Loading...
We are pleased that you are interested in the website of Evoparts24 GmbH (hereinafter: "Evoparts24"). Protecting your personal data during its collection, processing, and use when you visit our website is very important to us. We comply with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Digital Services Act (DDG), and any other applicable data protection regulations.
The Evoparts24 website (www.evoparts24.com) can generally be used without providing personal data (e.g., name, address, email address, or telephone number). However, if you wish to use special services via our website—such as registration, ordering, or contacting us—the processing of personal data may be necessary. In these cases, we will obtain your consent beforehand, unless there is a legal basis for doing so.
This privacy policy informs you about the type, scope and purpose of the collection, processing and use of personal data by Evoparts24, as well as about your rights under applicable data protection regulations.
We have implemented extensive technical and organizational measures to ensure the most comprehensive possible protection of personal data processed via this website. However, absolute protection cannot be guaranteed for internet-based data transmissions, so a certain residual risk of technical security vulnerabilities remains. Therefore, you always have the option of transmitting your personal data to us via alternative means, such as by telephone or mail.
In this privacy policy, we use the terms that are also used in the GDPR. These include, among others, the following terms:
The controller responsible for processing the data collected via the website www.evoparts24.com is:
Evoparts24 GmbH
At Hans Teich 12
51674 Wiehl
Phone: 015754272024
Email: info@evoparts24.com
Website: www.evoparts24.com
Represented by the management:
Daniel Brauer, Eugen Brauer, Friedrich Brauer
Evoparts24 has not appointed a legally required data protection officer, as the requirements of Art. 37 GDPR in conjunction with § 38 BDSG are not met.
If you have any questions about data protection, you can contact the data controller named in section 2 of this privacy policy at any time.
According to Article 6(1) GDPR, our processing of personal data is lawful if at least one of the following conditions is met:
When you access our website, the web server automatically collects and stores information in so-called log files:
The processing is carried out to ensure technical operation, system security, and error analysis (Art. 6 para. 1 lit. f GDPR). This data will not be combined with other sources.
We generally process and store personal data only for as long as it is necessary to achieve the respective processing purpose. As soon as the purpose ceases to apply, the data is routinely deleted, unless its (temporary) further processing is required for legal or organizational reasons.
After the respective processing purpose ceases to exist or the statutory periods expire, the corresponding data are routinely deleted or blocked, unless they are still required for contract fulfillment, contract initiation or to safeguard legitimate interests.
The duration of the statutory retention periods depends in particular on:
Furthermore, if legal claims exist against Evoparts24 or third parties, the data may be stored until the expiry of the regular limitation period pursuant to Sections 195 et seq. of the German Civil Code (generally three years from the end of the calendar year), insofar as it is necessary for the assertion, exercise or defense of such claims.
Data processed on the basis of consent (e.g. newsletter data ) will be stored until this consent is revoked, unless a legal obligation or a legitimate interest justifies longer storage.
Anonymized or aggregated data that no longer contain any personal information can be stored permanently for statistical or technical evaluation.
We use SSL encryption to protect your transmitted data as effectively as possible. You can recognize such encrypted connections by the "https://" prefix in your browser's address bar. Unencrypted pages are indicated by the "http://" prefix. Data transmitted to us with SSL encryption enabled cannot be read by third parties. We recommend that you only send confidential information with SSL encryption enabled and contact us if you have any questions.
Server log files and other technical usage data are regularly stored for up to 30 days for security and stability reasons and then deleted or anonymized, unless longer storage is required for evidentiary purposes.
Our website is hosted by the service provider Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen ("Hetzner"). The hosting provider supplies us with infrastructure and platform services, computing capacity, storage space, and technical maintenance services that we need to operate this website.
The processing of personal data is based on Article 6(1) (f) GDPR due to our legitimate interest in the secure and efficient provision of our online services. Where consent is required, processing is based on Article 6(1) (a) GDPR.
We exclusively use Hetzner server locations within the European Union or the European Economic Area for this website.
A data processing agreement pursuant to Art. 28 GDPR was concluded with Hetzner, which guarantees the security and protection of the data.
