In the version of: 13.09.2022
1. Controller for the processing of your personal data
With this data protection information, we would like to inform you about which personal data we collect and process from you and for what purposes we do this.We only process your personal data if you have given us your consent to do so or if we are permitted to do so by law. The following article information refers to the European Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
Radlpass Straße 19
is the "controller" for the processing of your personal data within the meaning of Art. 4 (7) GDPR.
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of consent given or objection to a certain use of data, please contact email@example.com directly.
Mr DI Walter Koch is your contact person for data protection matters.
2. Personal data
The term personal data includes your personal details (e.g., your name, your address),your legitimation data (e.g., your ID data), your order data including your e-mail address and telephone number, your technical connection data such as your IP address, your account and payment data depending on the type of payment, advertising and sales data and other comparable data.
3. Collection of your personal data as well as purposes and legal basis of data collection
When processing your personal data, we distinguish between data that we collect directly from you and data that we obtain from other sources.
3.1 Personal data that we collect from you:
- If you are our customer, we process the personal data you provide when contacting us (for example by contact form, telephone or e-mail). This includes, for example, your name and email address as well as your order number and delivery or billing address. This is done in accordance with Art. 6 (1) (b) GDPR for the purpose of fulfilling the contract concluded with you.
- When you use our website www.yaasa.com (hereinafter referred to as the "Website") and the associated conclusion of a contract, we process in accordance with Art. 6 (1) (b) GDPR the personal data you have provided which is necessary for the initiation of this contract and for its performance, as well as, if applicable, for the provision of warranty and guarantee or for the rescission of the contract. The processed data include, among others, your address and your account/payment data. Furthermore, your technical connection data is also collected during the electronic ordering process.
- If you access and use our Website for information purposes, we only collect data that is automatically transmitted by your internet browser. This includes, for example, the date and time of access to our Website, the amount of data transferred, the Website from which the request came, browser type, browser settings, end device (desktop vs. mobile) and your IP address. This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the Website and improving our services. This is done in accordance with Art. 6 (1)(f) GDPR due to our legitimate interest in a correct presentation of our offer.Depending on the use of our Website and the services to which you consent, we collect and process further personal data (see Section 8, Section 9).
- We publish your comments on our articles on our Website. Your contributions will be published with your specified username. We recommend using a pseudonym instead of your real name. The user name, e-mail address and the comment itself are required; all other information can be provided voluntarily. We need your e-mail address to contact you if a third party objects to your comment as illegal. The legal basis for data processing is Art.6 (1) sentence 1 (f) GDPR. Data processing is carried out for the purpose of displaying your comments on our Website. The use of our Website must not lead to a violation of applicable legal provisions. In particular, the comments you submit must not infringe any third-party rights, especially personal rights and other rights. Comments may not violate applicable competition law as well as criminal law and regulations for the protection of minors. In particular, no racist, grossly offensive, pornographic or sexual, youth-endangering, extremist, violence glorifying or trivialising, war glorifying, promoting a terrorist or extremist political association, inciting to commit a criminal offence, defamatory statements, insulting or other punishable content may be disseminated. We reserve the right not to publish comments if they violate the aforementioned provisions.
- If you are a legal representative or employee of one of our customers, your personal data may be collected if you act in the name of or on behalf of our customer in the business relationship existing with us. This is done for the purpose of initiating or fulfilling the contract concluded with you, Art. 6 (1)(b) GDPR.
3.2 Personal data we receive from external sources:
We may also have recourse to personal data that has been lawfully collected by another data controller and that is also lawfully provided to us, such as publicly available information. This includes, but is not limited to, debtors' lists, publicly accessible registers such as insolvency notices or information from the companies register/trade register as well as from the press and the internet. The following categories of personal data are therefore involved: Creditworthiness data, results after a UID check has been carried out.
4. Recipients of your personal data and transfer of your personal data to a third country
We will transfer your personal data to commissioned service providers in domestic and abroad as well as to affiliated companies (group companies) if this is necessary for economic or technical reasons. For this purpose, we will carefully select the respective service provider, if necessary, agree on a contract for commissioned processing with them in accordance with Art. 28 GDPR and carefully supervise them.
For the purpose of outsourcing certain business processes, we have a legitimate interest in concluding contracts for commissioned processing with the respective service provider in accordance with Art. 6 (1) (f) GDPR. We ensure that we only work with service providers that are based in countries that have a suitable and sufficient level of data protection or that make reasonable efforts to ensure sufficient protection for your personal data.
4.1 Data recipient of your personal data
We transmit your data for the purpose of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR, for example, to service providers who are entrusted with the coordination of the shipping companies that carry out the delivery of your goods.
