Privacy Policy

The protection of personal data (hereinafter referred to as “data”) is important to us. We only process such data to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), “processing” refers to any operation or set of operations performed on personal data, whether or not by automated means. This includes the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, alignment or combination, restriction, erasure, or destruction.

With the following privacy policy, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. Furthermore, we inform you about the third-party components we use for optimization purposes and to enhance the user experience, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about the data controller
II. Rights of users and data subjects
III. Information about data processing

I. Information about the Data Controller

The controller for this website, as defined in data protection law, is:

Carkeymaster
Henry Derr
An d. Fohlenweide 4
67112 Mutterstadt
Германия

Телефон: +49 170 3545944
E-Mail: [email protected]

II. Rights of Users and Data Subjects

With regard to the data processing described in more detail below, users and data subjects have the right:

• to obtain confirmation as to whether data concerning them is being processed, information about the processed data, further information about the data processing, and copies of the data (Article 15 GDPR);

• to rectification or completion of incorrect or incomplete data (Article 16 GDPR);

• to the immediate deletion of their data (Article 17 GDPR), or, if further processing is necessary under Article 17(3) GDPR, to restriction of processing according to Article 18 GDPR;

• to receive the data concerning them and provided by them, and to have this data transmitted to other providers/controllers (Article 20 GDPR);

• to lodge a complaint with a supervisory authority if they believe that the processing of their personal data by the controller violates data protection regulations (Article 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom data has been disclosed about any correction, deletion, or restriction of processing that occurs in accordance with Articles 16, 17(1), and 18 GDPR, unless this proves impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Furthermore, users and data subjects have the right, pursuant to Article 21 GDPR, to object to the future processing of their personal data, provided the data is processed by the controller in accordance with Article 6(1)(f) GDPR. In particular, an objection to data processing for the purpose of direct marketing is permitted.

III. Information about Data Processing

Your data that is processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, provided that no statutory retention obligations prevent deletion and unless otherwise specified for individual processing procedures below.

1) Cookie Manager

To obtain user consent for the use of non-essential cookies on our website, we use a cookie consent manager.

When accessing the website, a cookie containing consent preferences is stored on the user’s device, so that the consent request does not have to be repeated on subsequent visits.

This cookie is necessary to ensure legally compliant user consent.

Users can prevent or stop the installation of cookies at any time by configuring their browser settings accordingly.

2) Creation of a User Account

To use certain features of our service (e.g., managing subscriptions, orders, or comments), users can create a user account.

The following personal data is collected and stored during this process:

• Username (nickname)

• Email address

• Password (stored in encrypted form)

The data is processed for the purpose of providing a personalized user experience and fulfilling contractual obligations.

Legal basis: Article 6(1)(b) GDPR (processing for contract performance).

The user account can be deleted at any time via the account settings. After account deletion, all personal data will be deleted within 30 days, provided there are no legal retention requirements.

3) Contact Inquiries / Contact Options

If you contact us via the contact form or by email, the data you provide will be used to process your request. The provision of this data is necessary in order to process and respond to your inquiry — without it, we may not be able to respond or only respond in a limited manner.

Legal basis for this processing: Article 6(1)(b) GDPR.

Your data will be deleted once your inquiry has been conclusively answered and there are no legal obligations to retain the data, such as in the case of subsequent contractual processing.

4) Newsletter

If you subscribe to our free newsletter, we will collect the data necessary for this purpose — specifically your email address, and optionally your name and postal address. Additionally, for security and verification purposes, we will store the IP address of the device used for registration as well as the date and time of your subscription.

We use the MailPoet plugin (provided by Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, IFSC, Dublin 1, Ireland) to manage and send our newsletters. MailPoet operates as our data processor and processes your data exclusively in accordance with our instructions and applicable data protection laws.

During the subscription process, we will:

• Obtain your explicit consent to receive the newsletter (double opt-in procedure),

• Inform you about the content and frequency of the newsletter,

• Refer you to this Privacy Policy.

