Privacy Policy
1) Introduction and contact details of the data controller
1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally.
1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is KinderAuto e.U.
Data Controller: Christian Gurtner, Auwiesen 3, A-4933 Aspach, Austria, Tel.: 0043 699 / 10133038, Email: info@kinderauto.at. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When you use our website purely for information purposes – that is, if you do not register or otherwise provide us with information – we only collect data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website we visited
- Date and time of access
- Amount of data sent in bytes
- Source/link from which you accessed the page
- Browser used
- Operating system used
- IP address used (where applicable: in anonymised form)
Data processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the data controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock icon in your browser address bar.
3) Cookies
To make your visit to our website more engaging and to enable the use of certain features, we use cookies – small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called ‘session cookies’), whilst others remain on your device for longer and enable page settings to be saved (so-called ‘persistent cookies’). In the latter case, you can find the storage period in the overview of your web browser’s cookie settings.
Where personal data is also processed by individual cookies used by us, such processing is carried out in accordance with Article 6(1)(b) of the GDPR either for the performance of a contract, in accordance with Article 6(1)(a) of the GDPR where consent has been given, or in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective experience for visitors.
You can configure your browser so that you are notified when cookies are set and can decide on a case-by-case basis whether to accept them, or you can block the acceptance of cookies in specific cases or generally.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) Contact us
4.1 WhatsApp Business
You have the option of contacting us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called ‘Business version’ of WhatsApp.
If you contact us via WhatsApp in connection with a specific transaction (for example, an order you have placed), we will store and use the mobile phone number you use on WhatsApp and – if provided – your first name and surname in accordance with Article 6(1)(b) GDPR to process and respond to your enquiry. On the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or email address) in order to be able to link your enquiry to a specific transaction.
If you use our WhatsApp contact for general enquiries (such as regarding our range of services, availability or our website), we will store and use the mobile phone number you use on WhatsApp and – if provided – your first name and surname in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in providing the requested information efficiently and promptly.
Your data will only ever be used to respond to your enquiry via WhatsApp. It will not be passed on to third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server operated by the parent company, Meta Platforms Inc., in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book contains only the WhatsApp contact details of those users who have actually contacted us via WhatsApp.
This ensures that any person whose WhatsAppcontact details are stored in our address book has, upon first using the app on their device by accepting the WhatsApp Terms of Service, already consented to the transfer of their WhatsApp telephone number from the address books of their chat contacts in accordance with Article 6(1)(a) of the GDPR. The transfer of data relating to users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For information on the purpose and scope of data collection, as well as the further processing and use of data by WhatsApp, and your rights in this regard and the settings available to protect your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have entered into a data processing agreement with the provider, which protects the data of our website visitors and prohibits its disclosure to third parties.
As part of the processing operations mentioned above, data may be transferred to servers operated by Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
4.2 When you contact us (e.g. via the contact form or by email), personal data is processed – solely for the purpose of handling and responding to your enquiry and only to the extent necessary for that purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR. Your data will be erased if the circumstances indicate that the matter in question has been conclusively resolved and provided that there are no statutory retention obligations to the contrary.
5) Data processing when opening a customer account
In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account by referring to the input fields on the relevant form on our website.
You may delete your customer account at any time by sending a message to the above-mentioned address of the data controller. Once your customer account has been deleted, your data will be deleted, provided that all contracts concluded in connection with it have been fully settled, there are no statutory retention periods preventing this, and we no longer have a legitimate interest in continuing to store the data.
6) Data processing for order fulfilment
6.1 To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data we have collected will be disclosed to the contracted transport company and the contracted credit institution in accordance with Article 6(1)(b) of the GDPR.
Where we are obliged, on the basis of a relevant contract, to provide updates for goods containing digital elements or for digital products, we process the contact details you provided when placing your order in order to inform you personally, in accordance with our statutory information obligations under Article 6(1)(c) of the GDPR. Your contact details will be used strictly for the specific purpose of sending notifications regarding updates we are obliged to provide, and will be processed by us for this purpose only to the extent necessary to provide the relevant information.
To process your order, we also work with the service provider(s) listed below, who assist us, either fully or in part, with the fulfilment of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.
6.2 Use of payment service providers (payment services)
- Amazon Pay
This website offers one or more online payment methods from the following provider: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg
If you select a payment method offered by the provider that requires you to pay in advance (such as credit card payment), the payment details you provided during the ordering process (including your name, address, bank and payment card details, currency and transaction number), as well as information regarding the contents of your order, in accordance with Article 6(1)(b) of the GDPR. In this case, your data is disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- Apple Pay
If you choose the “Apple Pay” payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the “Apple Pay” function on your iOS, watchOS or macOS device by charging a payment card registered with “Apple Pay”. Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. To authorise a payment, you must therefore enter a code that you have previously set, and verify the transaction using your device’s “Face ID” or “Touch ID” feature.
For the purposes of payment processing, the information you provide during the ordering process, together with the details of your order, is passed on to Apple in encrypted form. Apple then re-encrypts this data using a developer-specific key before the data is transmitted to the payment service provider associated with the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment details. Once the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm that the payment was successful.
Where personal data is processed in connection with the transfers described, such processing is carried out solely for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.
Apple retains anonymised transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymisation ensures that the data cannot be linked to any individual. Apple uses the anonymised data to improve “Apple Pay” and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you’ve made via Safari on your Mac, your Mac and the authorisation device communicate via an encrypted channel through Apple’s servers. Apple does not process or store any of this information in a format that could be used to identify you personally. You can disable the option to use Apple Pay on your Mac in your iPhone’s settings. Go to ‘Wallet & Apple Pay", and turn off ‘Allow Payments on Mac".
