Privacy information
We are pleased that you are interested in Volkswagen Classic Parts and that you have got in touch with us by visiting our website.
This website is a service of Weser-Ems Vertriebsgesellschaft mbH, Theodor-Heuss-Str. 28b, 38444 Wolfsburg, Germany, email: kundensupport@vw-classicparts.de, entered in the trade register of the District Court of Bremen under No. HRB 4392 (data controller).
This page gives you information about what legislation-protected data is gathered by us when you visit our website and view individual pages, whether we store this data and what we do with it.
Overview of content of the privacy information:
B. Collection and use of your information
1. Access to the website, retrieving files
2. Ordering of goods, registration with the online shop, price enquiries
2.1. Ordering certificates and data sheets
2.2. Credit assessment
2.3. Optional spare parts search with vehicle identity number (VIN)
2.4. Other purposes of processing and legal bases
2.5. How long do we store your data?
3. Contact form
4. Order our newsletter subscription
5. Social media channels and fan pages
5.1. Facebook and Instagram (Meta)
6. Tracking and cookies
6.1. Google Tag Manager
6.2. Google Analytics 4 with Server-Side Tracking
6.3. Google AdWords Remarketing & Conversion Tracking
6.4. Facebook Website Custom Audiences using pixel
6.5. Facebook Conversion Pixel
6.6. User Centrics Consent Management Platform
7. Further services
7.1. Trusted Shops
7.2. Competitions at events
7.3. Competition on Social Media
8. Image, sound and video recordings at events
9. Third country transfer of personal data
A. General information
The laws on data protection protect personal data. "Personal data" is individual details about personal or factual circumstances of an identified or identifiable natural person (a human). This includes, for example, their name, postal or email address, as well as an indication as to when this person viewed which webpage.
B. Collection and use of your information
1. Access to the website, retrieving files
You can visit our website without disclosing any personal information.
When you visit our website and view a single webpage, you are retrieving individual files, which that webpage is made up of. The retrieval of these files is stored in a log file (a simple text file), each of which contains the following information for each retrieval:
- the IP address of the computer you use to retrieve the file;
- the date and time of the retrieval;
- name of the file that was retrieved;
- status of the transmission (successful or aborted);
- from which webpage the file was originally requested and
- with which browser, operating system, and with what surface the file was requested.
Such technical recordings are typical, and are performed by virtually every web server.
We use this log in order to be able to identify and resolve technical errors on our website, and so to improve the quality of our website from a technical point of view. We also use the data in order to be able to uncover and prevent any misuse of our website in the future. In addition, we reserve the right to statistical evaluate anonymous records from this log file, in order to improve our website.
The legal basis of the processing: Article 6(1f) GDPR. Our legitimate interests: technical maintenance of the operation of the website; service improvement of the website offering; prevention of abuse.
We will not use personal data stored in this log file, nor merge it with other data sources.
We will delete the data stored in the log file after 7 days.
Our web hoster, Corpex Internet GmbH, and our service providers TechDivision GmbH are also informed of this data.
2. Orders, price enquiries for goods and vouchers, registration in the online shop, customer account.
You can order or enquire with us via our online shop, by e-mail or also by telephone.
In doing so, we process the personal data (Art. 6 para. 1 lit. b GDPR) you provide: identification data, address data and contact data, your bank details, your order data such as the date of the order and the products ordered, data about payment, sales data, information about goods you have already ordered, and about discounts.
When purchasing a voucher, a recipient can be entered, whom we only can inform about the data processing, when the recipient redeems the voucher in our Online Shop with this privacy information.
For the purpose of your registration and in your customer account, we will likewise process the data, so that we can deal with your order or request. This involves the same data.
In order to deal with your orders and requests, we will forward your information to our service providers: Volkswagen AG, TechDivision GmbH.
To process your delivery, we will transfer your data to our transport service providers, such as UPS. The privacy policies of these companies will apply.
Depending on the selected payment method, we transmit your data via our service provider Adyen N.V. to banks or payment service providers to process the payment. Further information on data protection at Adyen N.V. can be found here.
Banks and payment service providers can be:
Credit cards & debit cards:
Concardis GmbH
privacy statement of this provider: https://www.concardis.com/de-en/protecting-your-data
Means of payment: Visa, Mastercard
American Express Payment Services Limited, privacy statement of this provider:
https://www.americanexpress.com/de/content/privacy-policy.html?inav=de_legalfooter_dataprivacy
Means of payment: American Express credit cards
Carte Bancaire
Privacy statement of this provider: https://www.cartes-bancaires.com/protegezvosdonnees/
Means of payment: Carte Bancaires credit cards
Other payment providers:
PayPal
Privacy statement of this provider: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
iDEAL
Privacy statement of this provider: https://www.ideal.nl/en/disclaimer-privacy-statement/
PayU
Privacy statement of this provider: https://corporate.payu.com/privacy/
- Volkswagen Bank GmbH,
- Volkswagen AG
- one of the main banks we use.
