Privacy Policy
Preamble
With the following privacy policy we would like to inform you about the types of personal data (hereinafter
also referred to as "data") we process, for which purposes and to what extent in the context of providing our
application.
The terms used are not gender-specific.
Last Update: 19. June 2020
Table of contents
• Preamble
• Controller
• Overview of processing operations
• Legal Bases for the Processing
• Security Precautions
• Transmission and Disclosure of Personal Data
• Data Processing in Third Countries
• Special Notes on Applications (Apps)
• Purchase of applications via Appstores
• Registration, Login and User Account
• Profiles in Social Networks (Social Media)
• Erasure of data
• Changes and Updates to the Privacy Policy
• Rights of Data Subjects
Controller
EDS Fahrzeugtechnik GmbH
Zechenstraße 19
45772 Marl
Authorised Representatives: Dipl. Ing. Arno Schindler
E-mail address: info@eds-motorsport.de
Legal Notice: https://www.eds-motorsport.de/shop_content.php?coID=4
Overview of processing operations
The following table summarises the types of data processed, the purposes for which they are processed and
the concerned data subjects.
Categories of Processed Data
• Inventory data (e.g. names, addresses).
• Contact data (e.g. e-mail, telephone numbers).
• Meta/communication data (e.g. device information, IP addresses).
• Location data (Data that indicates the location of the end device of an end user).
Categories of Data Subjects
• Customers.
Purposes of Processing
• contact requests and communication.
• Security measures.
• Contractual services and support.
• Managing and responding to inquiries.
Legal Bases for the Processing
In the following we inform you about the legal basis of the General Data Protection Regulation (GDPR), on
the basis of which we process personal data. Please note that, in addition to the regulations of the GDPR,
the national data protection regulations may apply in your country or in our country of residence or domicile.
If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the
data protection declaration.
• Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of his
or her personal data for one or more specific purposes.
• Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a
contract to which the data subject is party or in order to take steps at the request of the data
subject prior to entering into a contract.
• Legitimate Interests (Article 6 (1) (f) GDPR) - Processing is necessary for the purposes of the
legitimate interests pursued by the controller or by a third party, except where such interests are
overridden by the interests or fundamental rights and freedoms of the data subject which require
protection of personal data.
National data protection regulations in Germany: In addition to the data protection regulations of the
General Data Protection Regulation, national regulations apply to data protection in Germany. This includes
in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data
Protection Act - BDSG). In particular, the BDSG contains special provisions on the right to access, the right to
erase, the right to object, the processing of special categories of personal data, processing for other
purposes and transmission as well as automated individual decision-making, including profiling. Furthermore,
it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with
regard to the establishment, execution or termination of employment relationships as well as the consent of
employees. Furthermore, data protection laws of the individual federal states may apply.
Security Precautions
We take appropriate technical and organisational measures in accordance with the legal requirements, taking
into account the state of the art, the costs of implementation and the nature, scope, context and purposes
of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural
persons, in order to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by
controlling physical and electronic access to the data as well as access to, input, transmission, securing and
separation of the data. In addition, we have established procedures to ensure that data subjects' rights are
respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we
take the protection of personal data into account as early as the development or selection of hardware,
software and service providers, in accordance with the principle of privacy by design and privacy by default.
SSL encryption (https): In order to protect your data transmitted via our online services in the best
possible way, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in
the address bar of your browser.
Transmission and Disclosure of Personal Data
In the context of our processing of personal data, it may happen that the data is transferred to other places,
companies or persons or that it is disclosed to them. Recipients of this data may include, for example,
payment institutions within the context of payment transactions, service providers commissioned with IT
tasks or providers of services and content that are embedded in a website. In such a case, the legal
requirements will be respected and in particular corresponding contracts or agreements, which serve the
protection of your data, will be concluded with the recipients of your data.
Data Processing in Third Countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area
(EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer
of data to other persons, bodies or companies, this will only take place in accordance with the legal
requirements.
