Privacy Policy
Status: 10 April 2025

Introduction
The protection of your personal data and its security is a top priority for us. We therefore strictly adhere to the applicable data protection and security laws in all our online activities. With the entry into force of the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), additional obligations have been imposed on us aimed at strengthening your rights as a data subject and ensuring the protection of your data.
As the controller responsible for processing your personal data, we are obliged to provide you with comprehensive and transparent information about how your data is processed. This includes, in particular, information on the type, scope, purpose, duration and legal basis of the processing in accordance with Articles 13 and 14 of the GDPR.
With this data protection information, we would like to explain to you clearly and comprehensibly which personal data we collect, how we process it and what rights you are entitled to. Our aim is to offer you a high degree of transparency and security at all times.

Controller
The controller responsible for data processing is: SSR Performance GmbH Helene-Wessel-Bogen 9 80939 Munich Managing Director: Stefan Schlund Email: [email protected]
For more information about our company, please see the imprint.

Legal basis for data processing
We process your personal data exclusively in accordance with the provisions of the GDPR. We rely on the following legal bases:
Consent (Art. 6 para. 1 lit. a GDPR): Your data will be processed if you have expressly given us your consent, for example for the use of analysis tools or for marketing purposes.
Contract fulfilment (Art. 6 para. 1 lit. b GDPR): The processing of your data is necessary to fulfil a contract with you or to carry out pre-contractual measures, for example in the case of repair orders or test drives.
Legal obligation (Art. 6 para. 1 lit. c GDPR): In certain cases, we are legally obliged to process your data, for example to comply with tax retention obligations.
Legitimate interest (Art. 6 para. 1 lit. f GDPR): We process your data to protect our legitimate interests (e.g. website security or business optimisation), unless your rights take precedence.

Processing of access data when visiting our website
When you visit our website https://ssr-performance.de, certain technical information is automatically transmitted from your browser to our web server:
- Browser type and version
- Operating system used
- Referrer URL (the previously visited page)
- Date and time of the server request
- Anonymised IP address of the accessing computer
- Amount of data transferred
- The requesting provider
This access data is processed on the basis of Art. 6 para. 1 lit. f GDPR to ensure the technical functionality and security of our website

.

Collection of further personal data
In addition, we only collect personal data if you provide it to us voluntarily, for example via a contact form or by email. The personal data includes your name, your e-mail address and other contact details.
The processing is exclusively earmarked for the processing of your enquiry in accordance with Art. 6 Para. 1 lit. b GDPR.

Use of cookies
Our website uses cookies to improve user-friendliness, ensure functionality and carry out statistical analyses. Cookies are small text files that are stored on your end device and contain information that can be retrieved when you visit the website again. Below we explain the types of cookies, their purpose and your options for managing them.
Types of cookies
1. Technically necessary cookies
These cookies are essential for the operation of our website and enable basic functions such as session management and security. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
- Avia Cookie Consent: Saves your consent to the cookie notice (storage period: 2 months).
- PHP Session ID: Enables the differentiation of users during a session (storage period: until end of session).
- ModX Test Cookie: Checks whether cookies are activated in the browser (storage duration: until end of session).
- Flow-Flow Social Media Stream Plugin: To display content from social networks such as Facebook and Instagram, this plugin sets temporary cookies (e.g. ff_news_session) to ensure functionality (storage duration: until end of session).

.

2. technically not necessary cookies
These cookies are only set with your express consent in accordance with Art. 6 Para. 1 lit. a GDPR and are used to analyse your user behaviour or to display external content.
- Google Analytics Tracking Cookie (gat_gtag_UA...): Records visitor activity on the website (storage duration: 1 minute).
- Google Analytics user differentiation (_ga): Used to identify users (storage period: 2 years).
- Google Analytics user differentiation (_gid): Used to identify users (storage period: 24 hours).
- Your options for managing cookies
You can adjust your cookie settings at any time via our cookie banner or revoke any consent you have already given. Alternatively, you can deactivate or delete cookies directly in your browser. Please note that if you deactivate certain cookies, not all functions of our website may be available.

