Privacy Policy

Introduction and overview

We have prepared this Privacy Policy (version 2025-12-05-313085207) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we, as the controller—and the processors commissioned by us (e.g., providers)—process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. This Privacy Policy, however, is intended to describe the most important points as simply and transparently as possible. Where it supports transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We therefore inform you in clear and simple language that, as part of our business activities, we only process personal data when there is a corresponding legal basis. This is certainly not possible if one provides explanations that are as brief, unclear, and legal-technical as those that are often standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information you did not yet know.
If you still have questions, we kindly ask you to contact the responsible office listed below or in the legal notice, follow the available links, and view further information on third-party pages. Of course, you can also find our contact details in the legal notice.

Scope

This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data we mean information within the meaning of Art. 4(1) GDPR, such as a person’s name, email address, and postal address. Processing personal data enables us to offer and bill our services and products, whether online or offline. The scope of this Privacy Policy includes:

  • all online presences (websites, online shops) that we operate
  • social media presences and email communication
  • mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside these channels, we will inform you separately where applicable.

Legal bases

In the following Privacy Policy, we provide you with transparent information about the legal principles and provisions, i.e., the legal bases of the General Data Protection Regulation that enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. One example would be storing the data you entered in a contact form.
  2. Contract (Article 6(1)(b) GDPR): To fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we require personal information in advance.
  3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These generally contain personal data.
  4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data in order to operate our website securely and in an economically efficient manner. This processing therefore constitutes a legitimate interest.

Other conditions, such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate point.

In addition to the EU Regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG.
  • In Germany, the Federal Data Protection Act applies, abbreviated BDSG.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact details of the controller

If you have any questions about data protection or the processing of personal data, you will find below the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):
Shentong Automotive Europe GmbH
Hans-Böckler-Straße 13
37170 Uslar
Germany

Email: backoffice@shentong-europe.eu

Legal notice: https://shentong-europe/impressum/

Storage period

As a general criterion, we store personal data only for as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing no longer applies. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you below about the specific duration of the respective data processing, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 GDPR, we inform you about the following rights to which you are entitled in order to ensure fair and transparent processing of data:

  • Under Article 15 GDPR, you have the right to obtain confirmation as to whether we process data about you. If this is the case, you have the right to receive a copy of the data and to obtain the following information:
    • the purposes for which we carry out the processing;
    • the categories, i.e., the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data is stored;
    • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • the origin of the data if we did not collect it from you;
    • whether profiling is carried out, i.e., whether data is automatically evaluated in order to create a personal profile about you.
  • Under Article 16 GDPR, you have the right to rectification of data, which means that we must correct data if you find errors.
  • Under Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
  • Under Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
  • Under Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
  • Under Article 21 GDPR, you have the right to object, which, once exercised, results in a change to the processing.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then review as quickly as possible whether we can legally comply with this objection.
    • If data is used for direct marketing, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
    • If data is used for profiling, you may object to this type of data processing at any time. We may then no longer use your data for profiling.
  • Under Article 22 GDPR, you may, under certain circumstances, have the right not to be subject to a decision based solely on automated processing (for example, profiling).
  • Under Article 77 GDPR, you have the right to lodge a complaint. This means you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights—do not hesitate to contact the responsible office listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Lower Saxony Data Protection Authority

State Commissioner for Data Protection: Denis Lehmkemper
Address: Prinzenstraße 5, 30159 Hannover
Telephone no.: 05 11/120-45 00
Email address: poststelle@lfd.niedersachsen.de
Website: https://lfd.niedersachsen.de/startseite/

All texts are protected by copyright.

Source: Privacy Policy created with the Data Protection Generator for Germany by AdSimple. Please also take a look at our sample privacy policy.

Contact