The protection of your personal data is of particular concern to us.
The purpose of this privacy policy is to inform you about how LexCom processes your personal data when you use partslink24 (www.partslink24.com) (hereinafter referred to as "partslink24").
This Privacy Policy supplements the General Terms and Conditions applicable to the use of partslink24.
LexCom Informationssysteme GmbH
Rüdesheimer Str. 23
80686 Munich
You can contact our data protection officer by sending an e-mail to privacy@lexcom.de.
As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.
LexCom adheres to the following principles when protecting your personal data when using partslink24:
In order to use partslink24, you must first register. As part of the registration process, LexCom must process certain personal data from you as your registration details (hereinafter referred to as "registration details").
First of all, these are the following data:
Depending on the country, additional mandatory fields may be required, whereby further personal data such as the VAT identification number (VAT ID) may be requested during registration.
LexCom processes the registration data in the following cases in particular to fulfil your contract and to provide partslink24 in accordance with Art. 6 (1) b) GDPR:
In addition, LexCom may use this personal data for the following additional purposes for legitimate interest in accordance with Art. 6 (1) f) GDPR:
Users who are registered as account administrators ("admin") in the system can log in to www.partslink24.com with their access data and gain access to various functions and settings via the partslink24 administration as well as the option to manage their registration data and subscriptions. In particular, they can create new/additional users of their own organisation with corresponding authorisations in the system in connection with the conclusion of corresponding additional subscriptions. These users will then receive their individual access data to the e-mail address provided by the admin. We process the personal data stored by the admin on their own responsibility in partslink24 to provide the service in accordance with Art. 6 (1) b) GDPR.
If necessary, LexCom will process your payment data such as bank and credit card details for the purpose of payment processing and invoicing in accordance with the payment method you have selected. Depending on your country, various payment options are available to you for the purchase of subscriptions to use partslink24:
In other countries, additional payment methods such as "Boleto" could be available.
The processing of your payment data by LexCom is necessary for the fulfilment of your contract with LexCom, see Art. 6 (1) b) GDPR. LexCom needs this information to bill you for LexCom services and to be able to contact you if you have any questions about payment and contract fulfilment.
In partslink24, you have the option of entering chassis numbers ("VIN") and researching suitable spare parts. The VIN is considered personal data within the meaning of the GDPR. There are two options available to you here: You can either request a VIN before selecting a manufacturer brand or carry out the query after selecting the brand.
In order to provide you with the correct vehicle information for the VIN you are searching for in partslink24, we need to process your request and, if necessary, forward it to the web service of the respective manufacturer, from which the relevant data is sent back to partslink24. This transmission takes place for the purpose of fulfilling the contract in accordance with Art. 6 (1) b) GDPR or – if it concerns the VIN of a third party – on the basis of the data processing agreement concluded with you via partslink24 in accordance with Art. 28 GDPR.
This function allows listed dealers with a subscription to select an illustration-text-page from the partslink24 catalogue and send it directly to third parties by e-mail. At the same time, a check is carried out to determine whether the recipient is a registered or non-registered customer at partslink24 to ensure that the correct email content can be determined.
The e-mail sent contains a link to the selected illustration-text-page and another link. New customers can use this link to register for a free trial subscription to partslink24, while existing recipients/customers will receive a link to register for a fee. In this context, the email address is processed as personal data. The legal basis is Art. 6 (1) b) GDPR.
In addition, LexCom may analyse this service for the purpose of measuring success, e.g. to determine the number of new customers after sending illustration-text-pages. Personal data is only processed in order to be able to make this statement. Otherwise, no profiling of specific recipients or user accounts takes place. This processing is carried out on the basis of a legitimate interest in accordance with Art. 6 (1) f) GDPR.
As a partslink24 user, you have the option of creating shopping baskets in partslink24 to process order requests and transmitting them to selected retailers. This involves processing at least the VIN and usually other personal data (such as your name, your billing address or (different) delivery address). This depends on the information you provide when creating the orders.
