Privacy Policy

The responsible entity for data processing is:

LEAB Automotive GmbH
Thorshammer 6
24866 Busdorf
Germany
Email: info@leab.eu
Phone: +49 (0) 4621 - 97860-0

We appreciate your interest in our online shop. The protection of your privacy is very important to us. We would like to inform you in detail about how your data is handled.

1. Access data and hosting

You can visit our websites without providing personal information. Each time a website is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of the selection, transferred amount of data and the requesting provider (access data), and which documents the selection. This usage data is analysed solely for the purpose of ensuring the smooth operation of the website and improving our services. This serves to safeguard our legitimate prevailing interests in a correct presentation of our offer In accordance with Article 6(1)(f) of the GDPR.

All access data will be deleted no later than seven days after you leave the site.

Hosting

The services for hosting and displaying this website are partly provided by our service providers as part of data processing carried out on our behalf. Unless otherwise specified in this Privacy Policy, all access data and all data collected via the forms provided on this website are processed on their servers. If you have any questions about our service providers or the basis of our cooperation with them, please use the contact details provided in this Privacy Policy.

2. Data processing for contract processing and for contacting us

2.1 Data processing for contract processing

We collect personal information when you voluntarily provide it to us as part of your order or when contacting us (for example, by contact form or email). Mandatory fields are marked as such, as we require the data in these cases to process the contract or to process your contact and you cannot complete the order or send the contact without providing it. The data collected can be seen from the respective input forms. We use the data provided by you for the purpose of processing the contract and handling your enquiries (including enquiries about and processing of any existing warranty and performance claims as well as any statutory update obligations) pursuant to Article 6(1)(b) of the GDPR. For more information about the processing of your data, particularly regarding its disclosure to our service providers for the purposes of order processing, payment processing, and shipping, please refer to the following sections of this Privacy Policy. Once the contract has been fully executed, your data will be restricted for further processing and deleted after the expiration of any retention periods required by tax and commercial law in accordance with Article 6(1)(c) of the GDPR, unless you have expressly consented to further use of your data in accordance with Article 6(1)(a) of the GDPR, or we reserve the right to use your data beyond this scope in a manner permitted by law, about which we will inform you in this statement.

2.2 Contacting us

As part of our customer communication, we collect personal information pursuant to Article 6(1)(b) of the GDPR in order to process your enquiries, if you voluntarily provide this information to us when contacting us (e.g. via a contact form, live chat tool or email). Mandatory fields are marked as such, as in these cases the data is essential to process your contact. The data collected can be seen from the respective input forms. After your enquiry has been fully processed, your data will be deleted unless you have expressly consented to further use of your data pursuant to Article 6(1)(a) of the GDPR or we reserve the right to use data in a manner that goes beyond this and is permitted by law and about which we inform you in this declaration.

2.3 Data protection information for applicants

We process the information you have provided to us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our company) and to complete the application process. The legal basis for the processing of your personal data is primarily §26 of the Federal Data Protection Act (new). If the data is required for legal prosecution after completing the application process, data processing may be performed based on the requirements of Article 6 of the GDPR, in particular for the exercise of legitimate interests pursuant to Article 6(1)(F) of the GDPR. Our interest then lies in asserting or defending claims. Your data will be deleted in the event of cancellation after 6 months. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. Here, the data will be deleted after ten years.

If, as part of the application process, you are offered a position, the data from the applicant data system will be transferred to our personnel information system. Your application data will be viewed by the Human Resources department upon receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. The only people who will have access to your data are those that need it to ensure that our application process runs properly. The data is processed solely in data centres of the Federal Republic of Germany. You can find your rights and a contact at the end of this Privacy Policy.

3. Data processing for the purpose of shipment handling

In order to fulfil the contract pursuant to Article 6(1)(b) of the GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. If you have any questions about our service providers and the foundation of our collaboration with them, please use the contact options described in this Privacy Policy.

Data transfer to shipping service providers for the purpose of shipping notification

If you have given us your express consent to this during or after your order, we will forward your email address and telephone number to the selected shipping provider on the basis of this pursuant to Art. 6(1)(a) of the GDPR so that the latter can contact you before delivery for the purpose of announcing or coordinating delivery. Your consent can be withdrawn at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data unless you have expressly consented to further use of your data or we reserve the right to use the data as legally permitted, of which we inform you in this policy. If you have any questions about our service providers and the foundation of our collaboration with them, please use the contact options described in this privacy policy.

