In the following, we inform you about the processing of personal data in connection with the use of our online services.
1. General
1.1. Responsible party
Fastparts ehf.
Hyrjarhöfða 3
110 Reykjavík
Еmail: ice@fastparts.is
1.2. Purposes and legal basis of processing
In the course of our business activities, we process personal data of various data subjects (e.g. website users, interested parties, and customers). We will inform you of the purposes and legal basis, as well as further details of the respective processing in order of the different processing situations in the lower part of this privacy policy.
1.3. Recipient
Depending on the processing situation, your personal data may be processed not only by the controller, but also by third parties. Possible recipients include, in particular, order processors (e.g. web hosting, software providers and other technical service providers), shipping service providers and third-party providers of online services and content. Disclosure may also be made in connection with official enquiries, court orders, and legal proceedings if it is necessary for legal prosecution or enforcement. For details, please refer to the notes on the respective processing, if applicable. Recipients within the meaning of the GDPR are also the subsidiaries belonging to the Fastparts ehf.
1.4. Third country transfer
We use services whose providers are partly located or process personal data in so-called third countries (outside the European Union or the European Economic Area), i.e. countries where the level of data protection does not correspond to that in the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union. Where this is not possible, we will base the transfer of data on the exceptions in Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.
1.5. Storage period
Personal data will be kept for as long as is necessary for the purpose for which it was collected, for as long as we are required by law to retain it, or for as long as is necessary for other legal reasons.
1.6. Rights of data subjects
You have the right to obtain information about the data stored about you, including any recipients and the intended storage period, in accordance with Art. 15 GDPR. If the processed data is not (or is no longer) correct, you have a right to rectification (Art. 16 GDPR). If the relevant legal requirements are met, you may request the deletion (Art. 17 GDPR) or restriction (Art. 18 GDPR) of the processing as well as object to the processing (Art. 21 GDPR). If you believe that the processing of personal data concerning you is in breach of data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice (Art. 77 GDPR).
1.7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR. We will then no longer process your personal data unless there are compelling legitimate reasons worthy of protection that outweigh your interest in protection, or the processing serves the assertion, exercising, or defence of legal claims. You may object at any time, without giving reasons, to the processing of your data for the purposes of direct marketing and to any profiling that may be associated with it.
2. Processing situations
2.1. Website use
Our internet offers serve to provide information about our company and our services, to conclude or enter into contractual relationships, and to communicate and interact with our customers and interested parties. We also process personal data for the aforementioned purposes. The scope and legal basis of the data processing depends on the services requested by the user, the relevant browser configuration, and the scope of any consent given.
Web technologies (Cookies and similar technologies)
In order to improve communication and interaction with our customers as well as to optimise the user experience, we use various software solutions and web technologies, including tools for web analysis and marketing provided by third parties as well as services for the integration of third-party content, such as fonts, maps, or videos. Analytics tools are used to collect, measure and analyse data points such as visitor numbers, visitor sources, pages visited, time spent on the website, or scroll depth. Marketing tools enable targeted control and evaluation of marketing activities (advertising campaigns, affiliate advertising, multichannel analysis). For ePrivacy and data protection reasons, the use of such tools often requires the respective user's consent. We use a so-called consent management tool to obtain and manage the necessary consents in accordance with Art. 6 (1) sentence 1 lit. a GDPR and, if applicable, Section 25 (1) TTDSG (see the following section). Detailed information about the subject and scope of the relevant consents and the data processing based on them will be provided to you directly via the consent management tool. Insofar as consent is not required, personal data processing is carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR for the purposes described, which at the same time represent the interests pursued by us or our partners ("necessary services"). The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.
Consent management tool
For the purpose of consent management, we use a consent management tool ("CMT"). You can access the CMT at any time here or by clicking on the link "Cookie settings" in the footer of the website. When you access our website, a CMT cookie is set, which is used to store the consent given for the individual services and to control the corresponding activation or deactivation of the respective functionalities. The CMT is used to obtain the necessary consents and to document them in accordance with our obligation to provide evidence. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR. The collected data is stored until you delete the cookie. Details on data processing by the CMT can be found in the tool’s user interface.