The viewing and processing of orders by the seller takes place via the central order management of partslink24, which is labelled in the user interface as "Orders/requests received".
Here it is possible to process incoming and outgoing orders. This includes adjusting prices and quantities, adding comments to the independent workshop and changing the order status.
The further processing of your order, in particular delivery and payment, takes place between you and the selected retailer outside of partslink24.
The legal basis for the processing of personal data in this context is the provision of the order transmission service in accordance with Art. 6 (1) b) GDPR.
In addition, every shopping basket created, including the VIN, is automatically transmitted to LexCom and processed further for its own product development purposes. The VIN and other personal data are removed or anonymised for further processing. Processing in this context is carried out in accordance with Art. 6 (4) e) GDPR.
OrderBridge is a tool that partslink24 users can use as an interface to the external systems they use, such as shop management or damage calculation systems, to transfer parts lists for vehicle identification numbers to partslink24, where they can check them for accuracy, add to them if necessary and transfer them back to the external system.
During transmission in partslink24, in particular the VIN and the technical user ID provided by LexCom for the use of OrderBridge are transmitted.
The processing of the VINs imported into partslink24 is carried out in accordance with the data processing agreement in place with the partslink24 user. The processing of other personal data via OrderBridge is carried out in accordance with Art. 6 (1) b) GDPR.
LexCom also reserves the right to store and analyse the orders transmitted via the OrderBridge and to report them to the recipients as transaction volumes. Personal data is not subject to evaluation and is removed or anonymised where possible. This processing is carried out in accordance with Art. 6 (4) e) GDPR.
As described below, LexCom processes data about the extent and manner of your use of partslink24 (hereinafter referred to as "usage data"). This is, for example, the following data:
This usage data can be analysed in a targeted manner, e.g. to measure the relevance or success of the function or - if it is not used - to identify possible problems and then contact users in a targeted manner. These evaluations always serve exclusively to measure success and usage as well as to optimise products and sales in the interests of the customer and represent a legitimate interest of LexCom pursuant to Art. 6 (1) f) GDPR. Personal data is pseudonymised or anonymised where possible and otherwise only processed if it is absolutely necessary to achieve the purpose or if you have given us your consent in accordance with Art. 6 (1) a) GDPR.
Furthermore, LexCom may also analyse usage data on an ongoing basis to detect unlawful and/or abusive use of LexCom services. Personal data will only be analysed if there is reasonable suspicion of misuse of the LexCom services by a specific user account. This analysis serves to protect the LexCom services and the data contained therein as well as to protect LexCom users and their data from misuse and attacks and thus constitutes a legitimate interest of LexCom pursuant to Art. 6 (1) f) GDPR.
If you send us enquiries via the contact form or by e-mail, we will store your details and the personal data you provide there, including any files you may have transmitted. This serves to process your enquiry and in the event of follow-up questions.
Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) f) GDPR and, if applicable, Art. 6 (1) b) GDPR if your enquiry is aimed at concluding a contract.
Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations or a legitimate interest pursuant to Art. 6 (1) f) GDPR, in particular for the examination of post-contractual claims. In the case of Art. 6 (1) f) GDPR, you can object to the processing of your personal data at any time.
"Cookies" are small files that enable us to store specific information relating to you, the user, on your PC or other end device while you are using partslink24. Cookies help, for example, to determine the frequency of use and the number of users of web services, to analyse user behaviour on websites, to increase security and to make web services as convenient, efficient and interesting as possible.
After you log in (with partslink24 ID/company ID, user name and password), partslink24 uses so-called "session cookies" to identify you for the duration of your visit. At the end of the session, session cookies expire automatically, i.e. they are deleted.
On the other hand, partslink24 uses "permanent cookies". These cookies are used to store information about visitors who repeatedly access partslink24 (e.g. company ID, user name, language, timestamp of last use).
The purpose of using these permanent cookies is, on the one hand, to present partslink24 to you in the correct language before you have logged in. On the other hand, you can return directly to your last session if you did not log out at the end of your last use of partslink24. The cookies we set do not create an individual profile of your usage behaviour. The cookies are automatically deleted at the latest 4 weeks after the last use.
