The following data protection declaration applies to the use of the website [www.corvette-experience.com] (hereinafter referred to as „website“).
Drive&Fun GmbH, hereinafter referred to as „we“, attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the above-mentioned portal. This statement describes how and for what purpose your data is collected and used and what rights you have in connection with your personal data. The following information is valid as of 25 May 2018 and may replace previous information.
By using the Corvette Experience website and other internet addresses that refer to the address www.corvette-experience.com, the user agrees to the following terms of use:
1 Responsible party
The responsible party for the collection, processing and use of your personal data within the meaning of the GDPR is
Corvette Experience – a project by Drive&Fun GmbH
Drive&Fun GmbH
Industrie Straße 7
86438 Kissing
GERMANY
Phone: +49 8233 74425-0
Fax: +49 8233 74425-25
E-mail: info@corvette-experience.com
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in respect of individual measures, you may address your objection to the above-mentioned responsible office.
You can save and print out this data protection declaration at any time.
2 Purpose and legal basis of processing
Your personal data is processed in accordance with the provisions of the European Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other possibly applicable data protection regulations.
2.1 Based on consent (pursuant to Art. 6 para. 1 lit. a GDPR)
The purposes of the processing of personal data result from the granting of consent. Consent given can be revoked by you at any time with effect for the future. Consent granted before the applicability of the GDPR (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation. Example: sending a newsletter.
2.2 For the fulfilment of contractual obligations (pursuant to Art. 6 para. 1 lit. b GDPR).
The purposes of data processing result on the one hand from the initiation of pre-contractual measures that precede a contractually regulated business relationship and on the other hand for the fulfilment of obligations arising from the contract concluded with you (e.g. sending of booking documents).
2.3 Due to legal requirements (pursuant to Art. 6 para. 1 lit. c GDPR) or in the public interest (pursuant to Art. 6 para. 1 lit. e GDPR).
The purposes of the data processing result from legal requirements or are in the public interest (e.g. compliance with retention obligations, proof of compliance with reference and information obligations).
2.4 Within the framework of the balancing of interests (pursuant to Art. 6 para. 1 lit. f GDPR)
The purposes of the processing result from the protection of our legitimate interests. It may be necessary to process the data provided by you beyond the actual performance of the contract. Our legitimate interest may be used to justify the further processing of the personal data, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest in individual cases may be: Assertion of legal claims, defense against liability claims, prevention of criminal offences.
3 General use of the website
3.1 Access data
When you use this website, information about your usage behavior and your interaction with us is automatically collected, as well as data about the terminal devices you use. We collect, store and use data about every access to our online offer (so-called server log files). The access data includes the name and URL of the file accessed, the date and time of access, the volume of data transferred, the message about successful access (HTTP response code), the browser type and version, the operating system, the referrer URL (i.e. the previously visited page), the IP address and the requesting provider. This is exclusively information that does not allow any conclusions to be drawn about your person.
We use this protocol data without assigning it to your person or otherwise creating a profile for statistical evaluations for the purpose of the operation, security and optimization of our online offer, but also for the anonymous recording of the number of visitors to our website (traffic) as well as the scope and type of use of our website and services, as well as for accounting purposes in order to measure the number of clicks received from cooperation partners. This information allows us to provide personalized and location-based content and to analyze traffic, troubleshoot and resolve errors, ensure a smooth connection of the website and improve our services.
We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. After the order, process has been cancelled or after payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR (see section 2.4). Our interests in data processing are in particular to ensure the operation and security of the website, to ensure comfortable use and smooth connection establishment, to study the way visitors use the website, and to simplify the use of the website.
3.2 Contact form and e-mail contact
If you contact us (e.g. by contact form or e-mail), we will store your details for the purpose of processing the enquiry and in the event that follow-up questions arise. We only store and use further personal data if you consent to this or if this is legally permissible without special consent. In this case, the data is processed in accordance with Art. 6 para. 1 lit. a GDPR (see section 2.1) on the basis of your voluntarily given consent.
3.3 Newsletter
When registering to receive our newsletter, the data you provide will be used exclusively for this purpose and will not be passed on to third parties. Subscribers may also be informed by e-mail about circumstances relevant to the service or registration.
For an effective registration, we require a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the „double-opt-in“ procedure. For this purpose, we log the order for the newsletter, the sending of a confirmation email and the receipt of the response requested herewith. No further data is collected.
You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. You will find a corresponding link in each newsletter. Data processing in this case is carried out in accordance with Art. 6 para. 1 lit. a GDPR (see section 2.1) on the basis of your voluntarily given consent.
