Data protection
1. Name and contact details of the person responsible for processing data and the company data protection officer
This data protection information applies to data processing carried out by the
Fricke Group GmbH & Co. KG and its subsidiaries (hereinafter ‘Fricke Group’)
Zum Kreuzkamp 7, D-27404 Heeslingen
Tel.: +49-4281-712-0, Fax: +49-4281-712-49
Email: [email protected]
Website: www.fricke.de
The Fricke Group data protection officer can be contacted at the address given above (all correspondence should be marked ‘for the attention of the data protection officer’), or via email at [email protected].
2. Collection and storage of personal data, and the nature and purpose of its use
a) When visiting the website
When you visit the website, the browser that you use on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. The following information is automatically collected and stored until an automated deletion takes place:
- IP address of the computer,
- date and time of access,
- name and URL of the file accessed,
- webpage from which our website is accessed (referrer URL),
- browser used and, where appropriate, the computer operating system plus the name of your access provider.
This data is processed by us for the following purposes:
- to ensuring smooth connection to the website,
- to ensure easy use of our website,
- to evaluate system security and stability, and
- for other administrative purposes.
The legal basis for processing data is set out in Art. 6 Para. 1 S. 1 Point f of the GDPR (General Data Protection Regulation). Our legitimate interests arise from the reasons for collecting data listed above. Under no circumstances will we use the data collected to draw conclusions about individuals.
We also use cookies and analytics services when you visit our website. More detailed explanations of the tools that we use can be found under points 4 and 5 of this privacy notice.
b) When signing up for our newsletter
Provided that you have given your consent in accordance with Art. 6 Para. 1 S. 1 Point a of the GDPR, we will use your email address to regularly send you our newsletter. In order to receive the newsletter, only an email address is required.
You can unsubscribe at any time, for example via the link at the bottom of each newsletter. Alternatively, you are welcome to email [email protected] at any time. If you unsubscribe from the newsletter, your data processed for this purpose will be deleted immediately. We only store documentation of your consent (opt in and opt out time) for up to three years for the purpose of legal defence.
c) When using our contact form
If you have questions of any kind, you have the option of contacting us via a contact form on our website. To do so, you must provide a valid email address so that we know who submitted the enquiry, and to enable us to respond. Further information can be provided voluntarily.
With your consent, data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1 S. 1 Point a of the GDPR.
The personal data collected by us for the purpose of the contact form will be automatically deleted after your enquiry has been dealt with.
d) Competitions
If you register for competitions organised by the Fricke Group, we will use the data you provided during registration for the purpose of executing the participation contract, in particular to notify you of the winner and, where appropriate, to advertise our offers. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for processing data in this way is Article 6 Paragraph 1 Point a) of the GDPR, Article 6 Paragraph 1 Point b) of the GDPR and Article 6 Paragraph 1 Point f) of the GDPR.
e) When using the barcode scanner in the app
Using your smartphone’s camera function, our app can recognise text on images of type plates, equipment parts, stickers, packages and packaging. This enables you to quickly and accurately identify products, equipment parts and machines. Text recognition software (OCR) is used on your smartphone together with a simultaneous camera recording which converts the data accordingly and then transfers it to the shop search via server call.
- When you download our app, the required information is transferred to the relevant app store, in particular user name, email address and customer number associated with your account, time of download and the individual device identification number. We have no influence on the collection of this data and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to your smartphone. When you use the app, we collect the personal data described below to enable convenient use of the app’s functions, and because they are technically necessary for us to offer these functions and to ensure stability and security.
- When you use our app, the same data is collected as when you use our website (listed under point 2a of this privacy policy).
f) When signing up for our WhatsApp-newsletter
Per sending the start message you declare your consent with the internal data protection regulations of Fricke Group. In accordance with Art. 6 sec. 1 a GDPR you specifically consent to the saving, processing and usage of the following personal data (first and last name, telephone number, Messenger-ID, IP address, profile picture as well as the message/news content) in the framework of use of the messaging service in order to enable the sending of messages. The use of the messaging service requires a valid and active account with the messaging service provider.