As a data subject, you have the following rights under the General Data Protection Regulation (GDPR), which we will inform you about below:
(1) Right of access (Art. 15 GDPR)
You have the right to request information from us as to whether we process personal data concerning you. If this is the case, you can request, in particular, information about the categories of data processed, the purposes of the processing, the recipients (including recipients in third countries), the planned storage period or the criteria for determining it, the existence of your other data subject rights, the origin of the data (if not collected from you), and the existence of automated decision-making, including profiling , and – where applicable – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing. You will also receive a copy of the personal data processed (further copies may be subject to a fee).
(2) Right to rectification (Art. 16 GDPR)
You can request the immediate correction of inaccurate personal data concerning you.
Request data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data – also by means of a supplementary statement.
(3) Right to erasure – "right to be forgotten" (Art. 17 GDPR)
You can request the deletion of your personal data if one of the following reasons applies:
(4) Right to restriction of processing (Art. 18 GDPR)
You can request the restriction of processing if:
(5) Right to data portability (Art. 20 GDPR)
receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller or – where technically feasible – to have it transmitted directly from us to another controller, provided that the processing is based on consent (Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR) or a contract (Art. 6 para. 1 lit. b GDPR) and is carried out by automated means. The rights and freedoms of other persons must not be adversely affected by this.
(6) Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point ( e) or ( f) of Article 6(1) of the GDPR (performance of a task carried out in the public interest/legitimate interests). We will then no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
Objection to direct marketing: If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your data for such marketing; this also applies to profiling insofar as it is related to direct marketing. In the event of an objection, the personal data will no longer be processed for these purposes.
(7) Right to withdraw consent (Art. 7 para. 3 GDPR)
You have the right to withdraw your consent at any time with effect for the future, without affecting the lawfulness of the processing carried out before the withdrawal. This will not result in any disadvantages for you; however, certain services/functions may no longer be available without your consent.
(8) Right not to be subject to a decision based solely on automated processing (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling , which produces legal effects concerning you or similarly significantly affects you, unless such a decision is necessary for entering into, or performing, a contract, is based on EU/Member State law (with appropriate safeguards in place), or is based on your explicit consent. In these cases, you have at least the right to human intervention, to express your point of view, and to contest the decision.
(9) Identity verification, form and time limits (Art. 12 GDPR)
To exercise your rights, a simple notification (e.g., by email) is sufficient. For security reasons, we may request additional information to verify your identity and prevent unauthorized access to or deletion of your data. We will respond promptly, but no later than one month after receiving your request. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests; in this case, you will be informed of the extension and the reasons within one month. Exercising your rights is generally free of charge. However, for manifestly unfounded or excessive requests – particularly in cases of frequent repetition – we may charge a reasonable fee or refuse to process them.
(10) Contact for exercising rights
To assert your rights, simply send an email to info@evoparts24.com. Alternatively, you can contact us by mail: Evoparts24 GmbH, Am Hans Teich 12, 51674 Wiehl, Germany. If a data protection officer has been appointed, this will be stated separately in the privacy policy; inquiries can also be addressed directly to them.
For questions regarding data protection or the exercise of your rights, you can contact the data protection supervisory authority responsible for us at any time:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia,
Kavalleriestraße 2-4
40102 Düsseldorf
PO Box 20 04 44
40102 Düsseldorf
Telephone: +49 211 38424-0
Fax: +49 211 38424-10
Email: poststelle@ldi.nrw.de
Internet: www.ldi.nrw.de
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection laws.
To use certain features of our platform (e.g., ordering, managing delivery and billing addresses, viewing order histories, or using API functions), prior registration is required. During registration, we collect and process the following personal data:
The processing of this data is carried out in accordance with Article 6 Paragraph 1 Letter b GDPR for the performance of pre-contractual measures and for the fulfillment and execution of the contractual relationship, in particular for the creation, maintenance, and administration of your customer account. Registration and use of the restricted areas of our platform are not possible without this data. Access data must be treated confidentially by the user and may not be disclosed to third parties.
Furthermore, the processing of individual data may be based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, in ensuring the secure and technically sound operation of the platform, preventing unauthorized access and avoiding the misuse of user accounts.
