PRIVACY POLICY – BORN IN FLACHT

BORN

FLACHT

Privacy Information BORN IN FLACHT

Contents

Foreword and selected Terms
Responsible Party
Overview
Legal basis for processing Personal Data
Your rights under the General Data Protection Regulation
External Hosting
Automatic Server Log Files
Use of Cookies
Data Protection Information about Membership
Direct Marketing and Postal Advertising
E-mail Communication and Telephone Contact
Data Protection Information for Applicants
Additional data protection information for our business partners

1. Foreword and selected Terms

On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations, which do not primarily take place online.

GDPR stands for the European General Data Protection Regulation.
BDSG is an abbreviation for the Federal Data Protection Act in its current version.
Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
The data subject within the meaning of data protection law is any natural person whose personal data is processed.
Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Article 4 of the GDPR (definitions).

2. Responsible Party

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Schloss Schnait GmbH
Silcherstr. 10
D-71384 Weinstadt
Tel.: +49 (0)7151 20524-0
E-Mail: mail@schloss-schnait.com

3. Overview

The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.

Security on our website (SSL Secure Socket Layer)

Our website is provided with an SSL certificate, which is used to encrypt data transfer processes. This happens, for example, if you send us a message via a form. As a precaution, we would like to point out that 100% security in electronic data processing is not possible and there is always a residual risk.

Data that you transmit to us

On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.

Automatic server log files

Our server automatically records all accesses and therefore also IP addresses (log files); this serves to ward off attacks, analyze access numbers and ensure smooth operation.

Direct marketing and postal advertising

We reserve the right to send our members newsletters based on Section 7 Paragraph 3 UWG and Art. 6 Paragraph 1 Letter f GDPR. We further process your personal data for the purposes of postal advertising for our own services or the services of our partner companies on the basis of Art. 6 Para. 1 lit. f GDPR. Of course, you can exercise your right to object at any time. To do this, please contact the responsible body mentioned above or contact@born-in-flacht.com

Other data recipients

a) Use of processors

We use processors in accordance with the requirements of Art. 28 GDPR, for example in the areas of IT services, web hosting, email hosting or printing services. They process personal data for us according to our instructions.

b) Use of non-specialist services

If necessary (for example to execute the contract), we pass on your data to, for example, banks, other payment service providers, shipping service providers, our tax advisor or lawyer.

c) Legal obligations

We are subject to legal obligations, such as commercial laws or tax law, in this context we must pass on certain data, for example, to tax authorities.

d) Investigation of crimes

If it is necessary to investigate a crime, we pass on data to the law enforcement authorities.

General information on deletion periods of personal data

We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract; we are also obliged to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country

We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Article 28 of the GDPR, taking appropriate guarantees into account. In individual cases we may use plugins or tools that are hosted in third countries, but we use these on the basis of our legitimate interests. In these cases, we will point out the circumstance if necessary.

Legal or contractual obligation to provide personal data

This website can generally be visited without providing personal data. For purchases in our online shop, it is necessary to provide personal data in order to conclude a purchase contract.

4. Legal basis for processing Personal Data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal basis on which we process personal data is described in the individual processing operations in this data protection declaration.

Consent given (Art. 6 Para. 1 lit. a GDPR)

Consent is one of these legal bases and requires that the person giving consent gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can generally be revoked at any time without giving reasons.

Contract-related data processing (Art. 6 Para. 1 lit. b GDPR)

The processing of personal data to initiate or implement contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.

Legal obligation (Art. 6 Para. 1 lit. c GDPR)

The exception to data processing based on a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example we are obliged to comply with certain retention periods according to commercial law and tax law.

Legitimate interests (Art. 6 Para. 1 lit. f GDPR)

The processing of personal data on the basis of a balancing of interests in accordance with Art. 6 Para. 1 lit. f GDPR allows processing after careful weighing of financial or legal interests against the legitimate interests of the data subject .

5. Your rights under the General Data Protection Regulation

Every natural person is entitled to certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can demand from us.

