Privacy Policy

Version of: April 2020

Welcome to the website of Vimcar GmbH. Of course, the protection of your personal data, as well as fair and transparent data processing, are of the utmost importance to us. In the following, we would like to provide you with the information you need to check and exercise your rights relating to privacy.



1. Who is responsible for data processing?

Vimcar GmbH
Skalitzer Str. 104
10997 Berlin
Germany


E-Mail: kontakt@vimcar.com


2. How can I contact the Data Protection Officer?

Vimcar GmbH
data protection officer
Skalitzer Str. 104
10997 Berlin
Germany


E-Mail: datenschutz@vimcar.com



If you browse our websites, order or use our products, or otherwise engage with us, we will receive personal data from you. We generally process your data on the following legal bases:

  • If you have granted your express consent (Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law ), e.g. if you would like for us to contact you directly, subscribe to our newsletter, or wish to receive advertising content tailored to your person. Any measures according to Art. 7 para. 3 UWG such as emails related to the purchase of goods or usage of the address for direct advertising by the customer for similar goods or services from Vimcar shall remain unaffected, (see our GTC).

  • To fulfil our contractual obligations (Art. 6 para. 1 lit. b GDPR or the equivalent provision under UK law), e.g. if you purchase and use our product.


  • As a company, we are subject to various legal obligations (Art. 6 para. 1 lit. c GDPR or the equivalent provision under UK law). We are, for example, required under tax law and commercial law to retain certain documents.


  • We additionally process data on the basis of a legitimate interest on our part or third parties (Art. 6 para. 1 lit. f GDPR or the equivalent provision under UK law). This includes, inter alia, data processing for direct advertising purposes, to promote sales, for IT security and the combatting of fraud, as well as the creation of pseudonymous user profiles for analysis purposes and the needs-based design of our website (tracking). You have the right to object to data processing on the basis of a legitimate interest in accordance with Art. 21 para. 1 GDPR or the equivalent provision under UK law . More detailed information is provided under Clause 10.



4. Data processing on our website

4.1 Visiting the website
When you visit our website, your browser transmits data to our web server in order to provide you with the information you have requested. To enable you to visit the website, the following data is collected, stored and used for a short period of time:

  • IP address
  • Date and time of the visit
  • Content of the request (concrete page)
  • Operating system and its access status / HTTP status code
  • Amount of data transmitted
  • Browser, language and version of the browser software

In addition, in order to protect our legitimate interests, we store this data for a limited period of time in order to initiate a derivation to personal data in case of unauthorized access or attempted access to local servers. The legal basis for thisis Art. 6 para. 1 lit. f GDPR or the equivalent provision under UK law.

4.2 Web shop
You can buy our products directly through our website. In order to process your order, we need your contact and address data, as well as information about the desired services (e.g. product type). The legal basis for this is Art. 6 para. 1 lit. b GDPR or the equivalent provision under UK law.

4.3 Payment
For payment processing through our website, we use payment service providers who directly take over your entries and are therefore recipients of your personal data collected in connection with the payment transaction.The responsibility for your payment data is borne by the payment service provider. Information, in particular about the controller of the payment service providers, the contact details of the data protection officer of the payment service providers, and the categories of personal data processed by the payment service providers, can be obtained at the following addresses:

  • Adyen GmbH, Hackescher Markt 4, Building 44, D-10178 Berlin, privacy policy
  • PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, privacy policy

4.4 Distribution of our newsletter
Distribution of our newsletter You can subscribe to our newsletter to receive, among other things, information about our current offers and product updates.

To subscribe to our newsletter, we use the double opt-in procedure. This means that after your registration we will send you an email to the specified email address in which we ask you to confirm that you would like the newsletter to be sent.

For the purpose of receiving our newsletter, we collect and use the e-mail address you provided during registration on the basis of your prior consent in accordance with Art. 6 Para. 1 lit. a GDPR or the equivalent provision under UK law. If you do not confirm your registration, your registration will be automatically deleted. Registration and confirmation will be logged in order to prevent misuse of your personal data. In doing so, we store the IP addresses used for your registration, the times of your registration and confirmation and our registration notifications as well as the text of your registration and confirmation.
Any time you can object your consent of receiving the newsletter with effect for the future (Art. 21 GDPR or the equivalent provision under UK law). You can declare your revocation by using the link provided for this purpose in each newsletter or by contacting the above-mentioned contact persons.