Under certain circumstances, you can deactivate the storage of cookies in your browser, restrict it to certain websites or set your browser to notify you as soon as a cookie is sent. You can also delete cookies from your end device at any time. Please note, however, that the use of partslink24 is not possible if user cookies are rejected.
We use so-called pixels, web beacons, clear GIFs or similar mechanisms ("pixels"). A pixel is an image file or a link to an image file that is inserted in the website code but is not located on your end device (e.g. computer, smartphone, etc.). Pixels enable us, for example, to determine the browser used or the screen resolution. We do not establish a personal reference when using pixels. Personalised tracking does not take place either. Pixels usually work in conjunction with cookies. If you have deactivated cookies, the pixel will only determine an anonymous website visit.
Each time partslink24 is accessed, access data is stored in log files.
The data records stored in the process contain the following data in particular (hereinafter collectively referred to as "log files"):
LexCom needs the log files to recognise and rectify technical errors, e.g. faulty links or programme errors, i.e. for the further development of partslink24.
Furthermore, LexCom may continuously analyse the log files to detect illegal and/or abusive use of partslink24. Personal data is only analysed if there is reasonable suspicion of misuse of partslink24 by a specific user account. This analysis serves to protect partslink24 and the data it contains as well as to protect partslink24 users and their data from misuse and attacks.
On the other hand, LexCom may use the log files to analyse the use of partslink24 (e.g. certain functions) in more detail. This processing also serves exclusively to further develop partslink24 in the interests of the customer. At no time is the usage behaviour of specific accounts or users analysed. In this case, the personal data is pseudonymised and/or anonymised where possible.
The processing of the data for the above-mentioned purposes is based on the legitimate interests of LexCom pursuant to Art. 6 (1) f) GDPR).
The log files are stored in our computer centre for 6 months - unless longer storage is permitted, e.g. for the enforcement of legal claims - and then automatically deleted.
partslink24 is mainly hosted on the Controller’s own internal servers.
In some cases, partslink24 can be hosted in the "Oracle Cloud Infrastructure" (OCI) on servers of Oracle America Inc ("Oracle"). Your personal data is processed on the servers within the EU.
Nevertheless, a transfer of personal data to the USA cannot be ruled out. In this case, the transfer takes place on the basis of the EU-U.S. Data Privacy Framework. Oracle has a valid certification and thus demonstrates an adequate level of protection. Details on certification can be found here: https://www.dataprivacyframework.gov/list
Further information on the processing of personal data by Oracle can be found at:
https://www.oracle.com/legal/privacy/services-privacy-policy.html#legal
The legal basis for processing is Art. 6 (1) f) GDPR. We have a legitimate interest in operating our services as efficiently and reliably as possible.
Support from LexCom branches
We process your personal data listed in the previous sections in the European Union and, if necessary, on our behalf (in particular for the provision of support) in Brazil, China, Japan, the USA, Mexico and the United Kingdom. Processing in these third countries is carried out exclusively on the basis of an EU adequacy decision or EU standard data protection clauses in accordance with Art. 46 GDPR.
You can view these under the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de
Analysis of web traffic by Akamai
In addition, your personal data listed in the previous sections will be processed by Akamai Technologies Inc. ("Akamai") through the integration of Akamai's delivery, security and analytics services.
On the one hand, partslink24 traffic is routed via Akamai servers in order to deliver partslink24 quickly, reliably and securely, to analyse it for malware and to prevent unauthorised access to it. This processing is carried out on behalf of the legitimate interest of LexCom in accordance with Art. 6 (1) f) GDPR.
On the other hand, Akamai also processes your data on its own responsibility in the form of generated log files. These may contain personal data in the form of IP addresses and evaluations of your usage behaviour of the LexCom web services and are used in particular for security analyses and to detect malicious patterns for the further development of Akamai services. Akamai does not use this data to identify natural persons or for the profiling of natural persons.
