1. information on the collection of personal data
In the following we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses or user behaviour.
The person responsible pursuant to Art. 4 para. 7 of the EU Data Protection Basic Regulation (GDPR) is Delticom AG, Brühlstr. 11, D-30169 Hanover, Germany, telephone: 49(0)511-87989280, e-mail: firstname.lastname@example.org, website: http://www.tyrechallenge.com/. You can reach our data protection officer at email@example.com or our postal address with the addition “the data protection officer”.
2. Purposes and legal bases of the processing
Unless otherwise described or specified, the purpose of our data processing activities is the pursuit of our own business purposes.
We use different legal bases for data processing:
If you give us consent for certain processing operations of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR is the legal basis (hereinafter also referred to as “consent“).
If the processing of personal data is necessary to initiate or fulfil a contract for which you are a (possible) contracting party, e.g. if you submit product enquiries to us and/or register for an event, Art. 6 Para. 1 S. 1 lit. b GDPR is the legal basis (hereinafter also referred to only as “fulfilment of contract”).
If the processing of personal data is necessary to fulfil a legal obligation, e.g. to fulfil tax archiving obligations or obligations under the Money Laundering Act or the Stock Corporation Act, Art. 6 para. 1 lit. c GDPR is the legal basis.
If the processing of personal data is necessary to protect the vital interests of the person concerned or another natural person, e.g. if a visitor to one of our camps would injure himself or herself and his or her data would have to be passed on to a doctor and/or hospital, Art. 6 para. 1 sentence 1 lit. d GDPR is the legal basis.
The processing of personal data may be permissible under data protection law pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR if it is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate (hereinafter also referred to as “legitimate interest”). We regard the performance and expansion of our business activities in favour of safeguarding the jobs of our employees and for the welfare of our shareholders as our fundamental interest. Thus, a legitimate interest can be assumed if the person concerned and the company are in a customer relationship (recital 47 sentence 2 of the GDPR) or if personal data are processed for purposes of direct marketing.
3. Your rights
You have the following rights against us with regard to the personal data concerning you:
Right of access,
Right to rectification or cancellation,
Right to limit the processing,
Right to object to the processing,
Right to data transmission.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. This is the State Data Protection Commissioner for Lower Saxony, Prinzenstr. 5, 30159 Hanover, www.lfd.niedersachsen.de.
4. The existence of automated decision-making (including profiling)
5. Objection or revocation against the processing of your data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us.
Insofar as we base the processing of your personal data on a weighing of interests, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the case of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising objection under the contact data mentioned in point 1.
6. Recipients and categories of recipients of your personal data
We make use of internal and external service providers for the purposes of contract implementation, improving our services, safeguarding legal interests and for marketing purposes. Personal data may be transmitted to specialist trade partners (e.g. at the customer’s request in the case of a different delivery address), external payment, package, credit information, address and personal verification and/or customer service providers. We cooperate with carefully selected partners, who have to process the communicated data for a specific purpose. Furthermore, we may be obliged by law to transmit data to courts, authorities or public or private insurers.
For your further information, we explain individual data processing operations as follows:
Affiliated companies: We pass on personal data to affiliated companies within the Delticom Group for the purpose of order processing and bundling work processes. According to recital 48 of the GDPR, intra-group data transfers are recognised as a legitimate interest, so that we refer to Art. 6 para. 1 sentence 1 lit. f GDPR with regard to admissibility. It is our legitimate interest to bundle work processes within the group for a specific purpose, if a sufficient level of data protection is nevertheless guaranteed. Further information on the Delticom Group can be found at https://www.delti.com/.
Service providers: We commission other companies and individuals. Examples include parcel delivery, sending letters or e-mails, processing payments and repayments (credit card, direct debit and invoice purchase), address verification, maintaining our customer lists, analysing our databases, advertising measures and customer service.
In the event of complaints or legal disputes, personal data may also be passed on to courts, lawyers or experts. The data is passed on to fulfil legal or contractual obligations arising from the purchase contract and/or to safeguard other legal interests (e.g. in court proceedings).
Official requests for information/prevention of fraud: We disclose customer accounts and personal data about customers if we are legally obliged to do so or if such disclosure is necessary in order to enforce our general terms and conditions or other agreements or to protect our rights as well as the rights of our customers and those of third parties. This includes exchanging information with companies that specialize in preventing and minimizing fraud and credit card fraud.