4. Data processing for payment handling

We work with the following partners to process payments in our online shop: technical service providers, credit institutions, payment service providers.

4.1 Data processing for transaction handling

Depending on the payment method selected, we pass on the data necessary for processing the payment transaction to our technical service providers, to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for processing the payment. This serves to fulfil the contract pursuant to Art. 6(1)(b) of the GDPR. In some cases, the payment service providers collect the data required for processing the payment themselves, for example on their own website or via a technical integration in the order process. In this respect, the privacy policy of the respective payment service provider applies. Depending on the payment method selected, data may be transferred to third countries outside the EU/EEA for which the European Commission has determined by decision that an adequate level of data protection exists. Where data is transferred to third countries outside the EU/EEA for which the European Commission has not issued a decision on an adequate level of data protection, cooperation is based on the European Commission’s standard data protection clauses. If you have any questions about our payment processing partners or the basis of our cooperation with them, please contact us using the contact details provided in this Privacy Policy.

4.2 Data processing for the purposes of fraud prevention and the optimisation of our payment processes

Where applicable, we provide the aforementioned service providers with additional data, which they use together with the data necessary for processing the payment for the purposes of fraud prevention and the optimisation of our payment processes (e.g. invoicing, handling disputed payments, supporting our accounting). Pursuant to Article 6(1)(f) GDPR, this serves to protect our overriding legitimate interests, within the framework of a balancing of interests, in protecting ourselves against fraud and in efficient payment management.

4.3 Credit check

If we make an advance payment (in the case of purchase on account), we obtain an identity and credit report from specialised service providers (credit agencies). For this purpose, we will share your personal data required for a credit check with:

CRIF GmbH Leopoldstraße 244 80807 Munich Germany

This serves to protect our legitimate interests, which prevail following a balancing of interests pursuant to Article 6(1)(f) of the GDPR, in assessing the creditworthiness and willingness to pay of our potential customers prior to the conclusion of the contract and thereby avoiding losses on the purchase price, and is necessary for the conclusion of the contract pursuant to Article 22(2)(a) of the GDPR. Appropriate measures to safeguard your rights, freedoms, and legitimate interests will be taken into account in this process. You have the option to contact us using the contact information provided in this Privacy Policy to state your position and challenge the decision. Once the contract has been fully fulfilled, the data processed for this purpose will be deleted, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

5. Advertising by email

5.1 Email newsletter with registration and newsletter tracking

If you subscribe to our newsletter, we will use the data required for this purpose or provided separately by you in order to send you our email newsletter regularly on the basis of your consent pursuant to Article 6(1)(a) of the GDPR.

You may unsubscribe from the newsletter at any time, either by a message to the contact option described below or via a dedicated link in the newsletter.

After unsubscribing, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data pursuant to Article 6(1)(a) of the GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Please note that we analyse your user behaviour when sending the newsletter. For this purpose, we also analyse your interaction with our newsletter by measuring, storing, and evaluating opening and click rates to design future newsletter campaigns ("newsletter tracking"). For this evaluation, the emails sent contain single-pixel technologies (e.g. web beacons, tracking pixels) that are stored on our website. For evaluation purposes, we in particular link the following “newsletter data”: the page from which our website was requested (so-called referrer URL), the date and time of access, a description of the type of web browser used, the IP address of the requesting computer, the email address, the date and time of registration and confirmation, and the one-pixel technologies with your email address or your IP address and, where applicable, an individual ID. Links contained in the newsletter may also contain this ID. If you do not wish to receive newsletter tracking, it is possible to unsubscribe from the newsletter at any time, as described above. The information is stored for as long as you are subscribed to the newsletter.

5.2 Newsletter dispatch

The newsletter and the newsletter tracking described above may also be sent by our service providers as part of data processing carried out on our behalf. If you have any questions about our service providers or the basis of our cooperation with them, please use the contact details provided in this Privacy Policy.

6. Social Media - Our online presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn

Insofar as you have given your consent to the respective social media operator in accordance with Article 6(1)(a) of the GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online offerings on the social media mentioned above, from which usage profiles are created using pseudonyms. These can be used, for example, to display ads on and off the platforms that are likely to match your interests. Cookies are usually used for this purpose. For detailed information on how each social media provider processes and uses data, as well as contact information, your rights in this regard, and settings to protect your privacy, please refer to the providers’ privacy policies linked below. If you still need assistance with this, please feel free to contact us.