The transfer of your personal data to Akamai takes place on the basis of the EU-U.S. Data Privacy Framework. Akamai has a valid certification and thus demonstrates an adequate level of protection.
Details on certification can be found here: https://www.dataprivacyframework.gov/list
For more information on the terms of use for the processing of personal data by Akamai and the Akamai Privacy Policy, please visit https://www.akamai.com/de/de/privacy-policies/
Usercentrics Consent Management Platform
We use the cookie consent tool from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, to obtain and document the data protection consent of partslink24 users for the cookies and services we use.
Your consent data (date and time of consent/refusal and IP address) is stored for the purpose of complying with legal obligations under Section 25 (2) No. 2 TTDSG and Art. 6 (1) c) GDPR.
We have concluded a data processing agreement with Usercentrics, in which we oblige them to protect our customers' data and not to pass it on to third parties.
Further information on Usercentrics can be found at: https://usercentrics.com/privacy-policy/.
Address validation
To ensure that no incorrect address data is stored in our system, we use the ‘Global Address’ service provided by GB Group PLC, The Foundation, Herons Way, Chester Business Park, Chester, CH4 9GB, United Kingdom (‘Loqate’) for appropriate data validation. We have concluded a data processing agreement with Loqate.
For this purpose, the address is only checked for validity by Loqate when entered via the online interface and is not saved beyond this. If an error is detected when entering your address, Loqate suggests an alternative address or the correct spelling of the address. Loqate must also process your IP address for these purposes. However, this is transmitted in abbreviated form, which means that it is no longer possible to identify you personally.
The Loqate database used to validate the data is located in the United Kingdom. The EU Commission has issued a corresponding adequacy decision in accordance with Art. 45 (1) GDPR, which legitimises the transfer of personal data to the United Kingdom.
Your data is processed in accordance with Art. 6 (1) f) GDPR. We have a legitimate interest in processing valid data in partslink24 to ensure the smooth provision of our services.
Further information on data protection at Loqate can be found at: https://www.loqate.com/de/products-services-privacy-notice/.
Google Ads Conversion Tracking
We use the "Google Ads Conversion Tracking" (Google Ads) service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us, e.g. by setting a cookie, to track whether a user has reached the LexCom web service after clicking on an advert placed via Google Ads and has used certain services there. This allows us to measure the quality and success of our advertising measures. We cannot draw any conclusions about the identity of individual users.
The use of this service is based on your consent in accordance with Art. 6 (1) a) GDPR and Section 25 (1) TTDSG. You can revoke your consent at any time by calling up the Consent Management Tool again.
Your personal data is transferred to Google on the basis of the EU-U.S. Data Privacy Framework. Google has a valid certification and thus demonstrates an adequate level of protection. Details on certification can be found here: https://www.dataprivacyframework.gov/list
Further information and the data protection provisions can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads/
In addition, collected data is processed by Google and may be transferred to countries outside the EU, in particular the USA. Further information on data protection at Google and data transfer to the USA can be found here:
http://www.google.com/intl/de/policies/privacy/
https://support.google.com/adwords/answer/1722022?hl=de
https://policies.google.com/privacy/frameworks
Google Maps
We use the "Google Maps" service (Google Maps) provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Using Google Maps, for example, we enable you to search for available dealers / order recipients in your vicinity.
Google may also process your search terms, IP address and location data - if you have authorised their use - for its own purposes outside of our control. Your data may also be transferred to countries outside the EU, in particular the USA.
This service is used on the basis of your consent in accordance with Art. 6 (1) a) GDPR and Section 25 (1) TTDSG. You can revoke your consent at any time by calling up the Consent Management Tool again.