4.5 Newsletter tracking
Newsletters are sent via the mailing service Mailchimp, a newsletter mailing platform of Rocket Science Group, LLC (675 Ponce De Leon Ave NE #5000, Atlanta GA 30308, USA). Master data of the recipients, i.e. first name; last name; e-mail address, are transmitted. The legal basis is Art. 6 para. 1 lit. f or the equivalent provision under UK law GDPR. Our legitimate interest is to be able to keep the opt-in information obtained (consent database) and to maintain an suppression list.

The Rocket Science Group LLC d/b/a MailChimp is EU-US Privacy Shield certified. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

Please also note the data protection information of Mailchimp.

4.6 Career
Please note our separate Privacy Policy for applications.

4.7 Use of social plugins
This website uses social plugins from Pinterest (Operator: Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA).

Pinterest enables users of this social network, among other things, to publish collections of images, individual images and descriptions on virtual pinboards, which can then be shared or commented on by other users. Each time a user calls up one of our individual pages on which a Pinterest component (Pinterest plug-in) has been integrated, the Internet browser will automatically be prompted by the respective Pinterest component on the information technology system of the person concerned to download a representation of the corresponding Pinterest component from Pinterest. As part of this technical process, Pinterest is informed which specific subpage of our website is visited by the data subject.

If you are signed in to Pinterest at the same time, Pinterest will recognize each time for the entire duration of your stay you visit on our website and which specific page of our website have been visited. This information is collected by the Pinterest component and assigned to the respective Pinterest account by Pinterest. If you click on a Pinterest button integrated on our website, Pinterest will assign this information to the personal Pinterest user account of the person concerned and store this personal data. If you click on a Pinterest button integrated on our website, Pinterest assigns this information to your personal Pinterest user account and stores this personal data. The Pinterest component will always inform Pinterest that you have visited our website if you are logged in at the same time as you access our website, regardless of whether the Pinterest component has been clicked or not. If Pinterest does not wish to receive this information, it may prevent you from logging out of your Pinterest account prior to accessing our website. The legal basis for this data processing is Art. 6, para. 1 lit. a GDPR or the equivalent provision under UK law.

We have no control over the extent of the data collected from you by the provider. For more information about the scope, type and purpose of data processing and about rights and setting options for protecting your privacy, please refer to the provider's data protection information. This is available under the following addresses: https://about.pinterest.com/privacy-policy

You can object to this special data processing at any time, either by deactivating the relevant settings under "Customization" in your Pinterest account or by clicking Opt-Out.

4.8 How are cookies used on this website?
When using our website, cookies are stored on your computer. Our legitimate interest lies in being able to offer the desired features of the website. Cookies are small text files that are stored on your hard disk in association with the browser you are using and through which the body which sets the cookie transmits certain information. Cookies cannot run programs or deliver viruses to your computer. They serve to make our web offer more user-friendly and effective. We also use cookies to identify you for follow-up visits if you have an account with us. Otherwise, you will have to log in again for each visit.

This website uses different types of cookies; their scope and functionality are explained in Subsections 4.8.1. to 4.8.3:

4.8.1 Transient cookies
These cookies are automatically deleted when you close your browser. These include session cookies, in particular. These store a so-called session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.

4.8.2 Persistent cookies
These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies in the security settings of your browser at any time.


4.8.3 Flash cookies
Flash cookies which are used are not stored by your browser, but instead by your Adobe Flash plugin. We also use HTML5 storage objects which are stored on your mobile device. These objects store the required data independently of the browser used and do not have an automatic expiry date. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, e.g. "Flash Block (Plus)" for Mozilla Firefoxor the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode of your browser. We also recommend that you regularly delete your cookies and your browser history manually.

4.8.4 Prevention of cookies
You can configure your browser settings as desired and refuse to accept third-party or any cookies. Please note that if you do so, you may not be able to use all functions of this website.

4.9 Website analysis
For the purpose of analysing and optimising our websites, we use various services, which are described below. For example, we may analyse how many users visit our site, which information is most in demand, or how users find the offer. Among other things, we collect data about the website from which a person has accessed a website (the so-called referrer), which subpages of the website were accessed, or how often and for how long a subpage was viewed. This helps us to design and improve our offers in a user-friendly way. The data collected are not used to personally identify individual users. Anonymous or at most pseudonymous data are collected. You always have the option of opting out (using a link or through the browser settings).

