Privacy policy

This privacy policy explains the nature, scope and purpose of processing personal data (hereinafter referred to as "data") within our online services and the associated websites, functions and content, as well as external online presences, e.g. our social media profile (hereinafter referred to jointly as "Online Services"). With respect to the terminology used, e.g. "personal data" or its "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) [Datenschutzgrundverordnung (DSGVO)].

Responsible person:

Name/company name:RexXer Tuning GmbH
Street no.:Astheimer Str. 41
Post code, town, country:DE - 65428 Rüsselsheim
Commercial register/no.:   HRB 93305 Darmstadt
Managing Director:Ronja Daniele
Telephone number:+49 (0)6142 / 793971-203
Email address:+49 (0)6142 / 793971-80

Types of data processed:

  • Master data (e.g. names, addresses).
  • Contact data (e.g. email, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Contract data (e.g. contract subject matter, term, customer category).
  • Payment data (e.g. bank account details, payment history).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Metadata/communication data (e.g. device information, IP addresses).

Processing special categories of data (Art. 9 Subsection 1 GDPR [DSGVO]):

  • No special categories of data are processed.

Categories of the persons affected by the processing:

  • Customers / interested parties / suppliers.
  • Visitors and users of the Online Services.

In the following, we will also refer to the data subjects jointly as "users".

Purpose of the processing:

  • Provision of contractual performance, servicing and customer care.
  • Answering of contact queries and communication with users.
  • Marketing, advertising and market research.
  • Security measures.

Version: 20/05/2018

  1. Relevant legal grounds
  2. We are notifying you of the legal ground for our data processing based on Art. 13 GDPR [DSGVO]. Insofar as the legal grounds are not cited in the privacy policy, the following applies: The legal ground for obtaining consent is Art. 6 Subsection 1(a) and Art. 7 GDPR [DSGVO]; the legal ground for data processing for the purpose of providing our services and performance of contracts, as well as answering enquiries, is Art. 6 Subsection 1(b) GDPR [DSGVO]; the legal ground for data processing for the purpose of meeting our legal obligations is Art. 6 Subsection 1(c) GDPR [DSGVO]; and the legal ground for data processing for the purpose of our legitimate interests is Art. 6 Subsection 1(f) GDPR [DSGVO]. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Subsection 1(d) GDPR [DSGVO] serves as the relevant legal ground.

  3. Changes and updates to the privacy policy
  4. Please check the content of our privacy policy on a regular basis. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as your cooperation (e.g. consent) or another individual notification becomes necessary.

  5. Security measures
    1. On the basis of Art. 32 GDPR [DSGVO], in consideration of the current state of technology, the implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and the seriousness of the risk to the rights and freedoms of natural persons, we will arrange for appropriate technical and organisational measures in order to guarantee a protection level which is commensurate with the risk; these measures particularly include the assurance of the confidentiality, integrity and availability of data by checking the physical access to the data, as well as the relevant access, entry, disclosure, and assurance of availability and their separation. Furthermore, we have set up procedures that guarantee the exercising of rights by the data subjects, deletion of data, and responding to endangering the data. In addition, we take the protection of personal data into consideration for the development/selection of hardware, software and procedures in accordance with the principle of data protection by design and privacy-friendly default settings (Art. 25 GDPR[DSGVO]).
    2. The security measures particularly include the encrypted transfer of data between your browser and our server.

  6. Cooperation with processors and third parties
    1. Insofar as we disclose data to other persons and companies within the scope of our processing (processors or third parties), send data to these or otherwise grant them access to data, this only occurs on the basis of legal permission (e.g. if sending the data to third parties such as payment service providers is required for contract fulfilment in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO]), if you have consented, a legal obligation prescribes this or on the basis of our legitimate interests (e.g. for the use of authorised representatives, web hosters etc.).
    2. Insofar as we commission third parties with the processing of data on the basis of a so-called "data processing agreement", this occurs on the basis of Art. 28 GDPR [DSGVO].