3.4 Booking a service on our website
When registering as part of a booking for our services, personal data is collected, such as name, address, contact and communication data such as telephone number and e-mail address. Here, the mandatory data that we need to process the contractual relationship are marked with an asterisk („*“) in each case. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. b GDPR (see section 2.2), for the fulfilment of contractual obligations.
3.5 Social plugin
The Drive&Fun GmbH website uses so-called social plugins („plugins“) of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This social plugin is marked with the respective logo, so-called placeholder. Only when you click on this placeholder is it activated and establishes a direct connection with the Facebook server via your browser. This transmits the information to Facebook that you have accessed the page of our website containing the social plugin. This also happens if you are not logged in to Facebook or do not have a corresponding account.
However, if you have a corresponding account and are logged in to Facebook at that time, your visit to our pages and all of your interactions in connection with the social plugin (e.g. creating a comment, etc.) can be assigned to your profile there and stored by Facebook.
The purpose and scope of data collection as well as the processing and use of the data by Facebook and your rights in this regard and setting options for protecting your privacy can be found in Facebook’s privacy policy (http://www.facebook.com/policy.php).
To prevent Facebook from collecting the above-mentioned data through your visit to our website, log out of Facebook before visiting our site.
4 Storage period of personal data
Unless specifically stated, we only store personal data for as long as is necessary to fulfil the purposes pursued or as stipulated by the various storage periods provided for by law.
5 Disclosure of data
In principle, we only use your personal data within our company. The areas that receive access to the personal data you have provided are those that need it to fulfil the contractual and legal obligations of the processing described in point 3. Your data will only be passed on to third parties if:
– you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR,
– the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as
– this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b GDPR.
If and insofar as we involve third parties within the framework of the fulfilment of contracts (such as logistics service providers), these will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing („commissioned processing“) – for example to computer centre service providers, IT partners, booking systems, etc. – we contractually oblige commissioned processors to use personal data only in accordance with the requirements of the GDPR and the BDSG and to ensure the protection of the rights of the data subject.
6 Information about your rights
According to the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address given in section 1.
6.1 Right to confirmation and information according to Art. 15 GDPR
You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain from us, free of charge, information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:
– the purposes of processing
– the categories of personal data processed
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
– if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
– the existence of a right to obtain the rectification or erasure of personal data concerning you or to obtain the restriction of processing by the controller or a right to object to such processing;
– the existence of a right of appeal to a supervisory authority;
– if the personal data is not collected from you, any available information about the origin of the data;
– the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data are transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
6.2 Right to rectification pursuant to Art. 16 GDPR
You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
6.3 Right to erasure („right to be forgotten“) pursuant to Art. 17 GDPR
You have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay if one of the following reasons applies:
– The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
– You withdraw your consent on which the processing was based pursuant to Article 6(1) GDPR(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
– You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
– The personal data have been processed unlawfully.
– The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
– The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
If we have made the personal data public and we are obliged to erase it in accordance with the aforementioned points, we shall take reasonable measures, including technical measures, to inform data controllers, taking into account the available technology and the costs of implementation, that you have requested from them the erasure of all links to, or copies or replications of, that personal data.
6.4 Right to restriction of processing pursuant to Art. 18 GDPR § 35 BDSG:
You have the right to request us to restrict processing if one of the following conditions is met:
– the accuracy of the personal data is disputed by you for a period of time that enables us to verify the accuracy of the personal data,
– the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
– we no longer need the personal data for the purposes of processing, but you required the data for the assertion, exercise or defense of legal claims; or
– you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.
6.5 Right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that
– the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
– the processing is carried out with the aid of automated procedures.
– When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transferred directly from us to another controller, insofar as this is technically feasible.
6.6 Right of objection pursuant to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
6.7 Right to revoke consent under data protection law pursuant to Art. 7 (3) GDPR
You have the right to revoke consent to the processing of personal data at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
6.8 Right to complain to a supervisory authority pursuant to Art. 13 (2) (d), 77 GDPR in conjunction with Section 19 BDSG:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement.
7 Data security
We make maximum efforts to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is transmitted to us in encrypted form. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible. To protect your data, we maintain technical and organisational security measures, which we constantly adapt to the state of the art.
We also cannot guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
8 Automated decision-making
No fully automated decision-making (including profiling) pursuant to Art. 22 GDPR is used to process the data you have provided.
9 Transfer of data to third countries or international organizations
Under no circumstances will the personal data provided by you be transferred to a third country or an international organization.
10 Changes to our data protection regulations
We reserve the right to amend this data protection statement from time to time to ensure that it always complies with the latest legal requirements. However, this only applies to declarations regarding data processing. If the user’s consent is required or components of the data protection declaration contain a regulation of the contractual relationship with users, the data protection declaration will only be amended with the user’s consent.