Data processing on social media platforms
We maintain company pages on the following social media platforms: Facebook, Instagram, YouTube, Google My Business and mobile.de. When you visit these pages, personal data such as your IP address or interactions (e.g. likes, comments) may be processed by the respective platform operator. We would like to point out that we have no influence on the data processing by the platform operators. Further information can be found in the privacy policy of the respective platform.
When you visit our pages on social media platforms such as Facebook or Instagram, cookies may be set to collect user data (e.g. for page statistics). This processing is carried out by the respective platform operator in accordance with their cookie guidelines. In this context, tracking technologies may also be used to analyse user behaviour or display targeted advertising.
Facebook and Instagram (Meta Platforms Ireland Limited): When you visit our Facebook or Instagram page, personal data such as your IP address or interactions (e.g. likes, comments) may be processed by Meta. Further information can be found in Meta's data policy (https://www.facebook.com/polic...).
For our Facebook and Instagram pages, there is joint responsibility pursuant to Art. 26 GDPR with Meta Platforms Ireland Limited. Details can be found at the following link: https://www.facebook.com/legal....
YouTube (Google Ireland Limited): When you visit our YouTube page, data such as your IP address or interactions with videos may be processed by Google. Details can be found in Google's privacy policy (https://policies.google.com/pr...).
Google My Business: Data such as ratings or comments may be processed by Google. Further information can be found in Google's privacy policy(https://policies.google.com/pr...).
mobile.de (mobile.de GmbH): When using our site on mobile.de, personal data such as your IP address or search queries may be processed by mobile.de. Details can be found in the privacy policy of mobile.de (https://www.mobile.de/consent/).
The processing of personal data in connection with our social media presence is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in optimising our corporate communication, interacting with users and strengthening our online presence. As part of a balancing of interests, we have ensured that your rights and freedoms are not overridden.
You have the right to object to this processing in accordance with Art. 21 GDPR. To do so, you can contact us in writing using the contact details provided.

Data protection when handling customer and supplier data
Collection and processing of customer data
In the context of our business activities as a workshop for special vehicles, we process our customers' personal data in order to provide our services and fulfil contractual obligations. This includes in particular:
- Types of data: Name, address, email address, telephone number and vehicle information (e.g. model, licence plate number).
- Purpose: Processing of repair orders, agreement of test drives and communication in the context of contract performance.
- Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. f GDPR (legitimate interest in conducting business).
- Collection and processing of supplier data
Our suppliers' data is also processed in order to manage orders and process payments.
- Data types: Name, address, email address, telephone number and bank details for payment processing.
- Purpose: Communication with suppliers and processing of orders and payments.
- Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfilment) and Art. 6 para. 1 lit. f GDPR (legitimate interest in conducting business).

Storage periods
Customer data is stored for the duration of the contractual relationship and then archived in accordance with the statutory retention obligations (e.g. tax retention obligation of 10 years in accordance with §147 AO). Supplier data is subject to the same retention periods.
The revised privacy policy expands the Use of cookies section to include detailed information on the types of cookies and their purpose and management options. The new section on data protection when handling customer and supplier data clearly describes the data types, purposes, legal bases and retention periods for these processing operations in accordance with the requirements of the GDPR.

Data protection for applications and in the application process
We attach great importance to the protection of your personal data during the application process. Below we provide you with comprehensive information about the processing of your data as part of your application to us.
Collection and processing of applicant data
We process personal data that you provide to us as part of the application process. This includes in particular:
- Your name, address and contact details (telephone number, email address)
- Information from your application documents, such as CV, cover letter, certificates and qualifications
- Information about your professional career, skills and interests
The processing is carried out exclusively for the purpose of handling the application process. The legal basis for this is Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures).
Electronic submission of applications
Applications can be submitted both in paper form and electronically, for example by email or via a web form on our website. For electronic applications, the data is transmitted in encrypted form to ensure the security of your information.
Storage and deletion of applicant data
- If your application is successful: Your data will be transferred to your personnel file after completion of the application process and stored in accordance with the legal requirements.
- If your application is rejected: Your application documents will be deleted two months after notification of the rejection decision. This is done automatically, provided there are no legitimate interests that prevent longer storage (e.g. burden of proof under the General Equal Treatment Act - AGG).

Legitimate interest in longer storage
In individual cases, it may be necessary to store your data for longer in order to examine or defend against legal claims. This applies in particular to cases in which a discrimination claim under the AGG appears possible.
Security of processing
We use technical and organisational measures to protect your personal data throughout the application process. This includes encrypting emails and protecting access to our internal systems.
Rights of data subjects
As an applicant, you have the following rights:
1. Information: You can request information about what data we have stored about you at any time (Art. 15 GDPR).
2. Rectification: If your data is incorrect, you have the right to rectification (Art. 16 GDPR).
2. 16 GDPR).
3. erasure: You can request the erasure of your data, provided there are no legal obligations to retain it (Art. 17 GDPR).
4. objection: You can object to the processing of your data if legitimate interests do not prevail (Art. 21 GDPR).
To exercise these rights, please contact us using the contact details provided in this privacy policy.

Transfer of personal data to third countries
Your data will only be transferred to third countries outside the EU if suitable guarantees such as standard contractual clauses or certifications in accordance with the EU-US Data Privacy Framework are in place.

Rights of data subjects
You have the following rights under the GDPR:
Information: About the processing of your personal data (Art. 15 GDPR).
Rectification: Incorrect or incomplete data (Art. 16 GDPR).
Erasure: Your personal data under certain conditions (Art. 17 GDPR).
Erasure: Your personal data under certain conditions (Art. 17 GDPR). 17 GDPR).
Restriction: of the processing of your data under certain conditions (Art. 18 GDPR).
Objection: to certain processing of your personal data (Art. 21 GDPR).
To exercise your rights, please contact us in writing using the contact information provided above.

Changes to this privacy policy
This privacy policy is regularly reviewed and updated to comply with legal requirements or to reflect changes to our services.