0
Home

Privacy Policy

 

The protection of your personal data is very important to us. We naturally comply with applicable data protection laws and in particular with the UK`s Data Protection Act (“DPA”), which provides for the measures of the GDPR and the General Data Protection Regulation (“GDPR”). Accordingly, all technical precautions are constantly reviewed and kept up to date and our data protection practices comply with the DPA and the GDPR.

Responsible party and contact

The responsible party within the meaning of the DPA and GDPR is:

Less4Spares Ltd
Packaging House, Wilson way, 
Redruth, Pool, Cornwall, TR15 3RS,
United Kingdom

Web: www.less4spares.co.uk
E-Mail: info@less4spares.co.uk

If you wish to object to the collection, processing, or use of your data by us or if you would like to enforce any of your rights, please contact us at any time.

Use of your personal data

What data is processed and from which sources does this data originate?

We process the data that we have received from you in the course of initiating or processing a contract, on the basis of consent.

Personal data includes:

Your master/contact data, for customers this includes e.g., first and last name, address, contact data (e-mail address, telephone number), payment data.

In the case of business partners, this includes, for example, the name of their legal representative, company, commercial registration number, VAT number, company number, address, contact person contact data (e-mail address, telephone number), payment data.

In addition, we also process the following other personal data:

  • Information on the type and content of contract data, order data, turnover and receipt data, customer and supplier history as well as consultation documents.
  • Advertising and sales data
  • Information from your electronic communication with us (e.g., IP address, log-in data)
  • other data we have received from you in the course of our business relationship (e.g., in customer meetings)
  • the documentation of your consent to receive e.g., newsletters.

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the GDPR and DPA, as amended:

  1. For the fulfilment of (pre-)contractual obligations (Art 6(1)(b) GDPR):

Your data is processed for the purpose of processing contracts online as well as for the purpose of processing contracts for your employees in our company. In particular, the data is processed when initiating business and executing contracts with you.

  • For the fulfilment of legal obligations (Art 6 para. 1 lit. c GDPR):

Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g., from the UK`s Commercial or Fiscal Requirements.

  • For the protection of legitimate interests (Art 6 para. 1 lit. f GDPR):

Based on a balancing of interests, data processing may be carried out beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Data processing for the protection of legitimate interests occurs, for example, in the following cases:

  • Advertising or marketing 
  • Measures for business management and further development of services and products
  • maintaining a customer database to improve customer service
  • in the context of legal prosecution
  • In the context of your consent (Art 6 para. 1 lit. a GDPR):

If you have given us consent to process your data.

Purchase based processing

We collect, store, and process your data for the entire processing of your purchase, including any subsequent warranties, for our services, technical administration, and our own marketing purposes. 

Your personal data will only be passed on to third parties or otherwise transferred if this is necessary for the purpose of contract processing or billing or if you have given your prior consent. In the context of order processing, for example, the service providers we use (such as carriers, logistic companies) payment service providers (currently Barclays) receive the necessary data for order and order processing. The data passed on in this way may only be used by our service providers to fulfil their task within the framework of a contract processing agreement in accordance with the DPA and the GDPR. Any other use of the information is not permitted and does not take place with any of the service providers entrusted by us. 

For the management of purchases, we use the sellXed extension from customweb GmbH. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions.

Order management 

For optimal order management, we use Linnworks and process the data related to your contract with us through Linworks. Your data may be stored on our website and or our order management system. This data processing is based on our legitimate interest.

Contacting us

For general enquiries and specific requests, you can contact us by e-mail. If you contact us, the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with our legitimate interest, your consent, and the initiation of a contractual measure to process your request. Your data provided will not be used for any other purposes, in particular not for advertising.

Leave A Reply

When you leave comments in our blog or posts, your IP addresses, your Name, and e-mail address are stored on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts. In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author. 

Within the blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. It’s your choice whether to include sensitive information on your comment and to make that sensitive information public. Please do not post or add Personal Data to your comment that you would not want to be available.

Marketing and improving quality and service

In the event that you have given your consent to the use of data, your data may also be used for the purposes of market and opinion research and for the purpose of ensuring and continuously improving quality and service, and selected service providers may also be commissioned for this purpose.

Your personal data will be deleted if there are no legal obligations to retain it and if you have made a claim for deletion if the data is no longer required to fulfil the purpose for which it was stored or if its storage is not permitted for other legal reasons.

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs.

We are entitled, to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.

Cookies, Hosting, Logfiles, social media and Security

Cookies

We use first-party and third-party cookies. A cookie is a small simple file that is stored by your browser on the hard drive of your computer or device and sent when you visit a website. The information stored in cookies is then returned (depending on the cookie) to our servers (or to the servers of the relevant third parties) on a subsequent visit. Doing so, Cookies transmit small amounts of data about your device to the relevant web server and enables a website to recognise your computer, smartphone, or other device. For further information on the cookies used on our website please refer to our Cookie Policy. 

Hosting 

To provide our website, we use the services of Simple Servers is a division of Iomart Hosting Ltd, who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. 

