Privacy Policy
The responsible entity for data processing is:
LEAB Automotive GmbH
Thorshammer 6
24866 Busdorf
Germany
Email: info@leab.eu
Tel: 49 (0) 4621 - 97860-0
We appreciate your interest in our online shop. The protection of your privacy is very important to us. We would like to inform you in detail about how your data is handled.
1. Access data and hosting
You can visit our websites without providing personal information. Each time you access a website, the web server automatically saves a so-called server log file. This includes, for instance, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and it documents the access. This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. This serves to safeguard our legitimate prevailing interests in a correct presentation of our offer pursuant to Art. 6 (1) (1) (f) GDPR. All access data shall be deleted at the latest seven days after the end of your site visit.
2. Data processing for contract processing and for contacting us
2.1 Data processing for contract processing
We collect personal information when you voluntarily provide it to us as part of your order or when contacting us (for example, by contact form or email). Mandatory fields are marked as such, as we require the data in these cases to process the contract or to process your contact and you cannot complete the order or send the contact without providing it. The data collected can be seen from the respective input forms.
We use the data provided by you for the purpose of processing the contract and handling your enquiries (including enquiries about and processing of any existing warranty and performance claims as well as any statutory update obligations) pursuant to Art. 6 (1) (1) (b) GDPR. More information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and shipping processing, can be found in the following sections of this privacy policy. After the contract has been fully processed, your data will be restricted for further processing and deleted following the expiration of any applicable retention periods under tax and commercial law, in accordance with Art. 6 (1) (c) GDPR. This is unless you have expressly consented to the further use of your data in accordance with Art. 6 (1) (a) GDPR, or we reserve the right to use the data in a manner permitted by law, about which we will inform you in this declaration.
2.2 Contact
In the course of customer communication, we collect personal data necessary for processing your inquiries, in accordance with Art. 6 (1) (b) GDPR, if you voluntarily provide us with this data when contacting us (e.g., via a contact form, live chat tool, or email). Mandatory fields are marked as such, as in these cases the data is essential to process your contact. The data collected can be seen from the respective input forms. Once your request is fully processed, your data will be deleted unless you have expressly consented to further use in accordance with Art. 6 (1) (a) GDPR, or we reserve the right to use it in another manner permitted by law, which will be communicated to you in this declaration.
3. Privacy policy for applicants
We process the information you have provided to us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our company) and to complete the application process. The legal basis for the processing of your personal data is primarily §26 of the Federal Data Protection Act (new). Should the data be needed for legal proceedings following the application process, data processing may occur on the basis of the requirements of Art. 6 GDPR, particularly to protect legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest then lies in the assertion or defence against claims. In the event of cancellation, your data will be deleted after 6 months. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. Here, the data will be deleted after ten years.
If you have received confirmation for a job as part of the application process, the data from the applicant data system will be transferred to our personnel information system. Your application data will be viewed by the Human Resources department upon receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. The only people who will have access to your data are those that need it to ensure that our application process runs properly. The data is processed solely in data centres of the Federal Republic of Germany. You can find your rights and a contact at the end of this privacy policy.
4. Data processing for the purpose of shipment handling
In order to fulfil the contract in accordance with Art. 6 (1) (b) GDPR, we will pass on your data to the shipping service provider tasked with the delivery, as far as it is necessary for delivering the ordered goods. If you have any questions about our service providers and the foundation of our collaboration with them, please use the contact options described in this privacy policy.
4.1 Data transfer to shipping service providers for the purpose of shipping notification
If you have given us your express consent to this during or after your order, we will pass on your email address and telephone number to the selected shipping provider pursuant to Art. 6 (1) (a) GDPR so they can contact you before delivery to notify you of the delivery or arrange delivery details.
Your consent can be withdrawn at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data unless you have expressly consented to further use of your data or we reserve the right to use the data as legally permitted, of which we inform you in this policy. If you have any questions about our service providers and the foundation of our collaboration with them, please use the contact options described in this privacy policy.
United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany
Spedition Karl Jürgensen Autofernverkehr und Spedition KG
Heinrich-Hertz-Straße 16
24837 Schleswig
Germany
5. Data processing for payment handling
We work with the following partners to process payments in our online shop: technical service providers, credit institutions, payment service providers.
5.1 Data processing for transaction handling
Depending on the payment method selected, we pass on the data necessary for processing the payment transaction to our technical service providers, who work for us within the framework of order processing, or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves to fulfil the contract in accordance with Art. 6 (1) (b) GDPR. In some instances, payment service providers collect the details required for processing the payment themselves, for instance, on their own website or via a technical integration in the order process. In this respect, the privacy policy of the respective payment service provider applies.
If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option detailed in this privacy policy.
5.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes
Where applicable, we give our service providers further data which they use together with the data necessary to process the payment as our processors for the purposes of fraud prevention and optimising our payment processes (e.g. invoicing, processing of contested payments, accounts support). In accordance with Art. 6 (1) (f) GDPR, this serves to protect our legitimate interests in fraud prevention and efficient payment management, which prevail within the framework of a balancing of interests.
