Privacy / Data protection

1. About us

We, Humbaur GmbH, are responsible for collecting, processing and storing your data. Refer to our imprint at any time for details about us.

Our top priority is to handle your personal data with care. When processing your data, we adhere to statutory provisions such as the General Data Protection Regulation (GDPR), as well as the associated national provisions.

This privacy statement applies to all of our company’s websites that can be accessed under our domains (https://www.humbaur.com, https://shop.humbaur.com, https://partner.humbaur.com, https:// ***.humbaur.com). If our websites lead you to websites of other operators, the respective data protection regulations for those sites will apply. The relevant operators of these websites are responsible for the content of their data protection regulations.

As we would like to provide you with a comprehensive overview of how your personal data is processed, below you will find an overview of all of our services in the context of which we collect and process personal data.

Where specific or additional conditions apply to individual services or we ask you to provide your consent, we will specifically notify you of this before you use the relevant service (subscribe to the newsletter or make a purchase from our online shop, for example).

In addition, we take a variety of security measures to protect your personal data. This means that data is transmitted between your web browser and our servers in an encrypted manner as a matter of principle, for example; in addition, we implement a range of technical and organisational measures to protect your data.

Contact details

Controller:
Humbaur GmbH
Mercedesring 1
86368 Gersthofen, Germany
Tel: +49 821 24929-0
Email: info@humbaur.com
Web: https://www.humbaur.com
Data Protection Officer: datenschutz@humbaur.com

2. Why we process your data

As a matter of principle, you can visit our websites without having to disclose your identity. Should you wish to register for one of our personalised services, use our online shop, register for our newsletter or wish to contact us, we will ask you to provide your name and other personal information. It is your prerogative as to whether you provide this (additional) data. Data that is essential in order for us to be able to provide our services to you is identified as such.

Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

Contract initiation in accordance with Art. 6 (1)(a) and (b) of the GDPR
Contract execution in accordance with Art. 6 (1)(b) of the GDPR
Customer management in accordance with Art. 6 (1)(b), (c) and (f) of the GDPR
Communication and data exchange in accordance with Art. 6 (1)(a), (b), (c) and (f) of the GDPR
Public image and advertising in accordance with Art. 6 (1)(f) of the GDPR
Implementing declarations of consent in accordance with Art. 6(1)(a) of the GDPR
Ensuring proper operation of a data processing system in accordance with Art. 6(1)(c) and (f) of the GDPR
Applicant selection process within the framework of personnel management and resource management in accordance with Art. 6(1)(a) of the GDPR, in conjunction with Section 26 of the new German Federal Data Protection Act (Bundesdatenschutzgesetz — BDSG-Neu)

3. The information that we collect from you and process

We collect different categories of personal data from you. Personal data means any information relating to an identified or identifiable natural person; a natural person is considered to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name. Personal data includes information such as your name, your address, your telephone number and your date of birth (if specified), for example. Statistical information that cannot be linked to you directly or indirectly, such as the popularity of individual web pages of ours or the number of site users, is not considered to be personal data. We refer to data that is collected directly and indirectly. In both cases, data will be collected only to the extent necessary; the data will be processed exclusively for the purposes stated under Clause 2. It is your prerogative whether you would like to send data to us which, although will optimise the way in which you use our services, is not essential for this purpose. The relevant data fields are labelled "optional".

Data that is collected directly includes:

Title and name, e.g. to personalise your user account or to order from our online shop
Email address and, if necessary, a password of your choosing, for example, in order to subscribe to our newsletter, use your customer account or to contact us via our contact form
Customer login details for using the protected partner area
Address, e.g. in order to process orders (delivery) through our online shop
Payment details in order to process payment for your order
Application details in order to use our electronic application process
Information that you actively and intentionally provide us within in the context of using our services
Additional data that you provide us with voluntarily, for example any data fields that you complete despite them being labelled "optional"


When using our services, data will also be collected about you indirectly:

Technical connection data relating to visits to the website, for example, the page of our website accessed, your IP address truncated by the last three digits, date and time of access, end device used
Data that is collected through website tracking and newsletter tracking
Data that we receive from our service providers when processing orders via the online shop, for example, information about payment disruptions or delivery notifications


Minors:

Our website is not intended for minors and we do not knowingly collect personal data from minors (with the exception of applications).

