Simply explained: which data is processed when you place an order via our web application – secure, transparent, and without tracking.
This privacy policy applies solely to the following areas of our web application:
- Order form: https://app.autozoll.com/new-order
- Login page (public area): https://app.autozoll.com
Note: Although this policy is shown on a subpage of the homepage (https://autozoll.com), it does not apply to the homepage itself. A separate privacy policy applies to the homepage.
The order form is used to collect export requests from business customers (particularly car dealerships with a valid EORI number).
Only the data entered into the form is processed, such as contact details, vehicle information, buyer details, and customs-relevant information.
Your data is stored in a database immediately upon submission and manually reviewed by our staff.
Data is processed for order handling, AES procedures, invoicing, and to fulfill legal retention obligations.
The specific fields and mandatory inputs are defined by the dynamic form. No data is processed beyond this.
Processing is based on the following legal grounds under the GDPR:
Art. 6 (1) lit. b – for the performance of a contract or to take steps prior to entering into a contract
Art. 6 (1) lit. c – to comply with legal obligations
Art. 6 (1) lit. f – based on our legitimate interest in secure and efficient operations
Data is only shared within the scope of order processing with customs authorities, hosting and communication service providers, and external accounting partners.
We have concluded data processing agreements with all service providers in accordance with Art. 28 GDPR.
The web application is hosted on Microsoft Azure, with server locations within the European Union.
Additionally, we use Cloudflare Inc. as a DNS and security provider. Cloudflare may transfer data to third countries but ensures an adequate level of data protection through Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.
More information: Cloudflare Privacy Policy
Personal data is retained only for as long as necessary to process the order and in accordance with legal requirements.
Tax-relevant documents are stored for up to 10 years, and business correspondence for up to 6 years (pursuant to the German Commercial Code (HGB) and Fiscal Code (AO)).
The web application is fully secured via HTTPS. Appropriate technical and organizational measures are in place to ensure the security of data processing.
This web application does not use cookies, analytics, or tracking tools.
The use of the web application is intended exclusively for business customers with a valid EORI number.
Use by private individuals is not intended or permitted.
You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), objection (Art. 21), and data portability (Art. 20).
Additionally, under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe your personal data is being processed unlawfully.
If you have any questions or concerns regarding data protection, you can contact us using the details provided below.
The data controller for the web application is:
SPG OÜ, Ahtri 12, EE-10151 Tallinn
Email: [email protected]
The information provided here is based on the General Data Protection Regulation (GDPR) of the European Union and applicable German data protection laws, where relevant.