Your personal data is transferred to Google on the basis of the EU-U.S. Data Privacy Framework. Google has a valid certification and thus demonstrates an adequate level of protection. Details on certification can be found here: https://www.dataprivacyframework.gov/list
Further information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/
Google Document AI
You have the option to upload images and documents with spare parts lists via the ‘File Upload’ tab in the partslink24 order management. The processed data is automatically read using artificial intelligence (AI) and converted into a shopping cart that you can then edit and process for a spare parts order. To provide this function, we use the ‘Google Document AI’ service provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. The AI service is configured to search only for spare parts information and/or chassis numbers in the uploaded document. Any other information contained in the document will be ignored.
We have entered into a Data Processing Agreement with Google that requires Google to process the transferred data only to provide the feature and not to store it.
Your personal data is transmitted to Google on the basis of the ‘EU-U.S. Data Privacy Framework’. Google has valid certification and thus demonstrates an adequate level of protection. You can find details about the certification here.
You can find more information about how user data is handled in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.
Meta Pixel (formerly Facebook Pixel)
We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website. This tracking pixel establishes a direct connection between your browser and the Meta server. Tracking is carried out using a cookie, which is stored on your computer and collects the following information, such as HTTP header information (including IP address, information about the web browser, page location, document, website URL and user agent of the web browser as well as the day and time of use), as well as pixel-specific data (this includes linking the pixel ID and Facebook advertising account and assigning them to a Facebook user).
The meta pixel allows us to analyse the use of our web services and track the effectiveness of Facebook ads ("conversion tracking") and to check whether users have been redirected to our web services after clicking on a Facebook ad. We cannot draw any conclusions about the identity of the users. However, the data may be stored by Meta outside our sphere of influence and used for its own purposes in accordance with Meta's privacy policy.
We also use the meta pixel to display personalised advertising messages based on your interest in our products. On the one hand, we can determine the users of our web services in target groups for the display of adverts by Meta (so-called Meta Ads). Accordingly, we use the meta pixel to display the meta ads placed by us only to those Facebook users who have also shown an interest in our web services or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "custom audiences"). In this way, we want to ensure that our Meta Ads correspond to the potential interest of users.
If you are a member of Facebook and you have been authorised via the privacy settings of your account, Meta can also link the information collected about your visit to our website to your member account and use it for the targeted placement of Meta Ads. You can view and change the privacy settings of your Facebook profile at any time.
The meta pixel is used exclusively on the basis of your consent in accordance with Art. 6 (1) a) GDPR, which you give us via the cookie consent tool on our website. You can revoke this consent at any time by calling up the cookie consent tool again.
If you have not consented to the use of meta pixels, Facebook will only display general meta ads that are not selected based on the information collected about you on this website.
The transfer of your personal data to Meta is based on the EU-U.S. Data Privacy Framework. Meta has a valid certification and thus demonstrates an adequate level of protection. Details on certification can be found here: https://www.dataprivacyframework.gov/list
Further information on the handling of user data can be found in the privacy policy: https://de-de.facebook.com/about/privacy/
The duration of storage of the personal data described in the previous sections is based on the relevant statutory retention periods (e.g. from commercial law and tax law), unless otherwise individually defined in this privacy policy. After expiry of the respective period, the corresponding data is routinely deleted. It should be noted that a partslink24 account is kept active for a fixed period of 12 months. Within this period, the user has the opportunity to re-register for a subscription. If data is required for contract fulfilment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you have exercised your right of revocation or objection.
Under the applicable data protection laws, you are entitled to information about your data (Art. 15 GDPR), to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR) and to data portability (Art. 20 GDPR).
If you have any further questions about data protection when using the LexCom website and/or LexCom services or would like to assert the aforementioned claims, please contact our data protection officer directly:
LexCom Informationssysteme GmbH
- Data Protection Officer -
Rüdesheimer Str. 23
80686 Munich
privacy@lex-com.net
You also have the right to lodge a complaint with a supervisory authority responsible for data protection if you believe that LexCom is not complying with the applicable data protection laws.
If your personal data is processed by us on the basis of legitimate interest in accordance with Art. 6 (1) f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. In this case, LexCom will no longer process the personal data unless LexCom can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
If you wish to exercise your right of cancellation or objection, simply send an e-mail to privacy@lex-com.net.