We have a legitimate interest in protecting ourselves from attempted fraud. For this purpose, we evaluate customer payment behaviour. However, no automatic decision-making takes place. Our service provider, Adyen N.V., processes your payment data, contact details, IP addresses, device identifiers, cookies and possible information on fraudulent activities from other third parties, such as issuing banks, service providers or owners of payment systems, on our behalf in a risk management system.
We have put appropriate safeguards in place to protect your data when it is transferred outside the EEA. When we transfer data to Adyen's group companies, it is protected by an intra-group agreement that contains standard contractual clauses. The standard contractual clauses apply for service providers located in the United States and other service providers located outside the EEA. We will delete any data if the purpose for which we are storing your data ceases to exist. In the event that a trade or tax-based archiving obligation exists, we will only delete it upon expiry of this retention period. You can find further information in the data protection information of Adyen N.V.
If, for example, you place an order at an event and pay immediately with your debit card or credit card, we process the payment via our service provider Concardis GmbH, which carries out the settlement with banks or payment service providers for us. Further information on data protection at Concardis GmbH can be found here.
Should you fall behind with the payment of your invoice, we will transmit your data to Creditreform Hannover-Celle Bissel KG to support our claims management.
Data is generally not transferred to other third parties, unless you have agreed to this or we are obliged to do so due to legal provisions, or such transfer is explicit allowed due to a statutory provision.
The data processing during the handling of your orders partly involve the transfer of data to third countries (i.e. countries that are neither members of the European Union nor of the European Economic Area). Please note that not all third countries have a level of data protection recognized as adequate by the European Commission. Where access to the data from such a so-called unsafe third country cannot be excluded, socalled EU standard contractual clauses have been concluded as an appropriate guarantee for data processing in order to protect your personal data.
2.1. Ordering certificates and data sheets
When ordering a certificate and/or data sheet in our online shop, personal data will be collected from you (Art. 6 para. 1 lit. b GDPR) if you complete the relevant fields on the form and prepare to upload and send the data provided.
It is your decision whether you wish to disclose the information in this manner. The transfer of information provided by you to the product detail page will be encrypted.
We would like to point out that it is not possible to process an order without submitting the mandatory information to the relevant product detail page. The data is necessary for researching and creating your individual document.
To avoid any misuse of the certificates, we will process data that identifies you and the vehicle free of doubt (Art. 6 para. 1 lit. f GDPR).
The personal data collected in this respect includes in particular your contact details, such as first name, surname, company, e-mail address, address data, details of the vehicle (such as version, model, model year, first registration, vehicle identification number, engine, engine code letters, etc.).
We will not use this data for advertising purposes. Your data will not be transferred to third parties and will be deleted after the document (certificate, data sheet) has been created. We will delete any order data if the purpose for which we are storing your data ceases to exist. In the event that a trade or tax-based archiving obligation exists, we will only delete it upon expiry of this retention period.
After placing a certificate or data sheet in your basket, we will process your order data analogous to point 2. of our data protection declaration.
2.2. Credit assessment
If we offer you an insecure payment method (e.g. purchase on account), we have a legitimate interest in protecting ourselves from defaults on payment. We will therefore contact a credit agency for information about your credit rating. Credit rating information is information about unsettled payment claims and information directly resulting in a risk of payment default (e.g. insolvency, debt counselling, deferral due to inability to pay).
As part of the credit check, your data is processed on the basis of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in conducting a credit check when you choose an insecure payment method (instalments, purchase on account).
In order to obtain credit rating information, we send the following information to the external credit agency Creditreform: company name and address details.
Information on how Creditreform processes your data can be found in the company’s privacy statement in chapter: Information in accordance with the EU General Data Protection Regulation (EU-GDPR)
https://www.creditreform.de/navigations/content-footer/datenschutzerklaerung.html
We do not use data that we receive from the credit agency to make an automated decision and we do not carry out any profiling. We manually assess whether or not we can allow you to make a purchase on account. We do not pass Creditreform’s data on to third parties.
We process and store your personal data for as long as it is required for the fulfilment of our contractual and legal obligations.
You can object to the processing of your personal data via our contact and email address (see above). In this case, purchases on account are not permitted.
2.3. Optional spare parts search with vehicle identity number (VIN)
You can carry out a vehicle-specific spare parts search by entering the VIN (successively from model year 1998). The VIN is processed in this process without reference to other personal data (Art. 6 para. 1 lit. b GDPR). You will then be shown the vehicle-specific, available spare parts in the online shop.
