Data protection

Privacy Policy

1. Data protection at a glance

General information

The following information provides an overview of what happens to your personal data when you use our website.
Visit https://gutmannspareparts.com/ .

Personal data is any data that can be used to personally identify you.

2. Responsible body

The entity responsible for data processing on this website is:

DMS-Weinheim Kitchens
Owner: Markus Thönnes
Wintergasse 87
69469 Weinheim
Germany

Telephone: 0171-7815159
Email: info@weinheimerkuechen.de

3. Hosting via Shopify

Our website is powered by the e-commerce platform Shopify.

The supplier for retailers within the EU is:

Shopify International Limited
Victoria Buildings
2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

Shopify provides the shop infrastructure, hosting, and database.

Processed data

The following data is processed in particular as part of the hosting and shop setup:

  • IP address

  • Device and browser information

  • Inventory data (name, address)

  • Contract data

  • Payment details

  • Communication data

  • Usage data

Legal basis

The processing is based on:

  • Article 6 paragraph 1 letter b GDPR (performance of a contract)

  • Article 6 paragraph 1 letter f GDPR (legitimate interest in secure and efficient operation)

  • Article 6 paragraph 1 letter a GDPR (consent where required)

Third-country transfer

Shopify may transfer data to affiliated companies in Canada and the USA.

For Canada, there is an adequacy decision by the EU Commission pursuant to Art. 45 GDPR.

Insofar as data is transferred to the USA, this is done on the basis of:

  • EU Standard Contractual Clauses (Art. 46 GDPR)

  • possibly additional technical protective measures

We have concluded a data processing agreement with Shopify in accordance with Article 28 GDPR.

4. Data collection on this website

Contact form

If you send us inquiries via the contact form, your information, including the contact details provided there, will be stored for processing your request.

Legal basis:

  • Article 6 paragraph 1 letter b GDPR (pre-contractual measures)

  • Article 6 paragraph 1 letter f GDPR (legitimate interest in efficient communication)

The data will remain with us until the purpose of storage no longer applies or legal retention obligations exist.

Cookies

Our website uses cookies.

Shopify uses technically necessary cookies, in particular for:

  • Shopping cart function

  • Order processing

  • Security

  • Abuse and fraud prevention

  • Website stability

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR.

Cookie consent tool

We use Shopify's integrated consent management tool to obtain and manage consents.

Where cookies or similar technologies require consent, processing is based on:

  • Article 6 paragraph 1 letter a GDPR

  • § 25 TDDDG

You can withdraw your consent at any time.

5. Automated security and fraud prevention

To protect against abuse, fraud and unauthorized access, Shopify uses automated security and risk analysis systems.

This may involve the processing of technical data (e.g., IP address, device information, transaction data).

The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in the security of the online shop).

There is no exclusively automated decision-making within the meaning of Article 22 GDPR with legal effect for data subjects.

6. SSL or TLS encryption

This website uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by the "https://" in your browser's address bar.

7. eCommerce and contract processing

Processing of customer and contract data

We process personal data for the purpose of:

  • Reason

  • implementation

  • processing

  • Fulfillment of legal obligations

The legal basis is Article 6(1)(b) GDPR.

Statutory retention periods (e.g. 6 or 10 years according to HGB/AO) remain unaffected.

Data transmission during goods shipment

To fulfill the contract, we will provide your data:

  • Shipping service provider

  • Payment service provider

further, insofar as this is necessary for the execution of the order.

8. Payment service providers

PayPal

Provider:

PayPal (Europe) S.à rl et Cie, SCA
22–24 Boulevard Royal
L-2449 Luxembourg

If you select PayPal, your payment details will be transmitted directly to PayPal.

The processing is based on Article 6 paragraph 1 letter b GDPR.

Transfers to third countries can be based on EU standard contractual clauses.

Further information:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

9. Storage duration

Personal data will be deleted as soon as:

  • the purpose of the processing no longer applies,

  • statutory retention periods have expired,

  • no legitimate interests exist anymore.

10. Your rights

You have the right to:

  • Right of access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Revocation of granted consent

Right to lodge a complaint with the competent data protection supervisory authority pursuant to Art. 77 GDPR.