For the technical provision and administration of user accounts, service providers may be used within the framework of commissioned data processing in accordance with Article 28 GDPR. These providers are contractually obligated to comply with all data protection regulations and to process the data exclusively according to the instructions of Evoparts24.
For processing payments, we use the payment service provider Stripe Payments Europe, Limited 3 Dublin Landings , North Wall Quay, Dublin 1, D01 C4E0, Ireland ("Stripe").
Stripe enables us to process payments securely and efficiently. Depending on the payer's country, Stripe offers various payment methods (e.g., credit card, SEPA direct debit, Apple Pay, Google Pay, Sofort , Klarna payment methods).
As part of the payment process, the following personal data is transmitted to and processed by Stripe:
Data processing is carried out for the purpose of fulfilling the contract in accordance with Art. 6 para. 1 lit. b GDPR and for fraud prevention in accordance with Art. 6 para. 1 lit. f GDPR (legitimate interest in secure payment processing).
Stripe processes certain data independently as a separate controller within the meaning of the GDPR (e.g. for payment processing, risk assessment and compliance with legal obligations).
Stripe may transfer data to the USA. This is done on the basis of the EU Standard Contractual Clauses and further safeguards pursuant to Article 46 GDPR.
We have concluded a data processing agreement with Stripe in accordance with Article 28 GDPR, insofar as Stripe processes data on our behalf.
Further information on data processing by Stripe can be found in Stripe's privacy policy at https://stripe.com/privacy.
To ensure optimal functionality, security, and user-friendliness of our website, as well as for statistical analysis and improvement of our online services, Evoparts24 uses cookies and similar tracking technologies. These can serve both technical provision and analysis, reach measurement, and marketing purposes.
a. Cookies
On the website www.evoparts24.com we use cookies in connection with the login area for registered users. Cookies are text files that are placed and stored on a computer system via an internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie, consisting of a string of characters that allows websites and servers to associate the cookie with the specific web browser in which it was stored. This enables visited websites and servers to distinguish a user's browser from other web browsers that contain different cookies. The unique cookie ID makes it possible to recognize and identify a specific web browser.
By using cookies, we can provide website visitors with more user-friendly services that would otherwise be impossible. Cookies allow us to optimize our website for the user. For example, we can recognize returning users, making it easier for them to navigate the site. With cookies, visitors don't have to re-enter their login details every time they visit the website. This information is automatically stored by the website and the cookie placed on the visitor's computer. Furthermore, an online shop can use cookies to remember the items a customer has placed in their virtual shopping cart.
In addition to technically necessary cookies, which are required for the functionality and secure use of our website, cookies may also be used for analysis, marketing or tracking purposes.
We only set such cookies after receiving your prior explicit consent, which you can give via our cookie banner on your first visit. You can, of course, withdraw your consent at any time.
Information about the specific cookies and their purpose can be found in the cookie banner and browser settings. You can delete stored cookies at any time via your internet browser settings or prevent them from being stored. This function is offered by all common browsers.
Without consent, only cookies that are technically necessary and do not transmit personal data will be set.
Information about which cookies are used, their purpose, and their storage duration can be found in the cookie banner and in your browser settings. You can adjust your cookie settings and delete previously stored cookies at any time.
If the user, as the data subject, prevents the setting of cookies in his internet browser, he may no longer be able to fully use all the functions of the Evoparts24 website.
b. Tracking and marketing measures
We use the online advertising service Google Ads on our website , a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Ads allows us to advertise our website in Google search results and on websites within the Google advertising network. User data is processed to display and optimize advertisements and to measure the success of advertising campaigns ( conversion tracking).
The purposes of processing are the display of advertisements, the statistical measurement of the success of our campaigns ( conversion tracking), the optimization of our advertising offer, and the prevention of misuse and fraud.
The processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, provided you have given this consent via our cookie consent banner. You can withdraw your consent at any time via the settings in the cookie banner.
Depending on usage, the following data, among others, will be processed:
Google uses cookies or similar technologies (e.g., Local Storage) for this purpose.