Individuals under the age of 16 may only provide us with personal data if their parent or guardian has given their own consent or has agreed to the minor’s consent. For this purpose, we must be informed of the contact details of the parent or guardian in accordance with Art. 8 (2) of the GDPR in order for us to be assured that the parent or guardian has given their consent or approval. This data, as well as the data about the minor, will then be processed in accordance with this privacy statement.

If we find that a minor under the age of 16 has sent personal data to us without their parent or guardian having given their own consent or having agreed to the minor’s consent, we will immediately delete the data.

4. Who has access to your data and whom we send your data to

a) Access
Access to your personal data stored by us is limited to our employees and appointed service providers whose tasks require them to handle this personal data.

Insofar as third parties have access to your data, we have obtained consent from you for this purpose or there is a legal basis for this.

We also engage service providers to provide services and to process your data (including for hosting, sending newsletters, delivering goods that have been ordered, processing payments, sending letters or emails, as well as for maintaining and analysing databases, safeguarding our web servers and website tracking). Where specific provisions apply in these cases, we have listed these below for each relevant service. The service providers process the data solely on our instructions and are obliged to comply with the applicable data protection provisions. All processors have been carefully selected and only gain access to your data to the extent necessary and for the required period that is necessary to deliver the services and/or to the extent to which you have consented to data processing and data use.

b) Exchanging data within the group of undertakings
An exchange of data within the group of undertakings to which we belong takes place exclusively within the EU/EEA and only for internal management purposes. By "group of undertakings", we refer to affiliated companies within the meaning of Art. 4 No. 19 of the GDPR.

c) Data transfer to third countries and legal basis
The servers of some of the service providers that we use are located in the USA and in other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as it is protected in the Member States of the European Union. Where your data is processed in a country that has a level of data protection that is recognised to be lower than the level within the European Union, we will employ contractual arrangements or other recognised instruments to ensure that your personal data is adequately protected. We will explicitly draw your attention to this point once more within the scope of the individual services.

Where personal data is transferred to third countries, this is done on the basis of the EU Commission’s adequacy decision, such as the EU-U.S. Data Privacy Framework in accordance with Art. 45 of the GDPR or on the basis of the standard EU contractual clauses (last updated 2021) (2016/679/EU) in accordance with Art. 46 (2)(c) of the GDPR or if an exception exists pursuant to Art. 49 (1)(a) of the GDPR.

d) Data transfer to law enforcement authorities and criminal investigation authorities
In exceptional cases, we will forward personal data to law enforcement authorities and criminal investigation authorities. This is carried out on the basis of corresponding statutory obligations, arising from the German Code of Criminal Procedure (Strafprozessordnung), the German Fiscal Code (Abgabenordnung), the German Money Laundering Act (Geldwäschegesetz) or state police laws, for example.

5. Retention periods

We retain personal data within the framework of statutory provisions or your given consent.

We take the following criteria into account when determining the specific retention period:

We retain personal data until the purposes for which it was collected cease to apply (e.g. when a contractual relationship comes to an end or as a result of the final activity being performed if a continuing obligation is not in place, or in the case of revocation of consent to specific data processing).

Data will only be retained for longer than this if

Statutory retention obligations are in place (e.g. in accordance with the German Fiscal Code or the German Commercial Code [Handelsgesetzbuch])
The data is still required to establish and pursue legal claims or to defend against legal claims, for example, due to technological and forensic requirements for defending against and prosecuting attacks on our web servers
Erasure would not be in the legitimate interests of the data subject
or any other exception in accordance with Art. 17 (3) of the GDPR applies.