Google Tag Manager
Our website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager is used to manage tracking tools and other services, so-called website tags. The Google Tag Manager does not require the use of cookies. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in a straightforward manner You can find more information here.
Criteo In the context of shared responsibility within the meaning of Article 26 of the GDPR, we use services provided by Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo") to collect information about user behaviour (e.g. products you have viewed, added to your shopping cart or purchased) in a purely anonymous form in order to improve our advertising offering. Within the framework of the contract with Criteo, we determine the scope of the respective advertising campaign. The implementation of this advertising campaign, including the decision about which ads are delivered where, is then the responsibility of Criteo.
2.2. Customer management, direct marketing
For the purpose of central management of sales-relevant contact and marketing information within the Fast Parts ehf., we use a so-called customer relationship management system ("CRM"). Data managed in CRM includes both existing customer contacts and registered website users, including newsletter subscribers and other marketing contacts.
Customer/User profiles
The CRM enables us to collate and analyse marketing information from multiple sources to optimise our marketing strategy and targeted direct mail. This may include the creation and analysis of customer or user profiles to determine which products and services are most popular and to tailor marketing campaigns to individual interests. In addition to existing operational customer data, the data generated through our online offerings (e.g. landing pages, contact forms) is also processed in the CRM. In addition, there may be data from e-mail and social media marketing (e.g. opening rates, referral paths, etc.). Our aim is to make the sales and marketing efforts of the various business units within the Fastparts ehf. efficient and targeted, and to coordinate them across divisions. For this purpose, we process (also with the help of service providers) the relevant CRM data in accordance with Art. 6 (1) sentence 1 lit. f GDPR on the basis of a balancing of interests.
Consent management (e-mail advertising)
Another component of our CRM is consent management. Pursuant to Section 7 (2) Nos. 1 and 2 UWG, certain direct advertising measures, in particular e-mail or telephone advertising to consumers, are only permitted on the basis of prior express consent. If and insofar as you give us advertising consent within the scope of our Internet offers (e.g. when registering for the newsletter), we document and store the information required for proof ( Art. 7 para. 1 GDPR and, if applicable, § 7a UWG) on the basis of Art. 6 para. 1 p. 1 lit. c GDPR. In the event of revocation of consent, we will retain the evidence for documentation purposes pursuant to Art. 6 (1) S. 1 lit. f GDPR until expiry of the statutory limitation periods. This serves our interest in any legal defence that may be necessary. The same applies to the documentation of advertising objections, which we also store in a blacklist for e-mail delivery to ensure that no advertising is sent to recipients who expressly do not wish to receive it.
(Personalised) direct mail and newsletters
If consent has been given (e.g. for shopping basket reminders or opinion and satisfaction surveys),data processing for the purposes covered by the consent is carried out on the basis of Art. 6 par. 1 lit. a GDPR. Irrespective of any consent requirements, we process personal data from our CRM and, where applicable, from other sources (including service providers) for the purposes of targeted and, where applicable, personalised delivery, and design of direct mail. The legal basis for the processing in pursuit of our advertising interests is Art. 6 para. 1 p. 1 lit. f GDPR. On our website, you have the option of subscribing to a free and regular newsletter, which contains, among other things, information tailored to you, news about our products, and current special offers. To subscribe to our newsletter, we use the double opt-in process, which means that we will only send you the newsletter by e-mail if you click on a link in our notification e-mail to confirm that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration, and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletter and to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. Notification to the contact details above or in the newsletter (e.g. by e-mail or letter) is also sufficient. The legal basis for the processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR. The logging of the registration process takes place on the basis of our legitimate interests according to Art. 6 para. 1 p. 1 lit. f GDPR for the purpose of proving consent. In order to determine when our e-mails are opened and how they are used, we record and analyse the interactions with the newsletter and the access data (e.g. opening rate or click rate) using standard market technologies. For this purpose, our e-mails include web beacons. These are small image files loaded by our website that allow us to determine when an e-mail has been opened by you. We also learn which of the links in the e-mail you click on. We use this access data to continually improve our services, content, customer communications, and for statistical purposes. We also use this information to better understand what content and products interest you so that we can provide you with the most relevant content in the future. As part of your registration to receive our promotional