Right to revoke your consent in accordance with Art. 7 GDPR

You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information according to Art. 15 GDPR (restrictions possible according to Section 34 BDSG)

You have the right at any time to request information about the data you process and the purposes of the processing.

Right to rectification according to Art. 16 GDPR

If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 GDPR (restrictions possible according to § 35 BDSG)

You have the right at any time to request the deletion of your personal data that we process about you. If complete deletion is not possible, for example because we have to fulfill legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
If you have lodged an objection in accordance with Article 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Right to data portability according to Art. 20 GDPR

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Right to object to certain processing operations and direct advertising in accordance with Art. 21 GDPR

If the data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR in conjunction with In accordance with Section 19 BDSG

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

6. External Hosting

This website is hosted externally. The personal data collected on this website is stored on the server(s) of the host(s). This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR).

Our hosts will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We have commissioned the following providers:

Technical hosting of the app:

Fabrik19 AG

Bahnhofstr. 82-86

D-35390 Giessen

Hosting website and databases:

Klickpark GmbH & Co. KG

Bahnhofstrasse 27

D-68526 Ladenburg

Data Processing Agreement

We have concluded data processing contract (DPA) with our hosting service providers. Personal data will only be processed according to our instructions and in compliance with the GDPR.

7. Automatic Server Log Files

Our web server automatically logs all access and thus also the IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 Para. 1 lit. f GDPR).

In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.
Date and time of retrieval
Information about the browser type and version browser used
Information about the operating system used
Device (client)
Referrer URL (which page you used to land on our website)
Hyperlinks accessed

We only process this data for the purposes mentioned above. We delete server log files after three months at the latest.

8. Use of Cookies

Our websites use so-called “cookies”. Cookies are small data packages and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this data protection declaration.

Legal basis for the use of Cookies

Cookies that are necessary to carry out the electronic communication process, to provide certain functions you require (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience). (necessary cookies) are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG); consent can be revoked at any time.

The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our data protection declaration.

9. Data Protection Information about Membership

Registration of a User Account

You can apply for membership on our website or register a user account with which you can use the BORN IN FLACHT app to its full extent. In this context, please also note the data protection declaration applicable to the use of the app at https://born-in-flacht.com/de/privacy-policy-app/

The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

Mandatory data when registering

When registering to create a profile, the following mandatory information is requested:

Salutation
First name
Last name
Birth date
City
Postcode
Street and house number
E-mail address
Telephone number
Chassis number
Vehicle type
Construction year

Optional information

Company

Registration is not possible without providing the mandatory data. We process this data on the basis of Art. 6 Para. 1 lit. b GDPR to carry out pre-contractual measures and later to carry out the contractual relationship with membership on the basis of the general terms and conditions.

Verification of your member account

BORN IN FLACHT is a community for owners of Porsche GT sports cars. Interested parties have the option of being verified by submitting their vehicle’s VIN. Verified users have access to special and extensive functions of the app.

As part of the verification process, it is checked whether the transmitted VIN is a GT vehicle from the Porsche brand. The VIN number is stored in the user’s profile but is not published. We process the data on the basis of Article 6 Paragraph 1 Letter b of the GDPR in order to provide you with the desired services in this context and to carry out the associated contractual relationship with you.

Deleting a user account

We store your data for as long as you maintain your membership. If you would like to delete your user account and terminate your membership, please inform the above-mentioned responsible body in writing. The data collected during registration will be stored by us as long as you maintain your member account.

If there are statutory retention periods for all or parts of your data, we must comply with these and will restrict your data after your revocation or your request for deletion. However, this does not directly affect the data from your user account, but rather data that was processed as part of a purchase contract. In this case, the retention period is usually 10 years (§147 AO / §257 HGB / §14b UstG). We will let you know if this applies to your data.

