Data protection regulations

ima-tec GmbH
Wachtelberg 10, 97273 Kürnach, Germany
Phone: [+49 …]

Email: info@ima-tec-gmbh.com

Websites:www.part-pilot.de, www.part-pilot.eu, www.part-pilot.tech

Contact details for the data protection officer:
Email: info@ima-tec-gmbh.com

Data protection officer:
We are currently not legally obliged to appoint a data protection officer in accordance with Art. 37 GDPR. If you have any questions about data protection, please contact us using the contact details above.

This policy applies to all pages under www.part-pilot.de, www.part-pilot.eu, www.part-pilot.tech, associated subdomains, the online shop, customer accounts, contact and support channels (email, telephone, contact forms) and, where applicable, offline contacts relating to our online services (e.g., trade fairs, sales activities).

In particular, we process:

• Identity and business contact details: name, company, function/position, postal address, email address, telephone number.
• Account and authentication data: user names, (hashed) passwords, account IDs, role information.
• Order and contract data: products, quantities, prices, offers, order history, billing and delivery addresses, payment and shipping status, contract documents.
• Payment data: Payment method, transaction IDs, masked or tokenized card/payment data (mainly processed via payment processors).
• Communication: Content of inquiries, support tickets, chat messages, correspondence, internal notes regarding your inquiry.
• Usage and device data: IP address, device identifiers, browser type, operating system, referrer URL, timestamps, log files, cookie IDs, consent signals, (if configured) pixel/SDK identifiers.
• Marketing preferences: Newsletter subscriptions, opt-in/opt-out records, consent logs.
• Application data (if a career page is available): resume, cover letter, qualifications, professional history, interview notes, and data you voluntarily provide. Special categories of data (e.g., health data) are only processed if required by law (e.g., for equal opportunity) or with your express consent.
• B2B lead data: Business contact data obtained from public sources (e.g., company websites, commercial registers, business networks) or from specialized B2B providers, where permitted by law.

We receive personal data from:

• You directly—e.g., through checkout, contact forms, account registration, email, or phone, at trade shows, and other business interactions.
• Your devices – via server logs, cookies, SDKs, and similar technologies (details in Section 9).
• Service providers – e.g., payment processors, logistics and shipping partners, KYC/credit check providers, if used.
• Public and external B2B sources—e.g., industry directories, business networking platforms, trade shows, and B2B lead providers, to the extent permitted by applicable law.

Where required under Article 14 of the GDPR, we will inform you separately about specific third-party sources.

We process personal data for the following purposes and on the following legal bases:

Legitimate interests (Art. 6 (1) (f) GDPR)
When we rely on legitimate interests, these include:

• Ensuring the security and functionality of our services and IT systems
• Preventing misuse and fraud
• providing efficient support to existing and potential B2B customers,
• Carrying out appropriate direct marketing to business contacts,
• Carrying out strictly necessary, data protection-friendly reach measurements,
• Optimizing our website and customer service.

Right to object: You may object to processing based on legitimate interests at any time for reasons arising from your particular situation (Art. 21 GDPR). In the case of direct marketing, you may object at any time without giving reasons.

Withdrawal of consent: You may withdraw your consent at any time with effect for the future, e.g., via the unsubscribe link in emails or by contacting us.

We share personal data with:

• Hosting & infrastructure: Strato AG, Germany/EU (web hosting, server infrastructure).
• Shop/CMS platform: WordPress/WooCommerce and associated plugins (EU and, where applicable, providers in other countries).
• Payment processors: Mollie B.V. (EU) and underlying payment networks/banks. Payment data is usually processed by these providers as independent controllers.
• Shipping & logistics: DHL, UPS, and other transport companies, freight forwarders, customs agents (depending on the destination).
• Analytics and marketing (if enabled): Google Ireland Limited / Google LLC (Google Analytics, in the EU on a consent basis; GA4 with IP protection features enabled).
• Customer support and collaboration: Wrike and similar tools for internal ticketing/project management.
• Email and newsletter providers: [e.g., Mailjet, Mailchimp, Sendinblue], which are used to send system and marketing emails.
• Consultants and authorities: Tax advisors, auditors, lawyers, courts, and supervisory/other authorities, if required by law.

We conclude data processing agreements with the processors in accordance with Art. 28 GDPR. Some recipients act as independent controllers (e.g., payment providers, transport companies).

Transfers outside the EEA/UK/Switzerland will only take place if:

• this is necessary for the performance of the contract (e.g., delivery or support in third countries),
• you have expressly consented (Art. 49 GDPR), or
• appropriate safeguards in accordance with Art. 44–49 GDPR are in place.

These safeguards include, in particular:

• EU standard contractual clauses (SCCs) with additional technical and organizational measures,
• EU-US Privacy Shield Framework (DPF) if the provider is certified as stated in its privacy policy,
• Adequacy decisions by the European Commission for certain countries.

We take appropriate measures to ensure that recipients implement a level of data protection that is essentially equivalent to EU standards. You can obtain a copy of the relevant safeguards (e.g., important SCC information) by contacting us.