The analysis is conducted using pseudonyms; direct identification of individuals is impossible due to anonymized IP addresses and the absence of personal data (e.g., name, address, contact information). Google links this data to a randomly generated user ID using cookies, allowing for statistical tracking of recurring visits. These cookies may be stored for up to two years unless you delete them prematurely.
We use Google Ads exclusively with IP anonymization enabled. This means your IP address is shortened within the EU or EEA before being transmitted to Google. Only in exceptional cases will the full IP address be transmitted to Google servers in the USA and shortened there.
Google also processes data in the USA. Google participates in the EU-US Data Privacy Framework, which ensures an adequate level of data protection for data transfers. Further information can be found at : https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
In addition, Google uses the standard contractual clauses adopted by the EU Commission pursuant to Article 46(2) and (3) GDPR to ensure a level of protection comparable to EU data protection law. These can be found at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
The Google Ads Data Processing Terms can be found at: https://business.safety.google/intl/de/adsprocessorterms/
You can withdraw your consent at any time via our cookie settings dialog. Furthermore, you can opt out of personalized advertising from Google in the Google Ads settings at https://adssettings.google.com/.
To deactivate. You can also prevent the storage of cookies by adjusting your browser settings or delete cookies that have already been stored. Further general options for objecting to personalized online advertising can be found at https://youradchoices.com/.
Available in Google's privacy policy at https://policies.google.com/privacy.
For the purpose of processing orders, delivering goods, and, if applicable, handling returns or complaints, Evoparts24 transmits personal data to carefully selected logistics, shipping, and delivery partners . These partners are involved solely for the purpose of carrying out the respective delivery or fulfilling the contractually owed service.
The data transmitted is limited to the minimum required for delivery and regularly includes:
Data is transferred on the basis of Article 6 Paragraph 1 Letter b GDPR for the performance of the purchase or delivery contract between Evoparts24 and the customer. In cases where separate notification regarding delivery status or delivery dates is provided by the shipping service provider, the transfer of contact details (e.g., email address, telephone number) is based on the customer's consent pursuant to Article 6 Paragraph 1 Letter a GDPR , which can be revoked at any time with effect for the future.
Our shipping and logistics partners process the transmitted data exclusively under their own responsibility or on the basis of contractual agreements for proper delivery. If external service providers (e.g., IT or logistics companies) act on behalf of Evoparts24, processing takes place on the basis of a data processing agreement in accordance with Article 28 GDPR.
If, within the framework of the so-called " dropshipping " or "direct shipping" process, the shipment is handled directly by one of our suppliers, we also transmit the data necessary for the fulfillment of the contract (name, delivery address, and, if applicable, telephone number or email address) to the respective supplier. This transmission is also based on Article 6 Paragraph 1 Letter b GDPR. The suppliers are obligated to use the data exclusively for the execution of the delivery and to delete it after completion of the process.
not be passed on to third parties beyond this – for example for advertising, analysis or other purposes – unless there is a legal obligation to do so or you have expressly consented.
If, in exceptional cases, delivery by a shipping service provider located outside the European Union or the European Economic Area is necessary, personal data will only be transferred in compliance with the data protection guarantees pursuant to Art. 44 et seq. GDPR , for example on the basis of an adequacy decision of the EU Commission or using the EU standard contractual clauses .
Our website offers various contact and input forms through which you can send us inquiries or register (e.g. contact form, registration form, service requests).
When you use these forms or contact us by email, we process the data you provide, in particular your name, email address, company affiliation (if applicable), and the content of your request.
The processing is carried out to handle your request, to carry out pre-contractual or contractual measures, and to manage your user account or registration.
The data is transmitted using encryption to protect your data from unauthorized access. Required fields in the form are marked accordingly to ensure that only absolutely necessary data is collected.
The legal basis is Article 6(1) ( b) GDPR , insofar as the processing is necessary for the performance of a contract or for handling your request. Otherwise, processing is based on our legitimate interest pursuant to Article 6(1 ) (f) GDPR , for example, in the efficient handling of support requests and the provision of customer-oriented communication channels.
Data submitted via forms or email is securely stored in our internal database and processed within our internal back office system to manage requests and support user accounts.
The data will be deleted after the request has been completed, unless there are legal retention obligations or the data is required to carry out further contractual steps.