6. Your rights

You have a number of statutory rights, which we would like to draw to your attention below. These rights are standardised in Art. 15 - 22 GDPR. Of course, you can also contact our data protection officer using the contact details below if you have any questions relating to your personal data that we have collected and processed.

a) Right of access and right to data portability
You have the right to access information regarding your personal data processed by us at any time.

Where data processing takes place based on your consent or in accordance with Art. 6 (1)(b) of the GDPR on the basis of a contract, you may also request, in accordance with Art. 20 (1) of the GDPR, the provision of the personal data that is stored about you in a structured, commonly used and machine-readable format. At your request, we will also forward the data directly to a recipient as defined by you.

b) Right to rectification, restriction and erasure
In addition, you may ask us to rectify, restrict (block) or erase your personal data pursuant to Articles 16 to 18 of the GDPR if we have incorrectly processed the data, if there is a reason for restricting further data processing, or if data processing has become unlawful for a variety of reasons, or if the retention of the data is inadmissible for other legal reasons. We would like to point out that statutory retention periods may restrict your right to erasure.

c) Rights to object
If our data processing is based exclusively on our legitimate interests in accordance with Art. 6 (1)(f) of the GDPR, you may opt out from this data processing in accordance with Art. 21 (1) of the GDPR. We will then stop processing your data, unless we are able to demonstrate legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is used to establish, exercise or defend a legal claim. In addition, you always have the right to object to your data being used for direct marketing purposes in future in accordance with Art. 21 (2) of the GDPR.

d) Right of withdrawal
If you have consented to our processing of your personal data, you have a right of withdrawal with future effect in accordance with Art. 7 (3) of the GDPR.

e) Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws.

The contact details of the relevant supervisory authority for us are:

Bayrisches Landesamt für Datenschutz (BayLDA) (Data Protection Authority of Bavaria)
Promenade 27
91522 Ansbach
Germany
Phone: +49 (0) 981 53 1300
poststelle@lda.bayern.de

In order to exercise your rights, you can send an informal notification to us using the above contact details. Please direct the withdrawal of your consent, indicating which declaration of consent you would like to withdraw, to datenschutz@humbaur.com.

f) Contact details
In order to exercise your rights, you can send an informal notification to us using the following contact details. Please direct the withdrawal of your consent to the following contact details, indicating which declaration of consent you would like to withdraw:

Controller
Humbaur GmbH
Mercedesring 1
86368 Gersthofen
Germany
Phone: +49 (0) 821 24929-0
Email: datenschutz@humbaur.com

Data protection officer
it.sec GmbH
Einsteinstr. 55
89077 Ulm
Germany
Datenschutz@it-sec.de

7. Using our websites — profiling, cookies and web tracking

a) Basic information about cookies and opt-out options
We use cookies in some areas of our website to identify the preferences of visitors and to enable us to optimise the design of the website accordingly, for example. This makes navigation easier and enhances the user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on the hard drive of a visitor. They allow information to be held for a certain period of time and enable the visitor’s computer to be identified. We use permanent cookies to improve user guidance and the way in which services are presented to the individual. We also use session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies. This means that you will be clear about how the cookies are being used. The legal bases are formed by Art. 6 (1)(c) in conjunction with Art. 32 and Art. 6 (1)(f) of the GDPR. We have a legitimate interest in safeguarding our web server to defend it against attacks, for example, and to ensure the functionality of our services.

We only use cookies that are not essential from a technical point of view if you have provided your explicit consent for us to do so, which, of course, you can withdraw at any time.

In this regard, you have agreed to the following declaration in the context of our cookie information on our website:

This website uses tracking cookies or tracking software to, among other things, provide you with the full range of services on our website and thus a better online experience. You can find more information about the cookies and web tracking processes that we use, and the consent you have provided for this purpose, in our privacy statement at [add link]. However, cookies that are not essential from a technical point of view and/or our tracking software will only be activated once you have given us your consent. [Agreed]

If you fully exclude the use of cookies, you will not be able to use individual features of our website, including the option to opt-out from tracking based on cookies. You may need to allow the opt-out cookies for those services for which you wish to prevent tracking.

