PRIVACY AND COOKIE POLICY

I. Definitions and general information

Website – means the following website: https://jp-motorsport.com/.

User – means any person visiting the Website on a computer, tablet, mobile phone or a different mobile device, using the Internet.

Controller – the Controller of personal data is JP Motorsport Management GmbH, seated in 22149 Hamburg, address: Liliencronstr. 79, reg. (tax identification number) HRB 160974.

Profiling – means a form of automated processing of personal data which uses the personal data to evaluate certain personal aspects relating to a natural person, specifically, to analyze or make predictions about a natural person’s individual preferences and interests.

II. Legal basis for and purpose of processing of User’s data

1. Personal data collected by the Controller are processed based on the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

2. The Controller processes only the personal data which the User provided while using the Website. Personal data provided by the User are processed for the following purposes:

1. Execution and performance of a sale contract (scope of data: name, surname, country, address, telephone number, e-mail address) – based on point (b) of Article 6(1) of GDPR, owing to the fact that processing is necessary for the performance of a contract to which the data subject is party;
2. Exercise of payment claims (scope of data: name, surname, address, delivery address, e-mail address, telephone number, any other data necessary to prove a claim or safeguard rights) – based on point (f) of Article 6(1) of GDPR, owing to the fact that processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party;
3. Compliance with legal obligations to which the Controller is subject in respect of its business operations (scope of data: any data provided by the User) – based on point (c) of Article 6(1) of GDPR, owing to the fact that processing is necessary for compliance with a legal obligation to which the Controller is subject;
4. Promotion of products or services, including the production of a newsletter (scope of data: name, surname, address, e-mail address, telephone number) – based on a separate consent [point (a) of Article 6(1) of GDPR]; 
5. Sending commercial information through electronic means – based on a separate consent [point (a) of Article 6(1) of GDPR].

3. When shopping on the Website, the User is provided with information referred to in Article 13(1) and (2) of GDPR and can give his/her consent for the collection and processing of his/her personal data by the Controller in the manner and for the purposes described in the consent and this policy. Providing the above data is voluntary, yet necessary in order to register with and shop on the Website.

4. The only data required to browse the Website are the information collected automatically as connection parameters.

III. Lawfulness of processing and use of appropriate safeguards

1. Personal data are processed by the Controller lawfully, collected for specified, legitimate purposes and are not further processed in a manner that is incompatible with those purposes. The collected personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The Controller does not process personal data of special categories.

2. The Controller endeavors to protect personal data of the User against unauthorized access by third parties and, to that end, uses organizational and technical measures ensuring a high level of protection. The Controller does not release personal data to any recipients who are unauthorized to receive them in accordance with mandatory legal regulations. The Controller may entrust the processing of personal data to a different entity under a written agreement. Personal data may be released only to entities which are authorized to received them in accordance with mandatory legal regulations.

3. The Controller uses security measures to protect servers, connections and the Website. Where the User selects the electronic payment option, all connections related to electronic payments will use a secure and encrypted protocol SSL. The measures we take may prove insufficient, though, if the User fails to exercise caution. Specifically, the User is advised to keep his/her login and password for the Website safe and refrain from disclosing them to third parties. The User will not be requested to provide his/her login or password, except when logging in on the Website. In order to prevent unauthorized use of the account, the User should log out after using the Website.

IV. Automated processing of personal data (Profiling)

1. The Controller is authorized to use Profiling in order to provide the User with tailored and personalized services offering best prices and execute and perform the contract between the data subject and the Controller, upon the data subject’s explicit consent. 

2. In the case of data processing for direct marketing purposes, including Profiling, processing on the grounds of the Controller’s legitimate interests, processing for scientific or historical research purposes or statistical purposes, data subjects will have the right to object on grounds relating to their particular situation. The Controller will not make any decisions which are based solely on automated processing, including Profiling, and significantly affect the data subject. The Controller implements suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express his/her point of view and to contest the decision based on automated data processing.

V. Duration of personal data processing

1. Personal data will be processed:

1. for a length of time necessary to perform contracts executed through the Website, also after the contracts are performed, where the parties exercise their rights resulting from the contract or take steps to exercise payment claims (if any), until the claims become time-barred;
2. until the User withdraws his/her consent or objects to data processing, where the User’s personal data is processed based on a separate consent.