Fricke Group uses MessengerPeople GmbH, Seidlstr. 8, 80335 Munich, Germany, as a technical service provider and data processor in the course of the provision of services.
Your consent can be freely revoked at all times; with regard hereto, a message specifying your intention to terminate the reception of services needs to be sent to Fricke Group. Further information is contained in the privacy statements of Fricke Group, the messaging services and MessengerPeople GmbH.
g) Withdrawing consent to having your personal data processed
You can withdraw your consent to having your personal data processed at any time; to do this, simply notify the Fricke Group. Further information can be found in the respective privacy policies of the Fricke Group, the messenger services and MessengerPeople GmbH.
We use the customer matching process based on your consent given in accordance with Article 6 of the General Data Protection Regulation (GDPR) (for example when you give your consent within our privacy/cookies banner, or when you accept our privacy policy by checking a box before submitting forms or orders). Encrypted user data (such as email addresses or telephone numbers) is transferred to our advertising partners’ servers. Our partners’ systems compare this information to identify matches. The data used for the comparison is then deleted from the advertising partners’ servers in encrypted form to prevent any further use. If the data corresponds to a known user profile, this will be used for targeted advertising measures. If you wish to withdraw your consent, you can do so at any time by contacting our customer services team or sending a message via our contact form.
For a detailed explanation of the process illustrated on Google Customer Match, please refer to the schematic representation that can be accessed via the following link: Schematic representation of Google Customer Match.
According to Article 4 of the GDPR, personal data includes any information relating to an identified or identifiable natural person. As part of Customer Match, we process data such as email addresses, but also telephone numbers, names and addresses. This information is pseudonymised using hashing algorithms before it is passed on to an advertising partner, which makes it unrecognisable and considerably more difficult to trace back to an individual person. This procedure ensures that the data can only be used for the intended purpose.
3. Sharing data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal details with third parties if:
- you have given your consent in accordance with Art. 6 Para. 1 S. 1 Point a of the GDPR,
- it is necessary for the enforcement, exercise or defence of legal claims in accordance with Art. 6 Para 1 S. 1 Point f of the GDPR, and there is no reason to believe that you have a legitimate interest in preventing your data from being shared,
- it is required by law in accordance with Art. 6 Para. 1 S. 1 Point c of the GDPR, or
- it is permitted by law and necessary for developing contractual relationships with you in accordance with Art. 6 Para. 1 S. 1 Point b of the GDPR.
4. Cookies
We use cookies on our site. These are small files that your browser creates automatically and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies will not harm your device, and do not contain viruses, Trojans or other malware.
Information relating to the device used is stored in the cookie. However, this does not mean that we can use it to discover your identity.
Cookies are used to make our online offering more enjoyable for you to use. We use session cookies to see that you have already visited individual pages of our website. These are automatically deleted once you leave our site.
We also use temporary cookies to optimise user-friendliness, and these are stored on your device for a set period. If you revisit our page to make use of our services, it will be automatically recognised that you have already visited the page. Your inputs and settings will also be remembered so that you do not have to re-enter them.
We also use cookies to compile statistics about how our website is used, and to evaluate this for the purpose of optimising our offering (see point 5). When you revisit our page, these cookies enable us to automatically recognise that you have visited it before. These cookies are automatically deleted after a set period.
Most browsers accept cookies automatically. You can configure your browser to prevent cookies from being stored on your computer or to always display a notification before a new cookie is created. However, complete deactivation of cookies may mean that you are unable to use all the functions of our website.
a) General information about analytics tools
The tracking tools listed below and used by us are implemented in accordance with Art. 6 Para. 1 S. 1 Point f of the GDPR. Our aim is to use tracking tools to ensure a tailored website design as well as continuous optimisation. We also use tracking tools to compile statistics about how our website is used, and to evaluate this for the purpose of optimising our offering.
The respective data processing purposes and data categories can be gathered from the relevant tracking tools.
When using analytics tools, it is possible for personal data (e.g. your IP address) to be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA). Processing of this kind will only take place with your consent (Art. 6 Para. 1 Point a of the GDPR). More details about how data is passed on can be found below.
