We take privacy seriously.
Your trust is important to us, which is why we protect your privacy when processing personal data. So that you can get an overview of our data protection declaration, we explain below how your personal data is processed and protected.
The Internet portal www.coverest.com is managed by the
SunWay Europe GmbH,
(hereinafter “SunWay“, “we” or “us"), operated.
SunWay is responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
You can also contact our data protection officer at any time for any questions on the subject of data protection. He can be reached at the following contact details:
Frau Shana Surdo
II. No disclosure of your personal data
SunWay remains responsible for your personal data at all times. Your data will only be passed on if necessary for our service and only on the basis of legal permission:
• if you have consented to the transmission of your data in accordance with Article 6 (1) (a) GDPR,
• if this is necessary to fulfill the contract in accordance with Art. 6 Para. 1 lit. b GDPR (this includes, for example, data transmissions to payment and logistics service providers, transport companies and suppliers if they supply you directly), or
• if this is necessary to fulfill a legal obligation pursuant to Article 6 (1) (c) GDPR, or
• due to our legitimate interest or the legitimate interest of a third party in accordance with Art. 6 Para. 1 lit. f GDPR (this includes, for example, data transmissions in the context of the assignment of claims or to credit agencies for the purpose of credit assessments).
III. General information
1. Personal Data
Personal data is data about you. In particular, we process the following personal data (“collectively: “data”):
• Your name, address, e-mail address, gender, telephone number, your encrypted customer account password and, if applicable, your date of birth,
• Your order details, the products you have purchased, the services you have used, payment information, your preferences in relation to product types,
• Your data, which arise when using our online offer,
• Data that we receive from our service providers in certain cases (e.g. from credit agencies or payment service providers)
• Information regarding the first interactions on our website (e.g. the date of your first registration)
• Data of your behavior in connection with surfing on our website (e.g. clicking on a product)
• Data of your behavior in connection with actions in our newsletter (e.g. clicking on a link in the newsletter)
• Login data (date and time when you logged into our website)
2. Purposes of Processing
We only process your data if you have given your consent (Art. 6 Para. 1 lit. a) GDPR), we have a legitimate interest in the processing (Art. 6 Para. 1 lit. f GDPR), we use it for the Fulfillment of the contract with you according to Art. 6 Para. 1 b) DSGVO, or this is necessary to fulfill a legal obligation (Art. 6 Para. 1 lit. c DSGVO) in order to offer you the best possible shopping experience on our website .
Specifically, this means that we process personal data in the following cases:
• when you visit our website (Section IV),
• if you set up a user account with us (Section V.)
• if you order from us (Section VI).
• for contacting us (Section VII),
• for advertising purposes (Section VIII),
If we also want to collect and process data from you, we will inform you of this separately, including the explanation of the legal basis, before the collection and processing and, if necessary, obtain your consent.
At no time do we process special categories of personal data (e.g. health data).
3. Duration of Storage & Deletion
In principle, we only store your data for as long as is necessary for the respective purpose of processing, as required by law (e.g. under commercial and tax law) or until you inform us that your customer account should be deleted.
Your customer data (first name, last name, middle name, name changes, postal address) will remain stored with us as long as there is an active member account or you ask for this data to be deleted beforehand.
We store your order data, invoices and related information for ten years, as required by law.
Data of your behavior in connection with surfing on our website (e.g. clicking on a product), data of your behavior in connection with actions in our newsletter (e.g. clicking on a link in the newsletter) as well as login data (date and time, when you have logged in to our website) we store it for up to 25 months after it has been collected in order to improve your shopping experience. The data collected is then anonymized in such a way that it can no longer be assigned to you as a person.
IV. Data processing when visiting our website
When you visit our website, the provider of our website collects and stores the following information in so-called server log files, which your browser automatically transmits to us:
• the IP address of your internet service provider,
• the website from which you visit us and the websites you visit on our site
• Information about the browser used and the operating system
• If applicable, your e-mail address that you use to register on our website
• Identification numbers that we store on your end device. We can use this identification number to recognize your end device on the website. Technically, these identification numbers are stored in so-called cookies or eTags.
This information is absolutely necessary for the technical transmission of the website and secure server operation. When you visit our website, we assign you an individual customer ID, which we only merge with your e-mail address for forensic reasons if an error occurs on the website. The server log files are stored for 365 days and then deleted.
The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
V. Data processing when setting up a user account
To set up your personal user account, we need an e-mail address and a password that you have chosen. The e-mail address serves as the access code for the user account. After successful registration you will automatically receive a confirmation by e-mail. In addition, you can store your personal information in your user account and thus conveniently shop on our website. The information can be updated at any time in the personal area of the user account ("My Account"). We use this data, among other things, to process orders, to offer payment options and to process payments and any refunds.
We would like to make your visit to our website as pleasant as possible by means of the "Stay logged in" function. This feature allows you to use our services without having to log in again each time. Technically, a cookie is stored on your end device, which is used so that you do not have to log in again on subsequent visits to our website. This function is not available to you if you have deactivated this cookie when you set your cookie settings or if you have deleted the cookie in your browser settings after you have logged out of our website. We also recommend that you do not use the "keep me signed in" feature if the computer is used by multiple users. The legal basis for the associated data processing is Art. 6 Para. 1 b) GDPR (performance of contract).
