Britax Römer Privacy Policy websites and services

 

1. About us
2. Why we process your data
3. Which data we collect and process from you
4. Who has access to your data and to whom we transmit your data
5. Storage periods
6. Your rights
7. Use of our website - profiling, cookies and web tracking
8. Supplementary notes and provisions on individual services

 

1. About us

BRITAX RÖMER Kindersicherheit GmbH is responsible for the collection, processing and storage of your data. You can find details about us in our imprint.

The careful handling of your personal data has the highest priority for us. In processing, we comply with the statutory provisions, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions.

This data protection declaration applies to all websites of our company that can be accessed under our domains (https://www.britax-roemer.fr). If you follow links to other websites from ours, their own data protection regulations apply, for whose contents the respective owners of these websites are responsible.

Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, you will find below an overview of all our services in the context of which we collect and process personal data.

If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service (e.g. for newsletter subscription or purchases in our online shop).

We also take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.

2. Why we process your data

You can use our website without disclosing your identity. If you would like to register for one of our personalised services, use our online shop or subscribe to our newsletter, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.

Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

- Contract initiation pursuant to Art. 6 para. 1 lit. a) and b) GDPR
- Contract execution in accordance with Art. 6 Para. 1 lit. b) GDPR
- Customer management in accordance with Art. 6 para. 1 lit. b) and c), f) GDPR
- communication and data exchange pursuant to Art. 6 para. 1 lit. a), b), c), f) GDPR
- external presentation and advertising pursuant to Art. 6 para. 1 lit. a), f) GDPR
- Implementation of declarations of consent pursuant to Art. 6 para. 1 lit. a) GDPR
- Ensuring the proper operation of a data processing system in accordance with Art. 6 para. 1 lit. c) and f) GDPR
- Applicant selection procedures within the framework of personnel and resource management on the basis of Art. 6 para. 1 lit. a), b) GDPR i.V.m. Article 26 BDSG-New

3. Which data we collect and process from you

We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes, for example, information such as your name, your address, your telephone number and your date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you - such as the popularity of individual websites of our offer or the number of users of a page - is not personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimizes the use of our services for you, but is not necessary for this. Corresponding data fields are marked as 'voluntary'.

The data collected includes:

- Title and name, e.g. to personalize your user account or for ordering in our online shop
- Mail address and, if applicable, a password chosen by you, e.g. for the purpose of subscribing to the newsletter or using your customer account
- Address data, e.g. for the purpose of order processing (delivery) within the scope of our online shop
- Vehicle data within the scope of the use of our Fit Finder
- payment data, to process the payment of your order
- Candidate data, for the execution of our online application procedure
- Data that you actively and consciously transmit to us when using our services,
- Further data that you voluntarily submit to us, e.g. data fields filled in by you and marked as 'voluntary'

In addition, the following data about you is collected indirectly when using our services:

- Technical connection data, e.g. the page called up on our website, your IP address, shortened by the last three digits (except for payment transactions, where we must transfer the complete IP address to our payment provider for security reasons), date and time of the call, terminal device used. This is done to verify the authorization of actions and the authentication of the requesting user of our services. The legal basis is Art. 6 para. 1 lit. c) in conjunction with Art. 32 and Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to secure our web server, for example to defend ourselves against attacks, and to ensure the functionality of our services.
- Data collected as part of website tracking and e-mail/newsletter tracking
- Data that we receive from our service providers as part of order processing in our online shop, e.g. information on payment probabilities and payment disruptions or delivery notifications.

Minors:

Our website is not directed at minors and we do not knowingly collect personal information from minors.

If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian himself has consented or has consented to the consent of the young person. In accordance with Art. 8 Para. 2 GDPR, the contact details of the legal guardian must be provided in order to convince us of the consent or consent of the legal guardian. These data as well as the data of the minor will then be processed in accordance with this data protection declaration.

If we determine that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, we will delete the data immediately.

4. Who has access to your data and to whom we transmit your data

a) Access

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.

If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.

We also use service providers to provide services and process your data (including hosting, sending newsletters, delivering ordered goods, processing payments, sending letters or e-mails and maintaining and analyzing databases, website optimization and further developments, securing our web servers or for website tracking). Insofar as these special provisions apply, we have carried them out for you in the following for the respective service. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.

b) Data exchange within the group of companies

Data exchange within the group of companies to which we belong takes place within the EU/EEA and serves internal administrative purposes only. Insofar as personal data is transferred to our companies in third countries, this will take place on the basis of the EU Standard Treaty 2010 pursuant to Art. 46 para. 2 lit. c GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU).