The European Commission certifies that the data protection measures in some third countries are comparable to the EEA standard using adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law- topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. According to the European Court of Justice, an adequate level of protection for data transfers to the USA can only be achieved under extremely strict conditions. Where we transfer data to third countries, we ensure that an adequate level of data protection is guaranteed. This is possible via binding company regulations, standard European Commission contract clauses for the protection of personal data in accordance with Art. 46 Para. 1, 2 Point c of the GDPR (the standard contractual clauses from 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates or recognised codes of conduct. Please contact our data protection officer if you would like more information about this.
b) Google Analytics
For the purposes of demand-based website design and continuous optimisation of our pages we use Google Analytics, a web analytics service from Google Inc. (https://about.google/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter ‘Google’). As part of this, pseudonymised usage profiles are created and cookies (see point 4) are used. The following information relating to your use of our website is generated by the cookie:
- browser type/version,
- operating system used,
- referrer URL (previously visited page),
- host name of computer (IP address),
- time of server request,
We also use Google Conversion Tracking to compile statistics about how our website is used, and to evaluate this for the purpose of optimising our website. If you access our website via a Google ad, Google AdWords will place a cookie (see point 4) on your computer.
These cookies are only valid for 30 days and are not used for personal identification. If a user visits particular pages of an AdWords customer’s website before the cookie has expired, Google and the customer can see that the user has clicked on the ad and been redirected to that page.
Each AdWords customer receives a different cookie. This means that cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users that have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive any information with which users could be personally identified.
If you do not wish to take part in the tracking process, you can reject the required cookies, for example via the browser setting that prevents cookies from being accepted automatically. You can also disable conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com. Google’s conversion tracking privacy policy can be found here.
c) Use of the remarketing or similar target groups function from Google Inc.
We use the remarketing or similar target groups function from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‘Google’) on our website. This function is used to analyse visitor behaviour and interests. Google uses cookies to analyse website usage, which forms the basis for the creation of interest-based advertisements. The cookies are used to record visits to the website and anonymised data about website usage. The personal data of visitors to the website are not stored. If you then visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. Your data may also be transferred to the USA.
Processing takes place on the basis of Art. 6 (1) Point a of the GDPR. You can permanently disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=en
Alternatively, you can disable the use of cookies by third parties by visiting the Network Advertising Initiative opt-out page at https://www.networkadvertising.org/choices/ and implementing the opt-out information provided there. More information about Google remarketing and the associated privacy policy can be found at: https://www.google.com/privacy/ads/
d) econda
For the purposes of demand-based design and optimisation of this website, solutions and technologies from econda GmbH are used to collect and store anonymised data, from which usage profiles using pseudonyms are created. To this end, cookies can be used to allow a browser to be recognised. However, usage profiles are not linked with information about the user behind the pseudonym without the consent of the user. IP addresses in particular are concealed as soon as they are received, meaning that it is not possible to match usage profiles to IP addresses. Visitors to this website can opt out of future data collection and storage at any time here. You will only be opted out on your current device and browser, please repeat the process on all devices as required.
If you delete the opt-out cookie, any requests that occur subsequently will be saved by us as standard. You can opt out here.
e) Using SalesViewer® technology
This website may collect and store data for marketing, market research and optimisation purposes using SalesViewer® technology from SalesViewer® GmbH.
A JavaScript-based code is used to collect company-related data and the corresponding usage. The data collected with this technology is encrypted using a non-reversible one-way function known as hashing. The data are immediately pseudonymised and not used to personally identify the visitor to this website.
The data stored by SalesViewer will be deleted as soon as they are no longer required for their intended purpose, and the deletion thereof will not conflict with any statutory storage requirements.
You can object to data collection and storage at any time by clicking on this link https://www.salesviewer.com/opt-out to prevent future data collection by SalesViewer® on this website. This places an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click this link again.
f) Hotjar
We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.) and this helps us tailor our offerings to our users' feedback. Hotjar works with cookies and other technologies to collect data about our users' behavior and about their devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
For more information, see the 'About Hotjar' section on Hotjar's Help page.
f) Product Fruits
We want to make it as easy as possible for our users and customers to get started using our service. For this purpose, we use a user guidance service provided by our processor Product Fruits s.r.o., Rosdelovska 1999/7, 169 00 Prague 6, Czech Republic.