You can save the VIN in your customer account in order to start the vehicle-specific spare parts search again from there at any time. You can delete the data in your customer account at any time. If you log out of your customer account, we will also delete this data as explained in the "How long do we store your data?" section.
The VIN is stored without further detailed information in the LOG files on the server in order to be able to guarantee appropriate support in the event of an error. This data is deleted after 6 months. In order to carry out the spare parts search with your VIN, we forward the data to our service provider company Lexcom Informationssysteme GmbH.
2.4. Other purposes of processing and legal bases
In addition, we also store the aforementioned data for the following purposes:
(1) Fulfilment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
- needs analyses,
- quality control,
- assertion of legal claims and defence in legal disputes, ensuring IT security (including system and/or plausibility test) and general security, including building and plant safety,
- processing of the information for the integrity, authenticity and availability of data,
- monitoring by supervisory bodies or similar (e.g. auditing), as well as
- provision of evidence of orders and other agreements, as well as quality control through appropriate documentation
(2) Within the framework of the balancing of interests (Art. 6 para. 1 lit. f GDPR)
As appropriate, we may process your data after the actual performance of the contract in order to safeguard legitimate interests of us or of third parties. Examples:
- Market and opinion research, unless you have objected to the use of your data,
- testing and optimisation of methods for needs analysis for the purpose of directly addressing customers,
- assertion of legal claims and defence in legal disputes,
- enrichment of our data, including through the use or the researching of publicly available data,
- statistical analysis or market analysis,
- ensuring IT security and our IT operations,
- prevention and investigation of criminal offences, to the extent this is not solely for the fulfilment of legal requirements,
- measures for business management,
- further development of existing systems and processes,
- as appropriate: monitoring or recording of telephone conversations for quality control and training purposes,
- sending greeting cards via post or email (Christmas cards, for example),
- risk control within the Volkswagen Group,
- risk protection through trade credit insurance
(3) On the basis of your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG)
If you provide us with consent to process personal data for specific purposes (e.g. disclosure of information in the Group; use for marketing purposes), then this processing is legal on the basis of your consent. Your consent may be revoked at any time. This also applies to the revocation of declarations of consent, where these were granted to us before the GDPR came into effect, i.e. before the 25 May 2018. The revocation of consent will not affect the legality of the data processed until such revocation.
To process your consent, we process for example your name, email address, date of consent and, if applicable, your signature. We are obliged to process this data in accordance with Art. 6 para. 1, S. 1, lit. c, and para. 3, S. 1, lit. a GDPR and Art. 7 para. 1 GDPR.
We may obtain consent using an I-Pad or via our website. The data is transmitted to our server at the Weser-Ems Vertriebsgesellschaft mbH site for archiving. The transmission is encrypted. You will receive a copy of the consent to your e-mail address, also encrypted.
Your data and consent will be partially passed on to our appointed service providers. You will find further information on this in the respective chapters of this data protection information where we obtain consent.
If you have filed an objection to data processing, we will store your advertising objection in order to be able to implement it permanently. We do not delete it and your consent pursuant to Art. 17 para3 lit. e GDPR, according to which a deletion obligation does not apply insofar as processing of the data, i.e. also storage, is necessary for the assertion, exercise or defence of legal claims.
(4) On the basis of statutory requirements (Art. 6 para. 1 lit. c GDPR) or in the public interest (Art. 6 para. 1 lit. e GDPR)
As a company, we are also subject to various legal obligations, that is to say, requirements under applicable law (e.g. Commercial Code, Money Laundering Act, tax laws). The purposes of processing include, among other things: verifying identity and age; fraud and money-laundering prevention; combating and educating about the financing of terrorism and crimes damaging assets; the fulfilment of fiscal monitoring and reporting obligations; as well as the assessment and control of risks in our company and within the Volkswagen Group. In addition, there may be a requirement to disclose personal data within the framework of regulatory / legal measures for the purposes of evidence, prosecution or the enforcement of claims under civil law.
2.5. How long do we store your data?
We process and store your personal data for as long as it is required for the fulfilment of our contractual and legal obligations. It is important to note that in the event of a registration with the online shop, our business relationship is deemed to be a continuing obligation, applicable for a period of years.
If the data is no longer required for the fulfilment of contractual or statutory obligations, it is deleted on a regular basis, unless their – temporary – continued processing is required for the following purposes:
- Meeting retention obligations under commercial codes and/or fiscal laws: the German Commercial Code (HGB), the German Tax Code (AO), the Money Laundering Act (MLA) are to be noted. The specified time limits for storage and documentation are two to ten years.