The data collected in connection with the newsletter subscription will be used exclusively for sending the newsletter and will not be shared with other third parties.

Legal basis: Article 6(1)(a) GDPR (consent).

You may withdraw your consent at any time with effect for the future in accordance with Article 7(3) GDPR. To do so, you can either notify us directly or click the “unsubscribe” link included in every newsletter. Upon unsubscribing, your personal data will be deleted from the newsletter distribution list without undue delay, unless further retention is required by law or justified under GDPR.

5) Server Data

For technical reasons — in particular, to ensure the security and stability of our website — our hosting provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany automatically collects and stores information in so-called server log files, which your internet browser transmits to us.

This may include:

• Type and version of your web browser

• Operating system used

• Referrer URL (the website from which you accessed our site)

• Pages visited on our website

• Date and time of access

• IP address of your internet connection

This data is collected automatically, stored temporarily, and kept separate from any other personal data you may provide.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website, and these purposes are not overridden by your rights and freedoms.

Server log files are stored by IONOS for a maximum of seven (7) days, after which they are automatically deleted, unless longer storage is required for evidentiary purposes (e.g., investigating security incidents). In such cases, the data will be retained until the incident has been fully resolved.

IONOS SE acts as our data processor and processes this information solely in accordance with our instructions and applicable data protection laws.

6) Order Placement

When placing an order through our online store, we collect and process the personal data necessary to process and fulfill your order. This includes:

• First and last name

• Billing address

• Shipping address

• Email address

• Telephone number (for order and delivery communication)

• Order details (products, quantity, price, chosen payment and shipping method)

The processing of this data is carried out for the purpose of fulfilling the purchase contract and delivering the order.
Legal basis: Article 6(1)(b) GDPR (performance of a contract).

The data required for the performance of the contract will be stored for as long as necessary to fulfill contractual obligations and to comply with statutory retention periods (usually 10 years in accordance with German tax law).

7) Delivery

For the delivery of orders, we transmit your data (name, shipping address, and, where applicable, telephone number and email address) to the selected shipping service provider. Possible delivery service providers include:

• DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany — Privacy Policy: https://www.dhl.com/de-de/home/footer/datenschutz.html

• DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany — Privacy Policy: https://www.dpd.com/de/de/datenschutz/

• UPS Deutschland S.à rl & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany — Privacy Policy: https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page

• Hermes Germany GmbH, Essener Straße 89, 22419 Hamburg, Germany — Privacy Policy: https://www.myhermes.de/datenschutz

The transfer of data is carried out exclusively for the purpose of fulfilling the contract (Article 6(1)(b) GDPR).

8) Payment Processing via Stripe

8.1 What is Stripe?

We use the payment service provider Stripe, which offers online payment solutions worldwide. Depending on your location, payments may be processed by Stripe, Inc. (USA) or Stripe Payments Europe Ltd. (Ireland).

If you choose Stripe as your payment method, your payment data will be transmitted to and processed by Stripe. This privacy policy outlines what data is shared and the legal basis for integrating Stripe into our services.

Stripe enables us to manage subscriptions, including recurring payments, with a secure and efficient payment infrastructure.

8.2 Why Do We Use Stripe?

As our services are available internationally, we require a fast and secure payment solution. Stripe supports global transactions, allowing customers to use preferred local payment methods.

Stripe handles both one-time and recurring subscription payments. This allows you to subscribe, renew, or cancel your subscription with ease.

8.3 What Data Does Stripe Process?

When using Stripe, the following personal data may be collected and processed:

• Payment information (credit/debit card or bank details, amount, currency, payment date)

• Name, email address, billing and shipping addresses

• Subscription details (start date, duration, payment status)

• Transaction history (past payments, renewals, cancellations)

• Technical data from your device (e.g., IP address)

• In some cases, phone number and country of residence

Stripe uses this data for the following purposes:

• To process payments and renew subscriptions
• To prevent fraud and comply with legal obligations
• To fulfill international data protection requirements

Your data is not shared with third parties for marketing purposes. However, Stripe may share data internally, with affiliated companies, or with authorities to meet legal obligations.

