Privacy Policy

1. Introduction

This privacy policy informs you in accordance with Art. 13 and 14 GDPR about the nature, scope and purpose of the processing of personal data (hereinafter "data") within our online offering, in particular our B2B online shop on the Shopify platform, as well as the associated websites, functions, content and external online presences.

The terms used, such as "processing" or "controller", correspond to the definitions in Art. 4 GDPR.

2. Controller

Urban Parts GmbH Eiserne Hand 7 35305 Grünberg Germany

Email: info@urban.parts

Managing Directors: Steffen Urban, Martin Helmus, Heinz Helmus

Legal Notice: https://umreifungsmaschinen-ersatzteil.de/impressum/

Data Protection Contact: info@urban.parts

A data protection officer has not been appointed as there is no legal obligation to do so.

3. Types of Data Processed

  • Master data (e.g. company name, contact person, address)
  • Contact data (e.g. email address, telephone number)
  • Contract data (e.g. subject matter of contract, duration, customer status)
  • Payment data (e.g. invoice data, payment status)
  • Content data (e.g. text entries in forms)
  • Usage data (e.g. pages visited, access times)
  • Meta and communication data (e.g. IP address, device information)
  • Credit rating data (for purchase on account)

4. Categories of Data Subjects

  • Business customers (B2B)
  • Prospects
  • Registered users
  • Website visitors
  • Suppliers and business partners

5. Purposes of Processing

  • Provision and operation of the online offering
  • Processing of orders and contracts
  • Management of customer accounts
  • Communication with customers and prospects
  • Credit check for purchase on account
  • Security, abuse and fraud prevention
  • Analysis, optimization and economic operation of the online offering
  • Fulfillment of legal obligations
  • Art. 6 (1) lit. b GDPR – Contract fulfillment / pre-contractual measures
  • Art. 6 (1) lit. c GDPR – Legal obligations
  • Art. 6 (1) lit. f GDPR – Legitimate interest (e.g. IT security, analysis, credit check)
  • Art. 6 (1) lit. a GDPR – Consent (e.g. cookies, marketing)

7. Hosting & Platform Operation (Shopify)

Our online shop is operated via Shopify Inc., 151 O'Connor Street, Ottawa, Ontario K2P 2L8, Canada.

Shopify processes personal data on our behalf as a processor in accordance with Art. 28 GDPR.

Data transfer to third countries (in particular Canada and the USA) cannot be excluded. Canada is considered safe under data protection law due to an adequacy decision by the EU. For transfers to the USA, Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR are used.

Shopify Privacy Policy: https://www.shopify.com/legal/privacy

8. Customer Account / Registration (B2B)

Business customers can create a customer account. We process in particular:

  • Company data
  • Contact person
  • Login data (email address, password – encrypted)

Processing is carried out for contract performance in accordance with Art. 6 (1) lit. b GDPR.

Customer accounts are not publicly visible. After termination of the customer account, data will be deleted unless statutory retention obligations exist.

9. Order Processing & Payment Processing

For order processing, we process the data necessary for contract fulfillment.

Available Payment Methods:

Prepayment / Bank Transfer Your order will be processed as soon as the transfer has been received in our account. For transfers from abroad, the buyer bears all applicable fees.

Purchase on Account Payment within 10 days without deductions. A credit check is carried out for orders on account (see section 9a).

PayPal Payment via PayPal. A PayPal account is required. PayPal Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

Credit Card (via PayPal) Credit card payment is processed via PayPal. A PayPal account is not required.

Legal basis: Art. 6 (1) lit. b GDPR.

9a. Credit Check for Purchase on Account

For orders on account, we carry out a credit check. By selecting this payment method, you consent to the credit check.

Your data (name, address, date of birth if applicable) will be transmitted to an external credit agency. This agency provides us with information on creditworthiness and a score value for assessing the risk of payment default.

Credit Agency: [INSERT PROVIDER HERE - e.g. Creditreform, SCHUFA, Boniversum, Bürgel etc.] [Provider address] [Link to provider's privacy policy]

In case of negative credit indicators, we reserve the right to withdraw from the purchase contract and offer you prepayment as an alternative.

Legal bases:

  • Art. 6 (1) lit. b GDPR (contract initiation)
  • Art. 6 (1) lit. f GDPR (legitimate interest in payment security)

10. Contact

When contacting us (e.g. by email or form), the information provided will be processed to handle the inquiry.

Legal basis:

  • Art. 6 (1) lit. b GDPR (contractual)
  • Art. 6 (1) lit. f GDPR (general inquiries)

Our website uses cookies and similar technologies.

The use of non-technically necessary cookies (e.g. analysis, marketing) only takes place after consent via the Shopify Cookie Banner in accordance with Art. 6 (1) lit. a GDPR.

Technically necessary cookies are used on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR.

12. Web Analytics

We reserve the right to use web analytics tools (e.g. Google Analytics 4) in the future. In this case, processing will only take place with your prior consent in accordance with Art. 6 (1) lit. a GDPR.

If web analytics tools are activated, we will inform you here about the specific provider and data processing.

13. Integration of External Content

When integrating external content (e.g. videos, maps), the IP address of users may be transmitted to third-party providers.

Integration only takes place after consent or on the basis of legitimate interests.

14. Security Measures

We take technical and organizational measures in accordance with Art. 32 GDPR to ensure an appropriate level of protection.

15. Rights of Data Subjects

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7 (3) GDPR)

16. Right to Lodge a Complaint

Competent supervisory authority:

The Hessian Commissioner for Data Protection and Freedom of Information https://datenschutz.hessen.de/

17. Deletion & Retention

Data will be deleted as soon as the purpose ceases to apply and no statutory retention obligations exist. Commercial and tax retention periods remain unaffected.

18. Changes to the Privacy Policy

We reserve the right to adapt this privacy policy to comply with legal or technical changes.

Last updated: Dez. 2025