By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.

c) Transfer to third countries and legal basis

The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data are adequately protected. We expressly point this out to you again within the scope of the individual services.

If personal data is transferred to third countries, this will be done on the basis of the EU Commission's decision on appropriateness to the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Treaty 2010 pursuant to Art. 46 para. 2 lit. c GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or your consent pursuant to Art. 49 para. 1 lit. a) GDPR.

d) Transmission to law enforcement and criminal investigation authorities

In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.

5. Storage periods

We store personal data within the framework of legal regulations or your consent.

In addition, we will archive personal data with limited access, for a period of 3 years as from the end of the commercial relationship for the for the establishment, exercise or defense of legal claims.

We use the following criteria to determine the concrete storage period:

We store the personal data until the purposes for which they were collected cease to apply (e.g. upon termination of a contractual relationship or through the last activity, if there is no continuing obligation, or in the event of a revocation of your consent for the specific data processing).  

Further data will only be stored if

- legal storage obligations (e.g. according to AO and HGB) exist;
- the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
- the deletion would be contrary to the legitimate interest of the data subjects;
- another exception pursuant to Art. 17 para. 3 GDPR applies.

6. Your rights

You have a number of legal rights to which we would like to draw your attention below. Of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed using the contact details given below.

a) Right to information and data transferability

You have a right of access to the personal data we process concerning you at any time.

If the data processing is based on your consent or on a contract pursuant to Art. 6 para. 1 b) GDPR, you may also request, pursuant to Art. 20 para. 1 GDPR, to receive the personal data stored about you in a structured, current and machine-readable format. At your request, we will also forward the data directly to the recipient of your choice.

b) Right to rectification, restriction and deletion

Furthermore, in accordance with Articles 16 to 18 GDPR, you may request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason for restricting further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.

c) Right of objection

If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 para. 1 f) GDPR, you may object to this processing pursuant to Art. 21 para. 1 GDPR. Then we will stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 para. 2 GDPR

d) Right of revocation

If you have allowed us to process your personal data by giving your consent, you have a right of revocation with effect for the future pursuant to Art. 7 Para. 3 GDPR.

e) Right of appeal to the Supervisory Authority

You are free to complain to a supervisory authority if you believe that our processing of your personal data violates the European Data Protection Regulation or other national and international data protection laws.

The contact details of the supervisory authority responsible for us are as follows:

Bayrisches Landesamt für Datenschutz (BayLDA)

Promenade 27
91522 Ansbach
Telefon: +49 (0) 981 53 1300
poststelle@lda.bayern.de

f) Right to decide of the handling of data after data subject death

You have the right to decide of the handling of your personal data after your death, by giving instructions that we undertake to respect. These instructions may relate in particular to the erasure and the storage of your personal data, by appointing a trusted third party responsible for ensuring that they are duly.

g) Contact Data

To exercise your rights, you can send us an informal message to the following contact details. Likewise, please address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:

Responsible

BRITAX RÖMER Kindersicherheit GmbH
Theodor-Heuss-Straße 9
89340 Leipheim
Deutschland
Telefon: +49 (0) 8221-3670-0
Telefax: +49 (0) 8221-3670-210
datenschutz@britax.com

 

7. Use of our website - profiling, cookies and web tracking

We use so-called cookies in some areas of our website. 

Cookie Policy

This cookie policy only covers the deposit of cookies by BRITAX RÖMER Kindersicherheit GmbH, Theodor-Heuss-Str. 9, 89340 Leipheim, Germany, (“BRITAX”), or third-party (such as Facebook), on BRITAX websites and applications accessed through such websites or platforms.

When you use our website, cookies may be stored on your device by us or by third parties. Cookies are used to facilitate the use of the BRITAX websites and to better customize the BRITAX websites and the products of BRITAX to the needs of the customers. This facilitates future visits to the BRITAX websites and their use. BRITAX also uses cookies to produce anonymous statistics that help BRITAX improve the structure and content of the BRITAX websites.

You have the possibility to accept or refuse cookies by using the mechanism integrated into the banner that is displayed during your first browsing on our website.

What are cookies?