8.4 Recurring Payments and Subscription Cancellation

When you purchase a subscription, Stripe automatically charges payments according to the terms of the subscription.

You may cancel your subscription at any time via your user account on our website.
After cancellation, access will remain active until the end of the already paid billing period. No further payments will be charged thereafter.

8.5 Use of Cookies by Stripe

Stripe uses cookies to identify users and secure transactions. Examples of such cookies include:

• м – Detects whether the user is accessing via PC, tablet, or smartphone (storage period: 2 years)

• __stripe_mid – Stores a session ID for the credit card transaction (storage period: 1 year)

• __stripe_sid – Stores a session ID for the payment process (storage duration: until session ends)

You can delete or disable cookies at any time via your browser settings.

8.6 Storage Location and Retention Period

Stripe stores personal data for as long as necessary to provide its services. In some cases, data may be retained longer if required by law.

Stripe may store and process data in the USA and other countries, but ensures all necessary data protection standards are met, including:

• The Рамки конфиденциальности данных ЕС и США

• Стандартные договорные условия ЕС (SCC)

8.7 Managing or Deleting Your Data

You have the right to access, correct, or delete your personal data at any time.

For privacy-related requests, you can contact Stripe directly:
https://support.stripe.com/contact/email

Our refund policy is described in our Terms and Conditions:
https://carkeymaster.de/terms_and_conditions/

You can also manage or cancel your subscription directly through your user account on our website.

8.8 Legal Basis for Processing

The processing of your data by Stripe is based on:

• Article 6(1)(b) GDPR (processing necessary for contract performance)

• Article 6(1)(a) GDPR (consent, e.g., for cookies)

• Стандартные договорные условия ЕС (SCC) ensuring compliance with European data protection standards

For more information, please refer to Stripe’s privacy policy:
https://stripe.com/en/privacy

---

9) Use of PayPal

All PayPal transactions are subject to PayPal’s Privacy Policy, which can be found here:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

---

9.1 Use of PayPal Express

We use the PayPal Express payment service provided by PayPal (Europe) S.à r.l. et Cie, S.C.A.,
22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).

Purpose of Data Processing
The purpose of the data processing is to offer you a fast and convenient payment method via PayPal Express.

What Data Is Processed?
When you access our website, PayPal automatically collects, stores, and analyzes certain data to provide the payment service. This includes:

• Your IP address

• Device type

• Operating system

• Browser type

• Device location (if enabled)

PayPal may use cookies to recognize your browser and optimize the use of PayPal Express.

Legal Basis for Processing

• The setting of cookies is based on Article 6(1)(f) GDPR, representing our legitimate interest in providing a secure and user-friendly payment solution.

• The transmission of your payment data to PayPal is based on Article 6(1)(b) GDPR, as it is required for the performance of the contract.

---

9.2 Your Right to Object

You have the right to object to the processing of your personal data based on Article 6(1)(f) GDPR at any time, provided there are grounds relating to your particular situation.

---

Further Information

For more detailed information about how PayPal processes personal data, please refer to their privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

10) Payment via Klarna

If you choose payment via Klarna, the payment will be processed by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. In order to process your purchase and payment, certain personal data will be transmitted to Klarna. This may include, in particular:

• First and last name

• Платежный адрес и, если отличается, адрес доставки

• Email address

• Номер телефона

• IP-адрес

• Order details (items, invoice amount, taxes, currency, and payment method)

• Payment history and credit data, if applicable

The transmission of this data takes place in order to verify your identity, to process your payment, and, if necessary, to assess your creditworthiness. Klarna may carry out a credit check using external credit agencies.

