Privacy Policy – apc – Automotive Parts Consulting SARL

According to: The General Data Protection Regulation (European Union) 2016/679 (“GDPR”)

Thank you for visiting our website. Our website address is: http://www.apc-eu.com.

The protection and confidentiality of your personal data is of particular importance for Automotive Parts Consulting SARL.

The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a regulation in European Union law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas.

The European Data Protection Regulation is applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe.

In this section we will inform you about the processing of personal data in connection with the services we offer at www.apc-eu.com that incorporate this Data Protection Policy. Personal data comprises all information that relates to an identified or identifiable natural person (Article 4 (1) GDPR). This includes information such as your name, e-mail address, postal address, or telephone number. Information that is not directly associated with your identity, e.g. the number of users of an internet site, does not fall within this scope.

1. Who is responsible for the processing of your personal data?

The data controller (hereinafter referred to as “apc” or “we”) in the sense of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Automotive Parts Consulting SARL
4a, Rue Henri M. Schnadt
L-2530 Luxembourg

Email Address: info@apc-eu.com
International telephone number: +352 20 3399 10

2. Contact details of the data protection officer

You can contact our data protection as follows:

Automotive Parts Consulting SARL
4a, Rue Henri M. Schnadt
L-2530 Luxembourg

Email Address: info@apc-eu.com
International telephone number: +352 20 3399 10

3. Purposes and legal basis of the data processing and period for which data will be stored

In the following we inform you about the different purposes for which we process personal data, on which legal basis such processing takes place, and for how long we store the data.

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR will be the legal basis. This also applies to processing operations required to carry out pre-contractual actions. If processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 (1) (c) GDPR is the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR is the legal basis for processing.

The personal data of the data subject will be stored for as long as the purpose continues.

4. General access to our Website

With each access to our website, we automatically collect data and information from the accessing device and store this data and information in the log files of the server. We may collect (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (known as referrers), (4) the sub-web pages that are accessed on our website (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used to defend any attacks against our IT systems. For security purposes, i.e. to be able to reconstruct an eventual attack against our website, we store such data including the IP address for 14 days and then anonymize or delete such data. The IP address is required during the connection to transfer the contents of our website to your device. The legal basis for the processing and storage of the IP address is a legitimate interest as per Article 6 (1) (f) GDPR. The legitimate interest for the transmission of the IP address is that it is required to display the contents of the website; without transmission of the IP address it is not possible to display the content of the website. The legimtiate interest for the temporary storage are our security interests.

5. Optimization of search and recommendation functions

We may also store information about your usage patterns on our website in order to create statistical models to make our website more user-friendly and, in particular, to optimize the functionalities. In this context we also save your IP address in a pseudonymized form (that means that a natural person can no longer be identified based purely on the information in the statistical model) to exclude automated accesses (bots) to our website when creating the statistical models. Legal basis for this purpose is Art. 6 (1) GDPR. Our legitimate interest is to ensure the functionality of the statistical model to improve our services. The IP address is deleted after one year.

6. Contact form and e-mail contact

Our website provides a contact form that can be used to contact us electronically. By clicking the consent box you explicitly agree to the transmission to us of the data entered in the input form. You additionally consent to the transmission by clicking the “Send” button. We save the date and time of your contact. Alternatively, contact via the e-mail address provided is possible. In this case, the user’s personal data transmitted along with e-mail and our response will be stored. The personal data voluntarily transmitted to us in this context is used to process your inquiry and to contact you as needed. The legal basis for the transmission of the data is Art. 6 (1) (a) GDPR. The data will be used for this purpose until the specific conversation with you has ended. The conversation will be deemed ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

7. Use of data processors for hosting and securing our website, administrative, troubleshooting, and support services

We use data processors, which we list below, to provide our services. The legal basis for using these data processors is legitimate interest under Art. 6 (1) (f) GDPR. The legitimate interest lies in the execution of our business activities, particularly to provide the services described elsewhere in this Data Protection Policy. No conflicting interest is apparent because we have entered into a data processing agreement with the respective processors under Art. 28 GDPR. We use data processors to host our website and for back-up services, meaning that personal data that is stored on our website is transferred to these data processors. These data processors will store the data for the same duration as it is stored on our website for the various purposes defined in this Data Protection Policy.

Strato AG

Website: https://www.strato.de

Address: Pascalstraße 10, 10587 Berlin

Telephone no.: +49 30 300 146 0

8. Proxy caching and web application firewall

Proxy caching and web application firewall services are solely carried out by Automotive Parts Consulting SARL. Google Re-Captcha

In specific cases we use the reCAPTCHA service https://www.google.com/recaptcha/intro/ by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”) based on a legitimate interest (i.e. the interest to ensure the correctness of data, avoidance of automatic registrations / orders by so-called bots, and economical operation of our online offering within the meaning of Art. 6 (1) f) GDPR).

Google is certified under the Privacy Shield Agreement and thus warrants that it complies with European privacy legislation (https://www.privacyshield.gov).

We use re-Captcha to distinguish whether an input is made by a human or abusively by automated, mechanical processing. The query in this context includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. Your input will be transmitted to Google and analyzed for this purpose.

For more information about Google reCAPTCHA and Google’s Data Protection Policy, please visit the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

9. Cookies and similar technology

Please refer to our Cookie Policy displayed on our website footer: Cookie Policy

10. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

Right of access

You may request confirmation from us as to whether we process personal data relating you. If such processing is taking place, you can request the following information from us:

the purposes for which the personal data is being processed;
the categories of personal data that are being processed;
the recipient or categories of recipient to whom the personal data concerning you has been or will be disclosed;
the envisaged period for which the personal data concerning you will be stored or, if no concrete information about this is possible, criteria used to determine that period;
the existence of a right to rectification or erasure of the personal data concerning you, a right restrict the processing of the data by the controller or a right to object to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
any available information about the origin of the data if the personal data was not collected from the data subject;
the existence automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and the intended effects of such processing for the data subject.