- Conservation of evidence within the framework of the statute of limitations. In accordance with Sections 195 et seq. of the German Civil Code (BGB), these periods of limitation may be up to 30 years, although the normal period of limitation is 3 years.
- Fulfilment of the purposes mentioned under (a). In these cases, we may – even after the end of our business relationship or after our pre-contractual legal relationship – store (and, as appropriate, use) your data for a duration which is in agreement with the relevant purposes.
3. Contact form
When contacting us using the contact form, personal data is collected from you when you fill in the respective fields on the form and send data. It is your decision whether and what information you provide us with in this manner. The personal data to be collected to this extent include, in particular, your contact information, e.g. first name, surname, company email address, customer number, address data, information on the vehicle such as finish, model, model year, first registration, vehicle identification number, engine, engine classification code, transmission classification code, paint number and interior appointments code.
Your details will be stored on our server for the purpose of processing your request (Art. 6 para. 1 lit. b GDPR) and in the event that subsequent questions arise. We will not use this data for advertising purposes.
We will delete any data if the purpose for which we are storing your data ceases to exist. In the event that a trade or tax-based archiving obligation exists, we will only delete it upon expiry of this retention period.
If you send us a message using the contact form on our website, this data is encrypted. The confidentiality and integrity of the content is thus ensured.
4. Order our newsletter subscription
On our website you can register to receive our free newsletter.
If you have consented to receive the Volkswagen Classic Parts newsletter, we will use your e-mail address to send you information about products, promotions, competitions and news, as well as for surveys on general customer satisfaction.
To ensure that we send the newsletter to the correct e-mail address, we will send you an e-mail before the subscription begins in which we ask you to confirm the newsletter subscription. You can complete the newsletter subscription here.
By subscribing to the newsletter, you have given us your consent to data processing (Art. 6 para. 1 lit. a GDPR). You may at any time revoke your consent to the storage of the data and email address, and to their use for sending the newsletter, for example via the "Unsubscribe" link in the newsletter, or by emailing us notice of your revocation: werbe-abmeldung@vw-classicparts.de.
If you subscribe to the newsletter, you can provide us with your title, first and last name and date of birth in addition to your e-mail address. If you provide us with your title, first name and last name, we will use this to address the newsletter to you personally. If you provide us with your date of birth, we use this to send you our best wishes on the day.
We use Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, as our newsletter software. Your information is forwarded to Sendinblue GmbH. Sendinblue GmbH is forbidden in this respect from selling your data and from using it for purposes other than for the dispatch of newsletters. Sendinblue GmbH is a certified German provider, selected according to the requirements of the GDPR and the Federal Data Protection Act.
With the help of Sendinblue, if you have given us your consent on the legal basis of Art. 6 para. 1 lit. a DSGVO and §25 para. 1 S. 1 TTDSG we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.
We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether a purchase was made after clicking the newsletter.
Detailed information on the functions of Sendinblue can also be found here:
https://de.sendinblue.com/informationen-newsletter-empfaenger/
You can cancel your newsletter subscription at any time by sending a message to the contact option described above or via a link provided for this purpose in the newsletter.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue after you unsubscribe from the newsletter.
We will block your data for use in the newsletter dispatch if you have revoked your consent to us. However, we will delete the objection from the newsletter system after one year at the latest.
We store your advertising objection internally for the assertion, exercise or defence of legal claims. We will not delete it pursuant to Art. 17 para. 3 lit. e GDPR should a delete obligation cease to exist, insofar as it is necessary to process the data, thereby also store it, to enforce, exercise or advocate legal claims.
We have concluded a contract with Sendinblue in which we oblige Sendinblue to protect the data of our customers.
Newsletter subscription for business customers
In addition to the above information, there are the following special features for our business customers. In addition to the e-mail address, title, first name and surname, we also collect the customer number and the company name for business customers in order to assign the e-mail addresses in our systems.
E-mail advertising without newsletter registration and your right to object
If we receive your e-mail address, address and order data in connection with the sale of a product or service and you have not objected to this, we reserve the right, on the basis of Section 7 para. 3 of the German Unfair Competition Act (UWG), to regularly send you offers by e-mail for similar products to those you have already purchased from our range.
This serves to protect our legitimate interests (Art. 6 para. 1 lit. f GDPR) in advertising to our customers which are deemed as outweighing as part of a balancing of interests.
You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising e-mail.
To forward your unsubscribe via the link, we use our service provider: Facelift Brand Building Technologies GmbH, Gerhofstraße 19, 20354 Hamburg, Germany. Your data will exclusively be processed in the European Union.
You can unsubscribe from e-mail advertising here.
We will save your advertising objection so that it can be implemented on a lasting basis. We will not delete it pursuant to Art. 17 para. 3 lit. e GDPR should a delete obligation cease to exist, insofar as it is necessary to process the data, thereby also store it, to enforce, exercise or advocate legal claims.