Cookies are files that are possibly stored on your computer (or other device) when you visit BRITAX websites. A cookie contains the name of the website from which it originates, the lifetime of the cookie on the device, and a value that is a randomly generated unique number.

There are different types of cookies:

(i) Proprietary and third-party cookies

A cookie is called "proprietary" or "third party" depending on the domain from which it originates. Proprietary cookies are those installed by BRITAX when you are consulting its websites. Third-party cookies are cookies installed by a domain other than that of BRITAX (for example, a cookie may be placed on the websites by a third-party advertising agency or by social networks). When you consult the websites and another entity places a cookie through the websites, this cookie is a third-party cookie.

(ii) Session cookies

These cookies enable us to track your actions during a browsing session on our websites. The browsing session begins as soon as you open your browser window and ends when you close this window.

Session cookies are temporary. Once the browser is closed, all session cookies are deleted.

(iii) Persistent cookies

Persistent cookies remain on your device after you close your browser session, for the duration of each cookie. They are activated each time you visit our websites.

Cookies can be used for different purposes:

(i) Strictly necessary technical cookies

These cookies are necessary for the operation of our websites and allow you to navigate in an optimal way and to use all their functionalities. Without these cookies you will not be able to use the websites normally. These cookies only require your prior information to be stored on your device. They do not allow any behavioural monitoring or identification.

(ii) Audience measurement cookies

These cookies help establishing statistics on the frequentation and use of the various elements of the websites (headings and content visited, paths). They enable BRITAX to improve the interest and ergonomics of its websites. Subject to the exceptions provided for in the applicable regulations, those cookies are only stored on your device if you have given your prior consent.

(iii) Advertising cookies

These cookies help determining which advertisements to display according to your browsing on our websites in order to measure effectiveness of an advertising campaign or to adapt the advertisements according to your preference. Those cookies are only stored on your device if you have given your prior consent.

(iv) Social network cookies

Our websites use social media buttons (Facebook, YouTube, Instagram) to enable you to interact with third parties.

When you use these social media buttons, a third-party cookie from the relevant social network is stored on your device. If you are connected on the social network when your browse our websites, these buttons can link the viewed content to your user account.

We recommend you reading the applicable privacy policy of these social networks in order to be informed of the purposes of use of the information collected through these buttons (including advertising).

Those cookies are only stored on your device if you have given your prior consent.

Consent to the use of cookies

Only the cookies that you have accepted beforehand will be stored on your device. 
However, please note that certain types of cookies do not require your prior consent. These are the cookies that are strictly necessary for your navigation or for the provision of the requested service and also some audience measurement cookies.

You can always object to the use of audience measurement cookies: Consent Options.

The following list of cookies used by BRITAX describes their respective purpose. It also describes the cases in which BRITAX website analysis tools are used.
 

Name of the Cookie Description of its functionality Storage duration Further details
Salesforce Commerce Cloud System Cookies
dwanonymous_* Commerce Cloud cookies used to distinguish one customer from another. Preserve customer information, preferences, basket etc. 6 months Salesforce Commerce Cloud Services is a software-as-a-service solution. It is a hosted service that enables us to develop and manage a customizable, easy-to-use e-commerce website. Commerce Cloud Services include Digital, the most important hosted website service; an order management system and Commerce Cloud Einstein, which enables us to use artificial intelligence to improve our e-commerce activities.
Commerce Cloud stores personal information that is processed, such as information about buyers who visit our Commerce Cloud hosted website and create accounts or perform transactions (contact information, activity records, transactions, records, etc.).
dwcustomer_* Commerce Cloud cookies to distinguish one customer from another. Receive customer information, preferences, shopping cart etc. 6 months
dwsecuretoken_* Commerce Cloud cookie to view a secure session. All https traffic is exchanged for this cookie to prevent session spoofing. 1 year
Dwsid Commerce Cloud session id 1 year
Sid Session id 1 year
dwpersonalization_* Used for page personalization during multi variate testing 1 year
dwac_* Commerce Cloud analytics cookie 1 year
dw_cookies_accepted Used for customer when they accepted cookie usage. 30 days
dw_geoip_data Used for country-information on order confirmation page. 3 days
Dw Boolean 15 days
dw_dnt Used for Commerce Cloud Consent Management tools, stores opt-in/out decision. 1 year
Cloudflare
__cfduid Is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis 1 year  
CQuotient
cqcid First party cookie; contains a hashed ID for an anonymous user 1 year CQuotient is a comprehensive personalization solution for websites. CQuotient is an integral part of our Salesforce Commere Cloud shop system and takes full advantage of the latest revolutionary advances in predictive intelligence and combines them with in-depth knowledge of retail and cloud-based technology infrastructure issues. CQuotient is used to generate suggestions based on your browsing behavior which other products might be of interest to you.
cqcid First party cookie; contains a hashed ID for an anonymous user 1 year
__cq_uuid First party version of cquotient.com uuid 13 months
__cq_bc First party version of bc cookie (described above) 30 days
__cq_seg First party cookie; contains segment information for personalized search 30 days
__cq_dnt Used for Commerce Cloud Consent Management tools 1 year
Tealium
utag_main Used to store system information, detailed info in the link 1 Year Tealium is a Consumer Data Platform to which information about the use of the website and also transactional data is sent. Tealium collects motion and behavioural data on the website and fills remarketing lists which can later be accessed via Google Adwords. Furthermore, all transactional data about purchases are sent 
CONSENTMGR Stores user's opt-in/opt-out selection 3 months

