Privacy policy

1. Contact details of the responsible and introduction
Responsible for data processing on this website in accordance with the provisions of the General Data Protection Regulation (GDPR) is:
KM Engineers GmbH
Albert-Einstein-Strasse 2b
77656 Offenburg
Germany

info@km-tuning.com
Phone: +49 78112559870

We appreciate your interest in our online shop. In the following, we would like to inform you about how we handle your personal data when you use our website. Personal data includes any information that can personally identify you.

2. Data collection when visiting our website
If you use our website for informational purposes only, without registering or providing us with information in any other way, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect technically necessary information to enable the display of the website. This data includes:

  • The website you visited
  • Date and time of access
  • Transferred data volume in bytes
  • Source/reference from which you accessed the page
  • Used browser
  • Language and version of browser software
  • Used operating system and its interface
  • Used IP address (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no disclosure or other use of this data. However, we reserve the right to retrospectively check the server log files should specific indications point to unlawful use.

For the protection of your personal data and other confidential information, such as orders or inquiries to the data controller, this website uses SSL or TLS encryption for security reasons. An encrypted connection is recognizable by the string "https://" and the padlock symbol in your browser's address bar.

3. Hosting
For the operation of this web service and the ongoing maintenance of the site, we utilize services from service providers specialized in web hosting and an advertising agency. Upon request, we are happy to provide you with a detailed overview of the service providers we use and integrate. Your data will not be shared with other service providers.

4. Cookies
To make your visit to our website appealing and to enable certain functions, we use cookies – small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period and allow the storage of page settings (so-called "persistent cookies"). The storage duration of the latter cookies can be found in the cookie settings of your web browser.

If certain cookies used by us also process personal data, this is done in accordance with Art. 6 para. 1 lit. b GDPR either for the fulfillment of a contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of your consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the optimal functionality of the website, as well as in a user-friendly and efficient design of the site visit.

You have the option to configure your browser settings to inform you about the setting of cookies and to decide on acceptance individually in each case. It is also possible to refuse the acceptance of cookies either for specific cases or in general.

Please note that if you reject cookies, the functionality of our website may be limited.

5. Contact
When you contact us, for example, via the contact form, email, or WhatsApp, your personal data will be processed solely for the purpose of processing and responding to your inquiry, and only to the extent necessary.

The legal basis for processing this data arises from our legitimate interest in responding to your inquiry according to Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, Art. 6 para. 1 lit. b GDPR provides an additional legal basis for the processing. Your data will be deleted as soon as circumstances indicate that the matter has been conclusively clarified, and unless there are legal retention obligations.

5.1 Contact via WhatsApp
We use the technical platform and services of WhatsApp, Inc., located at 1601 Willow Road, Menlo Park, California 94025, USA, for the messaging service. WhatsApp's privacy policy is available at https://www.whatsapp.com/legal/privacy-policy-eea.

In this context, KM Engineers GmbH merely acts as a user of the services and functions provided by WhatsApp.

We have no influence over the terms and conditions under which WhatsApp provides its services. This applies in particular to the data protection framework associated with the use of WhatsApp. By contacting us via WhatsApp, not only do we come into contact with any personal data disclosed by the user, but so does WhatsApp.

We have no control over the type and extent of data processing by the provider, the nature of the processing and use of this data, or its disclosure to third parties, especially in countries outside the European Union where adequate data protection may not be ensured.

Information on which data is processed by the provider and for what purposes it is used can be found in the service's privacy policy, which can be viewed at the following link: https://www.whatsapp.com/legal/privacy-policy-eea.

In essence, the data processed includes:

  • Phone numbers, registration data, and profile name
  • Phone numbers in the mobile phone address book
  • Log and usage information (information about the use of the service)
  • Transaction data (e.g., payment receipts)
  • Connection data, such as information about the mobile network,
  • Device and connection information, operating system, device ID, location (for location services), provider (mobile/internet), browser, and IP address.
  • Status information ("last online" status)

To process your inquiry, we process the following personal data: the phone number, profile picture, messenger ID, and all messages sent to us.

The described service is exclusively aimed at individuals who have reached the age of sixteen.

6. Data processing when opening a customer account
In the course of opening a customer account, personal data is collected and processed according to Art. 6 para. 1 lit. b GDPR, to the extent necessary, if you provide it to us. The data required for opening the account can be found in the corresponding input mask on our website form.

You have the option to delete your customer account at any time by sending us a message to the above-mentioned address of the responsible party. After your customer account has been deleted, your data will be erased, provided that all associated contracts have been concluded and processed, no legal retention periods oppose it, and there is no legitimate interest on our part in further storage.

7. Data Processing for order processing
If necessary for contract processing in connection with deliveries and payments, the transfer of the personal data we collect to the commissioned transport company and the commissioned credit institution is carried out in accordance with Art. 6 para. 1 lit. b GDPR.

If, due to a corresponding contract, we owe updates for goods with digital elements or digital products, we use the contact data (name, address, email address) provided during your order to fulfill our legal obligations to.

7.1 Payment Services
PayPal
The payment service PayPal is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., with registered office at 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

The transmission of data to the USA is based on the standard contractual clauses of the EU Commission. For more information, please visit: https://www.paypal.com/eu/legalhub/pocpsa-full.

For detailed information, we refer to PayPal's privacy policy: https://www.paypal.com/eu/legalhub/privacy-full.

Stripe
If you are located within the EU, the payment service is provided by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe").