For more information, please see Technology and Cookies.
5.1. Facebook and Instagram (Meta)
Our Facebook and Instagram fanpages, social networks of the US service provider Meta Platforms Ireland Ltd., which also has a responsible registered office at Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, can be reached at www.facebook.com/classicparts/ and www.instagram.com/volkswagen_classicparts/.
The fan pages or social media channels you visit offer you the opportunity to react to our posts, comment on them, create a user post yourself and send us private messages with personal concerns. The data you provide in this context and which may be accessible to us (e.g. user name, address, date of birth, pictures, interests, if applicable) is used by us for the purpose of customer and prospect communication as well as for the creation of anonymous usage statistics (page insights data), which help us to understand the usage and reach of our posts, to evaluate content and to recognize usage preferences as well as to be able to design our social media pages to be as target group-oriented as possible and to design advertising for our products. The basis for the data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR).
The processing of your request is carried out through the use of an order processor. As far as we are able, your data will be deleted when we cease to operate the fanpage.
In its ruling of 5 June 2018 the ECJ confirmed the joint responsibility of the fanpage operator and Facebook. Provider-specific information on data processing can be found in the respective data protection declarations at:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin2, Ireland, https://en-gb.facebook.com/policy
Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA, https://help.instagram.com/519522125107875/?maybe_redirect_pol=0
Every time you interact on our fan page or other Facebook or Instagram websites, the operators of the social networks use cookies and similar technologies to record your usage behaviour. Fan page operators can view general statistics on the interests and demographic characteristics (e.g. age, gender, region) of the fan page audience. When you use social networks, the nature, scope and purpose of the processing of data on social networks is primarily determined by the operators of the social networks. Detailed information on Facebook's Page-Insights data can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data
Please note that Meta’s servers are located mainly in the USA. Please note that Meta’s servers are located mainly in the USA. The EU Commission has issued a new adequacy decision for the EU-US data protection framework. The United States ensures an adequate level of protection - comparable to that of the European Union - for personal data transferred from the EU to U.S. companies within the new framework. Based on the new adequacy decision, personal data can be transferred from the EU to U.S. companies that are certified without having to introduce additional data protection safeguards. Meta Platforms, Inc ("Meta") is certified under the EU-U.S. Data Privacy Framework.
We also use a social media management tool from another service provider on the basis of overriding legitimate interests pursuant to Art. 6 para. 1 f GDPR and an order processing agreement pursuant to Art. 28 para. 3 GDPR. The tool is used at Volkswagen Classic Parts for the purpose of planning and writing posts for the social media channels and fan pages used, monitoring channels and fan pages, conducting market research and statistical analyses and optimising our communication strategy on the basis of these. With the help of the tool, we can publish network- or platform- and channel-specific content, process user reactions, search the social networks and platforms for mentions and analyse all interactions with us and our measures. The deletion of the data takes place automatically after the deletion in the social media channels. The provider of the social media management tool is Facelift Brand Building Technologies GmbH, Gerhofstraße 19, 20354 Hamburg.
6. Tracking and Cookies
We use various cookies on our website. Cookies are small files with configuration information that is stored on your device. There are two categories of cookies. There are cookies that are essential for the functionality of the website (so-called function cookies) and, for example, save your language settings, and cookies on the basis of which a pseudonymised usage profile is created (so-called marketing & tracking cookies).
The processing of the function cookies is necessary to enable you to visit the website (Art. 6 para. 1 lit. b GDPR).
Marketing & tracking cookies are only set if the website visitor has consented to this (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG). . Consent is given via the so-called cookie banner, which must be actively clicked.
You can edit your cookie settings at any time. To do this, please click on the round orange button that you will find at the bottom left of every page. In the pop-up that opens, you can make your settings.
For more information about our cookies, please see Technology and Cookies.
By giving your consent via our cookie banner, you are giving your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG) to one or more of the following tracking measures:
6.1. Google Tag Manager
We use Google Tag Manager to manage the individual tracking measures. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.
http://www.google.de/tagmanager/use-policy.html
You can find more information on this in Technology and Cookies.
6.2. Google Analytics with Server-Side Tracking
This website uses Google Analytics, a web analytics service provided by Google Ireland LimitedGoogle Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We use the new version of Google Analytics GA4). This makes it possible to analyze data, sessions and interactions in our online store on our website and thus retrieve website statistics and key performance indicators. Likewise, the tool is suitable for tracking marketing campaigns and testing advertising effectiveness.
When using Google Analytics, we use so-called "cookies", text files that we store on your computer and which allow us to analyze your use of the website. For example, we collect: browser information, device information, IP address, location information, date and time of visit, pages visited, purchase activity.