We only store personal data for as long as is necessary for the specified purposes or as required by law:

• Contract and accounting documents: Generally 10 years in accordance with tax and commercial law.
• General customer data (non-accounting): Typically 3 years after the end of the year in which the last interaction took place (standard limitation period), unless longer storage is required.
• Support/communication: Generally 3 years after the matter has been closed.
• Marketing data (newsletters, consents): Until consent is revoked or 2 years after inactivity, plus a short buffer period (usually up to 1 year) for documenting the revocation of consent.
• Log/usage data (server logs): Typically 30 days, unless longer retention is required for the investigation of security incidents.
• Analytics data: [x] months (configure the retention settings in your analytics tool and enter the specific period here).
• B2B lead data: As long as we have an active business relationship or a legitimate interest, usually up to 3 years after the last significant interaction, unless you object earlier.
• Job applications: For rejected applicants, typically 6 months after completion of the hiring process, unless you have agreed to longer retention (e.g., 2 years for a talent pool). For hired applicants, the data is transferred to the personnel file and stored in accordance with labor law retention periods.

Other periods may apply if the legal retention obligation or the establishment, exercise, or defense of legal claims requires longer storage.

We use cookies and similar technologies:

• Necessary cookies: Required for basic functions of the website and shop (e.g., shopping cart, login, security, language settings).
• Preference and functional cookies (optional): Save your settings and improve user-friendliness.
• Analytics cookies/tags (optional): To understand how our website is used (e.g., Google Analytics).
• Marketing/remarketing cookies (optional, currently [enabled/disabled]): To display relevant ads and measure campaigns, if used.

A consent banner will appear on your first visit. Non-essential cookies and tags (analytics, marketing) will only be set after you give your consent. You can change your settings at any time via the [link to cookie settings] in the footer or withdraw your consent.

Details on individual cookies, providers, and storage periods can be found in our cookie policy: [link].

Payments are processed by Mollie and possibly other payment providers, depending on the payment method you choose. Legal basis:

• Contract performance (Art. 6(1)(b) GDPR) for processing your payment,
• Legitimate interests (Art. 6(1)(f) GDPR) in combating fraud and ensuring secure, efficient payment processing,
• Legal obligations (Art. 6(1)(c) GDPR) to comply with financial and anti-money laundering regulations, where applicable.

Payment providers generally act as independent controllers. Their privacy policies and terms and conditions apply in addition to this policy.

For delivery, we pass on the necessary data to our logistics partners and carriers (depending on the destination):

• name, address, company, contact person, email/phone number, shipping details.

For exports to non-EU countries, additional customs data (e.g., invoice data, commodity codes) may be transmitted to customs authorities and other authorities. Legal basis: Contract fulfillment (Art. 6 (1) (b)), legal obligations (Art. 6 (1) (c)), and legitimate interests (Art. 6 (1) (f)).

When you create a customer account, we process:

• Profile and login data,
• order and transaction history,
• preferences, and saved addresses.

You can request the deletion of your account at any time; we will then anonymize or delete the data, provided that there are no legal retention obligations or overriding legitimate interests (e.g., legal claims) that prevent this.

For B2B sales and lead management, we process business contact data of existing and potential corporate customers. The legal basis for this is our legitimate interest in B2B sales and account management (Art. 6 (1) (f) GDPR). You can object to this processing at any time.

We implement appropriate technical and organizational measures to protect your data, including:

• TLS encryption for data transmission,
• logical and physical access controls,
• role-based access rights,
• Regular backups and recovery procedures,
• processing agreements and security audits where appropriate.

No system is 100% secure, but we are constantly working to improve our security measures.

Our services are aimed at business customers and adult consumers. We do not knowingly offer products to children under the age of 18 and do not market to this target group.

Subject to the conditions set out in the GDPR, you have the following rights:

• Right of access (Art. 15) – Information about whether and which data we process about you.
• Rectification (Art. 16) – Rectification of inaccurate or incomplete data,
• Erasure (Art. 17) – Erasure of data, provided that the legal requirements are met,
• Restriction (Art. 18) – Restriction of processing in certain cases,
• Data portability (Art. 20) – Receipt of the data you have provided in a structured, commonly used, and machine-readable format,
• Objection (Art. 21) – in particular to processing based on legitimate interests or for direct marketing purposes,
• Withdrawal of consent (Art. 7(3)) – with effect for the future.

To exercise your rights, please contact: info@ima-tec-gmbh.com.

You also have the right to lodge a complaint with a supervisory authority, in particular:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Website:

https://www.lda.bayern.de

We donot use automated decision-making, including profiling, that has legal effects on you or similarly significantly affects you within the meaning of Article 22 of the GDPR.

Should this change, we will inform you separately and explain the underlying logic and consequences to you.

You are not legally required to provide personal data. However, certain data is necessary for the conclusion or fulfillment of a contract (e.g., billing and shipping information). Without this data, we may not be able to deliver products or services.

When we request data, we indicate whether it is mandatory or optional.

We may update this policy if laws, services, or processes change. The current version is available at: [URL].

We will display significant changes (e.g., via banner or email) if required by law.

Effective date: December 1, 2025

If you have any questions about data protection or exercising your rights, please contact:

info@ima-tec-gmbh.com