e-mails, we also ask for your consent to personalise our e-mails to your needs and interests based on the data we store about you across devices, such as your access data, account information if applicable, and your shopping history (orders, returns, unfinished orders). The legal basis for this is your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. The access data (opening and click data) are only stored anonymously. A separate revocation regarding the described analysis of your access data and the creation of a personalised usage profile is not possible. However, you can configure your e-mail program to display e-mails in text format rather than HTML. This prevents image and graphics files from being displayed, so that tracking is not possible. In this case, the newsletter will not be displayed in its entirety and you may not be able to use all of its features. If you do not want us to analyse your access data or create a personalised usage profile of you, you can withdraw your consent to receive personalised e-mail advertising at any time as described above. Existing customer advertising
Please note that consent for mailing and tracking is not required for postal advertising and existing customer advertising by e-mail under the conditions of Section 7 (3) UWG. Data processing on the basis of legitimate interest pursuant to Art. 6 (1) p. 1 lit. f GDPR may therefore also take place in connection with e-mail marketing and postal advertising if you have not given your consent to advertising or have revoked any consent given to us. You may object to the use of your data for advertising purposes on the basis of our legitimate interest at any time by using the corresponding link in the e-mails or by notifying us at the above contact details (e.g. by e-mail or letter) without incurring any costs other than the transmission costs according to the basic rates.
Contact via SMS and telephone by Fastparts ehf.
Provided you have given your consent and have entered your mobile number and/or telephone number in your customer account, we will contact you by phone or SMS for satisfaction surveys, special offers and promotions, to inform you about products and statistical purposes. You can revoke your consent at any time with effect for the future by notifying the above contact details (e.g. by e-mail or letter). If you give us your consent at the beginning of the call, we will then record the conversation. We will store the information provided during the call for the training of our customer service staff and for the quality assurance of our call centre and will normally delete it after three months unless a longer retention period is required by law or for evidence purposes. We may retain the recording for up to three years for evidence purposes (e.g. conclusion of a sales contract). Your consent is the legal basis (Art. 6 Para. 1 S. 1 lit. a GDPR) for the recording of the conversation and its evaluation.
Surveys and competitions
If you participate in one of our surveys, we will use your data for market and opinion research. We do anonymised analysis of the data for internal purposes only. If, in exceptional cases, surveys are not evaluated anonymously, the data will only be collected and processed with your consent (Art. 6 para. 1 p. 1 lit. a GDPR). In the context of competitions, we use your data for the purpose of conducting the competition and for prize notification. More detailed information can be found in the terms and conditions of the relevant competition. The legal basis for the processing is the competition contract pursuant to Art. 6 para. 1 p. 1 lit. b GDPR.
2.3. Contact
If you contact us via our contact forms or by e-mail, we regularly process your personal data (also with the help of service providers) in order to respond to your enquiry or to process your request on the basis of Art. 6 (1)(1)(f) GDPR, to protect the fundamental interests of our business, in particular our corporate communications. Contract-related communication which is necessary for the implementation of a contractual relationship concluded with you or within the scope of pre-contractual measures based on your enquiry is also carried out on the basis of Art. 6 para. 1 p. 1 lit. b GDPR.
You can also contact us by telephone. If you give us your consent at the beginning of the call, we will record the conversation. We will store the information provided during the call for the training of our customer service staff and for the quality assurance of our call centre and will normally delete it after three months unless a longer retention period is required by law or for evidence purposes. We may retain the recording for up to three years for evidence purposes (e.g. conclusion of a sales contract). Your consent is the legal basis (Art. 6 Para. 1 S. 1 lit. a GDPR) for the recording of the conversation and its evaluation.
2.4. Customer account
On our website, we offer users the opportunity to create a customer account or register for our login area in order to use the full functionality of our website. Registration for a user account constitutes a contract for the use of an account for theFast Parts ehf. and, with the corresponding registration. The data collected is used to grant the user access to the platforms and their services. We have highlighted the information you must enter by marking it as mandatory. The registration information is used to process orders in our online shop and to create a customer account. Registration is not possible without this information. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
2.5. Ordering process
If you place an order, we may collect information in addition to that provided during registration that is necessary to process the order.