4.9.1 Google Tag Manager
For the sake of transparency, we hereby point out that we use the Google Tag Manager. The legal basis for the use of Google Tag Manager is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law The Google Tag Manager itself does not collect personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements, which, among other things, serve to measure traffic and visitor behaviour, determine the impact of online advertising and social channels, for remarketing purposes, setting up websites geared towards target groups, and for testing and optimising the website. We use the Google Manager for the Google AdWords and Google Analytics services by Google. If you have opted out, Google Tag Manager will take this into account. You can find more information about the Google Tag Manager here: https://www.google.com/analytics/tag-manager/use-policy/

4.9.2 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereafter: “Google”). Usage comprises the Universal Analytics operating mode. The legal basis for the use of Google Analytics is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law. The data stored by Google Analytics will be automatically deleted 14 months after their collection. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyse user's activities across devices.

Google Analytics uses cookies to help the website analyse how users use the site. The information generated by the cookie about your usage (e.g. the referring URL, pages visited on our website, the web browser you use, your language setting, the operating system you use or your screen resolution) will generally be transmitted to a Google server in the USA and stored there. The IP address is always transmitted in an anonymised form. As part of this, your IP address will be truncated by Google within the member states of the European Union or in other parties to the Agreement about the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. The IP address transmitted by your browser within the scope of Google Analytics will not be combined with other data from Google. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. For more information on the terms of use and the privacy policy, please visit https://www.google.com/analytics/terms.html or https://policies.google.com

You can prevent the use of cookies by selecting the corresponding settings on your browser; however, we would like to point out that if you do this, you may not be able to fully use all the functions provided on this website. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (including your IP address) and the processing of these data by Google by downloading and installing the browser plugin that is available at the following link: http://tools.google.com/dlpage/gaoptout. Opt-out cookies prevent any future collection of your data when you visit this website. In order to prevent data collection by Universal Analytics across multiple devices, you need to perform the opt-out on all systems you are using. Find out more about the opt-out cookie here.

Google is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

4.9.3 Google Customer Match
We use Google Customer Match. With this service, you can be shown targeted search results about our products and services when carrying out a search via Google or using Gmail or YouTube. To this end, we import encrypted e-mail lists that Google compares to its logged-in users. If there is a match, these target groups are activated for Google searches, on YouTube, Google Shopping, and for Vimcar ads/campaigns distributed through Gmail. The legal basis is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law . The data will be deleted as soon as a customer relationship no longer exists.

Google is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

4.9.4 Hotjar
This website uses Hotjar, analysis software of Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). The legal basis for the use of Hotjar is Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law. Hotjar makes it possible to measure and evaluate the usage behaviour on our website. By using this tool, we pay particular attention to the protection of your personal data. We can only track which buttons are clicked, the course of the mouse, how far it scrolls, the screen size of the device, device type and browser information, geographic location (country only) and the preferred language to display our website. Areas of the websites in which personal data from you or third parties is displayed are automatically hidden by Hotjar and can therefore not be traced at any time. In order to exclude the possibility of direct personal references, IP addresses are only stored and processed anonymously.The information about your visit to our website which is generated by the tracking code and cookie is transmitted to the Hotjar servers in Ireland and stored there. You can prevent the collection of your data by Hotjar here.

The privacy policy of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy/

4.9.5 Amplitude
We use the Amplitude product from Amplitude Inc., 501 2nd Street, Suite 100 San Francisco, CA 94107, USA in our applications. Amplitude allows us to better understand the usage behaviour of app users and make optimisations. For more information, see the Amplitude privacy policy: https://amplitude.com/privacy.

4.9.6 LinkedIn
We use the conversion tracking technology and retargeting feature of the LinkedIn Corporation on our website.
This technology makes it possible to deliver personalised ads to visitors of this website on LinkedIn. Furthermore, it allows for the generation of anonymous ad performance reports and information on website interaction. To this end, the LinkedIn Insight tag is included on this web page. A connection to the LinkedIn server is established if you visit this web page and are logged in to your LinkedIn account at the same time.
Please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy for more information on the collection and use of data, as well as the options and rights you have to protect your privacy. If you are logged in to LinkedIn, you can disable data collection at any time via the following link: https://www.linkedin.com/psettings/enhanced-advertising.Data processing is in each case justified according to Art. 6 para. 1 lit. f GDPR, on the basis of our legitimate interest in showing you personalised advertisement and the analysis of our website.