to Tealium, as e-mails for order confirmations or e-mails for newsletters (if subscribed) are triggered by Tealium. Tealium enables us to have a consistent view of our visitors and website customers and ensure that we communicate with them as effectively as possible.

https://community.tealiumiq.com/t5/iQ-Tag-Management/Tealium-Cookies/ta-p/138

Google Universal Analytics
_gid We implement Google Analytics to collect information about how visitors use our website. We use this information to help us to improve our website and the user experience. 1 day

This website uses Google Analytics, a web analysis service of Google LLC ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other countries party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website usage and Internet usage. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

http://www.google.com/analytics/learn/privacy.html 

Recipient of the Data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Bazaarvoice
BVBRANDID Allows internal BV web analytics to be correlated to the same user for interactions within a particular client domain. 1 year

If you have given us your explicit consent to this during or after your order by activating the relevant checkbox or by clicking a button provided for this purpose, we will send your e-mail address to Bazaarvoice to remind you by e-mail of the opportunity to submit a review of your order. This consent can be revoked at any time by sending a message to the above mentioned contact possibility or directly to Bazaarvoice. These reviews are syndicated to selected retailers via the Bazaarvoice network. Bazaarvoice also tracks which rating is particularly positively received by users. In addition, it can be measured which of the evaluations had an influence on the purchase decision.

Recipient of the data: Bazaarvoice Ltd., 1 Butterwick London, W6 8DL (http://www.bazaarvoice.com/)

BVBRANDSID Allows internal BV web analytics to be correlated to the same user browsing session for interactions within a particular client domain. 30 minutes
BVImplmain_site An A/B testing cookie. Stores the configuration that the user has been bucketed into for A/B testing 1 year
Facebook visitor action pixel
_fbp We use Facebook pixels to measure the effectiveness of our advertising on Facebook through the behavior of visitors to our site. 1 day

Facebook may link this information to your Facebook account and may also use it for its own promotional purposes, in accordance with Facebook’s Privacy Policy https://www.facebook.com/about/privacy/.

Recipient of the data: (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, Facebook Ireland (Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook")))

Hotjar
_hjIncludeInSample We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. 1 year Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link

 

How can I prevent the use of cookies?

During your first visit on our websites, you are informed via an information banner that BRITAX and/or any other identified third party may store cookies on your device via the websites.

You can choose to accept or refuse the cookies directly in the information banner where they are listed according to their purposes. 

The storage of strictly necessary cookies is activated by default and cannot be deactivated, as these cookies are essential to the functioning of our websites. 

On the other hand, you can activate or deactivate cookies that are subject to your priori consent (audience measurement cookies, advertising cookies, social network cookies, etc.) via the information banner. 

If you authorize the storage of cookies on your device, the cookies embedded in the pages and content that you have consulted may be stored temporarily in a dedicated space on your device. 

You can withdraw your consent at any time without any reason.

8. Supplementary notes and provisions on individual service

a) Newsletter

At your explicit request, we will send you our newsletter on the topics you have chosen as well as information about our company. Please note that delivery can only take place once you have expressly confirmed your subscription request again in the course of our double opt-in process.

