Privacy Policy

Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed under this text.

Data collection on this website

Who is responsible for data collection on this website?

The processing of data on this website is carried out by the website operator. You can find their contact details in the „Information on the Responsible Party“ section of this privacy policy.

How do we capture your data?

Your data is collected, firstly, because you provide it to us. This can include, for example, data that you enter into a contact form.

Other data is automatically collected by our IT systems or with your consent when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some data is collected to ensure the flawless provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the data transmitted will also be processed for contract offers, orders, or other order inquiries.

What are your rights regarding your data?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to complain to the relevant supervisory authority.

You can contact us at any time regarding this and other data protection questions.

2. Hosting

We host our website content with the following provider:

Hetzner

The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter Hetzner).

Please refer to Hetzner's privacy policy for details. https://www.hetzner.com/de/legal/privacy-policy/.

The use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Order processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a legally required data protection agreement that ensures the service provider will process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data will be collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this happens.

We would like to point out that data transmission on the internet (e.g., in email communication) may have security vulnerabilities. It is not possible to protect data completely from third-party access.

Notice from the responsible party

The responsible party for data processing on this website is:

Supercar Group GmbH
Yannick Weinschenk
42a Southern Munich Street
82031 Grünwald

Phone: +49 (0) 151 4231 7722
E-Mail: info@supercar-group.de

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage duration

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you exercise a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after these reasons are no longer applicable.

General Information on the Legal Basis for Data Processing on this Website

If you have consented to data processing, we will process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data according to Art. 9 para. 1 GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing will also be based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your terminal device (e.g., via device fingerprinting), data processing will additionally be based on Section 25 para. 1 TDDDG. Consent can be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we will process your data based on Art. 6 para. 1 lit. b GDPR. Furthermore, we will process your data if it is required for the fulfillment of a legal obligation based on Art. 6 para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. The specific legal bases applicable in each individual case are informed about in the following paragraphs of this privacy policy.

Recipients of personal data

As part of our business operations, we collaborate with various external entities. This sometimes includes the transfer of personal data to these external entities. We only disclose personal data to external entities when it is necessary for the performance of a contract, when we are legally obligated to do so (e.g., disclosure of data to tax authorities), when we have a legitimate interest in the disclosure pursuant to Art. 6 para. 1 lit. f GDPR, or when another legal basis permits the data transfer. When using contract processors, we only transfer personal data of our customers based on a valid contract for contract processing. In the case of joint processing, a contract for joint processing is concluded.

Withdrawal of consent for data processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data processing in specific cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. You can find the respective legal basis on which processing is based in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims (objection pursuant to Art. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Complaint to the competent supervisory authority

In case of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to complain shall be without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract, handed over to you or a third party in a common, machine-readable format. If you request the direct transfer of data to another controller, this will only be done to the extent that it is technically feasible.

Information, correction, and deletion

You have the right, at any time and within the scope of applicable legal provisions, to free access to information about your stored personal data, their origin and recipients, and the purpose of data processing, and where applicable, a right to rectification or deletion of this data. You can contact us at any time for this purpose, as well as for further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we generally need time to verify it. During the period of verification, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
• If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection under Article 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data may, apart from storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the Union or of a Member State.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this page uses SSL or TLS encryption. You can tell if a connection is encrypted by the address bar in your browser changing from „http://“ to „https://“ and by the lock icon in your browser bar.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4. Data collection on this website

Cookies

Our websites use so-called „cookies.“ Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, for providing certain functions desired by you (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically flawless and optimized provision of its services. If consent has been requested for the storage of cookies and comparable recognition technologies, the processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); the consent can be revoked at any time.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to activate the automatic deletion of cookies when closing the browser. The functionality of this website may be restricted when cookies are deactivated.

If other cookies and services are used on this website, you can find this information in this privacy policy.

Consent with Borlabs Cookie

Our website uses Borlabs Cookie's consent technology to obtain your consent for storing certain cookies in your browser or for using certain technologies, and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg (hereinafter referred to as Borlabs).