Subject to express consent or transfer required by contract or law, we process or have processed the data
only in third countries with a recognised level of data protection, which includes US processors certified
under the "Privacy Shield" or on the basis of special guarantees, such as a contractual obligation through socalled
standard protection clauses of the EU Commission, the existence of certifications or binding internal
data protection regulations (Article 44 to 49 GDPR, information page of the EU Commission: https://
ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
Special Notes on Applications (Apps)
We process the data of the users of our application to the extent necessary to provide the users with the
application and its functionalities, to monitor its security and to develop it further. Furthermore, we may
contact users in compliance with the statutory provisions if communication is necessary for the purposes of
administration or use of the application. In addition, we refer to the data protection information in this
privacy policy with regard to the processing of user data.
Legal basis: The processing of data necessary for the provision of the functionalities of the application
serves to fulfil contractual obligations. This also applies if the provision of the functions requires user
authorisation (e.g. release of device functions). If the processing of data is not necessary for the provision of
the functionalities of the application, but serves the security of the application or our business interests (e.g.
collection of data for the purpose of optimising the application or security purposes), it is carried out on the
basis of our legitimate interests. If users are expressly requested to give their consent to the processing of
their data, the data covered by the consent is processed on the basis of the consent.
Commercial use: We process the data of the users of our application, registered and any test users
(hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on
the basis of legitimate interests to ensure the security of our application and to develop it further. The
required details are identified as such within the scope of the conclusion of a contract for the use of the
application, the conclusion of an order, an order or a comparable contract and may include the details
required for the provision of services and any invoicing as well as contact information in order to be able to
hold any consultations.
Device authorizations for access to functions and data: The use of certain functions of our application
may require access to the camera and the stored recordings of the users. By default, these authorizations
must be granted by the user and can be revoked at any time in the settings of the respective devices. The
exact procedure for controlling app permissions may depend on the user's device and software. Users can
contact us if they require further explanation. We would like to point out that the refusal or revocation of the
respective authorizations can affect the functionality of our application.
Location history and movement profiles: The location data is only used selectively and is not processed
to create a location history or a movement profile of the devices used or of their users.
• Processed data types: Inventory data (e.g. names, addresses), Meta/communication data (e.g.
device information, IP addresses), Location data (Data that indicates the location of the end device
of an end user).
• Data subjects: Users
• Purposes of Processing: Contractual services and support.
• Legal Basis: Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article
6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Purchase of applications via Appstores
The purchase of our apps is done via special online platforms operated by other service providers (so-called
"appstores"). In this context, the data protection notices of the respective appstores apply in addition to our
data protection notices. This applies in particular with regard to the methods used on the platforms for
webanalytics and for interest-related marketing as well as possible costs.
• Processed data types: Inventory data (e.g. names, addresses), Payment Data (e.g. bank details,
invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g.
contract object, duration, customer category), Usage data (e.g. websites visited, interest in content,
access times), Meta/communication data (e.g. device information, IP addresses).
• Data subjects: Customers.
• Purposes of Processing: Contractual services and support.
• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate
Interests (Article 6 (1) (f) GDPR).
Services and service providers being used:
• Apple App Store: App and software distribution platform; Service provider: Apple Inc., Infinite
Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/ios/app-store/; Privacy Policy:
https://www.apple.com/privacy/privacy-policy/.
• Google Play: App and software distribution platform; Service provider: Google Ireland Limited,
Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA; Website: https://play.google.com/store/apps?hl=en;
Privacy Policy: https://policies.google.com/privacy.
Registration
When using the system for the first time, users must enter their customer data. Within the scope of
registration, the required mandatory information is communicated to the users and processed for the
purposes of providing the user account on the basis of contractual fulfilment of obligations. The data entered
during registration will be used for the purposes of using the user account and its purpose.
Users may be informed by e-mail of information relevant to their device, such as technical changes. We are
entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of using our registration as well as the use of the device, we store the IP address and the
time of the respective user action. The storage is based on our legitimate interests, as well as the user's
protection against misuse and other unauthorized use. This data will not be passed on to third parties unless
it is necessary to pursue our claims or there is a legal obligation to do so.
• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail,
telephone numbers), Meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users
• Purposes of Processing: Contractual services and support, Security measures, Managing and
responding to inquiries.
• Legal Basis: Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article
6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Profiles in Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context in order to
communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may entail
risks for users, e.g. by making it more difficult to enforce users' rights. With regard to US providers certified
under the Privacy Shield or offering comparable guarantees of a secure level of data protection, we would
like to point out that they thereby commit themselves to comply with EU data protection standards.
In addition, user data is usually processed within social networks for market research and advertising
purposes. For example, user profiles can be created on the basis of user behaviour and the associated
interests of users. The user profiles can then be used, for example, to place advertisements within and
outside the networks which are presumed to correspond to the interests of the users. For these purposes,
cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are
stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users
(especially if the users are members of the respective networs or will become members later on).
For a detailed description of the respective processing operations and the opt-out options, please refer to the
respective data protection declarations and information provided by the providers of the respective networks.
Also in the case of requests for information and the exercise of rights of data subjects, we point out that
these can be most effectively pursued with the providers. Only the providers have access to the data of the
users and can directly take appropriate measures and provide information. If you still need help, please do
not hesitate to contact us.
• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail,
telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites
visited, interest in content, access times), Meta/communication data (e.g. device information, IP
addresses).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of Processing: contact requests and communication, Targeting (e.g. profiling based on
interests and behaviour, use of cookies), Remarketing, Web Analytics (e.g. access statistics,
recognition of returning visitors).
• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Services and service providers being used:
• Instagram : Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA,
94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/
legal/privacy.
• Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand
Canal Harbour, Dublin 2, Irland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025,
USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy;
Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://
www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-Out: Settings for
advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data
protection: Agreement on the joint controll of processing of personal data on Facebook pages:
https://www.facebook.com/legal/terms/page_controller_addendum, privacy policy for Facebook
pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Erasure of data
The data processed by us will be erased in accordance with the statutory provisions as soon as their
processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no
longer applies or they are not required for the purpose).
If the data is not deleted because they are required for other and legally permissible purposes, their
processing is limited to these purposes. This means that the data will be restricted and not processed for
other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for
which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another
natural or legal person.
Further information on the erasure of personal data can also be found in the individual data protection
notices of this privacy policy.
Changes and Updates to the Privacy Policy
We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will
adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you
as soon as the changes require your cooperation (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, we
ask you to note that addresses may change over time and to verify the information before contacting us.
Rights of Data Subjects
As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15
to 21 of the GDPR:
• Right to Object: You have the right, on grounds arising from your particular situation, to
object at any time to the processing of your personal data which is based on letter (e) or
(f) of Article 6(1) GDPR , including profiling based on those provisions.Where personal
data are processed for direct marketing purposes, you have the right to object at any
time to the processing of the personal data concerning you for the purpose of such
marketing, which includes profiling to the extent that it is related to such direct
marketing.
• Right of withdrawal for consents: You have the right to revoke consents at any time.
• Right of access: You have the right to request confirmation as to whether the data in question will
be processed and to be informed of this data and to receive further information and a copy of the
data in accordance with the provisions of the law.
• Right to rectification: You have the right, in accordance with the law, to request the completion
of the data concerning you or the rectification of the incorrect data concerning you.
• Right to Erasure and Right to Restriction of Processing: In accordance with the statutory
provisions, you have the right to demand that the relevant data be erased immediately or,
alternatively, to demand that the processing of the data be restricted in accordance with the
statutory provisions.
• Right to data portability: You have the right to receive data concerning you which you have
provided to us in a structured, common and machine-readable format in accordance with the legal
requirements, or to request its transmission to another controller.
• Complaint to the supervisory authority: You also have the right, under the conditions laid down
by law, to lodge a complaint with a supervisory authority, in particular in the Member State of your
habitual residence, place of work or place of the alleged infringement if you consider that the
processing of personal data relating to you infringes the GDPR.