Legal basis: Статья 6(1)(b) GDPR (обработка данных, необходимая для исполнения договора) и, в случае проведения проверки кредитоспособности, статья 6(1)(f) GDPR (наш и Klarna законный интерес в предотвращении мошенничества и обеспечении безопасности платежей). Если для определённых проверок требуется согласие, применяется статья 6(1)(a) GDPR.

Klarna acts as an independent controller for this data processing. Klarna’s privacy policy, which also explains the credit agencies used, can be found at:
https://www.klarna.com/privacy/

Your personal data will be stored as long as necessary for the processing of the payment and in accordance with statutory retention periods.

11) Contact via WhatsApp

We offer users the option to contact us via the messaging service WhatsApp, provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland — a subsidiary of Meta (Facebook).

When users communicate with us via WhatsApp, both we and WhatsApp receive the user’s mobile phone number and the information that the user has initiated contact.

This data may also be transferred to Facebook servers in the United States and is processed by WhatsApp and Facebook in accordance with the WhatsApp Privacy Policy. This includes processing for their own purposes, such as improving the WhatsApp service.

Note on Data Transfers to the U.S.

From the perspective of European data protection authorities, the U.S. currently does not offer an adequate level of data protection.

Although Standard Contractual Clauses (SCCs) are in place (see:
https://faq.whatsapp.com/general/about-standard-contractual-clauses),
these are private contractual arrangements and do not prevent U.S. authorities from accessing personal data stored by U.S.-based companies.

Для получения дополнительной информации

Details regarding the purpose and scope of data collection, further processing by WhatsApp and Facebook, as well as user rights and privacy settings, can be found in WhatsApp’s privacy policy:
https://www.whatsapp.com/legal/#privacy-policy

Legal Basis for Processing

• If the contact is made in connection with a contractual relationship or its initiation, the legal basis for processing is Article 6(1)(b) GDPR.

• If the contact is made outside such a context, the legal basis is Article 6(1)(f) GDPR — our legitimate interest lies in improving customer service and communication.

12) Geolokalisierungs-Cookie

Our online store uses a geolocation feature to automatically determine the visitor’s country. This ensures that country-specific content, prices, and legally required tax rates are displayed correctly.

For this purpose, a strictly necessary session cookie (woocommerce_geo_hash) is set. This cookie stores an anonymous identifier solely to retain the determined country during the visitor’s session, so the information does not need to be recalculated on every page load.

The cookie does not store the full IP address, personal names, contact details, or any other directly identifiable personal information. It is not used for marketing, tracking, or analytics purposes.

The cookie is strictly necessary for the operation of our online store and is therefore set without prior consent.
Legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (our legitimate interest in providing a functional and user-friendly website).

13) Cloudflare Trustline

Our website uses Cloudflare Trustline, a service provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA), to improve the security and performance of the website. In this process, personal data (e.g., IP addresses) may be processed by Cloudflare and transferred via servers outside the EU.

Cloudflare acts as a processor in accordance with Art. 28 GDPR. A corresponding data processing agreement has been concluded. Processing is carried out on the basis of Art. 6 (1) (f) GDPR (legitimate interest in a secure and high-performance website). Further information on Cloudflare’s privacy policy can be found at: https://www.cloudflare.com/de-de/privacypolicy/

14) OpenStreetMap

Our website uses OpenStreetMap (OSM), a service provided by the OpenStreetMap Foundation (St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom), to display interactive maps. For this purpose, data such as your IP address and browser information may be transmitted to OSM servers.

The processing is based on Art. 6 (1) (f) GDPR (legitimate interest in a user-friendly and visually enhanced presentation of our website). Further information on OpenStreetMap’s privacy policy can be found at: https://wiki.osmfoundation.org/wiki/Политика_приватности

15) Note on Data Transfers Outside the EU

In individual cases, data may be processed outside the European Union when using third-party services. This will only take place if the specific requirements of Articles 44 et seq. GDPR are met.