Please keep in mind that deleting all cookies also means that opt-out cookies are deleted. You must therefore reset these cookies where applicable. Cookies are also linked to the browser, meaning they need to be set separately for each of the browsers you use on each of the devices you use. The links that are necessary for this purpose can be found below in the description of the respective services.

We use the following cookies, provided you allow them and have not set one or multiple opt-out cookies, for the purposes specified in more detail below:

Name of cookieIntended purposeStorage durationEssential from a technical point of viewOption to withdraw consent (if cookie not essential from a technical point of view)
_gat_UA-6476217-2Used to reduce the number of requests to Google Analytics1 minuteNoSee below
_gat_UA-6476217-4Used to reduce the number of requests to Google Analytics1 minuteNoSee below
_gat_UA-6476217-28Used to reduce the number of requests to Google Analytics1 minuteNoSee below
_gat_UA-6476217-30Used to reduce the number of requests to Google Analytics1 minuteNoSee below
_gidUser identification by Google Analytics24 hoursNoSee below
_gaUser identification by Google Analytics2 yearsNoSee below
_gatUsed to reduce the number of requests to Google Analytics1 minuteNoSee below
__utmaIdentification of users and sessions by Google Analytics2 yearsNoSee below
__utmtUsed to reduce the number of requests to Google Analytics10 minutesNoSee below
__utmbDetection of new sessions/visits in Google Analytics30 minutesNoSee below
__utmzSaves the traffic source or campaign that explains how the user has reached the site (Google Analytics)6 monthsNoSee below
fe_typo_userCMS-specific session cookieExpires when you close the browserYes
PHPSESSIDCMS-specific session cookieExpires when you close the browserYes
frontendCMS-specific session cookie1 hourYes
frontend_cidCMS-specific session cookie1 hourYes
geoipIdentification of whether information with country reference has been seen1 monthYes
cookieconsent_dismissedIdentification of whether tracking and use of cookies is permitted1 yearYes

b) Google Analytics

The websites use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and enable the way in which you use the website to be analysed. The Google tool is used on the basis of your consent in accordance with Art. 6 (1)(a) of the GDPR, § 25 para. 1 TDDDG. You can revoke your consent at any time via our consent banner, or by clicking on https://adssettings.google.com. The revocation only applies to the device and the web browser on which it was made; please repeat the process on all devices if necessary. If you delete the opt-out cookie, you will be asked for your consent to the transfer of data again. The information generated by the cookie about the way in which you use this website is typically sent to a Google server in the USA, where it will be stored. The contract required under data protection law has been concluded with Google and the latter has been certified in accordance with the requirements of the EU-U.S. Data Privacy Framework. However, where IP anonymisation is activated on this website, Google will truncate your IP address beforehand within Member States of the European Union or in other Contracting Parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and truncated there in exceptional cases. Google will use this information on our behalf to evaluate how you use the website, to compile reports about activity on the website and to provide further services associated with website usage and Internet usage to the website operator. The IP address provided by your browser within the scope of Google Analytics will not be combined with other data from Google. One way of opting out of web analytics by Google Analytics is to set an opt-out cookie which tells Google not to save or use your data for the purposes of web analytics. Please note that with this solution, you will only be able to opt out of web analytics for as long as the opt-out cookie is stored by the browser. 

You can also prevent cookies from being stored by configuring the relevant setting in your browser software; however, we would like to point out that if you do so, you may not be able to use all of this website's functions. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link. The current link is: tools.google.com/dlpage/gaoptout.

Data recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

c) Google Tag Manager

Google Tag Manager is a Google product that allows us to manage website tags for applications such as Google Analytics via an interface. Tag Manager is a cookie-free domain which does not collect any personal data.

d) Google AdWords

Our website uses the "Google AdWords" service, which enables marketers to place adverts in Google search hit lists and in the Google advertising network. This is based on pre-defined keywords, by means of which an ad is only placed in the hit lists if a search is carried out using the keywords.