2. The Controller will store the User’s personal data also when it will be necessary for compliance with legal obligations to which it is subject, dispute resolution, exercise of payment claims against the User as well as ensuring security and preventing fraud and other wrongdoing.

VI. User’s rights

1. The Controller will make it possible for the User to exercise the rights referred to in subsection 2 below. In order to exercise his/her rights, the User should send an e-mail with the relevant request to the following address: office@jp-motorsport.com.

2. The User has the right to:

1. access the data – based on Article 15 of GDPR,
2. rectify/update the data – based on Article 16 of GDPR,
3. erase the data – based on Article 17 of GDPR,
4. restrict data processing – based on Article 18 of GDPR,
5. data portability – based on Article 20 of GDPR,
6. object to data processing – based on Article 21 of GDPR,
7. withdraw his/her consent at any time; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal – based on Article 7(3) of GDPR,
8. lodge a complaint with a supervisory authority – based on Article 77 of GDPR.

3. The Controller will attend to the request made without delay, yet no later than within a month from receiving it. However, if the complexity of the request or the number of requests made makes it impossible for the Controller to attend to the User’s request within the above deadline, the Controller will notify the User of the intended deadline extension and set a new deadline, which will not be longer than 2 months.

4. The Controller will communicate any rectification or erasure of personal data or restriction of processing carried out upon the User’s request to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

VII. Personal data release

1. For the purpose of performing a contract, the Controller may release data collected from the User to the following entities: parcel delivery companies, online payment service providers and the accounting firm handling the Controller’s accounts.

2. In the cases referred to above, data released are limited to what is necessary for the purpose for which they are released. Moreover, the User’s personal information may be made available to the competent public authorities, if applicable legal regulations so require.

3. Personal data processed will not be made available externally to any other entities in a form allowing for any identification of the User, unless the User has given his/her consent for the release.

4. The User’s personal data will not be released to counties outside the European Economic Area.

VIII. Cookies and their use

1. When the User visits the Website, small files, mainly text files, are placed on the User’s device (“cookies”). The files contain information which enable the site to remember login data, last selected products and products placed in the User’s shopping cart. In addition, cookies make it possible to collect statistical information referred to in subsection 2 below. 

2. Cookies do not contain any identifying information regarding the User, which means that none of them can be used to identify him/her. The files used on the Website are harmless to the User and the device, and do not interfere with the software or settings of the device.

3. Cookies do not affect the operation of the User’s computer and may be disabled.

4. Thanks to cookies:

1. the User’s session state is maintained (after logging in), which means that the User’s login and password are remembered from page to page of the Website;
2. it is possible to create statistics regarding the traffic on the Website pages.

5. Generally, browsers allow cookies to be saved by default.
6. If the User does not wish to have cookies saved on his/her device, he/she may opt out by changing the settings of his/her browser.
7. Disabling the cookies may take two forms:

1. cookies are not saved on the User’s device,
2. the User is informed each time a cookie is saved on his/her service; cookies are deleted after the User leaves the Website.

8. To select the option that will be best suited to the User, he/she should read cookies management information which are usually available in the “Settings” or “Help” sections of the browser.

9. In the case where cookies are necessary for the operation of the Website, disabling them may impair the functionality of the Website.

10. The browser settings of your device should allow cookies to be saved and should allow you to consent by clicking “ok” in the window that appears after entering the Website with the information: “This website uses cookies to provide services at the highest level. By continuing to use the website, you agree to their use – these files will be saved on your end device.

IX. Modification of privacy and cookie policy

1. The Controller is authorized to modify this policy. Each modification will be communicated to the User to allow him/her to read the modified policy before it becomes effective, e.g., through publication of relevant information on the Website’s main pages or, in the case of material modifications, also e-mail message sent to the address provided by the User.

2. If the User has any concerns about the modifications introduced, he/she may request that his/her account on the Website be deleted. If the User continues to use the Website after relevant information is published or e-mail message sent, he/she gives consent to the collection, use and release of personal data in accordance with the updated version of the policy.

3. This policy will not affect any rights held by the User based on applicable legal regulations.