Privacy Policy
General information
Compliance with data protection laws is not only a legal obligation for Regit GmbH, but also an important factor of trust. With the following data protection provisions, we would therefore like to inform you transparently about the type, scope and purpose of the personal data collected and processed by you within this website as well as your rights.</p
Responsibility for data processing
As the operator of the website www.mautpilot.com, Regit GmbH, Heinkelstr. 1, 93049 Regensburg, Germany (hereinafter: "we") is the controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR). If you have any questions, please contact legal@mautpilot.com.
Data protection officer
The responsible data protection officer is:
Süddeutsche Datenschutzgesellschaft mbH
Contact person Maximilian Mayer
Von-Brettreich-Straße 4
93049 Regensburg
Tel: +49 (0) 941 - 38177070
Mail: verwaltung@sddsg.de
Rights of data subjects
Your rights as a data subject
As a data subject, you have the following rights with regard to your personal data. You have:
- A right to information about, among other things, the categories of data processed, the purposes of processing, the storage period and any recipients, in accordance with Art. 15 GDPR and Section 34 BDSG.
- A right to rectification or erasure of inaccurate or incomplete data, in accordance with Art. 16 and 17 GDPR and Section 35 BDSG.
- Under the conditions of Art. 18 GDPR or Section 35 (1) sentence 2 BDSG, a right to restriction of processing.
- A right to object to the processing pursuant to Art. 21 para. 1 GDPR, insofar as the data processing was carried out on the basis of a legitimate interest.
- A right to withdraw consent given with effect for the future in accordance with Art. 7 para. 3 GDPR.
- A right to data portability in a commonly used format pursuant to Art. 20 GDPR.
- In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you. This also includes profiling within the meaning of Art. 4 No. 4 GDPR.</p
- You also have the right to lodge a complaint pursuant to Art. 77 GDPR to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Procedure
If you assert your rights under the GDPR and the BDSG against us, we will process the data you provide to us in order to fulfil your claim.
We will then store the data you provide to us and the data we provide to you in return for the purpose of documentation until the expiry of the limitation period under regulatory offences law (3 years).
The legal basis for the processing and storage of the data is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our obligation to comply with your request and the need to be able to exonerate ourselves in possible fine proceedings by proving that we have duly complied with your request.</p
You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice. However, we would like to point out that the processing of your data to prove compliance with the rights of the data subject is mandatory within the meaning of Art. 21 para. 1 GDPR, as other means of proof do not exist or are not equally suitable.
Data protection measures
We use technical and organisational measures to protect our website and other systems - and therefore also your data - against loss, destruction, access, modification or dissemination by unauthorised persons. In particular, your personal data is transmitted over the Internet in encrypted form. We use the TLS (Transport Layer Security) coding system for this.</p
However, the transmission of information via the Internet is never completely secure, which is why we cannot guarantee the security of the data transmitted from our website 100%.
Modalities of data processing
Sources and categories of personal data
We process your personal data insofar as it is necessary for the establishment, content or amendment of a contractual relationship between us and you (inventory data). Inventory data can be in particular Name, title, contact details (postal address, telephone, email address), date of birth, etc.
We also process your usage data. Usage data is data that is generated by your behaviour when using our website and our services, in particular your IP address, the start and end of your visit to our website and information about what content you have accessed on our website.
We collect the aforementioned data either directly from you (e.g. by visiting the website) or, to the extent permitted by data protection laws, from third parties or publicly accessible sources (e.g. commercial and association registers, press, media, internet).
Data transfer to third countries outside the EU
All information that we receive from you or about you is generally processed on servers within the European Union. Your data will only be transferred to or processed in third countries without your express consent if this is provided for or permitted by law, if an adequate level of data protection is ensured in the third country or if contractual obligations exist through so-called standard data protection clauses of the EU.
With regard to data transfers to the USA, the European Commission has issued an adequacy decision called the EU-U.S. Data Privacy Framework, which ensures an adequate level of protection for the transfer of personal data by companies participating in the EU-U.S. Data Privacy Framework. If we use services that transfer personal data to the USA, the respective service will indicate whether the company is certified by the EU-U.S. Privacy Shield Framework.
Forwarding of data, order processing
We never pass on your personal data to third parties without authorisation. However, we may disclose your data to third parties in particular if you have consented to the disclosure of data, if the disclosure is necessary to fulfil our legal obligations or if we are entitled or obliged to disclose data due to legal provisions or official or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
We may pass on the personal data collected from you to third parties, in particular in the context of contract processing, for example to the transport company commissioned with the delivery or the service used for payment, insofar as this is necessary for the fulfilment of the contract. The individual service providers and further information can be found below in the "Third-party services" section.</p
We may also transfer your data to external service providers who process data on our behalf and in accordance with our instructions (processors) in order to simplify or relieve our own data processing. Each processor is bound by a contract in accordance with Art. 28 GDPR. This means in particular that the processor must provide sufficient guarantees that suitable technical and organisational measures are implemented by the processor in such a way that the processing is carried out in accordance with the requirements of the GDPR and the protection of your rights as a data subject is guaranteed. Despite commissioning processors, we remain the controller for the processing of your personal data within the meaning of data protection laws.</p
Purpose of the data processing
We only use the data for the purpose for which it was collected from you. We may further process the data for another purpose, unless this other purpose is incompatible with the original purpose (Art. 5 para. 1 lit. c) GDPR).