The personal data collected within the scope of the newsletter registration will be used exclusively for sending and personalising the newsletter (e.g. to address you by your name). You can revoke your consent to the storage of personal data that you have given us for sending the newsletter at any time with effect for the future. For the purpose of revoking your consent, each newsletter contains an appropriate link; alternatively, you are welcome to contact us directly so that we can implement your revocation. Details of the consent given to us were communicated to you in the Double-Opt-In-Mail.

b) Competition

From time to time you have the opportunity to take part in competitions or similar promotions on our website. Within the scope of these actions, personal data may also be collected and stored for the purpose of processing, the extent of which you can see from the respective participation form. Data which we do not necessarily need for the implementation of the competition, but which enables us, for example, to inform you more quickly in the event of a prize, are expressly marked as voluntary information.  The personal data provided by you to us in the context of such a competition promotion will be used exclusively for the processing of the promotion (in the case of a competition, for example, for the determination of the prize, notification of the prize and sending of the prize). After the end of the promotion, the data of participants who have not won will be deleted immediately or, in the case of the winner, after the statutory retention period has expired.

c) Online application procedure

We offer you the opportunity to apply to us online by e-mail. The data entered by you and the attachments sent with it are transferred via an unsecured connection. We therefore recommend that you use encryption software to transmit your data to us. Your electronic application data will be received by the relevant personnel department and only forwarded to the department responsible for the respective position or to the persons in charge of processing. All parties involved treat your application documents with the necessary care and with absolute confidentiality.

After completion of the applicant selection process, we will retain your application documents for another 3 months and then delete them or destroy any copies, unless we have concluded an employment contract with you. Should we wish to include your application documents in our applicant pool, we will contact you. In the notification you can actively consent to the further storage of your documents.

d) Online-Shop

We offer you an online shop on our website where you can purchase products from our company.

We use the data collected from you there for the execution of the contract, in particular to enable you to purchase and deliver products and to carry out the payment.

In this context, we may also process your data to check your creditworthiness, if this is also necessary for the execution of the contract, Art. 6 para. 1 lit. b) GDPR, or we have a legitimate interest in doing so, Art. 6 para. 1 lit. f) GDPR. Our legitimate interest exists if the completion of a contract with you is imminent, so that a financial default risk is connected for us (as for example with instalment contracts, order/delivery on account) and the conclusion of the contract then only depends on your creditworthiness.

Depending on the selected mode of shipment, we transmit the necessary data - if available and if you have given your consent for this, supplemented by your e-mail address and telephone number for the purpose of notifying the parcel, arranging an appointment, or for the transmission of parcel tracking information - to the shipping service provider you have selected for the specific purpose of carrying out shipping and delivery.

We also transmit the data necessary for the execution of the payment and, if necessary, the risk management to the payment service provider selected by you. The following additional information and regulations apply:

i) Payment Method PayPal

Within our online shop, we offer you to pay via the payment service provider PayPal. Payment is processed either via PayPal or through PayPal via your credit card or bank account. PayPal also offers buyer protection and fiduciary services.

When selecting the payment service provider PayPal in the online shop, data is automatically transferred to PayPal. In this you expressly consent to this transfer of personal data (first and last name, address, e-mail address, IP address, telephone number(s), order data, delivery data) for the implementation of payment and fraud prevention if you choose the PayPal payment method.

The exchange of data is not only for the purpose of payment, but also for the purpose of identification, fraud prevention and the reduction of our default risk, in this respect data on the economic situation and on past purchasing and payment behaviour may also be exchanged. In this context, Paypal will also exchange data with credit agencies, provided that there is a justified interest in this and the interests of the person concerned are not in conflict with those worthy of protection.

The data may be passed on to affiliated companies; this also applies to downstream service providers (contract processors, joint persons in charge and third parties, insofar as this is necessary for the execution of the contract).

You can revoke the above consent to PayPal at any time with effect for the future. A revocation has no effect on transmissions made in the past.

PayPal's current privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Recipient of the Data: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg

ii) Payment Method Credit Card

We offer you to pay by credit card in our online shop. The credit card data required for this is transferred directly to our payment provider Adyen B.V. and not sent to us.

If the payment method'credit card' is selected, data is automatically transferred to Adyen B.V.. You expressly consent to this transfer of personal data (first and last name, address, purchase price, IP address, etc.) for the purpose of payment and fraud prevention if you decide to pay by credit card.

The data may be passed on to affiliated companies; this also applies to downstream service providers (contract processors, joint persons in charge and third parties, insofar as this is necessary for the execution of the contract).

