Privacy Policy
§ 1 Information on the Collection of Personal Data
(1) The following provides information on the collection of personal data when using our website or in business relationships, e.g., when you contact us. Personal data is any data that can be personally attributed to you, such as name, address, email addresses, or user behavior.
(2) If you have questions regarding the processing of your personal data, please contact our customer support or directly the Data Protection Officer of enviado GmbH (see our imprint). You can reach our Data Protection Officer at:
or at our postal address with the addition "Data Protection".
(3) When you contact us via email or through a contact form, the data you provide (your email address, possibly your name and telephone number) will be stored by us to answer your inquiries. Data collected in this context will be deleted once storage is no longer required or processing will be restricted if legal retention obligations exist.
(4) Within enviado GmbH, only those departments receive your data that require it to fulfill our contractual and legal obligations as well as to protect our legitimate interests.
Service providers engaged by us and acting on our behalf (so-called processors) may also receive data for these purposes.
Your personal data will only be shared with third parties if it is necessary for contract fulfillment, if we or the third party have a legitimate interest in the transfer, or if you have given your consent.
Furthermore, data may be transmitted to third parties (including investigative or security authorities) if we are obliged to do so by legal provisions or enforceable governmental or court orders.
(5) Log files may be forwarded to investigative authorities, competent authorities (e.g., tax office, police, public prosecutor, social security agencies), courts, or other third parties, if you instruct us to share the data or provide your consent.
(6) If we use commissioned service providers for specific functions of our offer or wish to use your data for advertising purposes, we will inform you in detail below about the respective processes, including the defined criteria for retention periods.
§ 2 Duration of Storage
(1) Your data will be stored as long as it is necessary to provide our services to you or if we have a legitimate interest in further storage, in particular for troubleshooting purposes.
Furthermore, we are subject to various retention and documentation obligations, arising, among others, from the German Commercial Code (HGB) and the Fiscal Code (AO). The prescribed retention or documentation periods amount to up to ten years. Finally, the retention period is also determined by statutory limitation periods, which, for example according to §§ 195 ff. of the German Civil Code (BGB), can be up to thirty years, with the regular limitation period being three years.
Under certain circumstances, your data may need to be retained for longer, e.g., if a legal hold or litigation hold is imposed in connection with an official or court procedure (i.e., a prohibition on data deletion for the duration of the proceedings).
§ 3 Processors
We employ processors in the provision of our specific services, who assist us in the execution of our business processes. Specifically, this includes companies in the following categories:
Tracking service providers (GPS tracking systems), Web agencies, Hosting providers, Shipping service providers, Printing service providers, Archiving service providers, IT service providers§ 4 Your Rights
(1) You have the following rights regarding your personal data:
Right to information, Right to rectification, Right to restriction of processing, Right to object to processing, Right to data portability, Right to erasureThis applies in particular if
Your personal data is no longer needed for the purposes for which it was collected; the legal basis for processing was solely your consent and you have revoked it; You object to processing based on the legitimate interest balancing and we cannot demonstrate overriding legitimate grounds for processing; Your personal data has been unlawfully processed; or Your personal data must be deleted to comply with legal requirements.If we have shared your data with third parties, we will inform them about the deletion if legally required.
Please note that your right to erasure is subject to limitations. For example, we must or may not delete data that we are required to retain under legal retention periods. Data required to assert, exercise, or defend legal claims is also excluded from your right to erasure.
(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. This right to complain is without prejudice to any other administrative or judicial remedy. The address of the data protection authority responsible for enviado GmbH is:
The State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia (LDI NRW)
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
§ 5 Collection of Personal Data When Visiting Our Website
(1) For purely informational use of the website, i.e., when you do not register or otherwise provide information, we only collect the personal data your browser transmits to our server. When you view our website, we collect the following data, which is technically necessary for us to display our website to you and ensure stability and security (legal basis: Art. 6(1) sentence 1 lit. f GDPR):
IP address Date and time of the request Time zone difference to Greenwich Mean Time (GMT) Content of the request (specific page) Access status/HTTP status code Amount of data transmitted Website from which the request originates Browser Operating system and its interface Language and version of the browser software(2) In addition to the data mentioned above, cookies are stored on your computer when using our website. Cookies are small text files assigned to your browser and stored on your hard drive, through which certain information is transmitted to the party setting the cookie (in this case, us). Cookies cannot execute programs or transmit viruses. They serve to make the overall internet offering more user-friendly and effective.