The user guidance service provides you with additional information and assistance at certain points during the use of our service, for example by clicking on certain buttons, so that you can find your way around more easily and understand how to operate the service. In addition, you will receive help with the user guidance so that you are made aware of new functions within our service. We also analyse whether the user guidance was helpful and whether an optimisation of the user guidance is necessary.
The following types of data are processed for this purpose:
IP address, device type (mobile device or PC), operating system, browser version, region or country, your registration date for our service, number of logins, the type of customer account you have with us, pages accessed within our service.
The processing of this data generally takes place in the European Union. The use of Product Fruits serves the contractual fulfilment of the existing contractual relationship with you according to Art. 6 para. 1 lit. b DSGVO. The legal basis for the analysis and optimisation of the user experience is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO
g) Instana
We use Instana on our website, a service provided by Instana, Inc, 222 S Riverside FI 15, Chicago, Illinois, 60606, USA.
Instana uses cookies - which are stored on your computer - to analyse how users visit our website. The information generated includes IP addresses and user behaviour data. The data is collected in order to analyse the user's browsing activities, and to improve system performance and the user-friendliness of our website.
Instana may also use an anonymised form of this data to analyse the data and improve the Instana service. Instana is not able to link this information to any individual. Instana may share this information with third parties when required to do so by law, or when such third parties process the information on Instana's behalf. You can prevent your personal data (in particular your IP address) from being collected, transmitted and used by deactivating JavaScript in your browser, or installing a tool such as NoScript.
For more information about Instana's privacy policy, please click here.
5. Social media plug-ins
YouTube
We use YouTube (owned by Google) to embed videos into our website. As with the majority of websites of this kind, YouTube also uses cookies to collect information about the visitors to their site. YouTube uses this information to compile video statistics, to prevent fraud and to increase user-friendliness. This also creates a connection with the Google DoubleClick network.
We use the enhanced privacy mode option provided by YouTube. When you visit a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. According to the information provided by YouTube, in enhanced privacy mode your data - in particular information about which of our websites you have visited, plus device-specific information including IP address - will only be transferred to the YouTube server in the USA if you watch the video. By activating this plug-in and clicking on the video, you consent to data being transferred in this way.
Google's privacy policy can be found here: https://support.google.com/youtube/answer/2801895?hl=en. Opt out: https://adssettings.google.com/authenticated.
6. Cloudflare
a) Cloudflare CDN
Type and scope of processing
We use Cloudflare CDN to properly provide the content of our website. Cloudflare CDN is a service provided by Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above, and to maintain the security and functionality of Cloudflare CDN.
Purpose and legal basis
The use of the content delivery network is based on our legitimate interests, i.e. our interest in secure and efficient provision, as well as the optimisation of our online offering in accordance with Art. 6 Para. 1 lit. f. of the GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Art. 45 Para. 1 of the GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision from the European Commission (including US companies that are not certified in accordance with the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. of the GDPR. Unless stated otherwise, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4th June 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a transfer to a third country, we obtain your consent in accordance with Art. 49 Para. 1 Sentence 1 lit. a. of the GDPR, which you give via the Consent Manager (or other forms, registrations, etc.) We would like to point out that in the case of transfers to third countries, there may be risks the details of which are unknown (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not be made aware).
Storage period
We have no control over the specific storage period for the processed data; this is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.
b) Cloudflare AMP
Type and scope of processing
We use Cloudflare AMP to properly provide the content of our website. Cloudflare AMP is a service provided by Cloudflare, Inc. which acts as a content delivery network (CDN) on our website to ensure the functionality of other Cloudflare, Inc. services. You will find a separate section for these services in this privacy policy. This section only deals with the use of the CDN.
A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Cloudflare AMP.