VI. Data processing to process your order
If you order something from us, the processing of your data serves to conclude and execute the contract and to process your order, including payment and delivery. We delete your personal data processed in the context of orders at the latest after the statutory storage obligations have expired.
1. Choice of payment method
After choosing the payment method, you will be asked for the data required for using the respective payment service provider. This payment information is forwarded directly to the respective payment service provider and is not stored by us. We store the data you provide for the billing and (possibly different) delivery address in your user account so that you do not have to enter them again the next time you make a purchase. You can change this data at any time for the future.
If you do not agree with the payment method(s) offered to you, you can inform us in writing by email firstname.lastname@example.org. We will then review the decision again, taking into account their point of view.
2. Credit card payment
In the case of a credit card payment, we receive the so-called payment ID and the last four digits of your credit card number from our payment provider. This serves us to authenticate and assign your order and thus for your security. The personal data required to carry out the payment is collected directly by the payment service provider. The legal basis for the above data processing is Art. 6 Para. 1 b) GDPR (performance of contract for the implementation and processing of contracts) and Art. 6 Para. 1 f) GDPR (weighing of interests, based on our interest in offering you a secure credit card payment option).
3. Purchase on account
In order to be able to offer you purchase on account, you will be asked in the ordering process to agree to the transmission of the data required for processing the payment and an identity and credit check to Billpay GmbH. If you give your consent, your data (first and last name, street, house number, postal code, city, date of birth, telephone number) and the data in connection with your order will be transmitted to Billpay GmbH.
For the purpose of their own identity and creditworthiness check, Billpay GmbH or partner companies commissioned by Billpay GmbH transmit data to credit agencies (credit agencies) and receive information and, if necessary, creditworthiness information from them on the basis of mathematical-statistical processes, the calculation of which includes address data, among other things. Detailed information on this and the credit agencies used can be found in the data protection regulations of Billpay GmbH: https://www.billpay.de/de/datenschutz-de/ refer to.
Furthermore, Billpay GmbH may use third-party tools to detect and prevent fraud. Data obtained with these tools may be stored in encrypted form by third parties so that they can only be read by Billpay GmbH. This data will only be used if you select the payment method purchase on account, otherwise the data will automatically expire after 30 minutes.
The legal basis for the credit check described above is Art. 6 Para. 1 f) GDPR (balancing of interests, based on SunWay’s interest in not suffering payment defaults).
Reasons why a purchase on account cannot be offered may be, among other things, that the delivery and billing address are different, a Packstation or a parcel depot was specified as the billing and/or delivery address, or there are payment difficulties with previous orders.
If you choose the "PayPal" payment method, your personal data (first and last name, delivery address, e-mail address, telephone number, the amount to be paid and the IP address) will be sent to Paypal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, so that you can authorize the payment to us via PayPal. You need a PayPal account for this. With this payment method, you can pay with one click without having to log in to PayPal with all your data every time you make a purchase. The legal basis for this is Art. 6 (1) 1 lit. b GDPR.
PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. The legal basis for the associated data processing is Article 6 Paragraph 1 Letter b GDPR, i.e. the processing of your data is required to fulfill the agreement on paying for your purchase via PayPal. The data transmitted to PayPal may be transmitted by PayPal to credit agencies. This transmission serves to check identity and creditworthiness. You can find more information about data protection at PayPal on the PayPal website at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. The legal basis for the associated data processing is Art. 6 Para. 1 lit. f GDPR (balancing of interests, based on our interest in offering you effective and secure payment options and preventing fraud in this context).
Payments by immediate transfer are made via Payment Network AG, Fußbergstr. 1, 82131 Gauting (entered in the commercial register of the district court of Munich under HRB 161963, board of directors: Christoph Klein, Dr. Jens Lütcke, Georg Schardt).
6. Direct Debit
If you choose the SEPA direct debit payment method, you will be asked to send us your account number and sort code or your IBAN and BIC. By submitting this data, you give SunWay a SEPA mandate to collect the corresponding invoice amount from the account you specified. You can revoke the SEPA mandate at any time in text form (e.g. email). The direct debit amount will be collected from five (5) working days after completing the order process. With the order confirmation, we will inform you once again about the time at which the direct debit amount will be debited (advance information). The deadline for providing advance notice before debiting is reduced to five (5) business days. You must reimburse SunWay for the costs of a chargeback that arise due to insufficient funds in the account, incorrect bank details or an unjustified objection to the debit on your part, insofar as you are responsible for them.
7. Securing Your Order
In order to avoid payment defaults, we check common fraud patterns and abnormalities. For this purpose, order and payment data (e.g. address, article, payment method) and device information (e.g. device, browser) are processed. The legal basis is Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in protection against misuse.
Further information on the payment methods offered can be found in our General Terms and Conditions (GTC).