4.10 Cookies for marketing purposes
We use cookies for marketing purposes, in order to address our users with advertisements tailored to their interests. In addition, we use cookies to limit the likelihood of an advertisement being shown and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 para. 1 lit. f GDPR. These data are processed for these purposes on the basis of the legitimate interest in direct marketing. You have the right to object at any time to the processing of your data for the purpose of such advertising. In the following, we provide you with opt-out options for the respective services. Alternatively, you can prevent cookies from being set in your browser settings.

4.10.1 Criteo
We use the technology of Criteo (Criteo GmbH, Unterer Anger 3, 80331 Munich, Germany). This information about the surfing behaviour of website visitors is collected in purely anonymous form, and cookies are set, for marketing purposes. Criteo can thus analyse the surfing behaviour and then display targeted product recommendations as appropriate advertising banners when other web pages are visited. Under no circumstances can the data collected be used to personally identify the visitor of this website. The data collected by Criteo are solely used to improve the advertising offer. The data are not utilised in any other way nor are they passed on to third parties. You can find out further details from Criteo and register your objection to the anonymous analysis of your surfing behaviour on http://www.criteo.com/privacy.

4.10.2 Google Adwords and conversion tracking
To draw attention to our current services, we place Google Ads ads and use Google Conversion Tracking and the Google Tag Manager in this context, to offer personalised online ads tailored to interests and geographical location. The legal basis for the use of Google Ads and conversion tracking is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law . The option to anonymise the IP addresses is configured using an internal setting in the Google Tag Manager, which is not visible in the source of this page. This internal setting is configured such that the anonymisation is guaranteed. These ads appear after searches on websites of the Google Ad Network. We have the possibility to combine our ads with certain search terms. Cookies allow us to activate ads based on previous visits of a user to our website.

When you click on an ad, a cookie is set on the computer of the user. Further information on the cookie technology used can also be found in Google's notes on website statistics and in the data policy.With the help of this technology, Google and we as customers receive information that a user has clicked on an ad and has been redirected to our websites. The information obtained in this way is used exclusively for statistical evaluation for ad optimisation. We do not receive any information that personally identifies visitors. The statistics provided by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were forwarded to a page of our website with a conversion tag. Based on these statistics, we can trace the search terms for which our advertisement was clicked particularly often, and which advertisements lead to contact by the user via the contact form.

If you do not wish for this to take place, you can prevent the setting of the cookies required for these technologies, for example via the settings on your browser. In this case, your visit is not included in the user statistics. You can also use the ad settings to select Google ad types or disable interest-based ads on Google. Alternatively, you can disable the use of cookies by third parties by using the Network Advertising Initiative's disabling tool.

Google is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

4.10.3 Google Dynamic Remarketing
This website uses the Dynamic Remarketing function of Google AdWords, a service provided by Google Inc. . The legal basis for the use of Google Dynamic Remarketing is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law. The technology allows us to activate automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on during your last visit to our website.

Google uses cookies to create interest-based ads. Cookies are small text files that are stored in your browser when you visit our website. Google usually stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information is only used to assign the web browser to a particular computer. The data cannot be used to identify a person.

If you wish to object to user-based advertising by Google, you can disable the activation of ads through Google's ad settings.
Further information on the use of cookies by Google can be found in the Google privacy policy.

Google is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

4.10.4 Bing Ads
This website uses Bing Ads, a service of the Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads will place a cookie if you have accessed our website via a Microsoft Bing ad. In this way, it can be recognised that someone has clicked on an ad, has been redirected to our website, or has reached a previously defined target page (conversion page). The legal basis for the use of Bing Ads is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law . We only see the total number of users who clicked on a Bing ad and who were then redirected to the conversion page. No personal information about the identity of the user is disclosed. The collected data is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. For more information about Microsoft Bing's privacy practices and which cookies are used, please visit the Microsoft website.

Microsoft is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

4.10.5 Facebook Custom Audiences
We have integrated a small piece of JavaScript code on our website, the Custom Audience Pixel, a service of Facebook Inc., (1601 S. California Ave, Palo Alto, CA 94304, USA). This piece of code provides a series of features for sending application-specific events and user-defined data to Facebook. The legal basis for the use of Facebook Custom Audiences is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law. We use Custom Audience Pixel to collect information about how visitors use our site. This pixel collects information about the user's browsing session, a hashed version of the Facebook ID, and the URL being viewed, and reports it to Facebook. As such, each Facebook user has their own unique Facebook ID across various devices, which allows us to address and recognise the user across said devices on the Facebook social network, allowing us to again address our users for advertising reasons through Facebook ads. After 180 days, the user data will be deleted until the user revisits our website. Therefore, no personal information about the individual website visitors will be disclosed to Vimcar, and we will only be able to address target audiences of the website through our advertisements as soon as a critical numerical mass has been reached for said target audience.