Depending on which payment service provider (among others VISA, Mastercard, AMEX, Maestro, Bancontact, eps-Überweisung, iDEAL, Klarna Pay Later, Klarna Pay Now, Shop Pay,Apple Pay, Google Pay, PayPal) you select during your ordering process, we pass on your payment data to the credit institution or payment service provider commissioned with the payment in order to process payments. This is also done for the purpose of fulfilling the contract concluded with you in accordance with Art. 6 (1) (b) GDPR.
For the purpose of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR, we also pass on your personal data to those recipients to whom we assign rights resulting from the contractual relationship with you.
Other recipients of your personal data are:
- Affiliated companies i.e., group companies;
- Other service providers we use - e.g., server providers, IT service providers, service providers for order processing , cloud service providers, insurance companies, debt collection companies, factoring companies, credit assessment companies, repair service providers, enterprise resource planning (ERP) providers;
- Courts and authorities.
4.2 Transfer of your personal data to a third country
Some of the service providers we use, as well as our affiliates (group companies),are located outside the European Economic Area (EEA), so the processing of your personal data by them constitutes a transfer of data outside the EEA.
Whenever we transfer your personal data outside the EEA, we will ensure that they provide a similar level of protection by ensuring that, in any event, one of the following safeguards is in place which provides the legal basis for the data transfer:
- We transfer your personal data to countries that offer an adequate level of protection for personal data (existence of an adequacy decision by the EU Commission).
- If there is no adequacy decision of the EU Commission, we conclude binding data protection rules (e.g., standard data protection clauses of the EU Commission; see. Art. 44, 46 (2) (b), (c), 47 GDPR) or transfer data only if you have explicitly consented. The EU Commission's standard data protection clauses in accordance with Decision 2021/914/EU can be viewed at http://eur-lex.europa.eu.
For example, data may be transferred to Switzerland because one of our affiliated companies is located there. The data transfer is based on the adequacy decision of the EU Commission. In accordance with Art. 6 (1) (f) GDPR we have a legitimate interest in the transfer of data to our group companies for the purpose of internal administration.
Please contact us if you would like more information about the specific mechanism we use when transferring your personal data out of the EEA. Copies of the documentation of the appropriate safeguards are available upon request.
5. Shopify (hosting service provider and platform)
In order to operate our Website, we use the services of Shopify, a service provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Shopify provides an e-commerce platform through which we offer our goods for sale in this online shop.
We store the personal data collected from our customers and Website visitors on servers located in the European Union. We also use the services of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road,Dublin 4, D04 XN32, Ireland. Your data is stored in Ireland.
We have concluded a commissioned processing contract with Shopify International Limited in accordance with Art. 28 GDPR. The use of hosting services from a third-party provider is based on our legitimate interest in the correct presentation of our offer on our Website, Art. 6 (1) (f) GDPR.
The data you provide when visiting our Website and in the ordering process may also be transferred to affiliated companies, including those in third countries, in this case Canada and the USA, as part of the services provided by Shopify International Limited. This only takes place in accordance with Art. 44 et seq. GDPR or if suitable guarantees exist in accordance with Art. 46 GDPR. In Canada, this is guaranteed by an adequacy decision of the EU Commission pursuant to Article 45 (1) of the GDPR.
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers and company-related news. The legal basis for this is Art. 6 (1) (a) GDPR.
We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your data will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address.After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to firstname.lastname@example.org or by sending a message to the address stated in Section 1.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the newsletters sent by e-mail contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our Website and retrieved from the server of the newsletter provider Klaviyo when the newsletter is opened. For the evaluations, we link the data mentioned in Section 3.1 paragraph 3 (data for informational use of the Website) and the web beacons with your e-mail address and an individual ID.This information is used for the technical improvement of the services based on the technical data, the target groups and their reading behaviour based on their retrieval locations or access times. In addition, the data is used to determine whether and when the newsletter is opened and which links are clicked. Links received in the newsletter also contain this ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to actions you have taken on our Website and can also send you targeted offers.
The data will be stored by us as long as you have subscribed to the newsletter. After unsubscribing, we store it purely statistically and anonymously.
7. Trusted Shops
Trusted Shops Widgets are integrated on the Website to display Trusted Shops services (e.g.,seal of approval, collected ratings) and to offer Trusted Shops products to shoppers after they have placed an order.
This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 (1) sentence 1 (f) GDPR, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with which we are joint controller for data protection according to Art. 26 GDPR.
The trust badge is provided within the framework of joint responsibility by a USCDN provider (content delivery network). An appropriate level of data protection is ensured by standard data protection clauses and other contractual measures.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call-up, transferred data volume and the requesting provider (access data) and documents the call-up. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to you personally. The anonymised data is used in particular for statistical purposes and for error analysis.