When you visit our website, a Borlabs cookie is stored in your browser, which saves your consent or withdrawal of consent. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you request us to delete it, you delete the Borlabs cookie yourself, or the purpose for data storage ceases to apply. Mandatory legal retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of Borlabs Cookie Consent technology is to obtain legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Server request time
• IP Address

A merge of this data with other data sources will not be performed.

The processing of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of its website – to this end, server log files must be collected.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact information you provide there, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it has been requested; consent can be revoked at any time.

The data you enter in the contact form are stored by us until you request their deletion, withdraw your consent for storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions, especially retention periods, remain unaffected.

Inquiry via email, telephone, or fax

If you contact us by email, phone, or fax, your inquiry, including all personal data arising from it (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it has been requested; consent can be revoked at any time.

The data you send us via contact requests will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage ceases to apply (e.g., after your request has been fully processed). Mandatory legal provisions, particularly statutory retention periods, remain unaffected.

5. Newsletter

Newsletter Data

If you wish to subscribe to the newsletter offered on the website, we require your email address, as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No other data will be collected, or only on a voluntary basis. We use newsletter service providers for the processing of newsletters, who are described below.

CleverReach

This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter „CleverReach“). CleverReach is a service that can be used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g., email address) will be stored on CleverReach's servers in Germany or Ireland.

Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. This includes analyzing how many recipients opened the newsletter and how often each link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g., purchasing a product on this website) occurred after clicking the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing that has already taken place remains unaffected by the revocation.

If you do not want to be analyzed by CleverReach, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose.

The data you provided to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter, or by the newsletter service provider, and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this.

After you are removed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider on a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). Storage on the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interests.

Further details can be found in the CleverReach data protection regulations at: https://www.cleverreach.com/de/datenschutz/.

Order processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a legally required data protection agreement that ensures the service provider will process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

6. Plugins and Tools

YouTube with enhanced privacy

This website embeds videos from the website YouTube. The operator of this website is Google Ireland Limited („Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites that embed YouTube, a connection is made to YouTube's servers. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in advanced privacy mode. YouTube states that videos played in advanced privacy mode are not used to personalize browsing on YouTube. Ads served in advanced privacy mode are also not personalized. No cookies are set in advanced privacy mode. However, so-called local storage elements are stored in the user's browser, which, similar to cookies, contain personal data and can be used for recognition. You can find details on advanced privacy mode here: https://support.google.com/youtube/answer/171780.

Additional data processing operations may be triggered after a YouTube video is activated, over which we have no influence.

The use of YouTube is for the purpose of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) in the sense of the TDDDG. Consent can be revoked at any time.

For more information on data privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified under the „EU-U.S. Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the U.S. Any company certified under the DPF commits to adhering to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Fonts (local hosting)

This site uses so-called Google Fonts, provided by Google, for a uniform display of fonts. The Google Fonts are installed locally. No connection to Google servers is established.

For more information about Google Fonts, see https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Font Awesome (Local Hosting)

This page uses Font Awesome for consistent font display. Font Awesome is installed locally. No connection is made to Fonticons, Inc. servers.

For more information about Font Awesome, please see Font Awesome's Privacy Policy at: https://fontawesome.com/privacy.

hCaptcha

We use hCaptcha on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter „IMI“).

hCaptcha is used to verify whether data input on this website (e.g., in a contact form) is being done by a human or an automated program. To achieve this, hCaptcha analyzes the website visitor's behavior based on various characteristics.

This analysis automatically begins as soon as a website visitor lands on a website with hCaptcha enabled. For the analysis, hCaptcha evaluates various pieces of information (e.g., IP address, the website visitor's duration of stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in „invisible mode,“ the analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of data is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data processing is based on Standard Contractual Clauses, which are included in IMI's Data Processing Addendum to its Terms and Conditions or data processing agreements.

For more information about hCaptcha, please refer to the privacy policy and terms of service at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

The company is certified under the „EU-U.S. Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the U.S. Any company certified under the DPF commits to adhering to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6388.