Service providers outside the EU/EEA: We use US service providers in particular for web analysis and online advertising (see below). We make sure that these companies have joined the so-called EU-USA Privacy Shield: www.privacyshield.gov. If the European Commission has not issued an adequacy decision for the third country in question, EU standard contract clauses should be used. In addition, we oblige all relevant service providers pursuant to Art. 28 para. 4 GDPR to comply with sufficient and appropriate guarantees within the meaning of Art. 44 et seq. of the GDPR (transfer to third countries).
7. Criteria for the storage of personal data
We delete personal data as soon as the purpose of its storage no longer applies and no legal archiving obligations apply or we have for other reasons a legitimate interest in further storage of the data. Storage may be subject to national or European laws, in particular due to tax law or commercial law retention obligations, which we must comply with. For example, we must store invoice data.
If we answer other questions without a current contractual relationship, we store this communication for three years on the basis of the statutory limitation periods, unless the above-mentioned commercial and tax storage periods must be observed. The storage for three years takes place in our legitimate interest for any legal defense against asserted claims based on our information. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR.
We store any rights asserted (e.g. request for information), our reply and any further correspondence for verification purposes. In accordance with the statutory limitation periods, we assume a deletion period of three years. The permissibility of storage follows from Art. 6 Para. 1 S. 1 f GDPR (“legitimate interest”). It is our legitimate interest to be able to provide evidence of the fulfilment of our legal obligations until possible claims arising from your inquiry become statute-barred. This also serves our internal accountability according to Art. 5 para. 2 GDPR.
8. Amendment of the data protection declaration
For legal and/or organizational reasons, changes or adjustments to our data protection declaration may become necessary in the future, even at short notice. Please note the current version of our data protection declaration.
II. Data processing for individual types of use
1. Collection of personal data when visiting our website
If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Contents of the request (concrete page)
Access status/HTTP status code
amount of data transferred in each case
Website from which the request originates
Operating system and its interface
Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which the location that sets the cookie (here by us), certain information flows. They serve to make the Internet offer more user-friendly and more effective overall and to place user behaviour-based online advertising. Please note the detailed information below on web analysis and online advertising.
2. Registration for the Tyre Challenge
When you register for the Tyre Challenge, we collect the following personal data:
Name, first name, e-mail address, telephone number, time of registration, time of your last update, your IP address and an identification number.
We only collect the telephone number if you provide us with this information voluntarily.
We process all personal data for the purpose of planning and carrying out the event. If you register for the newsletter, we also process your data accordingly for marketing purposes. The legal basis for this is Art. 6 Para. 1 S.1 lit. b GDPR (“fulfilment of contract”).
3. Data collection of the winners of the Tyre Challenge
We also request the address data (street, house number, postcode, city, country) of the Tyre Challenge winners. We process this data for the purposes of notification of winnings and distribution of prizes. The legal basis for this is Art. 6 Para. 1 S.1 lit. b GDPR (“performance of contract”).
4. Establishing contact/complaints/enquiries
When you contact us, make a complaint or make any other enquiry to us by e-mail, telephone or via a contact form, the data you provide (e.g. your e-mail address, possibly your name, telephone number) will be stored by us in order to answer your questions.
If you are a participant in the Challenge and have questions or a complaint about the event, for example, the legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b GDPR (“fulfilment of contract”). If you are not a customer of ours, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (“legitimate interest”).
This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies are automatically deleted when you close your browser. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
- Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your end device. These objects store the required data regardless of the browser you are using and do not have an automatic expiration date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.
Cookies, which are used for range measurement and advertising purposes, can be deactivated via the following pages:
6. Use of social media
By participating in the Tyre Challenge competition, you grant the organizer the right to use/extract portions from the uploaded and posted video for marketing purposes.
We currently use the following social media plug-ins: Facebook, Google+, Twitter, Instagram, YouTube. We use the so-called two-click solution for this. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the respective logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have called up the corresponding website of our online service. In addition, the data mentioned under this declaration will be transmitted. In the case of Facebook, the IP address is made anonymous immediately after collection, according to information provided by the respective provider in Germany. When the plug-in is activated, personal data is transferred from you to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing and/or the storage periods of the provider. We also do not have any information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation takes place in particular (also for users who are not logged in) for the purpose of presenting demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our services and make them more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 S. 1 lit. f GDPR (“legitimate interest”).