As part of this process, Google AdWords aims to advertise our website by inserting relevant adverts on the websites of third parties, in the Google search hit lists, and by presenting relevant third-party advertising through our website.

Google places a cookie when you click on a corresponding Google ad that refers to our website. Both we and Google can use the cookie to ascertain whether or not you have accessed our website and generated sales via an AdWords ad.

The resulting data will be used by Google to generate statistics (e.g. total number of users directed via Google AdWords, success of our AdWords campaign) in relation to our website. Neither we nor any other Google AdWords advertising customers receive information from Google that could be used to identify you.

However, the set cookie will be used to store personal information, for example, about the websites that you have visited. Google may pass this data on to third parties.

The contract required under data protection law has been concluded with Google and the latter has been certified in accordance with the requirements of the EU-U.S. Data Privacy Framework.
Google AdWords is used on the basis of your consent in accordance with Art. 6 (1)(a) of the GDPR, § 25 (1) of the German Telecommunications and Tele media Data Protection Act (TDDDG). You can revoke your consent at any time either via our consent banner, or by accessing the following opt-out link: https://www.google.de/settings/ads
Data recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/participant/5780 

e) Google Maps service

The “Google Maps” service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) is integrated into our website via an API.

By using Google Maps, you will be shown the location of our dealers.

To prevent your personal data from being transmitted to Google’s servers until you give your consent, we have configured our website in such a way that initially prevents all data transmissions to Google. Google Maps is only activated with your consent as the legal basis (Art. 6 (1)(a) GDPR, § 25 (1) TDDDG). When you interact with the map, you also give your consent to the transfer of data to Google. In this case, information about the use of our website (such as your IP address) is transmitted to Google’s servers and stored there. We would like to point out that, as the website operator, we have no influence on data processing by Google. You can of course revoke your consent at any time via our consent banner.

It cannot be ruled out that personal data will also be transmitted to Google servers in the USA (a third country). We would like to point out that there is generally no comparable level of personal data protection in third countries. For example, security services in third countries may be able to access the personal data stored there without any legal protection for you against this. The contract required under data protection law has been concluded with Google and the latter has been certified in accordance with the requirements of the EU-U.S. Data Privacy Framework.

Data is transmitted to Google regardless of whether you have a Google account or are logged into this account.

If you are logged into Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you need to log out before activating the map.

Google stores your data (even for users not logged in) as usage profiles and analyses them. The collection, storage and evaluation are carried out in accordance with Art. 6 (1)(f) GDPR on the basis of Google’s legitimate interest in displaying personalised advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right.

If you do not agree to the transmission of your data to Google in the future when using Google Maps, you also have the option of completely disabling the Google Maps web service by switching off the JavaScript application in your browser. This will mean that Google Maps and the map display on our website cannot be used in this case.

You can find more detailed information on data processing by Google in Google’s terms of use at https://www.google.de/intl/de/policies/terms/regional.html, with the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html.

Detailed information on data protection and the use of Google Maps can be found in the “Google Privacy Policy”, which can be viewed at https://www.google.de/intl/de/policies/privacy/.

Data recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/participant/5780

f) Social Media Buttons

Our website uses social media buttons (YouTube, Facebook, Instagram, Twitter, Xing) to allow you to interact with third parties.

These social media buttons are not integrated as plug-ins via an iFrame, but are stored as links. If you follow these links, you will reach Humbaur GmbH’s corporate presence on the social media service in question. Clicking on a link to a social media service establishes a connection to the service’s servers. This tells the social media service servers that you have visited our website. In addition, further data is transferred to the social media service provider. These are, for example:

  • Address of the website where the activated link is located
  • Date and time the website is accessed or the link activated
  • Information about the browser and operating system used
  • IP address

If you are already logged into the relevant social media service when you activate the link, the service provider may be able to determine your user name and possibly even your real name from the data transmitted and assign this information to your personal user account with the social media service. You can remove this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media service are located in countries outside the European Union. The data may therefore also be processed by the social media service provider in countries outside the European Union. Please note that companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as it is protected in the Member States of the European Union.