The transmission of data to the USA is based on the standard contractual clauses of the EU Commission. For more information, please visit: https://stripe.com/privacy and https://stripe.com/legal/dpa.

For further details, please refer to Stripe's privacy policy at the following link: https://stripe.com/privacy.

7.2 Use of Shipping Service Providers
If you have expressly given us your consent during or after your order, we will, in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, forward your email address and phone number to the selected shipping service provider. This is done so that the shipping service provider can contact you before delivery to announce or coordinate the delivery.

The consent can be revoked at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete the data provided by you for this purpose, unless you have expressly consented to further use of your data, or there is a legal basis about which we inform you in this statement.

Shipping Service Providers:

DHL Paket GmbH
Straesschensweg 10
53113 Bonn
Germany

8. Social Media Links
Our website contains social media buttons that are merely embedded as HTML links. When visiting our website, no direct connection to the servers of the respective providers is established. Only when you click on one of the buttons, the website of the respective social network will be opened in a new window of your browser. There, you have the option to use the like or share button.

If you have given your consent to the respective social media operator in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR), data for market research and advertising purposes will be automatically collected and stored when you visit our online presences on the mentioned social media platforms. This data is used to create usage profiles using pseudonyms.

These data may be used, for example, to display advertisements within and outside the platforms that correspond to your presumed interests. Usually, cookies are used for this purpose. For detailed information on the processing and use of your data by the respective social media operator, as well as for contact options and your rights and settings options to protect your privacy, please refer to the privacy notices of the providers linked below.

Facebook
Facebook is operated by Facebook Ireland Ltd., located at 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). Information automatically collected by Facebook Ireland about your use of our online presence on Facebook is usually transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the standard contractual clauses of the European Commission. The processing of data in connection with visiting a Facebook fan page is based on an agreement between joint controllers in accordance with Article 26 of the General Data Protection Regulation (GDPR). Additional information, especially regarding Insights data, can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data/.

Instagram
Instagram is operated by Facebook Ireland Ltd., located at 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). Information automatically collected by Facebook Ireland about your use of our online presence on Instagram is usually transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the standard contractual clauses of the European Commission. The processing of data in connection with visiting an Instagram profile is based on an agreement between joint controllers in accordance with Article 26 of the General Data Protection Regulation (GDPR). Additional information, especially regarding Insights data, can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data/.

YouTube
YouTube is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information automatically collected by Google about your use of our online presence on YouTube is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. The European Commission has not made an adequacy decision for the USA. Our cooperation with them is based on the standard contractual clauses of the European Commission.

TikTok
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is also responsible for processing the data you submit via TikTok in accordance with the General Data Protection Regulation (GDPR).

Further details regarding data processing by TikTok Technology Limited can be found in their privacy policy at https://ads.tiktok.com/i18n/official/policy/privacy. This privacy policy applies to all services offered by TikTok Technology Limited. When using TikTok, personal data may also be transferred to servers outside the European Union. In such cases, the processing of personal data is based on the standard contractual clauses of the European Commission for the transfer of personal data to third countries.

9.Direct Advertising via email newsletter
By subscribing to our newsletter, we use the data you provided, which is either necessary for this purpose or which you have separately communicated to us. Based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we regularly send you our email newsletter. You have the option to unsubscribe from the newsletter at any time. The unsubscribe can be done either by sending a message to the contact option described below or via the unsubscribe link provided in the newsletter. After unsubscribing, your email address will be deleted from the distribution list unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or there is further legally permitted data usage beyond this, about which we inform you in this statement.

10. Retention period of personal data
The retention period for personal data depends on the respective legal basis, the purpose of processing, and, if applicable, legal retention periods (such as commercial and tax law regulations).

Personal data processed based on explicit consent according to Art. 6 para. 1 lit. a GDPR is stored until you revoke your consent.

If there are legal retention periods for data processed within the scope of contracts or similar legal obligations according to Art. 6 para. 1 lit. b GDPR, routine deletion occurs after the expiration of these retention periods. This happens if the data is no longer necessary for contract fulfillment or initiation and/or if there is no legitimate interest on our part in further storage.

Data processed based on Art. 6 para. 1 lit. f GDPR is stored until you exercise your right to object according to Art. 21 para. 1 GDPR. Exceptions apply if compelling legitimate grounds for the processing can be demonstrated, which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

Personal data processed for direct advertising according to Art. 6 para. 1 lit. f GDPR is stored until you exercise your right to object according to Art. 21 para. 2 GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data is deleted when it is no longer necessary for the original collection or processing purposes.

11. Rights of data subjects
According to the provisions of applicable data protection law, you have the following rights as a data subject in relation to the processing of your personal data by the controller (information and intervention rights). The exercise of these rights is subject to the respective conditions referring to the mentioned legal basis:

  • Right to information according to Art. 15 GDPR;
  • Right to rectification according to Art. 16 GDPR;
  • Right to erasure according to Art. 17 GDPR;
  • Right to restriction of processing according to Art. 18 GDPR;
  • Right to notification according to Art. 19 GDPR;
  • Right to data portability according to Art. 20 GDPR;
  • Right to withdraw consent granted according to Art. 7 para. 3 GDPR;
  • Right to lodge a complaint according to Art. 77 GDPR.

12. Right to object
If, within the scope of a balancing of interests, we process your personal data based on our predominant legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

If you exercise your right to object, we will cease processing the affected data. However, further processing is reserved if we can demonstrate compelling legitimate reasons for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.