Storage period
Unless otherwise specified in detail, we will only store data collected from you for as long as is necessary for the respective purpose, unless statutory retention obligations prevent deletion, e.g. under commercial law or tax law.
Individual processing activities
In the following, we would like to show you as transparently as possible which of your data we process, on what occasion, on what basis and for what purpose.
Server log files
Every time a website is accessed and every time data is retrieved from a server, general information is automatically transmitted to the server providing it. This data transmission is automatic and is a fundamental component of communication between devices on the internet.</p
The data transmitted by default includes the following information: Your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which your access took place (so-called referer), date and time of the request (so-called timestamp). The http status and the amount of data transferred are also recorded as part of this request.</p
This information is logged by the server, stored in a table and saved there for a short time (so-called server log files). By analysing these log files, we can detect and subsequently eliminate website errors, determine the website's capacity utilisation at certain times and make adjustments or improvements based on this, as well as ensure the security of the server by being able to trace the IP address from which attacks on our server were carried out.</p
Your IP address is only stored for the time you use the website and is then immediately deleted or made partially unrecognisable by shortening it. The remaining data is stored for a limited period of time (usually 7 days)</p
The legal basis for the use of the server log files is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from the necessity for the operation and maintenance of our website, as we have explained above. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice. However, we would like to point out in advance that the processing of your data in server log files is mandatory within the meaning of Art. 21 para. 1 GDPR, as otherwise the website cannot be operated at all.
Cookies and web storage
We use so-called "cookies" on our website to improve user-friendliness.
Cookies
What cookies are
In very simple terms, a cookie is a small text file that stores data about websites visited. Cookies can be used in many different ways. For example, they can store a kind of "user profile", i.e. things like your preferred language and other page settings that are required by our website in order to offer you certain services. The cookie file is stored on your end device and can also help to recognise you when you return to our website.</p
Cookies may also provide us with information about your preferred activities on our website, allowing us to tailor our website to your individual interests or even increase the speed of navigation on our website.
How you can avoid cookies
You can delete cookies manually at any time in the security settings of your browser
You can also prevent the storage of cookies from the outset by selecting the appropriate settings in your browser. Please note, however, that you may then not be able to use all functions of our website to their full extent or that errors may occur in the display and use of the website.</p
Which cookies are used
The exact cookies we use can be found in the list below
|
Name |
Explanation |
Origin (Domain) |
Validity/ Memory duration |
Third-party access |
|
mautpilot_session |
This cookie is used to retain the user's session settings when the website is called up again. For this purpose, the server creates a cookie with a unique ID and transmits it to the user's end device. The end device then sends the cookie and the ID back to the server on repeated requests so that the user can, for example, find their purchase in the state in which they left it. The cookie can also be used to protect the website against so-called bots |
checkout.mautpilot.de |
2 hours |
No |
|
XSRF-TOKEN |
This cookie is used for the security of the website and to protect the user against CSRF (Cross-Site-Request-Forgery) attacks. It is absolutely necessary for the security of the website. The cookie provides each request from the client to the server with a unique "token", which ensures that the request comes from the client. |
checkout.mautpilot.de |
2 hours |
No |
|
PHPSESSID |
This cookie is generated by applications based on the PHP programming language and serves the necessary functionality of the website by maintaining the variables of a user's session through a randomly generated number. |
www.mautpilot.de |
End of session |
No |
|
csrf_https-contao_csrf_token |
This cookie is used for the security of the website and to protect the user against CSRF (Cross-Site-Request-Forgery) attacks by providing each request from the client to the server with a unique "token", which ensures that the request comes from the client. |
www.mautpilot.de |
End of session |
No |
Legal basis
The legal basis for the use of cookies that are absolutely necessary for the function of the website (e.g. shopping basket cookie, session cookie) is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing) and §25 para. 2 no. 2 TDDDG (absolute necessity for the provision of a digital service expressly requested by the user). The legitimate interest arises from our need to be able to offer you a functioning website. Cookies are necessary for this because they are an integral part of current Internet technology and many functions of current websites would not be available without cookies. We therefore need cookies to be able to provide you with the website at your request.</p
You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.</p
We would like to point out, however, that the processing of your data in certain cookies is mandatory within the meaning of Art. 21 para. 1 GDPR, as otherwise the website cannot be operated at all and we technically do not have the possibility to prevent the setting of cookies on certain individual end devices. However, you may be able to do this yourself in your browser. For more information, please take a look at the instructions for your browser.</p
Web storage
Our website does not access the web storage of your browser.