GA4 enables us to use server side tagging.
With server side tagging, a server is interposed. The data no longer goes to Google Analytics unfiltered. All information from your endpoints is stored on this secure server. We decide which information is passed on to Google Analytics. The data is anonymized or pseudonymized in advance, and this ensures that no personal customer data reaches the USA. We use a service provider for data processing Google Analytics data. However, the data is processed exclusively in Europe.
We only use Google Analytics with your data if you have given us consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO and §25 Para. 1 S. 1 TTDSG in our Consent Manager (cookie banner).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. If you do not wish the corresponding data collection, you can change your currently set preferences in our Cookie Consent Manager. You can edit your cookie settings at any time. To do so, please click on the round orange button that you will find at the bottom left of every page. In the pop-up that opens, you can adjust your settings.
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
For more information on Google's terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.
You can find more information on this in Technology and Cookies.
6.3. Google AdWords Remarketing & Conversion Tracking
Our website uses the functions of Google AdWords Remarketing, with which we advertise this website in Google search results, as well as on third-party websites. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. The use is based on your consent in acc. with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG. You can edit your cookie settings at any time. To do this, please click on the round orange button that you will find at the bottom left of every page. In the pop-up that opens, you can make your settings.
Additional data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalise the ads you see on the web. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
This website uses the online advertising programme "Google AdWords" and, within the framework of Google AdWords, the conversion tracking of Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google AdWords to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google AdWords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you and of making our website more interesting for you.
The conversion tracking cookie is set when a user clicks an AdWords ad placed by Google. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognise that the user clicked the ad and was redirected to that page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. We learn the total number of users who clicked their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information with which users can be personally identified.
You can permanently deactivate the setting of cookies for advertising preferences at Google using the following link: https://adssettings.google.com
You can view data protection regulations regarding advertising and Google here: http://www.google.com/policies/technologies/ads/
You can find more information on this in Technology and Cookies.
6.4. Facebook Website Custom Audiences using pixel
Our online shop uses “Facebook pixel” from the social media network Facebook, which is run by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) to analyse, optimise and efficiently run our website and for these purposes.
Facebook Website Custom Audiences via the Pixel process can track users' behaviour and interests after they have seen or clicked a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and may help optimise future advertising efforts. The data collected are anonymous so do not provide us with any information about the user’s identity. However, the data from Facebook are saved and processed so that a link to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data use policy (https://www.facebook.com/about/privacy/).
You can make Facebook and its partners switch off adverts on and external to Facebook. A cookie can also be saved on your computer for this purpose.
When collecting data, we rely on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG for the corresponding data processing, which you can of course also revoke at any time by changing your privacy settings. If you revoke your consent, your data will no longer be used for this purpose and will be deleted, provided that there are no legal retention periods to the contrary. Without revocation, the storage period of the data is 180 days. After that, the data will be deleted automatically.
To deactivate the use of cookies on your computer, you can set your internet browser so that no more cookies can be placed on your computer in the future or so that cookies that have already been placed are deleted. However, switching off all cookies may mean that some functions on our web pages can no longer be carried out.
Specific information on the Facebook pixel and how it works can be found here: https://www.facebook.com/business/help/651294705016616 .
You can edit your cookie settings at any time. To do this, please click on the round orange button that you will find at the bottom left of every page. In the pop-up that opens, you can make your settings.
You can find more information on this in Technology and Cookies.
6.5. Facebook Conversion Pixel
With your consent, we use the "conversion pixel" or visitor actionpixel of Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland ("Facebook") (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG). By calling up this pixel in your browser, Facebook can subsequently recognise whether a Facebook advertisement has been successful, e.g. has led to a purchase. We only receive statistical data from Facebook for this purpose without any reference to a specific person. This allows us to record the effectiveness of the Facebook ads for statistical and market research purposes. Without revocation, the storage period of the data is 180 days. After that, the data will be deleted automatically.
You can edit your cookie settings at any time. To do this, please click on the round orange button that you will find at the bottom left of every page. In the pop-up that opens, you can make your settings.
You can find more information on this in Technology and Cookies.
6.6. User Centrics Consent Management Platform
We use a service provider to manage your consent or refusal to cookies and technologies (Art. 6 para. 1 lit. c GDPR). Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich is used as a processor on the website for the purpose of consent management. For this purpose, we process your personal data such as: Settings Login, User data: Consent data (Consent ID, Consent number, time of consent, implicit, explicit consent, opt-in or opt-out, banner language, customer setting, template version), device data (HTTP agent, HTTP referrer). The data is processed exclusively in the EU and kept for three years.
Further information can be found in Technology and Cookies.