Facebook (by Meta) is an offering by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online profile on Facebook (by Meta) is generally transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing in connection with a visit to a Facebook (by Meta) fan page is based on an agreement between joint controllers in accordance with Article 26 of the GDPR. For more information (insights data information), click here.

Our service providers are located and/or use servers in the following countries where the European Commission has determined there is an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. The adequacy decision for the USA serves as a basis for third-country transfers, provided the respective service provider is certified. Certification is available. Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these guarantees: standard data protection clauses of the European Commission.

Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). The information about your use of our online presence on Instagram that is automatically collected by Meta Platforms Ireland is generally transferred to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Data processing in connection with visits to an Instagram (by Meta) fan page is based on an agreement between joint controllers in accordance with Article 26 of the GDPR. For more information (insights data information), click here.

YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google about your use of our online offering on YouTube is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, where it is stored. Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has determined by decision that an adequate level of data protection is provided. Our service providers are located and/or use servers in countries outside the EU and EEA. There is no adequacy decision from the European Commission for these countries. Our cooperation with the USA is based on standard data protection clauses of the European Commission.

LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The information automatically collected by LinkedIn about your use of our online offering on LinkedIn is generally transmitted to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, where it is stored. Our service providers are located and/or use servers in the following countries where the European Commission has determined there is an adequate level of data protection: USA. The adequacy decision for the USA serves as a basis for third-country transfers, provided the respective service provider is certified. Certification is available.

6.1 Web analysis with Plausible Analytics

We use “Plausible Analytics” on this website, a web analysis service provided by Plausible Insights OÜ (Västriku tn 2, 50403 Tartu, Estonia).

Plausible enables us to carry out a statistical analysis of the use of our website in order to optimise its content and technical performance. Unlike conventional analysis tools, Plausible is particularly privacy-friendly:

No cookies are stored on your device.

No personal data is stored on a permanent basis. Your IP address and user agent are used solely to create an anonymous identifier (hash) that changes daily and cannot be traced back to you personally.

All data is processed exclusively on servers in the European Union (Hetzner, Germany).

Processing is based on our legitimate interest in the needs-based design and continuous optimisation of our online offering in accordance with Article 6(1)(f) of the GDPR. Since no cookies are set, consent via a consent banner is generally not required for this tool.

7. Contact options and your rights

7.1 Your rights

As a data subject, you have the following rights: pursuant to Article 15 GDPR, the right to request, to the extent specified therein, information about your personal information processed by us; pursuant to Article 16 GDPR, the right to request the immediate rectification of inaccurate personal information or the completion of incomplete personal information stored by us; pursuant to Article 17 GDPR, the right to request the erasure of your personal information stored by us, unless further processing is necessary for exercising the right to freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims; pursuant to Article 18 GDPR, the right to request the restriction of processing of your personal information where the accuracy of the data is contested by you; the processing is unlawful, but you oppose its erasure; we no longer need the data, but you require it for the establishment, exercise or defence of legal claims; or you have objected to processing pursuant to Article 21 GDPR; in accordance with Article 20 GDPR, the right to receive your personal information that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller; in accordance with Article 77 GDPR, the right to lodge a complaint with a supervisory authority. As a general rule, you can contact the supervisory authority in your usual place of residence or workplace, or where our company is headquartered.

Right of objection

Insofar as we process personal information as explained above in order to safeguard our overriding legitimate interests within the framework of a balancing of interests, you may object to this processing with effect for the future. If your data is processed for direct marketing purposes, you may exercise this right at any time as described above. If the processing is carried out for other purposes, you are only entitled to object if there are reasons arising from your particular situation. After exercising your right of objection, we will not process your personal data further for these purposes unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims. This does not apply if the processing is carried out for direct marketing purposes. Then we will not further process your personal data for this purpose.

7.2 How to contact us

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of any consent given or objection to a specific use of data, please contact our company data protection officer.

Data protection officer: Thorshammer 6, 24866 Busdorf, Germany, datenschutz@leab.eu

Privacy Policy

Fast

Informative

Comfortable

Questions?

Responsibility