How to contact us
Our website offers options for contacting us directly.
We will only process the data you provide to us until the purpose for which you contacted us has been achieved, unless statutory retention periods prevent this. If the purpose of your contact is the assertion of data subject rights, the information in the section "Your rights as a data subject" applies.</p
The following data is processed as part of the contact form:
Name, email address and the content of the message
The legal basis for the use of the data you transmit to us by contacting us in the context of contractual or pre-contractual relationships or for answering (pre)contractual enquiries is Art. 6 para. 1 sentence 1 letter b) GDPR (data processing for the fulfilment of a contract).
The legal basis for the processing of the data you transmit to us by contacting us in cases other than for contractual or pre-contractual purposes or enquiries is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). Our legitimate interest in processing arises from our interest in responding to enquiries and maintaining user relationships.</p
You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.</p
Use of our web shop
If you wish to place an order in our online shop, it is essential that you provide certain data in order to conclude the contract and process your order. These details, which are essential for processing, are marked separately; all other details can be provided voluntarily. We will only process the data you provide during the ordering process in order to fulfil your order. If you do not provide the required data, this will mean that your order cannot be processed.</p
It may also be necessary to pass on your data to third parties, e.g. banks/payment service providers etc., in order to process your order. You can find more information in our General Terms and Conditions, above under "Forwarding of data" and below in the section "Third-party services".</p
The legal basis for the use of your data to process the order is Art. 6 para. 1 sentence 1 letter b) GDPR (data processing for the fulfilment of a contract). The legal basis for the data voluntarily provided by you during the ordering process is Art. 6 para. 1 sentence 1 letter a) GDPR (consent of the data subject). You can revoke your consent at any time with effect for the future. To do so, please use the contact details provided in the legal notice.</p
We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data will only be used to comply with legal obligations.</p
To prevent unauthorised access to your personal data by third parties, in particular financial data, the order process is encrypted using TLS technology.
We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you emails with technical information.
The legal basis for the use of your contact data for this purpose is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need to send you interesting information about our offer and our company (direct advertising).</p
You can object to the processing of your data on the basis of our legitimate interest in direct advertising at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.
Follow-up emails
For the emails sent in connection with our webshop, e.g. for order confirmation, invoices, provision of vignettes, etc., we use the "Brevo" service of Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin.
We have concluded an order processing agreement with Sendinblue GmbH in accordance with Art. 28 GDPR.
Our mail service uses so-called web beacons or tracking pixels to analyse your reading behaviour. Tracking pixels are extremely small image files that are integrated into the emails and thus allow log file recording and log file analysis.
When you open the emails, the tracking pixel is loaded from the service server and at the same time some information about you is transmitted, such as whether the email has been opened, the time it was opened and the corresponding IP address.
Both the respective web beacon/counter pixel and the links in the email can be clearly assigned to the email address used for sending and thus allow conclusions to be drawn about the respective email recipient.
We store the collected data for a period of 4 years. After this period has expired, the data will be deleted immediately.</p
The legal basis for the processing of your data in connection with the tracking of emails is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need to be able to prove that our customers have actually received and used the emails sent by us (including the ordered goods). We use the collected data exclusively for this purpose.</p
You can object to the processing of your data on the basis of our legitimate interest in direct advertising at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.</p
You can find more information on the handling of user data in Sendinblue's privacy policy https://de.sendinblue.com/datenschutz-uebersicht/ .
Hosting services
Our website is hosted on servers of external providers to ensure the efficient and secure provision of the website.
Whenever you visit the website, general information is automatically transmitted from your browser to the server (so-called server log files). For more information on this, see "Server log files" above.</p
The legal basis for the use of hosting services and the associated processing of your data is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for a technically flawless presentation of our website without requiring in-depth knowledge of website programming and IT system maintenance. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice. However, we would like to point out that the processing of your data in this context may be mandatory within the meaning of Art. 21 para. 1 GDPR, as otherwise the website cannot be operated at all without disproportionate effort.</p
Third party services
We use third-party services/resources, such as plugins, external content, software or other external service providers (services), to simplify our data processing and to expand the functionality of our website. Personal data may also be transmitted to the service provider. In order to protect your data, we have contractually obliged the service providers, if necessary in accordance with Art. 28 GDPR, to process your data only in accordance with our instructions.
We expressly point out that we are regularly only responsible for the data collection and transmission by the service within the meaning of the GDPR, but not for any subsequent processing by the respective service provider.
