Controller
The controller within the meaning of the GDPR and the Austrian Data Protection Act (DSG) is:
AUTOFLASHER GmbH
Betriebsring 4, Objekt 2
2483 Ebreichsdorf
Austria
Managing Director: Ionut Florin Merca
E-mail: info@autoflasher.at
VAT ID: ATU77225227
Please direct any enquiries regarding data protection in writing to the e-mail address stated above.
Server Log Files
Each time our website is accessed, technical access data is automatically stored in server log files: IP address, date and time, URL accessed, volume of data transferred, referrer URL, browser type and version, operating system.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the technically secure operation of the website). The log files are automatically deleted after 14 days, unless they are required for longer to investigate a specific incident.
Hosting
This website is hosted by:
Hetzner Online GmbH
Industriestraße 25
91710 Gunzenhausen
Germany
As a processor (Art. 28 GDPR), Hetzner processes on our behalf the data generated when the website is accessed. A data processing agreement is in place with Hetzner. Data processing takes place exclusively on servers within the European Union. Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.
Cookies & Consent Management
This website uses cookies and similar technologies. We distinguish between technically necessary cookies (cart, login, language setting, consent status) and optional cookies (analytics, marketing).
To obtain consent for optional cookies, we use Cookiebot by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot stores your selection on your device and transmits it to Cybot in order to document your consent. You can revoke or adjust your selection at any time via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR (consent) for optional cookies, Art. 6(1)(f) GDPR (legitimate interest) for technically necessary cookies. Cybot's privacy policy: https://www.cookiebot.com/de/privacy-policy/.
Analytics Tools (Google Tag Manager & Google Analytics)
Google Tag Manager: We use Google Tag Manager by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to centrally manage tracking codes on our website. Tag Manager itself does not collect any personal data, but it loads other scripts and trackers that may do so.
Google Analytics 4 (Property G-22DEH9VLQJ): We use Google Analytics to measure reach and to optimise our website. Data collected includes the IP address (truncated), device and browser information, pages visited and interactions. The IP address is anonymised before being stored.
Data transfer to the USA: Google Ireland may transfer data to Google LLC in the USA. This is based on the EU Standard Contractual Clauses. Google is certified under the EU-US Data Privacy Framework.
Legal basis: Art. 6(1)(a) GDPR (consent via Cookiebot). You can object to data collection at any time via the cookie banner. Google's privacy policy: https://policies.google.com/privacy.
Social Media Pixels (Meta & TikTok)
Meta Pixel (Facebook/Instagram), Pixel ID 691422845595394: We use the Meta Pixel by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) to measure the effectiveness of our advertisements on Facebook and Instagram (conversion tracking) and to create target audiences for advertising (Custom Audiences). Data transmitted includes the IP address, browser information, pages visited and interactions.
TikTok Pixel: We use the TikTok Pixel by TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) to measure conversions from TikTok advertisements and to deliver targeted advertising.
Data transfers to third countries: Meta and TikTok may transfer data to servers outside the EU (in particular the USA and affiliated group companies). This is based on the EU Standard Contractual Clauses and supplementary measures.
Legal basis: Art. 6(1)(a) GDPR (consent via Cookiebot). You can object to data collection at any time via the cookie banner. Privacy policies: Meta · TikTok.
Google Fonts
This website loads fonts (Inter, JetBrains Mono) via the Google Fonts CDN operated by Google Ireland Limited. When the website is accessed, your IP address is transmitted to Google so that the fonts can be loaded by your browser.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a consistent presentation of the website). Google's privacy policy: https://policies.google.com/privacy.
Contact and Enquiry Forms
If you send us data via the contact form or one of our enquiry forms (consultation, financing, partner enquiry, training), this data is stored for the purpose of processing your enquiry. We process, among other things: name, workshop/company, e-mail address, optionally a telephone number, and your message.
Legal basis: Art. 6(1)(b) GDPR (initiation of a contractual relationship) or Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry). The data is deleted once your enquiry has been fully processed and no statutory retention periods require otherwise — at the latest after 24 months.
Online Shop & Payment Service Providers
Our shop runs on WooCommerce (Automattic Inc.) in combination with WooCommerce Germanized for DACH compliance. When you place an order, we process order data (products, quantities, price), billing and delivery address, contact details and, where applicable, your VAT ID number.
For payment processing, we pass your data on to the payment service provider you have selected:
- Stripe — Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland (credit card, SEPA, Apple Pay, Google Pay). Privacy policy: stripe.com/de/privacy
- Klarna — Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden (invoice, instalment purchase, instant bank transfer). Privacy policy: klarna.com/de/datenschutz
- PayPal — PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. Privacy policy: paypal.com/de/legalhub/privacy-full
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(c) GDPR (statutory retention obligations under the Austrian Commercial Code (UGB) and the Austrian Federal Fiscal Code (BAO) — retention period of 7 years for invoices and business correspondence).
Newsletter (Mailchimp)
If you sign up for our newsletter, we process your e-mail address and any optional details via the Mailchimp service of Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (Mailchimp is a brand of Intuit Inc.). We use the double opt-in procedure for sign-up: after registering, you will receive a confirmation e-mail; your newsletter subscription only becomes active once you have confirmed it.
Data transfer to the USA: this is based on the EU Standard Contractual Clauses. Intuit/Mailchimp is certified under the EU-US Data Privacy Framework.
Legal basis: Art. 6(1)(a) GDPR (consent). You can unsubscribe at any time via the unsubscribe link in every newsletter or by e-mail to info@autoflasher.at. Mailchimp privacy policy: mailchimp.com/legal/privacy.
Shipping Service Providers
To deliver your order, we pass your delivery address, name and, where applicable, contact details on to the shipping provider commissioned in each case (e.g. DPD, DHL, Austrian Post, GLS). The specific provider used is documented in the respective order confirmation.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Autoflasher Portal & Autofiles
The Autoflasher Portal (support and ticket system) and the file portal Autofiles are separate platforms, each with its own privacy policy. When you use these services, the notices provided there apply. Registration takes place via separate logins. We only share data between the platforms where this is necessary for the performance of the contract (e.g. linking your hardware to your portal account).
Rights of Data Subjects
Under the GDPR, you have the following rights vis-à-vis us:
- Access to the personal data processed about you (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR), provided no retention obligations require otherwise
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of consent you have given, with effect for the future (Art. 7(3) GDPR)
To exercise your rights, write to us at: info@autoflasher.at
Right to Lodge a Complaint
Without prejudice to any other legal remedies, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for Autoflasher GmbH is the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Barichgasse 40-42, 1030 Vienna
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
Web: dsb.gv.at
SSL/TLS & Storage Periods
SSL/TLS encryption: This website uses SSL/TLS encryption to protect the transmission of confidential content. You can recognise an encrypted connection by the "https://" in your browser's address bar.
Storage periods: We store personal data only for as long as is necessary for the respective purpose or as required by statutory retention periods. Business records and invoices are retained for 7 years in accordance with § 132 BAO. Log files are deleted after 14 days. Enquiry data is deleted once processed, at the latest after 24 months.