Purpose and legal basis
The use of the content delivery network is based on our legitimate interests, i.e. our interest in secure and efficient provision, as well as the optimisation of our online offering in accordance with Art. 6 Para. 1 lit. f. of the GDPR.
Storage period
We have no control over the specific storage period for the processed data; this is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare AMP: https://www.cloudflare.com/privacypolicy/.
c) Cloudflare Insights
Type and scope of processing
We have integrated Cloudflare Insights into our website. Cloudflare Insights is a service provided by Cloudflare, Inc. which develops cloud-based software that allows website and application owners to track the performance of their services.
Cloudflare Insights enables the technical performance of our services to be evaluated statistically (e.g. the duration of a specific database query, the stability and accessibility of our servers, or the response time of our servers). For this purpose, application and browser data are collected and stored in the browser using cookies.
In this case, your data will be passed on to the operator of Cloudflare Insights, Cloudflare, Inc.
Purpose and legal basis
The use of Cloudflare Insights is based on your consent in accordance with Art. 6 Para. 1 lit. a. of the GDPR and § 25 Para. 1 of the TTDSG (German Telecommunications and Telemedia Data Protection Act).
Storage period
We have no control over the specific storage period for the processed data; this is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare Insights: https://www.cloudflare.com/privacypolicy/.
7. Storage period
Your data will only be processed for as long as is necessary to achieve the processing purposes set out above; the legal basis specified in the context of the processing purposes applies. With regard to the use and storage period of cookies, please refer to our cookie policy, accessible via the Privacy settings button at the bottom of our website (footer).
Third parties used by us will store your data on their system for as long as is necessary for the provision of services for us in accordance with the respective order.
8. Rights of affected persons
You have the right:
- in accordance with Art. 15 of the GDPR to request information about your personal data processed by us. You can request information about the processing purposes, the personal data categories, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of the right to request the amendment or deletion of your data, the restriction of the processing thereof and the right to object to such processing, the existence of the right to lodge a complaint with a supervisory authority, the origin of your data when these were not collected by us, and the existence of automated decision making, included profiling, plus meaningful details about this;
- in accordance with Art. 16 of the GDPR to request the immediate amendment of incorrect personal data saved by us, or the completion thereof;
- in accordance with Art. 17 of the GDPR to request the deletion of personal data saved by us provided that processing is not required to exercise the right to freedom of expression and information, to meet a legal requirement, for reasons of public interest, or for the enforcement, exercise or defence of legal claims;
- in accordance with Art. 18 of the GDPR to request the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, you oppose the deletion of the data and we no longer require it, you do not require the data for the enforcement, exercise or defence of legal claims, or you
- object to the processing in accordance with Art. 21 of the GDPR;
- in accordance with Art. 20 of the GDPR to receive the personal data provided to us in a structured, commonly used and machine-readable format or to request the transmission thereof to another responsible party;
- in accordance with Art. 7 Para. 3 of the GDPR to withdraw your consent at any time. The withdrawal of your consent will mean that we will no longer be permitted to process your data, and
in accordance with Art. 77 of the GDPR to lodge a complaint with a supervisory authority. You can lodge a complaint with the supervisory authority in your habitual residence or place of work, or our place of business.
9. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 Point f of the GDPR, you have the right - in accordance with Art. 21 of the GDPR - to object to the processing of your personal data on grounds relating to your particular situation, or where data are processed for direct marketing purposes. In the latter case you have a general right to object which will be observed regardless of the situation.
If you would like to exercise your right to withdraw or object, simply email [email protected].
10. Data security
Our website employs the widely-used SSL (Secure Sockets Layer) protocol in conjunction with the highest level of encryption supported by your browser. This is normally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology. Encrypted pages can be recognised by the key or padlock symbol next to your browser’s address bar.
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, deletion and unauthorised access by third parties. We continuously improve our security measures in line with technological developments.
11. Validity of and amendments to this privacy policy
This privacy policy is valid as of January 2023. In the event of further developments to our website and offers, or changes to the legal or official requirements, it may be necessary to amend this privacy policy. The current privacy policy can be viewed at any time at https://www.granit-parts.co.uk/e/service/privacy and printed.