This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, features, and content, as well as external online presences such as our social media profiles (hereinafter collectively referred to as the “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Motorjesus
Christof Birx
Nelkenweg 3
41366 Schwalmtal
Germany
Link to imprint: http://motorjesus.net/index.php/imprint.html
Types of data processed:
- Inventory data (e.g., names, addresses)
- Contact data (e.g., email, phone numbers)
- Content data (e.g., text input, photographs, videos)
- Usage data (e.g., visited websites, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of data subjects:
Visitors and users of the online offering (hereinafter collectively referred to as “users”).
Purpose of processing:
- Provision of the online offering, its functions, and content
- Responding to contact inquiries and communication with users
- Security measures
- Audience measurement/marketing
Terminology used:
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, ID number, location data, online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
“Processing” refers to any operation or set of operations which is performed on personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available.
“Pseudonymization” means the processing of personal data in such a manner that it can no longer be attributed to a specific data subject without the use of additional information.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
The “controller” is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The “processor” is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Legal bases:
In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. Unless otherwise stated, the following applies:
- Consent: Art. 6(1)(a), Art. 7 GDPR
- Contract performance and inquiries: Art. 6(1)(b) GDPR
- Legal obligation: Art. 6(1)(c) GDPR
- Legitimate interests: Art. 6(1)(f) GDPR
- Vital interests: Art. 6(1)(d) GDPR
Security measures:
In accordance with Article 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
This includes measures to protect the confidentiality, integrity, and availability of data, including physical access control, data access, input, transfer, and separation control. We also consider data protection in hardware, software, and procedure design in line with Article 25 GDPR.
Cooperation with processors and third parties:
Data is only disclosed or transferred to third parties based on legal permission, user consent, legal obligation, or our legitimate interests. If third parties process data on our behalf, it is based on a data processing agreement in accordance with Article 28 GDPR.
Transfers to third countries:
If we process data in a third country (outside the EU/EEA) or use third-party services, we do so only under the special conditions of Articles 44 ff. GDPR (e.g., adequacy decisions, standard contractual clauses).
Rights of data subjects:
- Right to confirmation and access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to lodge a complaint (Art. 77 GDPR)
Right of withdrawal:
You can revoke consent at any time with effect for the future (Art. 7(3) GDPR).
Right to object:
You can object to future data processing at any time (Art. 21 GDPR), particularly for direct marketing purposes.
Cookies and objection to direct marketing:
We use cookies to store user-specific information. Users can disable cookies via their browser settings. Permanent cookies may remain after closing the browser. Third-party cookies come from providers other than the website operator.
Objections to cookie use for online marketing can be declared via:
Data deletion:
Data is deleted as soon as it is no longer required and no legal retention obligations exist. If not deleted, processing is restricted.
Business-related processing:
We also process:
- Contract data (e.g., contract subject, duration, customer category)
- Payment data (e.g., bank details, payment history)
For the provision of contractual services, customer service, marketing, and market research.
Hosting and email delivery:
Our hosting services include infrastructure, computing capacity, storage, databases, email services, security, and maintenance. Data processed includes inventory, contact, content, usage, contract, and communication data.
Access data and log files:
We collect log data (e.g., page accessed, browser type, IP address) based on our legitimate interests (Art. 6(1)(f) GDPR). Log data is stored for up to 7 days.
Social media profiles:
We maintain presences on platforms like Facebook, Instagram, and Twitter to communicate and inform users. Their terms and privacy policies apply.
Integration of third-party services and content:
We integrate content (e.g., fonts, videos) from third parties (based on Art. 6(1)(f) GDPR). This requires the users’ IP addresses.
YouTube:
Videos from YouTube (Google LLC, USA) are embedded. Privacy policy: https://www.google.com/policies/privacy/
Google Fonts:
Fonts from Google LLC are embedded. Privacy policy: https://www.google.com/policies/privacy/
Facebook plugins:
We use Facebook plugins (Meta Platforms Ireland Ltd.). When interacting, Facebook may collect data including IP addresses. Privacy policy: https://www.facebook.com/about/privacy/
Instagram:
Instagram features may be embedded (Instagram Inc., USA). Privacy policy: http://instagram.com/about/legal/privacy/