Legal

Privacy notice

1. Responsible party

Felix Trautwein
Robert-Stolz-Weg 7
74080 Heilbronn
E-Mail: mail@felixtrautwein.de

2. What data this site processes

The site processes the following categories of data:

  • Server log data: IP address, browser type, access times, and pages visited to operate, secure, and troubleshoot the website.
  • Contact form submissions: Name, email address, and message content from visitors who use the contact form.
  • Marketplace account data: Name, email, profile information, and vehicle details for sellers and buyers.
  • Booking and transaction data: Booking requests, contractual communication, and audit-relevant records that may be required under commercial and tax law.
  • Database records (Neon PostgreSQL): Account, marketplace, and booking data is stored in a managed PostgreSQL database provided by Neon as a processor.

3. Purpose of processing

Personal data is processed for the following purposes:

  • Contact form submissions: To respond to marketplace questions, booking inquiries, partnership requests, and customer support.
  • Marketplace operations: To manage test drive bookings and communication between sellers and buyers.
  • Technical operation: To operate, secure, troubleshoot, and optimize the website and marketplace platform.
  • Legal compliance: To fulfill legal obligations under German and EU law, including traffic law, tax law, and data protection regulations.

4. Legal basis

Data processing is lawful under the following legal bases (DSGVO / GDPR):

  • Contract fulfillment (DSGVO Art. 6 Abs. 1 lit. b): Processing of contact information, booking data, and payment information necessary to provide marketplace services.
  • Legal obligations (DSGVO Art. 6 Abs. 1 lit. c): Compliance with German traffic law (StVG § 21), mandatory insurance law (PflVG), and prevention of criminal liability for both the platform and vehicle owners.
  • Legitimate interests (DSGVO Art. 6 Abs. 1 lit. f): Security of the platform, fraud prevention, optimization of services, and legal protection.
  • Consent (DSGVO Art. 6 Abs. 1 lit. a): Where we ask for optional consent (for example for optional communications), processing is based on your consent and can be withdrawn at any time with effect for the future.

Contract details and user obligations are defined in our Terms of Service (AGB).

5. Retention

Personal data is retained only for as long as necessary:

  • Contact form inquiries: Retained for up to 2 years to handle follow-up communication, unless longer retention is required by law (e.g., accounting records).
  • Marketplace accounts: Active accounts retain data as long as the account is active. Upon account deletion, data is removed within 30 days, except where legally required retention applies.
  • Server logs: Retained for up to 30 days for security and troubleshooting purposes.
  • Tax and commercial records: Invoice and transaction-related records may be stored for 7 to 10 years where required by German tax and commercial law.

6. Your rights

Under DSGVO and German BDSG, you have the following rights:

  • Right of access (Art. 15): You may request what personal data we hold about you.
  • Right to correction (Art. 16): You may request correction of inaccurate data.
  • Right to erasure (Art. 17): You may request deletion of your data, subject to legal retention requirements.
  • Right to restrict processing (Art. 18): You may request that we limit how we use your data.
  • Right to data portability (Art. 20): You may request a copy of your data in a machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests.
  • Right to lodge a complaint (Art. 77): You may file a complaint with the German data protection authority (Landesdatenschutzbeauftragte).

To exercise any of these rights, please contact us at mail@felixtrautwein.de with the subject line "DSGVO Rights Request."

7. Data security and sensitive data

We implement technical and organizational security measures to protect your personal data:

  • HTTPS encryption for all data transmission
  • Secure password storage (hashing)
  • Limited access to personal data (need-to-know basis)
  • Regular security updates and vulnerability testing

8. Processors and hosting providers

We use the following third parties to process your data:

  • Neon (managed PostgreSQL): Database hosting for marketplace data as a processor under Art. 28 GDPR. The configured Neon region is Frankfurt (Germany).
  • Provider detail: Neon, LLC (A Databricks company).
  • Public legal reference: Databricks, Inc., 160 Spear Street, Suite 1300, San Francisco, CA 94105, United States.
  • Hetzner Cloud: Infrastructure and server hosting for the application as a processor under Art. 28 GDPR.
  • Provider detail: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
  • Email service providers: For sending confirmations and notifications
  • Provider detail: Mailgun Technologies, Inc. (Sinch Group) for transactional email delivery.
  • Additional technical service providers: For secure operation, monitoring, and backup of the platform.

Data Processing Agreements (Auftragsverarbeitungsvertraege, Art. 28 GDPR) are in place with all processors handling personal data on our behalf.

9. International data transfers

If personal data is processed outside the EU/EEA, we ensure an adequate level of protection under GDPR, in particular through an adequacy decision (Art. 45 GDPR) or EU Standard Contractual Clauses (Art. 46 GDPR).

Our primary database region is Frankfurt (Germany). Where technically available, we choose EU/EEA hosting regions to minimize cross-border transfers.

10. Google Tag Manager

We use Google Tag Manager, a tag management system provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager itself does not create user profiles or store cookies for its own purposes. It enables us to load and manage website tags and measurement scripts.

When Google Tag Manager is loaded, technical information such as your IP address, browser information, device information, referrer URL, and page access time may be processed.

If tags for analytics, advertising, or conversion tracking are deployed via Google Tag Manager, the corresponding processing operations are described separately in this privacy notice or in our consent settings.

The legal basis for the use of Google Tag Manager and any tags loaded through it is your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG), where consent is required.

Data transfers to third countries, in particular the United States, cannot be excluded. Where required, such transfers are based on adequacy decisions and/or EU Standard Contractual Clauses.

You can withdraw your consent at any time with effect for the future by changing your cookie/privacy settings.

Further information about Google Tag Manager is available at: https://support.google.com/tagmanager and https://policies.google.com/privacy

11. Changes to this privacy notice

We may update this privacy notice as our services evolve or as legal requirements change. We will notify you of material changes by updating the date at the bottom of this page and, where required, by requesting your consent.