Providing the Shop

We use the WooCommerce service developed and operated by Automattic Inc, WooCommerce creates a device ID based on your device data, which can be used to recognise your access device (e.g., PC, tablet or laptop) when you visit my shop again. WooCommerce may also sets a cookie for this purpose. The cookie contains the device ID, but no personal usage or transaction data about you. This means that your access device can be recognised without identifying you by name and linking it to your device ID. This represents a legitimate interest.

Log files

When visiting this website, your browser transmits the following types of data, which are stored by us:

  • the browser type and language,
  • the IP address of the accessing computer,
  • the server requests (e.g., page requests) including time and
  • the referrer URL (i.e., the address of the previously visited website if you accessed our website from there by clicking on a hyperlink).

These first three types of data are technically necessary in order to correctly display the pages you have accessed on this website. In addition, they may be used, if necessary, to maintain the secure operation of this website (e.g., to defend against hacking attempts). The IP address and browser language are also used to suggest the appropriate language setting for our website. The referrer URL is used in anonymised form for statistical purposes. 

Social plugins of social networks

On our website you will find social plugins to the social media services of FacebookInstagramYouTube. You can recognise links to the websites of the social media services by the respective company logo. If you follow these links, you will reach our company websites on the respective social media service. When you click on a link to a social media service, a connection is established to the servers of the social media service. This transmits to the servers of the social media service that you have visited our website. In addition, further data is transmitted to the provider of the social media service. These are for example:

  • Address of the website on which the activated link is located.
  • Date and time when the website was called up or the link was activated
  • Information about the browser and operating system used
  • IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your username and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media services are located in the USA and other countries outside the UK. The data may therefore also be processed by the provider of the social media service in countries outside the UK. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as they do in the UK.

Please note that we have no influence on the scope, type and purpose of the data processing by the provider of the social media service. For more information on the use of your data by the social media services integrated on our website, please refer to the privacy policy of the respective social media service.

Security

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our privacy policy is constantly being revised. Please ensure that you have the latest version.

Google Services

Google Contact Form 7

We use the standard version of the Contact Form 7 plugin to handle requests. In accordance with Google, Inc‘s privacy policy, this is done through WP Forms in the default version: No data theft, No storage of your form entries on the software provider’s website, No sending of data to external servers,  No use of cookies. The use of our contact form is done with the consent of the user to store personal data is your consent and our legitimate interest.

Google Tag Manager 

We use Google Tag Manager, a web analytics service provided by Google, Inc. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal information is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data.  If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html.

Google Fonts

We use Google Fonts on our website to display external fonts. This is a service provided by Google Inc. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed. The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted.

Sharing, Transfer and Storage

Who receives my data?

If we use a service provider in the sense of order processing, we still remain responsible for the protection of your data. All commissioned processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for their own advertising campaigns.

Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data and enables the enrichment with data from public sources.

This data is made available to other companies if necessary for the processing of contracts. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies. In the event of a legal obligation and in the context of legal prosecution, authorities, and courts as well as external auditors may be recipients of your data.

Furthermore, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.

How long will my data be stored?

We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods furthermore, until the end of any legal disputes in which the data is required as evidence.

Will personal data be transferred to a third country?

In principle, we do not transfer any data to a third country. A transfer will only take place in individual cases on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.

What data protection rights do I have?

You have a right to information, correction, deletion, or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information

You can request information from us as to whether and to what extent we process your data.

Right to rectification

If we process your data that is incomplete or incorrect, you can demand that we correct or complete it at any time.

Right to erasure

You may request that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g., in the case of legally regulated retention obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing

You may request us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to erase it and instead request that we restrict the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have objected to the processing of the data.

Right to data portability

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that

  • we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and
  • this processing is carried out with the aid of automated procedures.

If technically feasible, you may request us to transfer your data directly to another controller.

Right to object

If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise, or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of complaint

If you are of the opinion that we are violating data protection law in processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you. The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). If you believe that the processing of your personal data is not lawful, you can lodge a complaint with a data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach any Supervisory Authority.

If you wish to assert any of the aforementioned rights against us, please contact us. In case of doubt, we may request additional information to confirm your identity.

Miscellaneous and Closing

Automated decision-making

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of eshop.tuning-x.com.

Links to other providers

Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

Data Breaches/Notification

Databases or data sets that include personal information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.

Personal information and children 

Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.

Am I Obliged to Provide Data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.

Can we make changes to this Privacy Policy?

We reserve the right to update and amend all or parts of this Privacy Policy, at any time, to the fullest extent permitted under applicable law. The version published on the Site is the version actually in force.

As an individual whose personal information is processed as described in this Privacy Policy, you have a number of rights which are summarised above. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable law.

Questions, suggestions, or comments

If you have any questions, suggestions, or comments on the subject of data protection, please do not hesitate to contact us.

Less4Spares Ltd
Packaging House, Wilson way, 
Redruth, Pool, Cornwall, TR15 3RS,
United Kingdom

Web: www.less4spares.co.uk
E-Mail: info@less4spares.co.uk

This Privacy Policy was last updated on Monday, 07 November 2022