In detail, we use the following services:
Service providers for processing your order
We may pass on the personal data collected from you to third parties as part of the contract processing, for example to the transport company commissioned with the delivery or the service used for payment, insofar as this is necessary for the fulfilment of the contract.
The legal basis for the transmission of the data required to process the order is Art. 6 para. 1 sentence 1 letter b) GDPR (data processing for the fulfilment of a contract). The provision and transmission of your data is necessary as otherwise your order cannot be processed.</p
The legal basis for the data transmission voluntarily selected by you during the ordering process (e.g. for dispatch status by email) is Art. 6 para. 1 sentence 1 letter a) GDPR (consent of the data subject). You can revoke your consent at any time with effect for the future. To do so, please use the contact details provided in the legal notice.</p
In detail, we use the following service providers:
Mollie
We use the "Mollie" service of Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands, for payment processing.
This service enables us to provide you with various payment methods in our webshop. By completing an order, data is transmitted from our website to Mollie, in particular your payment details (e.g. your bank account number or credit card number), your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which your access took place (so-called referrer), the date and time of the request and, if applicable, your Internet service provider. In addition, the status and the amount of data transferred as part of this enquiry are recorded. In some cases, your first and last name, your address data and other personal data that you actively provide will also be transmitted to Mollie.
If you use Mollie's services, your personal data will also be used by Mollie for analysis purposes, among other things. More details about the data collected and information about how Mollie processes the data collected can be found in Mollie's privacy policy: https://www.mollie.com/de/privacy
We have a legitimate interest in the use of Mollie within the meaning of Art. 6 para. 1 sentence 1 letter f) GDPR, which consists of offering a variety of payment methods as simply as possible via a service provider and not having to commission a separate service provider for each payment method. This also reduces the recipients of your data.
Klarna
We use the payment processing service Klarna from Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden. In order to enable payment processing, your data (first and last name, street, house number, postcode, city, gender, email address, telephone number and IP address) as well as data collected in connection with your order (invoice amount, delivery type, article) will be passed on to Klarna for the purpose of identity and credit checks.
You can find out which credit agencies your data may be forwarded to here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
For further data protection information, please refer to Klarna's privacy policy:
https://www.klarna.com/de/datenschutz/
PayPal
We use the "PayPal Plus" service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. ("PayPal"), 22-24 Boulevard Royal, L-2449 Luxembourg, for payment processing. This service enables us to provide you with various payment methods in our webshop. By using this service, data is transmitted from our website to PayPal, in particular your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which your access took place (so-called referrer), the date and time of the request and, if applicable, your Internet service provider. The status and the amount of data transferred as part of this request are also recorded.</p
Details on the data collected and information on how PayPal processes the data collected can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
We have a legitimate interest in the use of PayPal within the meaning of Art. 6 para. 1 sentence 1 letter f) GDPR, which consists in offering a variety of payment methods as simply as possible via a service provider and not having to commission a separate service provider for each payment method. This also reduces the recipients of your data.</p
When paying via "PayPal via PayPal Plus", "Direct Debit via PayPal Plus", "Credit Card via PayPal Plus" or "PayPal Plus Invoice", we also pass on your payment and order data to PayPal as part of the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card and direct debit. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values.</p
For further data protection information, including information on the credit agencies used, please also refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
Instant bank transfer
We use the "Sofort-Überweisung" service of Sofort GmbH, Theresienhöhe 12 in 80339 Munich for payment processing. This service enables us to provide you with various payment methods in our webshop.
In this case, the data is collected by Sofort GmbH. We do not store the data ourselves.
For this purpose, Sofort GmbH requires the IBAN as well as PIN and TAN of your online banking account. As part of the ordering process, you will be automatically redirected to the secure payment form of Sofort GmbH. Immediately afterwards, you will receive confirmation of the transaction. We will then immediately receive the transfer credit.</p
Details on the data collected and information on how Sofort GmbH processes the data collected can be found in the information provided by Sofort GmbH and in Klarne's privacy policy:
https://www.klarna.com/sofort/
https://www.klarna.com/sofort/datenschutz/
Giropay
We use the "Giropay" service from Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany, to process payments. This service enables us to provide you with various payment methods in our webshop.
In this case, the data is collected by Paydirekt GmbH. We do not store the data ourselves.
In order to authenticate you for the payment, Paydirekt GmbH requires the IBAN as well as PIN and TAN of your online banking account. Optionally, you can authenticate yourself via a Giropay login or a digital Girocard. As part of the ordering process, you will be automatically redirected to the secure payment form of Paydirekt GmbH. Immediately afterwards, you will receive confirmation of the transaction. We will then immediately receive the transfer credit.</p
Details on the data collected and information on how Paydirekt GmbH processes the data collected can be found in the information provided by Paydirekt GmbH: https://www.giropay.de/agb/datenschutzinformationen.pdf
Status of the privacy policy: 10/04/2024