Company keeps personal data in its systems in a form that allows identification of data subjects according to the following criteria:
- for a period of time not exceeding the achievement of the purposes for which they are processed, unless otherwise required by regulatory or contractual obligations;
- to comply with specific regulatory or contractual obligations;
- if applicable and legitimate, up to any request for cancellation by the data subject.
6. RIGHTS OF THE DATA SUBJECT
The data subject can assert his rights, recognized by the binding legislation and in particular by the articles from 15 to 22 of the GDPR, such as:
- Right of access: the right to obtain from the Data Controller confirmation that personal data is being processed and, in this case, to obtain access to personal data and to further information on the origin, purpose, categories of data processed, recipients of communication and / or data transfer, etc.
- Right of rectification: right to obtain from the Data Controller the correction of incorrect personal data without undue delay, as well as the integration of incomplete personal data, also by providing an additional declaration.
- Right to erasure: right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that:
- personal data are no longer necessary with respect to the purposes of the processing;
- the consent on which the processing activity is based has been revoked and there is no other legal basis for the processing activity;
- personal data have been processed unlawfully;
- personal data must be deleted to fulfill a legal obligation.
- Right to oppose the processing activity: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Data Controller.
- Right to restriction of processing: the right to obtain from the Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the data subject has objected to the processing, if the personal data are necessary to the data subject for the assessment, exercise or defense of a right in court, if as a result of opposition to the processing activity the data subject is awaiting verification of the prevalence or otherwise of the legitimate interest of the Data Controller.
- Data portability right: the right to receive personal data in a structured, commonly and automatically readable format, and to transmit such data to another data controller, only for cases where the processing is based on consent or on a contract and only for data processed by electronic means.
- Right not to be subject to a decision based on automated processing: the right to obtain from the Data Processor not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that affect the data subject or that significantly affect his person, except that such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the data subject.
- Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial appeal, the data subject who considers that the processing activity concerning him / her is in violation of the GDPR has the right to lodge a complaint with a supervisory authority.
In order to exercise the rights provided by the GDPR, the data subject may:
(i) forward your requests to the Data Controller, at the website www.recaro-kids.com
(ii) or as an alternative you should contact the Data Controller at the following address:
RECARO KIDS s.r.l.
Sede Sociale: Via Niccolò Tommaseo, 68
35131 PADOVA (PD) - Italia
indicating in the subject "Privacy".
The Data Controller appointed the “data protection officer” as required by the GDPR (“Data Protection Officer” or “DPO”). The Data Subjects can contact the DPO at the following e-mail address: email@example.com