(3) Use of cookies:
a) This website uses the following types of cookies, whose scope and functionality are explained below:
Transient cookies (see b) Persistent cookies (see c).b) Transient cookies are automatically deleted when you close your browser. These include session cookies that store a session ID, allowing various requests from your browser to be associated with the same session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a predefined duration, which may vary depending on the cookie. You can delete cookies at any time in your browser security settings.
d) You can configure your browser settings according to your preferences, e.g., reject third-party cookies or all cookies. Please note that some functions of this website may not be available.
e) (We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.)
f) (The Flash cookies used are not captured by your browser but by your Flash plug-in. We also use HTML5 storage objects stored on your device. These objects store the necessary data independently of your browser and do not have an automatic expiration date. If you do not want Flash cookies processed, you must install an appropriate add-on, e.g., “Better Privacy” for Mozilla Firefox or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend regularly deleting your cookies and browser history manually.)
§ 6 Use of Our Webshop
(1) When placing an order in our webshop, it is necessary for contract conclusion that you provide personal data required to process your order. Mandatory fields for processing the contract are specially marked; other fields are optional. The data you provide is processed to fulfill your order. Payment data may be transmitted to our bank. Legal basis: Art. 6(1) sentence 1 lit. b GDPR.
You can voluntarily create a customer account, allowing us to store your data for future purchases. By creating an account under “My Account,” your provided data is stored revocably. All other data, including your user account, can be deleted in the customer area at any time.
We may also process your data to inform you about other interesting products from our portfolio or send you technical information via email.
(2) Due to commercial and tax regulations, we are obliged to store your address, payment, and order data for ten years. However, after two years, processing is restricted, i.e., your data is only used to comply with legal obligations.
(3) To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.
§ 7 Use of Our (Customer) Portal
(1) To use our portal, you must register by providing your email address, a self-chosen password, and a freely chosen username. Real-name use is not mandatory; pseudonymous use is possible. The provision of the aforementioned data is mandatory; all other information can be provided voluntarily when using the portal.
(2) When using our portal, we store your data required for contract fulfillment, including payment information, until you permanently delete your access. Voluntary data provided by you is stored for the duration of portal use unless you delete it earlier. All information can be managed and changed in the secure customer area. Legal basis: Art. 6(1) sentence 1 lit. f GDPR.
(3) To prevent unauthorized access by third parties to your personal data, especially financial data, the connection is encrypted using TLS technology.
§ 8 Use of GPS Tracking Platform
(1) To use our GPS tracking platform, you must register using your email address, a self-chosen password, and a freely chosen username. Real-name use is not mandatory; pseudonymous use is possible. The provision of the aforementioned data is mandatory; all other information can be provided voluntarily when using the platform.
(2) When using the platform, we store your data required for contract fulfillment, including payment information, until you permanently delete your access. Voluntary data provided by you is stored for the duration of platform use unless deleted earlier. All information can be managed and changed in the secure customer area. Legal basis: Art. 6(1) sentence 1 lit. b GDPR.
§ 9 Financing and Leasing Requests
(1) If you commission us to mediate a suitable financing or leasing provider for the acquisition of our vehicles, we store the data required for the request until you revoke your commission. The data is transmitted to the financing or leasing company to execute your order, fulfill contracts, or based on your consent.
(2) Furthermore, the financing or leasing company uses personal data that it may lawfully obtain from publicly available sources (e.g., debtor registers, land registries, commercial and association registers, press, online media).
(3) Relevant personal data in the prospecting process, master data creation, authorization, or as (co-)obligor of a financing (e.g., guarantor) may include: Name, address/contact information (phone, email), date/place of birth, gender, nationality, marital status, legal capacity, occupational group/partner type (employed/self-employed), housing status (rented/owned), identification data (e.g., ID data), authentication data (e.g., signature sample), tax ID, credit scores.