5.3 Credit check
If we make an advance payment (in the case of purchase on account), we obtain an identity and credit report from specialised service providers (credit agencies). For this purpose, we transmit your personal data required for a credit check to:
CRIF GmbH
Leopoldstraße 244
80807 Munich
Germany
This is to safeguard our overriding legitimate interests, in accordance with Art. 6 (1) (f) GDPR, which prevail within a balancing of interests, in assessing the creditworthiness and willingness of our potential customers to pay before the execution of contracts, thus preventing purchase price defaults; it is necessary for the conclusion of the contract in accordance with Art. 22 (2) (a) GDPR. Appropriate measures to protect your rights, freedoms and legitimate interests shall be taken into account. You have the opportunity to make your point of view known and challenge the decision by contacting the contact option detailed in this privacy statement. After the contract has been fully processed, your data processed for this purpose will be deleted unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
6. Advertising by email
Email newsletter with registration and newsletter tracking
If you subscribe to our newsletter, we will use the data required for this purpose, or supplied by you separately, to regularly send you our email newsletter based on your consent in accordance with Art. 6 (1) (a) GDPR. You may unsubscribe from the newsletter at any time, either by a message to the contact option described below or via a dedicated link in the newsletter. Upon unsubscribing, we will delete your email address from the recipient list, unless you have explicitly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR, or we reserve the right to use this data in another legally permitted manner as stated in this declaration.
Please note that we analyse your user behaviour when sending the newsletter. For this purpose, we also analyse your interaction with our newsletter by measuring, storing, and evaluating opening and click rates to design future newsletter campaigns ("newsletter tracking").
For this evaluation, the emails sent contain single-pixel technologies (e.g., so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular
the page from which the page was requested ("referrer URL”),
the date and time of access,
the description of the type of web browser used,
the IP address of the requesting computer,
the email address,
the date and time of registration and confirmation
and the single-pixel technologies with your email address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.
If you do not wish to have newsletter tracking, you may unsubscribe from the newsletter at any time, as previously mentioned.
The information is stored for as long as you are subscribed to the newsletter.
7. Technically Necessary Cookies
We exclusively use technically necessary cookies on our website.
These cookies are essential for the fundamental functionality of the site and enable actions such as navigation, saving preferences, or secure use of the website. As these cookies are essential for operating the website, no explicit consent is required.
We place great emphasis on the protection of your data and only utilise the most necessary cookies to ensure you have an optimal user experience.
8. Social media
Our online profile on Facebook (by Meta), Instagram (by Meta), Youtube, LinkedIn
Provided you have given your consent in accordance with Art. 6 (1) (a) GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online profile on the aforementioned social media, from which usage profiles are created using pseudonyms. These can be used, for example, to display advertisements within and outside the platforms that presumably match your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the data protection notices of the providers linked below. If you still need help in this regard, you can contact us.
Facebook (by Meta) is an offering by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online profile on Facebook (by Meta) is generally transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing during a visit to a Facebook (by Meta) fan page is based on an agreement between joint controllers according to Art. 26 GDPR. For more information (insights data information), click here.
Our service providers are located and/or use servers in the following countries where the European Commission has determined there is an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as a basis for third-country transfers, provided the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these guarantees: standard data protection clauses of the European Commission.
Instagram (by Meta) is a service provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information automatically collected by Meta Platforms Ireland regarding your use of our online profile on Instagram is generally transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, where it is stored. Data processing when visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. For more information (insights data information), click here.
Our service providers are located and/or use servers in the following countries where the European Commission has determined there is an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as a basis for third-country transfers, provided the respective service provider is certified. Certification is available.
Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
There is no adequacy decision from the European Commission for these countries. Our cooperation with you is based on these guarantees: standard data protection clauses of the European Commission.
YouTube is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google regarding your use of our online profile on YouTube is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, where it is stored.
Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has determined by decision that an adequate level of data protection is provided.
Our service providers are located and/or use servers in countries outside the EU and EEA. There is no adequacy decision from the European Commission for these countries. Our cooperation with the USA is based on standard data protection clauses of the European Commission.
LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The information automatically collected by LinkedIn regarding your use of our online profile on LinkedIn is generally transferred to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, where it is stored.
Our service providers are located and/or use servers in the following countries where the European Commission has determined there is an adequate level of data protection: USA.
The adequacy decision for the USA serves as a basis for third-country transfers, provided the respective service provider is certified. Certification is available.
9. Contact options and your rights
9.1 Your rights
As a data subject, you have the following rights:
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us to the extent specified therein;
In accordance with Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate or incomplete personal data stored by us;
In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless further processing is necessary
- To exercise the right to freedom of expression and information;
- To fulfil a legal obligation;
- For reasons of public interest, or
- To assert, exercise, or defend legal claims;In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data insofar as
- You dispute the accuracy of the data;
- The processing is unlawful, but you oppose its erasure;
- We no longer need the data, but you need it to assert, exercise, or defend legal claims; or
- You have objected to the processing pursuant to Art. 21 GDPR;In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format, or to request that it be transmitted to another controller;
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority at your usual place of residence or work or at our company registered office.
9.2 Contact options
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of any consent given or objection to a specific use of data, please contact our company data protection officer.
Data protection officer:
Thorshammer 6
24866 Busdorf
Germany
datenschutz@leab.eu
********************************************************************
Right of objection
Insofar as we process personal data as described above in order to safeguard our legitimate prevailing interests, you may object to this processing with effect for the future. If the processing is carried out for the purposes of direct marketing, you may exercise this right at any time as described above. If the processing is carried out for other purposes, you are only entitled to object if there are reasons arising from your particular situation.
After exercising your right of objection, we will not process your personal data further for these purposes unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
This shall not apply if the processing is conducted for the purposes of direct marketing. Then we will not further process your personal data for this purpose.