You have the right to request information about whether the personal data in question will be transferred to a third country or an international organization. In this context you can ask to be notified of the suitable safeguards in accordance with Art. 46 GDPR in the context of the transfer.

This right to information may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the data controller if the personal data concerning you that is being processed is incorrect or incomplete. The data controller must perform the rectification without undue delay.

Your right to rectification may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes.

Right to restriction of processing

If the following conditions are met, you can demand that the processing of the personal data concerning you is restricted:

if you contest the accuracy of the personal data relating for you for a that enables us to review the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and instead request a restriction of the use of the personal data;
we no longer require the personal data for the purposes of the processing, but you need it to establish, exercise, or defend legal claims, or
if you have objected to the processing in accordance with Art. 21 (1) GDPR and it has not yet been verified whether our legitimate reasons override yours.

If the processing of the personal data concerning you has been limited, this data – with the exception of being stored by you – may only be processed with your consent or for the purpose of establishing, exercising, or defending legal claims or to protect the rights of another natural or legal or on grounds of a compelling public interest of the EU or a Member State.

If a restriction of processing has been imposed in accordance with the above conditions, we will notify you before the restriction is lifted.

Your right to restrict processing may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes.

Right to erasure

You may request that we erase the personal data concerning you without undue delay, and we are obliged to erase this data without undue delay where one of the following grounds applies:

The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed.
You withdraw your consent upon which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and no other legal ground for the processing applies.
You object to the processing in accordance with Art. 21 (1) GDPR and no overriding legitimate grounds for the processing apply, or you raise an objection to the processing under Art. 21 (2) GDPR.
The personal data concerning you has been processed unlawfully.
The erasure of the personal data concerning you is required in order to comply with a legal obligation under EU law or the law of the Member States to which we are subject.
The personal data concerning you is collected in the context of information society services pursuant to Art. 8 (1).

Information to third parties

If we have published the personal data concerning you and we are obliged to delete it under Art. 17 (1) GDPR, we will take reasonable steps (including in terms of technical feasibility), taking account of the available technology and implementation costs, in order to notify the responsible data controller who is processing the data that you as a data subject have requested from them the erasure of all links to this personal data or copies or replications of this personal data.

There is no right to erasure if the processing is necessary:

for the exercise of the right to the freedom of expression and information;
to satisfy a legal obligation that requires the data to be processed under the law of the EU or the Member States to which the data controller is subject, or to perform a task that is carried out in the public interest or in the exercise of official authority vested in the data controller;
on grounds of the public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
for archiving purposes in the public interest, academic or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, provided the right specified under section a) is likely to render impossible or seriously impair the achievements of the objectives of this processing or
to establish, exercise, or defend legal claims.

Right to object

You have the right to object, on grounds relating to your specific situation to object, at any time to the processing of the personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; this also applies to any profiling based on those provisions.

In this case we will stop processing the personal data concerning you unless we can provide compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or the data is being processed for the purpose of establishing, exercising, or defending legal claims.

If the personal data concerning you is being processed for the purpose of conducting direct marketing, you have the right to object at any time to the processing of the personal data concerning you for such marketing; this also applies to any profiling connected to such direct marketing.

If you object to the data processing for the purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.

In the context of the use of information society services and Directive 2002/58/EC notwithstanding, you may exercise your right to object using automated means using technical specifications. Where personal data is processed for statistical purposes pursuant to Art. 89 (1) GDPR, you, on grounds relating to your specific situation, have the right to object to personal data concerning your being processed.

Your right to object may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying statistical purposes.

Right to withdraw the declaration of consent under data-processing law

You have the right to withdraw your declaration of consent under data-processing law at any time. Withdrawing the consent has no bearing on the lawfulness of any processing performed up to the point of the revocation.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision that is based solely on automated processing – including profiling – that produces legal effects on you or is similarly significantly affects you. This does not apply if the decision:

is necessary for the entering into or performing a contract between you and the data controller,
is authorized under legal provisions of the EU or the Member States to which the data controller is subject and these legal provisions contain adequate measures for safeguarding your rights and freedoms as well as your legitimate interests or
is made with your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and adequate safeguards to protect the rights and freedoms as well as your legitimate interests are in place.

As regards the cases stated in (1) and (3), we take adequate measures to your rights and freedoms as well as your legitimate interests, which include at least the right to have a person intervene on the data controller’s side, to present your own point of view, and to challenge a decision.

Right to lodge a complaint with a supervisory authority

Notwithstanding any other administrative or judicial legal remedy, you have the right to lodge a complaint with a supervisory authority in the Member State of your place of residence, your workplace, or the place of the alleged breach if you are of the opinion that the processing of the personal data concerning you breaches the GDPR.

The supervisory body to which the complaint was submitted will notify the complainant of the status and outcomes of the complaint including the option of a judicial remedy under Art. 78 GDPR.

No legal or contractual obligation to provide personal data; Consequence of non-provision

You have no legal or contractual obligation to provide personal data on our website. However, you may not use all of the services we offer if you do not wish to provide the personal data requested on our website.

11. Amendment of the data protection policy; amendment of purpose

We reserve the right to amend this Data Protection Policy in consideration of stipulations under data-protection law. You will always be able to locate the current version here or another corresponding, easily locatable point of our website or app. If we are intending to process your data for other purposes, i.e. those for which it was collected, we will notify you about this in advance in compliance with the statutory provisions.