Please note that we have no influence on the scope, type and purpose of data processing by the social media service provider. For more information on the use of your data by the social media services integrated on our website, please refer to the respective social media service providers privacy policy.

8. Supplementary notes and provisions for individual services

a) Newsletter
At your express request, we will send you our newsletter about the topics that you have chosen, as well as information about our company. Please note that the newsletter will only be sent if you have expressly confirmed your subscription request as part of our double opt-in process.

The personal data collected when subscribing to the newsletter will only be used to send and personalise the newsletter (in order to address the letter to you personally, for example). The legal basis is your consent (Art. 6 (1)(a) GDPR. You can revoke your consent to us storing the personal data that you have provided to us in order for us to be able to send the newsletter to you at any time with future effect. Each newsletter contains a corresponding link to allow you to withdraw your consent; alternatively, please feel free to contact us directly so that we can implement the withdrawal of your consent. We have provided you with details about the consent you have given in the double opt-in mail.

Analysing newsletter usage

Our newsletter contains tracking pixels. A tracking pixel is a graphic in HTML emails used when opening the email to allow a log file to be recorded and a record of the links activated from the newsletter to be created and subsequently analysed. This allows us to use statistical analyses to evaluate how successful our newsletter campaigns have been and to optimise our newsletter in order to inform you about topics and offers that are better suited to your interests, for instance.

The personal data collected in this way will be processed by our service providers listed below. Please note that this data may also be transferred to the USA and processed there.

If you do not agree to this, you can unsubscribe to the newsletter at any time by clicking on the unsubscribe link in the relevant newsletter or by sending an email to newsletter(at)humbaur.com.

Data recipient: Mailchimp, The Rocket Science Group, LLC, 675 Ponce de Leon AVE NE, Suite 5000, Atlanta, GA 30308 USA

b) Contact form
Data that you share with us via our contact form is processed for communication purposes and for the purpose of data exchange, in other words in order to respond to your specific query. This data is stored for the period of time necessary to process it for these purposes or until any ensuing retention periods expire. The only mandatory piece of information you need to provide here is your email address. You can revoke your consent at any time.

c) Competition
From time to time, you will have the opportunity to take part in competitions or similar campaigns via our website. Within the context of these campaigns, personal data, the scope of which is indicated in the respective entry form, may also be collected and retained for processing purposes. Data that is not essential for us to run the competition but allows us to notify you more quickly if you win is explicitly identified as optional information. The personal details that you provide us with in the context of a competition campaign of this kind will solely be used to deliver the campaign (in the case of a competition, for example, to determine the prize, send notification of a win, and to deliver the prize). After the campaign is over, the data of the participants who have not won the competition will be deleted immediately. In the case of the competition winner, their data will be deleted once the statutory retention period has expired.

d) Email application process
We give you the option to apply to us by email. Your electronic application data will be received by the relevant personnel department and will only be forwarded to the department in which the position you are applying for is located or to the individuals entrusted with processing the application. All parties involved will handle your application documentation with the utmost care and treat it as strictly confidential.

Once the application process is complete, we will store your application documentation for another three months, after which time we will delete or destroy any copies, unless we have entered into an employment contract with you. Should we wish to include your application documentation in our pool of applicants, we will contact you to this effect. As part of the notification, you can actively consent to your documents being retained for longer.

Please note that applications that you send to us via email will be delivered to us unencrypted. We therefore recommend using encryption software. The legal basis for the processing of your application is Art. 6 (1)(a)(b) GDPR.

e) Applicant portal

Thank you for your interest in working at Humbaur GmbH. We are aware of the importance of your data and process the personal data you have provided in the application form only for the purposes of an effective and correct application procedure and for contacting you as part of the application process. The data will not be passed onto third parties without your consent.