Further information on data protection for Apple Pay can be found at the following web address: https://support.apple.com/de-de/HT203027
- PayPal
This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg
If you select a payment method offered by the provider that requires you to pay in advance, your payment details provided during the ordering process (including your name, address, bank and payment card details, currency and transaction number), as well as information regarding the contents of your order, in accordance with Article 6(1)(b) of the GDPR. In this case, your data is disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method that requires us to pay in advance, you will also be asked during the checkout process to provide certain personal details (first name and surname, street, house number, postcode, town, date of birth, email address, telephone number and, where applicable, details of an alternative payment method).
In order to safeguard our legitimate interest in assessing your creditworthiness in such cases, we will pass this data on to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you have provided as well as other data (such as your shopping basket, invoice amount, order history and payment history), whether the payment method you have selected can be granted in view of the risks of non-payment and/or bad debt.
The credit report may contain probability values (so-called ‘score’ values). Where score values are included in the credit report, they are based on a scientifically recognised mathematical and statistical method. The calculation of the score values takes into account, amongst other things but not exclusively, address details.
You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data where this is necessary for the contractual processing of payments.
- TWINT
This website offers one or more online payment methods from the following provider: TWINT AG, Stauffacherstrasse 31, CH-8004 Zurich, Switzerland
If you select a payment method offered by the provider that requires you to pay in advance (such as credit card payment), the payment details you provided during the ordering process (including your name, address, bank and payment card details, currency and transaction number), as well as information regarding the contents of your order, in accordance with Article 6(1)(b) of the GDPR. In this case, your data is disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
When data is transferred to the provider’s location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
- Unzer
This website offers one or more online payment methods from the following provider: Payolution GmbH, Columbusplatz 7–8, Staircase 1 / 5th Floor, 1100 Vienna, Austria
If you select a payment method offered by the provider that requires you to pay in advance (such as credit card payment), the payment details you provided during the ordering process (including your name, address, bank and payment card details, currency and transaction number), as well as information regarding the contents of your order, in accordance with Article 6(1)(b) of the GDPR. In this case, your data is disclosed solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where the supplier pays in advance (such as purchase on account, hire purchase or direct debit), you will also be asked during the ordering process to provide certain personal details (first name and surname, street, house number, postcode, town, date of birth, email address, telephone number, and, where applicable, details of an alternative payment method).
In order to safeguard our legitimate interest in assessing our customers’ creditworthiness, we pass this data on to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of a credit check. The provider uses the personal data you have provided, as well as other data (such as your shopping basket, invoice amount, order history and payment history), to assess whether the payment method you have selected can be authorised in view of the risks of non-payment and/or bad debt.
In addition to the provider’s internal criteria in accordance with Article 6(1)(f) of the GDPR, identity and creditworthiness information from the following credit reference agencies may also be taken into account when assessing applications:
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
- CRIF GmbH, Diefenbachgasse 35, 11 50 Vienna, Austria
- CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland
- CRIF GmbH, Leopoldstraße 244, 80807 Munich, Germany
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
- KSV1870 Information GmbH, Wagenseilgasse 7, 1100 Vienna, Austria
- Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany
- infoscore Consumer Data GmbH, Rheinstrasse 99, 76532 Baden-Baden, Germany
- ProfileAddress Direktmarketing GmbH, Altmannsdorfer Strasse 311, 1230 Vienna, Austria
- Emailage LTD, 1 Fore Street Ave, London, EC2Y 5EJ, United Kingdom
- ThreatMetrix, The Base 3/F, Tower C, Evert van de Beekstraat 1, 1118 CL Schiphol, Netherlands
- payolution GmbH, Columbuscenter, Columbusplatz 7–8, 1100 Vienna, Austria
- Universum Business GmbH, Hanauer Landstr. 164, 60314 Frankfurt am Main, Germany
The credit report may contain probability values (so-called ‘score’ values). Where score values are included in the credit report, they are based on a scientifically recognised mathematical and statistical method. The calculation of the score values takes into account, amongst other things but not exclusively, address details.
You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data where this is necessary for the contractual processing of payments.
7) Rights of the data subject
7.1 Under applicable data protection law, you are granted the following data subject rights (rights of access and intervention) vis-à-vis the data controller with regard to the processing of your personal data; please refer to the legal basis cited for the respective conditions for exercising these rights:
- Right of access pursuant to Article 15 of the GDPR;
- Right to rectification pursuant to Article 16 of the GDPR;
- Right to erasure pursuant to Article 17 of the GDPR;
- Right to restriction of processing pursuant to Article 18 of the GDPR;
- Right to information pursuant to Article 19 of the GDPR;
- Right to data portability pursuant to Article 20 of the GDPR;
- Right to withdraw consent granted in accordance with Article 7(3) of the GDPR;
- Right to lodge a complaint pursuant to Article 77 of the GDPR.
7.2 RIGHT TO OBJECT
IF, AS PART OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, to object to such processing with effect for the future.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. WE RESERVE THE RIGHT TO CONTINUE PROCESSING, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR DIRECT MARKETING PURPOSES.
8) Retention period for personal data
The duration for which personal data is stored is determined by the relevant legal basis, the purpose of processing and – where applicable – additionally by the relevant statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent in accordance with Article 6(1)(a) of the GDPR, the data in question will be stored until you withdraw your consent.
Where statutory retention periods apply to data processed in the context of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) of the GDPR, such data will be routinely deleted upon expiry of the retention periods, provided that it is no longer required for the performance of a contract or for entering into a contract and/or we no longer have a legitimate interest in continuing to store it.
When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
When processing personal data for the purposes of direct marketing on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.
Unless otherwise specified in the other information contained in this statement regarding specific processing situations, stored personal data will otherwise be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.