After the order has been completed, your email address, which has been hashed using a cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 (1) sentence 1 (f) GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services in accordance with Art. 6(1) sentence 1 (f) GDPR. If this is the case, further processing will take place in accordance with the contractual agreement between you and TrustedShops. If you have not yet registered for the services, you will subsequently be given the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted byTrusted Shops GmbH and a personal reference is then no longer possible.
Trusted Shops uses service providers in the areas of hosting, monitoring and logging.The legal basis is Art. 6 (1) (f) GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and further contractual measures and in the case ofIsrael by an adequacy decision.
Within the framework of the joint responsibility existing between us and Trusted ShopsGmbH, please contact Trusted Shops GmbH with data protection questions and to assert your rights in relation to Trusted Shops services: https://www.trustedshops.com/legal/privacy.
When you use our Website, cookies are also stored on your computer. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the internet offer as a whole more user-friendly and effective.
This Website uses transient as well as persistent cookies, the scope and functionality of which are explained below:
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our Website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this Website.
You can find a detailed description of all cookies and how long they are stored here: https://yaasa.com/?id=GDPR_769769dd5c4da8efb4d18bf16ca2c677
We would like to point out that certain consent-based cookies are also operated by companies that process or may transmit data in the USA. Your consent therefore also allows us to transfer certain data to our partners for processing in the USA (e.g.,Google, Klavyio). The ECJ classifies the USA as a country without an adequate level of data protection. There is no adequacy decision by the EU Commission for the USA and despite extensive measures, the high EU level of data protection in the USA cannot be guaranteed. There are risks that transmitted data may not be deleted or further processed for any purpose, there may be disproportionate access to your data by US authorities and you may not be able to effectively enforce your data subject rights in the US.
9. Use of Google Analytics
This Website uses (only with your consent) Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses "cookies",which are text files placed on your computer, to help the Website analyse how users use the site. The information generated by the cookie about your use of this Website is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this Website, your IP address will be truncated beforehand by Google within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this Website, Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services relating to website activity and internet usage to the Website operator.
This Website uses Google Analytics with the extension "anonymizeIp()".This means that IP addresses are processed in a shortened form. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is thus immediately deleted.
10. Use of Social media plug-ins
We currently use the following social media plugins: Facebook, Instagram, Pinterest, LinkedIn, Twitter and YouTube. In order to increase the protection of your data when visiting our Website, the plug-ins are not integrated into the page without restriction, but only using an HTML link (so-called "Shariff solution" from c't). This integration ensures that when you call up a page of our Website that contains such plug-ins, no connection is yet established with the servers of the provider of the respective social network.If you click on one of the buttons, a new window of your browser opens or you remain in the same window of your browser and call up the page of the respective service provider on which you can (if necessary, after entering your login data) e.g., click on the Like or Share button.
Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 (1) (a) GDPR.
Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their data protection notices:
- Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; https://www.facebook.com/privacy/policy; further information on data collection: https://www.facebook.com/help/186325668085084.
- Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA; https://privacycenter.instagram.com/guide/collection/
- Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; https://policy.pinterest.com/en/privacy-policy.
- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, https://www.linkedin.com/legal/privacy-policy?_l=de_DE.
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy?hl=en.
- Twitter, Inc, Copyright Agent 1355 Market Street, Suite 900, SanFrancisco, CA 94103, https://twitter.com/en/tos.
You can manage and revoke the storage of cookies at any time by making the appropriate setting in our Consent Manager.
11. Retention periods and criteria for the retention of your personal data
All processed personal data will only be stored for as long and as far as this is necessary for the fulfilment of our contractual and legal obligations. Among other things, the data storage is necessary for the execution and processing of the contract, including the defence and enforcement of claims under civil law.In individual cases, such claims may only become time-barred after 30 years.Retention obligations and resulting retention periods also exist under tax law, money laundering law, commercial law, tax law and other legal regulations. The retention periods/documentation periods provided for therein are 6 to 10 years. In order not to violate legal regulations or to lose the possibility of enforcing a claim or defending ourselves against such a claim, we reserve the right to delete the data only after the expiry of the last period that legitimises the data storage.
For the dispatch of our newsletter, we store your e-mail address until you unsubscribe from the newsletter.
All technical access data is stored until you delete the cookies in your browser.
12. Your rights
You have the following rights in relation to personal data relating to you:
- Right of access (Art. 15 GDPR)
- Right to rectification or erasure (Art. 16, 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw (Art. 7 (3) GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6 (1) (f) GDPR (data processing on the basis of a legitimate interest). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Furthermore, you have the right to object to the processing of personal data concerning you for direct marketing purposes, Art. 21 (2) GDPR. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
If you have any questions about the processing of your personal data, object to the processing of your data, withdraw your consent or wish to exercise your rights as set out in Section 12, please contact us by e-mail at email@example.com or at the address given in Section 1.
You also have the right to complain to the competent data protection supervisory authority about our processing of your personal data.