You will be asked to provide personal data as part of the application form. To this end, we observe the principle of data minimisation and data avoidance by only requiring you to provide us with the data that we need to review in full your application documents, such as your CV, title, surname, first name, address and contact details, or that we are legally obliged to collect. This mandatory information is marked with an *(asterisk). Your IP address is also processed for technical reasons as well as for legal protection.

Unfortunately, we cannot check your application documents without this data, which is why our system will not allow you to upload your application documents in this case. Of course, you have the option of providing voluntary information in the application form.

To best protect the security and confidentiality of your data, we implement appropriate security measures. Your application documents will be transmitted to us in encrypted form via our application system.

We store your data for the aforementioned purposes until the application process has been completed and the relevant deadlines have expired - six months after receipt of a decision at the latest. However, if you so choose, we can store your application documents for longer and compare them with other vacancies that match your profile.

For this we need your consent, which you can give by clicking on the checkbox before uploading your application documents. You can of course revoke your consent at any time without giving a reason, with future effect, by sending an email to datenschutz@humbaur.com

f) Online shop
Our website provides an online shop from which you can purchase our products. We use the data collected from you via the online shop to perform the contract, in particular in order to allow you to purchase products, take delivery of products, and make payment.

If necessary, we will also process your data in this context to carry out a credit check if this is required in order to perform the contract, Art 6 (1)(b) of the GDPR, or we have a legitimate interest in doing so, Art. 6 (1)(f) of the GDPR. We have a legitimate interest if we are about to enter into a contract with you that involves a risk of financial default for us (such as instalment plans, order/delivery on account) and the conclusion of the contract is solely dependent upon your credit rating.

Depending on the chosen shipping method, we will forward the necessary data, if available and provided you have given your consent for us to do so, including your email address and telephone number for the purposes of parcel notification, agreeing deadlines, and communicating parcel tracking information, to your chosen shipping service provider for the purposes of shipping and delivery.

We will also transfer the data that is necessary to make the payment and to carry out the risk assessment, where applicable, to the payment service provider of your choosing. The following additional information and provisions apply to this end:

aa) PayPal payment method
When making a purchase from our online shop, you have the option to pay using the payment provider PayPal. The payment is processed either via your PayPal or via PayPal using your credit card or bank account. PayPal also provides buyer protection and fiduciary services.

When choosing the payment provider PayPal when making a purchase via the online shop, data will automatically be sent to PayPal. When you choose PayPal as the method of payment, you specifically consent to this transfer of personal data (first name and surname, address, email address, IP address, telephone number(s), order details, delivery dates) for the purposes of making the payment and preventing fraud.

Data is exchanged not only for the purposes of making the payment, but also for identification purposes, to prevent fraud, and to reduce our risk of financial default. In this respect, data about your financial situation as well as about previous purchasing and payment behaviour may also be exchanged. In this context, data will also be exchanged by PayPal with credit agencies, provided that there is a legitimate interest and the legitimate interests of the data subject are not contravened.

Data may be passed on to affiliated companies; this also applies to downstream service providers (processors, controllers with joint responsibility, and third parties, if required in order to perform the contract).

You may withdraw the foregoing consent at any time with future effect vis-à-vis PayPal. Withdrawal has no effect on data transfers carried out in the past.

The applicable data protection provisions for PayPal can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.

Data recipient: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg, Luxembourg

bb) Instant transfer payment method
When making a purchase from our online shop, you have the option to pay using an instant transfer via the payment provider SOFORT GmbH.

Using the above method of payment allows you to confirm payment to us as the seller in real time, meaning we can immediately start dispatching your order.

When choosing instant transfer as your method of payment, data will automatically be sent to SOFORT GmbH. When you choose to pay via instant transfer, you specifically consent to this transfer of personal data (first name and surname, address, email address, IP address, telephone number(s), bank details, PIN, transaction authentication number, purchase price) for the purposes of making the payment and preventing fraud.