Facebook is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

For more detailed information about Facebook and its privacy settings, please refer to the privacy policy and the terms of use of Facebook Inc.

4.10.6 Awin (Zanox)
We use the performance advertising network of AWIN AG (Eichhornstraße 3, 10785 Berlin, Germany). The legal basis for the use of Awinis your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law. As part of its tracking services, AWIN stores cookies on end devices of users who visit or use websites or other online services of its customers (e.g. subscribe to a newsletter or place an order with an online store) to document transactions (such as leads and sales). These cookies are solely used for the purpose of correctly assigning the success of an advertisement and relevant billing within its network. In doing so, AWIN does not collect, process, or use personal data. The cookie solely stores information about when a particular advertising medium was clicked on by an end device. A custom range of digits, which however cannot be traced back to the individual user, is stored in the AWIN tracking cookies; this allows for the partner program to document the advertiser, publisher, and the time of a user action (click or view). Over the course of this process, AWIN also collects information about the end device from which a transaction is carried out, e.g. the operating system and the accessing browser. These data will be deleted as soon as the purpose of storage in the form of a correct allocation of the success of an advertising medium has been achieved. You can make relevant settings in your browser if you do not wish for cookies to be placed. For more information, see the privacy policy of AWIN.

4.10.7 Twitter advertising
As part of usage-based online advertising, a tracking code (pixel) of Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) is placed on the website. The legal basis for the use of Twitter pixel is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law. Basically, a non-reversible and non-personal check sum (hash value) is generated from your usage data, which can be transmitted to Twitter for analysis and marketing purposes. Hereby, a Twitter cookie is set. Information about your activities on the website (e.g. surfing behaviour, visited subpages, etc.) is collected. In the context of the use of our website, data such as your IP address and your user activities are transmitted to Twitter servers and processed and stored within the European Union. We carry out this analysis on the basis of the tracking service of Twitter Advertising, in order to constantly optimize our Internet offer and make it better available. To prevent the pixel from executing its functions, you can install a script blocker such as noScript.

For more information on the purpose and scope of data collection and the further processing and use of your data, as well as the privacy settings, please refer to the privacy policy of Twitter.

4.10.8 Outbrain Amplify
We use the Amplify service of Outbrain Inc. (Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011) to present our website visitors relevant content. The legal basis for the use of Outbrain Amplify is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law. Hereby, a temporary cookie is set. This cookie does not store any personal data, but merely technical data (e.g. on your operating system) as soon as you interact with the Outbrain network. Your IP address is anonymised immediately on the Outbrain servers. The data collected by Outbrain is also Device type, browser type, operating system, the pages visited, the time of the visit, and referring URLs and other information normally transferred in HTTP requests. This data is regularly deleted 21 days after the last activity.

Further information is available in the Outbrain privacy policy. You can also use this link (https://www.outbrain.com/trust-and-transparency/) to set an opt-out cookie.

Outbrain is certified under the EU-US Privacy Shield and thus offers a guarantee of compliance with European data protection law.

4.11 Outgrow
We use a service of Outgrow (Outgrow., 401 Park Ave, 10th Floor, New York 10016) to enhance the experience of our users with appealingly designed forms. The legal basis is Art. 6 para. 1 lit. f GDPR or the equivalent provision under UK law . Our legitimate interest lies in being able to offer you a visually optimised presentation of our website. Outgrow requires access data (IP address) and input data, as well as technical data which we require for the proper technical functioning and maintenance of our service. The data is transferred to servers in the USA.

Outgrow is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

4.12 Google Fonts
We use Google Fonts, a service of Google Inc., to display our contents correctly and graphically appealing across all browsers. Integration of these web fonts is realised via JavaScript integrated on our website; the script accesses a Google server (typically in the USA) and downloads the relevant font. This process includes the transmission of your IP address to Google. According to the information provided by the company, Google limits processing to an evaluation in aggregated form. Please see Google's privacy policy for more information. To generally prevent the execution of JavaScript code, you can install a JavaScript blocker (e.g. www.noscript.net).