7. Further Services
7.1. Trusted Shops
Integration of the Trusted Shops Trustbadge / other Widgets
Trusted Shops widgets are integrated in this website to display Trusted Shops services (e.g. Trustmark, collected reviews) and to offer buyers Trusted Shops products after they have placed an order.
This serves to protect our legitimate interests in optimized marketing by enabling secure shopping in accordance with Art. 6 (1) (f) GDPR, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"). We and Trusted Shops are joint controllers in data protection terms pursuant to Art. 26 GDPR. In the following section, we inform you about the essential contents of the joint controllership agreement according to Art. 26 (2) GDPR.
Within the framework of the joint responsibility existing between us and Trusted Shops AG, please preferably contact Trusted Shops using the contact options provided in the privacy policy, if you have any data protection questions and wish to assert your rights. Irrespective of this, however, you can always contact the person responsible of your choice. Your enquiry will then, if necessary, be passed on to the other person responsible for a response.
Data processing when integrating the Trustbadge
The Trustbadge is provided by a US-American CDN provider (content delivery network).
An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. Where service providers are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and the call-up. Immediately after the data collection the IP address is anonymised so that the stored data cannot be assigned to you personally. The anonymised data are used in particular for statistical purposes and for error analysis.
Data processing after order completion
After the order has been completed, order information (order total, order number, product purchased, if applicable) and your email address, which has been hashed using a cryptological one-way function, are transmitted to Trusted Shops. The legal basis for this processing is Art. 6 (1) (f) GDPR.
This serves to verify whether you are already registered for services with Trusted Shops and is therefore necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services in accordance with Art. 6 (1) (f) GDPR. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will subsequently be given the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops. If you do not register, all transmitted data will be automatically deleted by Trusted Shops and a personal reference is no longer possible.
Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 (1) (f) GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel).
An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA and here for Israel. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. Where service providers are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.
7.2. Competitions at events
As a supplement to our events, we run competitions at our Volkswagen Classic Parts booth. For the purpose of communication, implementation and processing of the competitions, the personal data of the participant will be stored and processed or used by Weser-Ems Vertriebsgesellschaft mbH.
We process your name, address and e-mail address to notify you of the prize and to send you your prize (legal basis: Art. 6 para. 1 lit. b) DSGVO). After the winner has been determined and awarded, the data will be deleted unless further storage is required for legal reasons.
In addition to Weser-Ems-Vertriebsgesellschaft GmbH as the organiser of the competition, our server provider also receives knowledge of the data for processing and our shipping service provider for shipping the prizes. The data will be processed exclusively in the EU and will not be passed on to other third parties. A transfer to third countries is excluded.
If you do not provide us with your data, participation in the competition will not be possible.
7.3. Competitions on Social Media
We conduct competitions as a supplement to our campaigns. For the purpose of communication, implementation and processing of the competitions, the personal data of the participant will be stored and processed or used by Weser-Ems Vertriebsgesellschaft mbH.
If you comment a competition posting on our social media pages, you automatically take part in the competition. Through the interaction, your social media profile data und your comments will be stored via Meta and transferred to us for the drawing of the winners. Meta has no connection to the competitions and has no influence on their execution.
Please note that Meta's servers are mainly located in the USA. The EU Commission has issued a new adequacy decision for the EU-US data protection framework. The States ensures an adequate level of protection - comparable to that of the European Union - for personal data transferred from the EU to U.S. companies within the new framework. Based on the new adequacy decision, personal data can be transferred from the EU to U.S. companies that are certified without having to introduce additional data protection safeguards. Meta Platforms, Inc ("Meta") is certified under the EU-U.S. Data Privacy Framework. Further information can be found above in Meta's data protection information.
In the event of winning, the provision of further personal data is required. We will contact the winners' profiles by direct message and ask you to respond by e-mail. If you send us an answer by e-mail, we will process your name, address, vehicle data, image and text content sent by you and your e-mail address on our mail servers, depending on the type of competition, in order to notify you of the prize, to issue the prize and to send your prize (legal basis: Art. 6 para. 1 lit. b) GDPR). The further processing of image and text content sent as part of the competition is governed by an additional consent (legal basis: Art. 6 para. 1 lit. a) GDPR). After the winner has been determined and awarded, the data will be deleted unless further storage is required for legal reasons.
In addition to Weser-Ems-Vertriebsgesellschaft GmbH as the organiser of the competition, our server provider also receives knowledge of the data for processing and our dispatch service provider for sending the prizes. This data will be processed exclusively in the EU.
If you do not provide us with your data, participation in the competition will not be possible.
8. Image, sound and video recordings at events
If you attend one of our events or an event at which Volkswagen Classic Parts has a stand, we may create image, sound and video recordings.