Data is exchanged not only for the purposes of making the payment, but also for identification purposes and to prevent fraud. In this respect, data about your financial situation as well as about previous purchasing and payment behaviour may also be exchanged. In this context, data will also be exchanged by SOFORT GmbH with credit agencies, provided that there is a legitimate interest and the legitimate interests of the data subject are not contravened.

Data may be passed on to affiliated companies; this also applies to downstream service providers (processors, controllers with joint responsibility, and third parties, if required in order to perform the contract).

You may withdraw the foregoing consent at any time with future effect vis-à-vis SOFORT GmbH. Withdrawal has no effect on data transfers carried out in the past.

The applicable data protection provisions for SOFORT GmbH can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

Data recipient: SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

f) Customer account
Our website provides you with the option to create a personal customer account for our shop. You need to register once before being able to use the shop for the first time. To do so, you need to provide us with the following information:

Title (optional)
First name, surname
Email address
Password.
The customer account allows you:

To enjoy a faster ordering process
To save multiple shipping addresses
To view and keep track of orders
Your data will be stored within the shop system and in our order processing system. You can use the shop system settings to delete your customer account at any time.

Registration is therefore either necessary (for the fulfilment of a contract with you via our online shop or for the implementation of pre-contractual measures) or possible if guest access is also provided.

The principle of data minimisation and data avoidance is observed here, as only the data necessary for registration is marked with an asterisk (*) as a mandatory field. This includes email address and password (including re-entering the password).

By registering on our website, the user’s IP address as well as the date and time of registration are also stored (technical background data). By clicking the “Register now” button, you consent to the processing of your data.

Please note: the password you enter is stored by us in encrypted form. Employees of our company cannot view this password. They are therefore unable to give you any information if you have forgotten your password.

In this case, use the “Forgotten password” function, which will send you a new, automatically generated password by email. No employee has the authority to ask you for your password by telephone or in writing so please never give out your password if you receive such a request.

Once you have finished the registration process, your data will be stored with us for use in the protected customer area. As soon as you register on our website with your email address as your user name as well as your password, this data will be made available for actions you carry out on our website (such as orders in our online shop). Completed orders can be tracked in the order history. Changes to the billing or delivery address can be entered here.

Registered users are free to make changes / corrections to the billing or delivery address in the order history. Our customer service will also be happy to make changes / corrections if you get in touch. Of course, you can also cancel or delete your registration or customer account.

g) Partner portal
We have set up a partner portal for our business partners. Access will be set up for you automatically in the form of a company account as soon as you or your company enter into a lasting business relationship with Humbaur GmbH and will end as soon as the business relationship is terminated. The partner portal can be used, among other things, to view up-to-date information about orders and invoices, research spare parts, request promotional material and access additional information about our products.

h) Humbaur Rent 24/7

Data usage for security and user experience

With the automatic driving licence check, we use artificial intelligence to encrypt your data reliably and to the highest security standards in compliance with the strictest data protection regulations, protecting it from unauthorised access. In doing so, we also enable our business customers to ensure that only pre-checked and trustworthy customers can rent vehicles. This makes it virtually impossible to forge ID cards, passports or driving licences.

Why is driving licence data or identification requested?

In order to avoid fraud, but also for basic legal reasons, we are obliged to request your driving licence. Neither Humbaur nor our rental partners are legally permitted to make vehicles available to customers without a driving licence.
At the same time, we use identification checks using smartphones and/or ID to ensure that no one misuses our service. This serves to protect our rental companies and customers alike.

9. Links to other providers

Our website also contains clearly marked links to the websites of other companies. As far as links to the websites of other providers are present, we have no influence on their contents. No guarantee or liability can therefore be assumed for this content. The respective provider or operator of the pages is always responsible for their content.

The linked pages have been checked for possible legal violations and recognisable infringements at the time of linking. Illegal content was not apparent at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonably possible without concrete evidence of an infringement. If we become aware of any such legal infringements, these links will be removed immediately.