(4) When applying for and concluding financing (leasing/installment purchase), the following data may be collected: Business credit documents: income/excess statements, balance sheets, financial analyses, type and duration of self-employment. Private credit documents: self-disclosure with income/expenses and assets/liabilities, pay slips, tax documents, asset proofs, assumed guarantees, number of dependent children, marital property regime, residence/work permit for non-EU citizens, private scoring/rating data, information/proofs of purpose, security information, object documents (e.g., land register extracts, property evaluations).
For personal guarantees by third parties (external securities), comparable disclosure requirements regarding economic and financial circumstances may be imposed on the guarantor. During the business initiation phase and throughout the business relationship, additional personal data may arise through personal, phone, or written contacts initiated by you or us, e.g., information about contact channel, date, reason, and outcome; (electronic) copies of correspondence; participation in direct marketing measures.
§ 10 Use of Our WhatsApp Service
If you use our WhatsApp service to submit service, consulting, or repair requests, your personal data such as username, phone number, and profile picture will be visible to us until you revoke use. Legal basis: Art. 6(1) sentence 1 lit. b GDPR.
§ 11 Purpose of Data Processing and Legal Basis
Unless already specified in the preceding sections, we process your personal data based on the following legal bases for the following purposes:
| Purpose | Legal Basis | Legitimate Interest in the Balance of Interests |
|---|---|---|
| Providing the website to the public and contact options for customers and prospects | Contract performance or balancing of interests (Article 6(1) b GDPR, Article 6(1) f GDPR) | We have a legitimate interest in providing an online presence even for non-registered users to inform about our company in general. |
| Processing orders and inquiries | Contract performance (Article 6(1) b GDPR) | |
| Collection of statistical information about website usage (so-called web analysis) | Balancing of interests (Article 6(1) f GDPR) | We have a legitimate interest in obtaining information about website usage, particularly to improve our offerings. |
| Detection of disruptions and ensuring system security, including detecting and tracking unauthorized access attempts to our web servers | Fulfillment of our legal obligations in data security and balancing of interests (Article 6(1) c GDPR, Article 6(1) e GDPR, Article 6(1) f GDPR) | We have a legitimate interest in eliminating disruptions, ensuring system security, and detecting and tracking unauthorized access or access attempts. |
| Protection and defense of our rights | Balancing of interests (Article 6(1) f GDPR) | We have a legitimate interest in asserting and defending our rights. |
| Financing and leasing requests | Contract performance or consent (Article 6(1) a GDPR, Article 6(1) b GDPR) | |
| Use of GPS tracking platform | Contract performance, consent, or balancing of interests (Article 6(1) a GDPR, Article 6(1) b GDPR) | We have a legitimate interest in asserting and defending our rights, ensuring system security, eliminating disruptions in the vehicles provided for use, and detecting and tracking unauthorized use or attempted use. |
| Use of WhatsApp service | Consent (Article 6(1) a GDPR) | |
| Sending customer information | Consent (Article 6(1) a GDPR) | |
| Newsletter | Consent (Article 6(1) a GDPR) |
§ 12 Use of Social Media Plugins
(1) We currently use the following social media plugins:
Facebook. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially transmitted to the plugin providers. You can identify the plugin provider by the marking on the box showing the first letter or logo. You have the option to communicate directly with the plugin provider via the button. Only if you click on the marked field and thereby activate it does the plugin provider receive the information that you have accessed the corresponding page of our online offer. In addition, the data mentioned in § 3 of this declaration are transmitted. In the case of Facebook, according to the provider’s information in Germany, the IP address is anonymized immediately after collection. By activating the plugin, personal data is therefore transmitted to the respective plugin provider and stored there (for US-based providers in the USA). Since the plugin provider collects data mainly via cookies, we recommend that you delete all cookies in your browser’s security settings before clicking the greyed-out box.