10. Direct Marketing and Postal Advertising

Postal Advertising to existing Customers in the legitimate Interest

We process your personal data for our own marketing purposes (sending postal advertising) and for the advertising purposes of third parties (partner companies). We process the following data:

Salutation
First name
Last name
Gender
Year of birth (if applicable)
Postal address

We provide your postal contact details (name, address) from partner companies selected by us, from the automotive industry and other industries, letter shop process (order processing). The partner companies do not receive your personal data at any time; postal advertising is sent by us or by a letter shop commissioned by us as part of an order processing contract.

The legal basis for the use of personal data for marketing purposes is Article 6 Paragraph 1 Letter f GDPR. Our legitimate interest is to inform our customers about products and services that may be of interest to you.

We generally process your data for the purposes described for the duration of your membership.

Note on the right to object

You can use your personal data for the aforementioned marketing purposes at any time free of charge with effect for the future by sending a message to contact@born-in-flacht.com or with a short message to Schloss Schnait GmbH, Silcherstrasse 10, D-71384 Weinstadt/Schnait. If you object, we will block your data for further data processing for advertising purposes.

Electronic Direct Marketing to existing Customers in the legitimate Interest

We reserve the right to use the data collected as part of your membership for direct advertising by email or post in accordance with Section 7 Paragraph 3 UWG if you do not object or have objected to this use. We use your data for the duration of your membership.

We have a legitimate, economic interest (Art. 6 Para. 1 lit. f GDPR) in providing our customers with advertising information. Of course, you can object to receiving direct advertising at any time. Direct your objection to the responsible body mentioned above.

11. E-mail Communication and Telephone Contact

Communication via Email

If you write us an email, we will process your data according to the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Article 6 Paragraph 1 Letter b GDPR and Article 6 Paragraph 1 Letter f GDPR. It is in our legitimate interest to process your request quickly and efficiently.

Please note that we store all incoming emails in accordance with proper accounting principles for a period of ten years, starting from the first day of the following year in which the message was received. If you ask us to delete the data, we will from now on restrict the processing of your data and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by Telephone

Even if you contact us by telephone, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and/or in our legitimate interest, analogous to contacting you by email.

We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of the data processing has been achieved and we no longer have any legitimate interests in the processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. Of course, you can request deletion at any time.

12 . Data Protection Information for Applicants

If you apply to us, whether for an advertised position or on your own initiative, we will process your data to carry out the selection process. It is irrelevant to us whether you apply by post, email or, if available for the respective position, using an online form .

In principle, as part of an application process, we only process the data that you have provided to us yourself. The use of additional sources may only be considered after information and consultation with you. For example, whether we can contact a former employer.

The legal basis for carrying out an application process is Section 26 BDSG in conjunction with Article 6 Para. 1 lit. b GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period of time, this will be done on the legal basis of Article 6 Para. 1 lit. a GDPR.

Deletion periods for applicant data

We delete applicant data a maximum of 3 months after completion of the application process (when a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing no longer exists at the end of the selection process, but we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in being able to defend ourselves against any claims made by rejected applicants. If you have the impression that your interests in immediate deletion outweigh your interests, you have the option of requesting us to do so. We will then examine your request and give you feedback.

After the above-mentioned period has expired, your data will be deleted unless we have to defend ourselves, for example in ongoing proceedings, for example due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the process has been completed, unless there are no statutory retention periods.

If we are allowed to store your data for a longer term based on your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before revoking your consent if it is clear that no position will be available.

Inclusion in our applicant pool

If we are currently unable to offer you a position, we may ask you for your consent to continue storing your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Aba. 1 lit. a GDPR). Of course, you can revoke your consent at any time with future effect. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest.

13. Additional data protection information for our business partners

Data Categories and Purposes of Processing

We process personal data from our service providers and partners, which we receive directly as part of our business relationship. If we have received data from you, we will generally only process it for the purposes for which we received or collected it.

As a rule, we process the following categories of data from you

Last Name, First Name
Address and/or Company Address
Telecommunications Data
E-mail Address
Company
Professional Function and/or Position
Bank Details/other Payment Details
Data on the history of the Business Relationship

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contact initiated by you or one of our employees, further personal data is created, e.g. Information about contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.

On the other hand, we process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).