You can revoke the above consent at any time with effect for the future towards Adyen. A revocation has no effect on transmissions made in the past.

Recipient of the data: Adyen B.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, The Netherlands

iii) Payment Method "Sofortüberweisung" (immediate transfer)

Within our online shop, we offer you to pay by Sofortüberweisung from the payment service provider SOFORT GmbH.

By means of the above payment method, a real-time payment confirmation to us as the seller is possible, so that we can immediately begin with the delivery of your order.

When selecting the payment method 'Sofortüberweisung', data is automatically transferred to SOFORT GmbH. Here you expressly consent to this transfer of personal data (first and last name, address, e-mail address, IP address, telephone number(s), bank details, PIN, TAN, purchase price) for the implementation of payment and fraud prevention if you decide to pay by direct bank transfer.

The exchange of data is not only for the purpose of payment, but also for identification and fraud prevention, in this respect data on the economic situation as well as on past purchasing and payment behaviour may also be exchanged. In this context, the SOFORT GmbH will also exchange data with credit agencies, provided that there is a legitimate interest and the interests of the person concerned do not conflict with those worthy of protection.

The data may be passed on to affiliated companies; this also applies to downstream service providers (contract processors, joint persons in charge and third parties, insofar as this is necessary for the execution of the contract).

You can revoke the above consent at any time with effect for the future with SOFORT GmbH. A revocation has no effect on transmissions made in the past.

The applicable data protection regulations of SOFORT GmbH can be found at: https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/

Recipient of the Data: SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Deutschland.

iv) Payment Method giropay

Within our online shop, we offer you to pay by means of the payment service provider Giropay. Registration is not necessary. If you choose this payment method, select the bank from whose account you wish to make the payment. You will then be directed directly to your bank's online banking portal where you can make your transfer as usual. If your bank does not participate in this payment method, you cannot use this payment method.

When selecting the Giropay payment method in our online shop as a payment option, no personal data is forwarded to Giropay.

Giropay's data protection information can be accessed at https://www.giropay.de/kaeufer/sicherheit-datenschutz/

e) My Account

We offer you the possibility to create a personal customer account on our website. The customer account allows you to use the services you have selected from our website in a personalized way, to link them and to save your preferred settings.

f) Fit Finder®

We help you to find the right child seat for your child and your vehicle on our website. You can enter the make of the vehicle, the model and, if necessary, the year of construction and we will inform you which of our child seats are suitable for this vehicle. If your vehicle is not yet included in our list, you have the opportunity to share your experience with us.

The personal data collected in this context is deleted directly after it has been sent to us and the corresponding information is issued by us and is not stored with other information, such as your customer profile.

g) Data processing for direct marketing purposes

Advertising by post

To the extent permitted by law, we may also use your name and the postal address known to us to send you advertising for our own offers. The legal basis is

Art. 6 para. 1 lit. f) in conjunction with Recital 47 GDPR. Our legitimate interest is to promote sales or demand from our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will be kept for another 6 years in accordance with art. 17 par. 3 lit. e) GDPR. During this period, however, your personal data will be blocked for further processing.

Telephone advertising

To the extent permitted by law, we may also use your name, company affiliation and telephone number for business customers to inform them about our own offers, provided they are presumed to be of interest. The legal basis is Art. 6 para. 1 lit. f) in conjunction with Recital 47 GDPR, § 7 Paragraph 2 No. 2 UWG. Our legitimate interest is to promote sales or demand from our existing business customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will be kept for another 6 years in accordance with art. 17 par. 3 lit. e) GDPR. During this period, however, your personal data will be blocked for further processing.

h) LiveChat Application

We make it possible for you to contact us directly using the LiveChat application and to receive information on products and services.

Personal data may be collected (e-mail, name, location data, IP address, technical data, chat, browser history).

The data is collected exclusively for the purpose described above and processed by the application provider, LiveChat, Inc. 1 International Pl, Ste 1400, Boston, MA 02110-2619 United States of America or LiveChat Software S.A., ul. Zwycięska 47, 53-033 Wroclaw, Poland ("LiveChat, Inc."). LiveChat, Inc. is on the EU-US Privacy Shield List of the US Department of Commerce. The basis of the processing is your consent in accordance with Art. 6 para. 1 a) DS-GVO.

The current privacy policy of LiveChat, Inc. can be found at https://www.livechatinc.com/legal/privacy-policy/.