VII. Data processing when contacting us
You have various options for contacting us. You can use our customer service:
• by telephone,
• by mail,
• by E-Mail,
• via contact form, or
In order to be able to process your request, we collect your name, your e-mail address, your telephone number, your customer, order and article number, as well as the other information that you transmit to us. The legal basis for this is Art. 6 Art. 1 b) GDPR (performance of the contract - the processing of the user's data is necessary for the fulfillment of the agreement on answering the questions or concerns) or Art. 6 Para. 1 f) GDPR (balancing of interests - based on our interest in processing inquiries from users of our website).
VIII. Data processing for advertising purposes
The legal basis for sending our newsletter is your consent in accordance with Article 6 (1) (a) GDPR. We use the so-called double opt-in procedure to send the newsletter, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed to us that we should activate the newsletter service. We will then send you a notification email and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in this email. When you register for our newsletter, we save your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses your e-mail address to register you for receiving the newsletter without your knowledge or authorization. If you later no longer wish to receive newsletters from us, you can object to this at any time without incurring any costs other than the transmission costs according to the basic tariffs.
In our newsletters, we use commercially available technologies with which the interactions in the newsletter can be measured (e.g. opening of the e-mail, clicked links). We use this data for general statistical evaluations and to optimize and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The legal basis for this is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our newsletter is an integral part of our shopping community, through which we want to offer our customers relevant content. If you do not wish usage behavior to be analysed, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default.
Depending on the selection of the cookies you want, the next time you visit the website with the same device, the information stored in the cookies will be sent to our website or to another website to which the cookie belongs. This helps us to optimally design and display our website according to your preferences.
You can use the "Cookie settings" button to determine which cookies you want to allow at any time. Basically, we distinguish between four different cookie categories:
1. Strictly Necessary Cookies
enable basic functions and are required for the proper functioning of the website. They are used, for example, to ensure that you, as a registered user, always remain logged in when accessing various subpages of our website and do not have to re-enter your login data every time you call up a new page. The legal basis for the use of absolutely necessary cookies on our website is Art. 6 Para. 1 lit f) GDPR (legitimate interest, here in the technically flawless provision of our website and the services offered via it). The use of absolutely necessary cookies is possible and permissible without your prior consent.
In addition, we use the following cookies, which we only use if you have given us your consent:
2. Functional Cookies
enable our website to save information that has already been provided (e.g. registered name) and to offer you improved and more personal functions. If you do not allow these cookies, some of these services may not work properly.
3. Performance Cookies
allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used, and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we cannot know when you have visited our website.
4. Marketing Cookies
can be set via our website by our advertising partners. They are used to collect information about the websites you visit or to present ads tailored to you. They do not store directly personally identifiable information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
5. Details of each cookie
5.1. GOOGLE RECAPTCHA
5.2. GOOGLE GOOGLEADSERVICES / GOOGLE ADWORDS CONVERSION TRACKING
5.3. GOOGLE DOUBLECLICK
5.4. GOOGLE WEB FONTS
Google web fonts (http://www.google.com/webfonts/) used. The web fonts are transferred to the browser cache when the website is called up so that they can be used for the display. If the browser does not support Google Webfonts or prevents access, the text will be displayed in a standard font. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox.) If your browser does not support Google Fonts or you do not have access to the Prevent Google server, the text is displayed in the system default font. Information on the data protection conditions of Google Webfonts can be found at: https://developers.google.com/fonts/faq#Privacy.
5.5. GOOGLE ANALYTICS WITH ANONYMOUS FUNCTION
5.6. GOOGLE REMARKETING
5.7. GOOGLE ANALYTICS (GA) AUDIENCE
X. Secure data transmission and data security
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted during transmission. This means that your data cannot be misused by third parties. Our security precautions are subject to a constant improvement process and our data protection declarations are constantly being revised.
XI. Your rights
You have the right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing and a right to data portability and a right to lodge a complaint in accordance with the requirements of data protection law.
• Right to information
You can request information from us as to whether and to what extent we process your data.
• Right to Rectification
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
• Right to Erasure
You can request us to delete your data if we are processing it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of statutory retention requirements. Irrespective of whether you exercise your right to deletion, we will delete your data immediately and completely, provided that there is no legal or legal obligation to retain it.
• Right to restriction of processing
You can ask us to restrict the processing of your data if
- you dispute the accuracy of the data, for a period that enables us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to delete it and instead request a restriction of data use,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.
• Right to data portability
You can request that we provide you with the data that you have provided to us in a structured, common and machine-readable format and that you can transmit this data to another person responsible without hindrance from us, provided that - we use this data on the basis of revocable consent given by you or for the performance of a contract between us, and - this processing is carried out using automated procedures. If it is technically feasible, you can request that we transfer your data directly to another person in charge.
• Right to object
If we process your data out of legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.
• Right to Complain
If you are of the opinion that we are violating German or European data protection law when processing your data, we ask you to contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of the rights mentioned against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.
XII. CHANGES TO THIS PRIVACY STATEMENT
Status: February 2022