Data processing for other purposes is only possible if the necessary legal requirements in accordance with Article 6 (4) GDPR are met. In this case, we will of course observe any information obligations pursuant to Article 13 Paragraph 3 GDPR and Article 14 Paragraph 4 GDPR.

Legal Basis on which we process your Data

Based on your consent (Art. 6 Para. 1 lit. a GDPR)

We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed based on your consent, you have the right to revoke your consent to us at any time with future effect.

Data processing for the fulfillment of contracts (Art. 6 Para. 1 lit. b GDPR)

We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that is necessary to carry out pre-contractual measures, such as initiating a contract, and which are carried out at your request.

Data processing based on a legal obligation (Art. 6 Para. 1 lit. c GDPR)

Like every company, we must fulfill retention obligations and other documentation obligations; this can also affect documents with personal information. To the extent that we process data for these purposes, the processing takes place on the basis of a legal obligation.

Data processing based on a balancing of interests (Art. 6 Para. 1 lit. f GDPR)

If we process data on the basis of a balancing of interests, you as the data subject have the right to allow the processing of personal data, taking into account the provisions of Article 21 GDPR contradict. To the extent that the specific purpose permits, we process your data pseudonymously or anonymously.

Other Recipients of your Data

Transfer to processors within the scope of Art. 28 GDPR

Processors we use (Art. 28 GDPR), particularly in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. When we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after contracts for order processing have been concluded. We would be happy to let you know which processors we use.

Disclosure to providers of third-party specialist services

If necessary for the execution of the contract, legitimized by our legitimate interest or required due to legal obligations, providers of third-party specialist services process personal data for us. These are in particular tax advisors, auditors and banks.

Disclosure to carry out a contractual relationship

If it is necessary to carry out the contract with you, we will pass on your data, for example, to our bank to process payments or shipping service providers.

Disclosure due to a legal obligation

If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

Other places, insofar as you have given us your consent.

If you have given your explicit consent, we will also pass on your data to other places. However, this occurs within the limits provided you have verifiable consent.

Information on Deletion Periods of Personal Data

Principle of purpose limitation and compliance with statutory retention periods.

In addition, like every company, we are obliged to comply with statutory retention periods, for example the deadlines under commercial and tax law. If there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention period. The storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 ff. of the Civil Code (BGB), can usually be three years, but in certain cases can also be up to thirty years. After the retention period has expired, it will be checked whether further processing is necessary. If it is no longer necessary, the data will be deleted.

As a rule, such retention periods in the context of legal transactions (according to §147 AO / §257 HGB / §14b UstG) are 10 years, starting with the year following the legal transaction.

Specific example

If you provide us with your contact details, for example by email, telephone, or by handing over your business card, we will store this data on the basis of pre-contractual measures and in accordance with Article 6 Paragraph 1 Letter b of the GDPR Interest (Art. 6 Para. 1 lit. f GDPR) in smooth and targeted communication. If no legal transaction is concluded, we will delete your data if you request us to do so or if there is no further contact within a period of three years. If you enter into a legal transaction with us (Art. 6 Para. 1 lit b GDPR), we will store your data for ten years until the commercial and tax requirements expire. After this period, we check whether we can delete the data and, if necessary, delete it.

E-mails and business letters

We archive all of our e-mail traffic for ten years. If you write us an email, your data and the entire email content will be stored for 10 years. Most emails count as business letters, and emails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual email is not proportionate to the benefit and legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out an individual case check and inform you of the result. This can lead to deletion or restriction of processing, depending on the content of the correspondence.

Revocation of your consent

If we process your data based on your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after your revocation. Unless there are legitimate interests against complete deletion. For example, we generally store the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 Para. 1 lit. f GDPR). We only retain the consent subject to restriction of processing in order to be able to defend ourselves in the event of a dispute.

Legal or contractual Obligation to provide Personal Data

The provision of personal data is regularly necessary for the initiation, conclusion, processing and reversal of a contract. If you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

Transfer to a Third Country

We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.