We ensure that persons are only depicted incidentally (according to § 23 paragraph 1, sentence 2 KunstUrhG (German Art Copyright Act)) and not in the foreground or individually.
Should it nevertheless be necessary to depict persons in the foreground at events, we will obtain a separate declaration of consent (Art. 6 (1)(1)(a) GDPR) from the persons concerned.
The processing of your data takes place on the legal basis of legitimate interest (Art. 6 (1)(1)(f) GDPR). We are particularly interested in documenting events or trade fairs on the subject of motor vehicles. We are mainly concerned with our own stand and our own actions at our stand, but also document the event as a whole.
Volkswagen Classic Parts has an interest in the dissemination of some recordings on websites and social media channels, as well as in its own print media, or for distribution for editorial and journalistic use by third parties. It does so for the purposes of press and public relations and the presentation of the activities of Volkswagen Classic Parts in order to increase awareness and to promote participation in comparable events and its activities.
This information can also be found using search engines on the Internet and is linked to other information. Information posted on the Internet, including photos and audio and video recordings, can easily be copied and processed further. There are specialised archiving services, the objective of which is to document the state of certain websites on certain dates on an ongoing basis. This may mean that information published on the Internet can still be found on the original page elsewhere, even after its deletion.
We also store and process the personal data collected for as long as is necessary for internal and external corporate communication about the event. We store the recordings permanently to document company-relevant records. Please note that your data may be accessible worldwide. This includes access in those countries that have a lower level of data protection than that of the European Union. Transfer to further third parties is excluded.
9. Third country transfer of personal data
Some of the data processing involves the transfer of data to third countries (i.e. countries that are neither members of the European Union nor of the European Economic Area). Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. Where access to data from such an insecure third country cannot be ruled out, so-called EU standard contractual clauses have been concluded as an appropriate guarantee for data processing in order to protect your personal data. You can access the EU standard contractual clauses provided by the EU Commission here.
C. Data security on the internet
We undertake all necessary technical and organisational security measures to store your personal data so that it is accessible neither to third parties nor to the general public. If you want to get in contact with us via email, please note that the confidentiality of the information transmitted via this method of communication cannot be fully guaranteed. We therefore recommend that you send us confidential information only by post.
D. Your rights
The following rights can be asserted free of charge at any time:
Right to information: You have the right to information from us about the processing of your personal data.
Correct: You have the right to have us correct inaccurate or incomplete personal data relating to you.
Right to deletion: You have the right, in the presence of the prerequisites mentioned in Article 17 GDPR, to demand the deletion of your data. Accordingly, you may, for example, demand the deletion of your data, insofar as it is no longer required for the purposes for which it was collected. You may also request deletion if we process your data on the basis of your consent, and you revoke this consent.
Right to restriction of processing: You have the right to demand the restriction of the processing of your data, if the prerequisites pursuant to Article 18 GDPR are present. This is the case, for example, if you contest the accuracy of your data. For the duration of the process verifying the accuracy of the data, you can then request the restriction of processing.
Right of objection: If the processing is based on an overwhelming interest or if your data is used for direct marketing purposes, you have the right to object to the processing of your data. An objection is if processing is either in the public interest or occurs in the exercise of public authority or by virtue of a legitimate interest of the Weser-Ems Vertriebsgesellschaft mbH or of a third party. In the case of an objection, we ask you to send us your reasons for which you object to the data processing. In addition, you have the right to object to the processing of data for direct marketing purposes. This also applies to profiling, insofar as this is linked to direct advertising.
Right to data portability: If the data processing is based on consent or the fulfilment of a contract, and it additionally occurs using automated processing, you have the right to receive your data in a structured, common and machine-readable format and to transmit them to another data processor.
Right of revocation: If the data processing is based on consent, you have the right to revoke the data processing – free of charge and at any time – within the framework of consent with effect for the future, by emailing datenschutz@vw-classicparts.de or via the contact details provided in the legal information section.
Right to complain: You also have the right to complain to a supervisory authority (e.g. The Lower Saxony Commissioner for Data Protection) about our processing of your data.
E. Your contact person: Data Protection Officer
Our Data Protection Officer is available to you as a point of contact for all data-protection-related matters, and for the exercise of your rights. Please send your submissions to:
Weser-Ems Vertriebsgesellschaft mbH
- Data Protection Officer -
Theodor-Heuss-Str. 28b
38444 Wolfsburg, Germany
datenschutz@vw-classicparts.de
Version: May 30th, 2024
5. Social media channels and fan pages
In the following, we inform you about the processing of your personal data in the context of the use of the social media channels or fan pages provided by Volkswagen Classic Parts on Instagram, Facebook and YouTube. We maintain these presences in order to communicate information and offers about our product range and to get in touch with active users.