You may provide optional details such as telephone and fax numbers so that we can contact you by these means in the event of queries or to request payment by telephone in the event of non-payment after the due date and written reminder, if this is necessary and we cannot contact you by other means. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
2.6. Payment service provider
You can choose from a variety of payment service providers and payment methods to make your payment, including prepayment, PayPal, and invoice. For this purpose, data directly related to payment processing, such as billing addresses, IBAN, BIC and preferred payment method, may be transmitted to these service providers. For the purpose of verifying payments, e.g. for the release of purchased goods, we receive corresponding payment information from the payment service providers. We also receive master data and financial information from payment service providers as part of any identity check required by law. Unless you have given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, the legal basis for the transfer of data to the payment service providers in the context of contract processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing is necessary for the execution of the contract and the processing of the order.
For the legal basis and further details of the data processing carried out by the payment service providers under their own responsibility, please refer to the data protection information of the respective payment service provider. Please note that the most effective way to enforce your privacy rights is to contact your Payment Service Provider, as only they have access to the data and can take direct action.
2.7. Sanctions comparison
In order to comply with our obligations under EU anti-terrorism legislation, we cross-check against the sanctions lists maintained and published by the EU. The legal basis is Art. 6 para. 1 p. 1 lit. c GDPR as well as our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f GDPR in checking whether the business relationship violates § 134 BGB and in avoiding sanctions.
We do this by checking your name and delivery address against the latest sanctions lists when you place an order. If there is a positive match, we verify the result manually. If the manual check does not lead to a clear negative result, we will contact you and, if necessary, request further information from you for matching purposes (in particular a copy of your ID showing your nationality, date of birth and place of birth). We will delete copies of ID cards immediately after manual verification. During the check, your order will be temporarily placed on hold. If the result of the check is negative, the order will continue to be processed. If the result of the check is a match with a sanctions list entry, we will notify you and give you the opportunity to comment. We will then decide whether or not to establish or continue a business relationship with you.
3. Online presence on social networks
We maintain online presences in social networks in order to communicate with customers and interested parties, among others, and to provide information about our products and services. Users' data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on users' interests. For this purpose, cookies and other identifiers are stored on the users' computers. Based on these usage profiles, advertisements are then placed, for example, within the social networks, but also on third-party websites. As part of the operation of our online presences, we may have access to information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed through them. Details and links to the social network data to which we have access as the operator of the online presence can be found in the list below.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR, based on our legitimate interest in effectively informing and communicating with users, or Art. 6 para. 1 p. 1 lit. b GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties. For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection information of the respective social network. The following links will also provide you with further information about the respective data processing and the options to object. We would like to point out that the most effective way to address privacy concerns is to contact the social network provider, as only they have access to the data and can take direct action. Below is a list of information about the social networks on which we have an online presence:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Operation of the Facebook fan page under joint responsibility on the basis of an Agreement on joint processing of personal data (so-called Page Insights Supplement regarding the responsible party);
- Information on the processed site insights data and the contact option in the event of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data ;
- Privacy Policy: https://www.facebook.com/about/privacy/
- Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com .
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Privacy policy: https://help.instagram.com/519522125107875
- Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- Privacy Policy: https://policies.google.com/privacy
- Opt-Out: https://www.google.com/settings/ads
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
- Privacy Policy: https://twitter.com/de/privacy
- Opt-Out: https://twitter.com/personalization
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Operation of the LinkedIn company page under joint responsibility on the basis of a Agreement on the joint processing of personal data (so-called Page Insights Joint Controller Addendum);
- Information on the processed site insights data and the contact option in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
- Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Xing/Kununu (XING SE, Dammtorstraße 30, 20354 Hamburg)
- Privacy Policy/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung .
- Pinterest (Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland)
- Privacy policy: https://policy.pinterest.com/en/privacy-policy
- TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380 Ireland)
- Privacy Policy/Opt-Out: https://www.tiktok.com/legal/privacy-policy?lang=en
4. Data Protection Officer
You can contact our data protection officer at:
Data Protection Officer
Fastparts ehf.
Hyrjarhöfða 3
110 Reykjavík
Еmail: ice@fastparts.is