The legal basis is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law.

Google is certified under the EU-US Privacy Shield. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

4.13 Zapier
To create interfaces between programs and to enable an automated process for different applications, we use the cloud service Zapier on our website, which is operated by Zapier Inc. (548 Market St #62411, San Francisco, California 94104, USA). Customer data, with the exception of payment data, can be transmitted. The storage of data transmitted to Zapier within the scope of order processing is for a maximum period of seven (7) days. The utilization of Zapier is in the interest of an efficient structuring of the tools we use. This constitutes a legitimate interest within the meaning of Article 6 para. 1 lit. f GDPR.

Zapier is EU-US Privacy Shield certified. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

Please also note the privacy policy of Zapier.

4.14 Taboola
Our website uses technologies of Taboola Inc. (1115 Broadway, 7th Floor, New York, NY 10010, USA). Taboola records via cookies which websites you visit frequently and how you move around on our website. This makes it possible to recommend content that matches personal interests and allows us to tailor our services to individual needs. The legal basis for this is your consent according Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law . The cookie enables us to create pseudonymous user profiles and to recommend content that matches your personal interests. This enables us to design our offer individually for you.

Taboola uses cookies to collect the following user information: OS of the user; accessed web pages/content on our website; referrer/link through which the user came to our website; time and number of website accesses; accesses to error pages; location information (city and state) and the IP addresses in abbreviated form. These usage profiles do not enable any conclusions about individuals.

You can object to tracking by Taboola at any time by clicking on the "Opt-Out" field under the Taboola Privacy Policy, available at https://www.taboola.com/de/privacy-policy. The opt-out only applies to the device you are using and also loses its validity if you delete your cookies. A deletion of the data transmitted in this way will take place within 3 months.

Please also note the privacy policy of Taboola.


5. Data processing by our products

Data of Vimcar users must be collected and evaluated to properly fulfil the contractual objectives. Vimcar products can only be used by linking the Vimcar OBD dongle to the respective user account. The legal basis is Art. 6 para. 1 lit. b GDPR or the equivalent provision under UK law.

5.1 Collection of telematics data
The data obtained related to the use of the Vimcar products (e.g. driving data, mileage changes, engine speeds) will be transferred temporarily to our hardware provider Mobile Devices Engineering (100 Avenue de Stalingrad, 94800 Villejuif, France) in an encrypted and pseudonymised form. As such, there is no possibility of establishing a personal reference. These data are exclusively automatically transferred to Vimcar for the purpose of fulfilling the contractual objectives. Access to personal data only takes place with the consent of the user, for example as part of service measures.

5.2 Hosting und data storage
A permanent storage of all data takes place in the context of a data processing order on servers of Amazon Web Services, Inc. (410 Terry Ave North, Seattle, WA 98109-5210, US). The explicit server location is availability zone "eu-central-1" in Germany (Frankfurt am Main).

5.3 Use of Vimcar software applications
We use various services for the purpose of analysing, optimising, and improving the user friendliness of our software applications. For example, this allows us to analyse which functionalities are most in demand or how long users stay in certain areas of the application.


5.3.1 Google Analytics
We use Google Analytics in our software applications. Please refer to Section 4.9.2 for more detailed information


5.3.2 Google Maps
To visually represent your trips, we use the Google Maps service (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Our software applications have integrated Google Maps through an API to visually represent your geographic information. When using Google Maps, Google also collects, processes, and uses data about the use of Maps functions by visitors of the websites. For more information about how Google processes your data, please refer to Google's privacy policy.


6. Data processing when establishing contact

You can ask us questions and send us messages using the contact form, our e-mail addresses, the software applications, or via the telephone. We will solely process your data to contact you using your preferred method of communication and to process your request. The legal basis for this is, depending on the customer's request, Art. 6 para. 1 lit. a or b GDPR or the equivalent provision under UK law .


Vimcar uses communication service providers to receive and process requests. For example, Vimcar uses external customer service software from Zendesk (Zendesk Inc., 1019 Market Street San Francisco, CA 94103 United States) to process requests. Zendesk is EU-US Privacy Shield certified. Data processing in the USA in accordance with data protection regulations can therefore be guaranteed on the basis of the European Commission's decision on adequacy (2016/1250) in accordance with Art. 45 para. 1 GDPR or, where applicable, on the basis of UK data protection laws.

Please also note the privacy policy of Zendesk.