For sending our system and service emails (e.g. order confirmations, account and shipping information, password reset , technical notifications) we use the Amazon Simple Email Service (AWS SES), provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg ("AWS").
Your data is processed solely for sending and technically providing system-relevant emails necessary for fulfilling the contractual relationship or administering your user account. Your data will not be used for marketing, tracking, or analysis purposes.
The legal basis for the processing is Art. 6 para. 1 lit. b GDPR, insofar as the emails are necessary for the fulfillment of contractual obligations or pre-contractual measures (e.g. registration, order processing).
Furthermore, processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in a secure and reliable communication infrastructure.
For sending via AWS SES, only data necessary for the respective message is processed, in particular:
AWS does not have access to content beyond what is necessary for delivery.
AWS acts as a data processor in accordance with Article 28 GDPR.
A data processing agreement compliant with the GDPR was concluded with AWS, guaranteeing compliance with an appropriate level of data protection.
AWS stores and processes data in highly secure data centers. Processing generally takes place within the European Union. However, data may be transferred to third countries – particularly the USA – as part of technical operations.
AWS is a certified participant in the EU-US Data Privacy Framework (DPF).
Furthermore, AWS uses the Standard Contractual Clauses (SCCs) adopted by the EU Commission pursuant to Art. 46 GDPR to ensure a high level of protection for personal data even in the event of a transfer to the USA.
For more information, see the AWS EU-US Data Privacy Framework guidance at https://aws.amazon.com/compliance/eu-us-data-privacy-framework/ and the information about the standard contractual clauses used by AWS at https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/.
Shipping-related log data is stored only as long as necessary for technical provision, error analysis, and ensuring email operation, or as required by law. Afterwards, the data is deleted or anonymized.
will not share your data for advertising, analytics, or profiling purposes .
The data will be used exclusively for the technical delivery of emails in accordance with our documented instructions.
For certain AI-powered functions within " Evobrain, " we use the OpenAI API from OpenAI, LLC, San Francisco, USA. Only data necessary for the technical processing of the respective request is transmitted via the API. No personal customer information, such as name, address, email address, or other direct identifiers, is transmitted to OpenAI.
Only anonymized or pseudonymized technical input data, such as article numbers, product and spare part information, price parameters or technical text content that does not allow any conclusions to be drawn about natural persons, are transmitted.
The processing is carried out exclusively for:
The technical data transmitted via the API is not merged with personal master data or customer profiles.
The data will not be used for profiling , marketing, or advertising purposes. Automated decision-making as defined in Article 22 of the GDPR will also not take place.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in providing efficient, modern and user-friendly AI functions.
Insofar as the function is part of contractual services, the processing is additionally based on Art. 6 para. 1 lit. b GDPR.
OpenAI does not use the transmitted data to train its own models, but processes it exclusively within the framework of the API service.
This is explicitly stated in the OpenAI data processing guidelines.
No personal data is analyzed.
Since OpenAI is based in the USA, the technical provision of the API service may involve the transfer of personal data to a third country. This transfer takes place exclusively on the basis of appropriate safeguards pursuant to Articles 44 et seq. of the GDPR, in particular the Standard Contractual Clauses (SCCs) approved by the EU Commission, which OpenAI uses to ensure a level of data protection comparable to that of the EU. Further information can be found here. https://openai.com/enterprise-privacy/.
In addition, OpenAI employs technical and organizational safeguards, in particular encryption and strict access restrictions. OpenAI is not currently a participant in the EU-US Data Privacy Framework; therefore, the transfer of data to third countries is secured entirely through Standard Contractual Clauses (SCCs) in conjunction with supplementary safeguards. These guarantees ensure that transferred content is adequately protected even when processed in the USA.
Evoparts24 logs API requests only in pseudonymized form, such as timestamps, status codes, or technical session IDs, to ensure stability and troubleshooting.
No content is stored or the API inputs are permanently analyzed.
OpenAI does not permanently store submitted API content, but automatically deletes it after a short time in accordance with the API guidelines.
We reserve the right to amend this privacy policy if legal or technical changes occur. The current version can be accessed at any time at https://www.evoparts24.com/datenschutz.