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid being assigned to your profile by the plug-in provider.
Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options to protect your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
Facebook Inc. 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc. 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Facebook Inc.. Information on data protection: https://help.instagram.com/155833707900388
YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC. Information on data protection and compliance with the EU-US Privacy Shield: https://policies.google.com/privacy?hl=en&gl=en
7. Company pages in social networks
We have various company presences in social networks such as Facebook or Twitter. Please also note the corresponding data protection information, which you can access from the respective presence.
We offer you the possibility to subscribe to our free newsletter. After placing an order, we also offer this possibility. We only send out newsletters if you have given us permission to do so or if you have given us legal permission to do so.
We use the so-called double opt-in procedure to prevent unauthorised entry of third-party e-mail addresses for our newsletter distribution list. After registration you will receive a confirmation e-mail. Only after confirmation of the e-mail address will an e-mail address be registered. The registration process is logged in order to meet our legal obligations to provide evidence. These data are subject to a retention obligation of three years, beginning in the following year after the newsletter has been sent. The legal basis for this is Art. 6 Para. 1 S. 1 lit. f GDPR (“legitimate interest”). It is our legitimate interest to record proof of registration until the expiry of the limitation period for any claims arising from the sending of the newsletter.
If you do not wish to receive such offers, you can, for example, contact us at any time using the contact form or send us an e-mail to firstname.lastname@example.org.
III. Web analysis/user behaviour-based online advertising
1. General information
Unless otherwise described below, Art. 6 para. 1 sentence 1 lit. f GDPR (“legitimate interest”) serves as the legal basis for all types of use mentioned in the area of web analysis and online advertising:
- As online merchants, we are instructed to adapt our services to user behaviour and technical developments (e.g. orders via smartphones instead of desktops or laptops).
- As a commercially managed listed company, we act with the intention of making a profit and the placement of advertising is an essential component and a fundamental interest of companies recognised by the Basic Data Protection Ordinance. As an online retailer, user behaviour-based advertising is particularly important in order to be able to address potential customers as precisely as possible. We consider this to be our legitimate interest. From the user’s point of view, this usually does not lead to a qualitative “more” of advertising. The advertising, however, corresponds to a presumed interest of the user, which means that the advertising is generally less annoying.
Cookies, which are used for range measurement and advertising purposes, can be deactivated via the following pages:
2. Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. “(“Google”). Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google in advance within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are shortened for further processing and that it is not possible to identify you as a person. As far as the data collected about you is personal, this is immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
3. Google Universal Analytics
We also use Google’s universal analytics capabilities to collect and analyze socio-demographic information about website visitors for analysis purposes using a Google ID (if assigned) and cookies generated by Google’s advertising campaigns. If a Google ID is available, this data is also recorded across devices for more precise analysis (e.g. if website visitors use different end devices, e.g. PC and smartphone).
Objection possibility: You can object to the collection and storage of data by Google at any time with effect for the future. To do this, you can download and install a browser plug-in published by Google at https://tools.google.com/dlpage/gaoptout?hl=en.
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
This website also uses Google Analytics for a cross-device analysis of visitor flows conducted through a User ID. You can deactivate the cross-device analysis of your use in your customer account under “My data”, “Personal data”.
4. Google Web Font
We use the script and font library Web Fonts of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA (“Google”). The integrated fonts are provided by Google. When you visit our website, the fonts are transferred to the cache of your browser by Google. This enables us to display our content correctly and attractively across browsers and, if necessary, to reduce loading times if the fonts have already been uploaded in the browser. If your browser technically prevents this, the contents will be displayed in a standard font.
When your browser connects to Google, the data specified in Section II 1 are transferred to Google.
Calling up script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – but currently unclear whether and, if so, for what purposes – for the operators of such libraries to collect data.
Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy.
Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
5. Facebook Pixel
We use Facebook Pixel, Facebook Custom Audiences and Facebook Conversion from Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. For European Union users, “Facebook Pixel” is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When you enter the website, a so-called tracking pixel is called up by Facebook’s servers. The tracking pixel allows an interest-based, user behavior-based and personalized advertising approach, which can also be displayed on other of your end devices (e.g. tablet or smartphone) as well as on other websites.
For more information about Facebook’s privacy practices, visit http://www.facebook.com/policy.php
More information about data collection on Facebook: http://www.facebook.com/help/186325668085084, and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Status August 2023