7. Are my data transmitted to third parties?

To make sure that Vimcar can process your data for the purposes described above, it may be necessary for recipients other than Vimcar to be able to view and process your data.


7.1 External service providers (processors)
Your data will be transmitted to external service providers if they are commissioned by us to process your data and support Vimcar in providing its services. If you, for example, subscribe to our newsletter, we have commissioned a service provider to distribute our mailings.
The processing of your personal data by commissioned service providers takes place as part of order processing in accordance with Art. 28 GDPR.

7.2 Other service providers, partners, and third parties
Vimcar might also cooperate with third parties if this is necessary to fulfil our range of services or if we are required by law to disclose data. These includes the following:

  • Bodies conducting credit checks
  • Public bodies
    or judicial order.



8. Will my data be processed outside the EU and how is the protection of my data ensured?

We place importance on processing your data within the European Union. However, we may use service providers who process data outside the EU. In these cases, we ensure that an appropriate level of data protection is established prior to the transfer. This means that a level of data protection is achieved that is comparable to the general principles of data transfer within the EU (cf. Art. 44 ff. GDPR or the equivalent provision under UK law) by applying EU standard contracts, an adequacy decision according to Art. 45 GDPR, appropriate guarantees according to Art. 46 GDPR or the equivalent provision under UK law or binding internal data protection regulations according to Art. 47 GDPR or the equivalent provision under UK law.


9. For how long will my data be stored?

As far as no explicit storage period is indicated in the context of the information provided above or during the collection, your personal data will be deleted as soon as the purpose of storage no longer applies and legal storage periods such as § 147 para. 1 AO, § 357 HGB and §§ 195, 199 BGB do not prevent a deletion. In these cases, the blocking or deletion of the data is carried out after expiry of the storage periods, unless there is a need for further storage of the data in order to conclude or fulfil a contract or to assert our rights.


10. What are my rights and where can I assert them?

You have the following rights concerning us regarding your personal data.

10.1 General rights
You have the right of access (Art. 15 GDPR or the equivalent provision under UK law) , rectification (Art. 16 GDPR or the equivalent provision under UK law ) and erasure (Art. 17 GDPR or the equivalent provision under UK law) of your data transmitted to us. In addition, you also have the right to data portability (Art. 20 GDPR or the equivalent provision under UK law ) and restriction of processing (Art. 18 GDPR or the equivalent provision under UK law ). If the processing is based on your consent (Art. 6 para. 1 lit. a GDPR or the equivalent provision under UK law), you have the right to withdraw this consent with effect for the future (Art. 21 GDPR or the equivalent provision under UK law).

As a rule, you can assert your rights informally and without giving reasons. It may be that in individual cases a copy of an identity document is required for identification purposes in order to clearly assign the stored data to your person and prevent improper requests for information. Information that is not necessary to establish your identity should blackened by you; you will be informed separately about that. The data on the ID or passport copy is subject to strict earmarking. They are therefore used by us exclusively for identity verification, but are not included in our database. Once your identity has been established, the proof is deleted from our data.

You can find further information here: https://ico.org.uk/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

10.2 Rights in data processing following a legitimate interest
Pursuant to Art. 21 para. 1 GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data on the basis of Art. 6 para. 1 lit. e GDPR or the equivalent provision under UK law (data processing in the public interest) or on the basis of Article 6 para. 1 lit. f GDPR (data processing to safeguard a legitimate interest), including profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights, and freedoms, or the processing is for the purpose of asserting, exercising, or defending legal claims. Please note that, if you object, you may no longer be able to use our products, as data processing might be required for their use.

10.3 Rights related to direct advertising
If the personal data that concerns you are being processed for direct marketing purposes, in accordance with Art. 21 para. 2 GDPR you have the right to refuse this processing at any time.; this also applies to profiling, insofar as it is associated with such direct marketing.
In the event of your objection to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

10.4 The right to lodge a legal complaint with a supervisory authority
You also have the right to complain about the processing of your personal data to a data protection supervisory authority.


11. Miscellaneous

11.1 Changes to the privacy policy
This privacy policy will be updated in the course of the further development of the Internet or our offer. Please regularly check this policy for changes. Significant changes will be announced in a timely manner.

11.2 Links to other websites
Our websites and our software apps may contain links to other providers’ websites. We would like to point out that this privacy policy applies exclusively to the websites and products offered by Vimcar. We do not control the compliance of other providers with the applicable data protection regulations nor have an influence on them.