(2) We have no influence over the collected data and processing operations, nor are we aware of the full extent of data collection, processing purposes, or storage periods. We also have no information on the deletion of data by the plugin provider.
(3) The plugin provider stores the data collected about you as user profiles and uses them for advertising, market research, and/or needs-based website design. Such analysis is carried out, in particular (also for non-logged-in users), to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact the respective plugin provider to exercise this right. Through the plugins, we offer you the possibility to interact with social networks and other users, thereby improving our offer and making it more interesting for you. The legal basis for using the plugins is Art. 6(1) sentence 1(f) GDPR.
(4) Data is transmitted regardless of whether you have an account with the plugin provider and are logged in. If you are logged in to the plugin provider, the data collected by us is directly associated with your account. If you click the activated button, e.g., to share the page, the plugin provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out of social networks regularly, especially before activating the button, to avoid linking to your profile with the plugin provider.
(5) Further information on the purpose and scope of data collection and processing by the plugin provider can be found in the privacy policies of these providers. There, you will also find more information about your rights and settings to protect your privacy.
(6) Addresses of the respective plugin providers and URLs of their privacy policies:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-
§ 13 Integration of YouTube Videos
(1) We have embedded YouTube videos in our online offer, which are stored on http://www.youtube.com and can be played directly from our website. [They are all embedded in “enhanced privacy mode,” meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos are the data mentioned in paragraph 2 transmitted. We have no influence over this data transmission.]
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in § 3 of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account that you are logged into, or if no account exists. If you are logged into Google, your data is directly associated with your account. If you do not want your data linked to your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses it for advertising, market research, and/or needs-based website design. Such analysis is carried out, in particular (even for non-logged-in users), to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 14 Integration of Google Maps
(1) On this website, we use the Google Maps service. This allows us to display interactive maps directly on the website and provides you with convenient use of the map function.
(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in § 3 of this declaration is transmitted. This occurs regardless of whether Google provides a user account that you are logged into, or if no account exists. If you are logged into Google, your data is directly associated with your account. If you do not want your data linked to your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses it for advertising, market research, and/or needs-based website design. Such analysis is carried out, in particular (even for non-logged-in users), to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by the plugin provider can be found in the provider’s privacy policy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 15 Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files stored on your computer, which enable analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, however, your IP address is shortened by Google within EU member states or other contracting states of the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
(3) You can prevent the storage of cookies through the settings of your browser software; however, we point out that in this case you may not be able to use all functions of this website fully. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the “_anonymizeIp()” extension. This means IP addresses are shortened, preventing personal identification. If personal data is collected, it is immediately anonymized and deleted.
(5) We use Google Analytics to analyze and regularly improve website usage. The statistics allow us to improve our offer and make it more interesting for you as a user. In cases where personal data is transmitted to the USA, Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6(1) sentence 1(f) GDPR.
(6) Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, Privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html, Privacy policy: http://www.google.de/intl/de/policies/privacy.
§ 16 Use of Google reCAPTCHA
We use the Google reCAPTCHA service (hereinafter “reCAPTCHA”) on our website contact form, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). reCAPTCHA is used to distinguish between human users and automated abusive submissions by bots. reCAPTCHA analyzes the visitor's behavior based on various characteristics, such as mouse movements or input patterns. The data collected during reCAPTCHA use is transmitted to Google and processed there. This includes, among other things, the user’s IP address, information about the browser and operating system used, and data about user behavior on the website. Further information on data collection and processing by Google can be found in Google’s privacy policy: https://policies.google.com/privacy. The use of reCAPTCHA is based on Art. 6(1) (f) GDPR, as we have a legitimate interest in protecting our contact form from automated abuse and thus ensuring the security of our website. Your privacy is protected, as the data collection and processing is performed in aggregated and anonymized form. If you do not agree with the use of reCAPTCHA, you can alternatively contact us by email or phone. Contact details can be found in our imprint.
Privacy
enviado GmbH
Am Steinbusch 7 b
D-48351 Everswinkel
Phone +49 (0) 2582 902 8354
Email datenschutz@enviado.de