  7. Transmissions to third countries
  8. Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or disclose it within the scope of using third-party services or if disclosure/transmission of data to third parties occurs, this only occurs if it is required for fulfilling our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data, or have the data processed, in a third country if the specific preconditions of Art. 44 et seqq. GDPR [DSGVO] exist, i.e. the processing occurs on the basis of specific guarantees, such as the officially acknowledged establishment of a privacy level corresponding to the EU (e.g. for the USA, by means of the "Privacy Shield") or the observance of officially recognised specific contractual obligations (so-called "standard contractual clauses").

  9. Rights of the data subjects
    1. You have the right to request a confirmation about whether personal data is processed and to receive information about this data, as well as additional information and a copy of the data in accordance with Art. 15 GDPR [DSGVO].
    2. In accordance with Art. 16 GDPR [DSGVO], you have the right to request the completion or correction of the personal data held about you.
    3. On the basis of Art. 17 GDPR [DSGVO], you have the right to request that your personal data are deleted without delay, or alternatively, on the basis of Art. 18 GDPR [DSGVO], to request the restriction of processing of your personal data.
    4. You have the right to request access to the personal data you have provided to us on the basis of Art. 20 GDPR [DSGVO], and to request that it be sent to other responsible parties.
    5. Furthermore, in accordance with Art. 77 GDPR [DSGVO], you have the right to file a complaint with the competent supervisory authority.

  10. Right to cancel
  11. You have the right to revoke consent once granted in accordance with Art. 7 Subsection 3 GDPR [DSGVO] with effect for the future.

  12. Right to object
  13. You may object to the future processing of the personal held about you on the basis of Art. 21 GDPR [DSGVO] at any time. The objection may specifically be made against processing for the purpose of direct marketing.

  14. Cookies and the right to object to direct marketing
  15. We use temporary and permanent cookies, i.e. small files that are stored on users' devices (for an explanation of the definition and function of cookies, please refer to the last section of this privacy policy). In part, the cookies have the purpose of security or are required for the operation of our Online Services (e.g. for the display of the website) or to store the user decision regarding the acceptance of cookies. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which the users are informed via the privacy policy.

    A general objection to the use of cookies for online marketing purposes may be declared with many of the services, particularly in the case of tracking, via the US website or the EU website Furthermore, the storage of cookies may be prevented by switching them off in the browser settings. Please note that in this case, it may not be possible to use all of the Online Services' functions.

  16. Deletion of data
    1. The data processed by us is deleted on the basis of Art. 17 and 18 GDPR [DSGVO]; alternatively, its processing is restricted. Unless expressly stated otherwise within the scope of this privacy policy, the data stored with us is deleted as soon as it is no longer required for its designated purpose, provided that deletion would not constitute a breach of statutory retention obligations. If the data is not deleted, because it is required for other and legally admissible purposes, its processing is restricted, i.e. the data is stored and not processed for other purposes. This applies, for instance, to data that must be retained for commercial-law or tax-law purposes.
    2. Under statutory requirements, the retention period is specifically six years in accordance with Section 257 Subsection 1 HGB [German Commercial Code] (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, booking vouchers, etc.), and 10 years in accordance with Section 147 Subsection 1 AO [German Fiscal Act] (books, records, management reports, booking vouchers, commercial and business letters, fiscal, etc.).

  17. Provision of contractual services
    1. We process master data (e.g. names, addresses and users' contact details), contract data (e.g. services used, names of contact persons and payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO]. The entries marked as mandatory in online forms are required for the conclusion of a contract.

  18. Making contact
    1. When making contact with us (via contact form or email), the user's details are processed to handle the contact request in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO].

  19. Collection of access data and log files
    1. We collect data on the basis of our legitimate interests in the meaning of Art. 6 Subsection 1(f) GDPR [DSGVO] about any access to the server on which this service is situated (so-called server log files). This access data includes the name of the website accessed, file, date and time of the access, transferred data volume, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the website previously visited), IP address and the requesting provider.
    2. Logfile-Informationen werden aus Sicherheitsgründen (z.B. zur Aufklärung von Missbrauchs- oder Betrugshandlungen) für die Dauer von maximal sieben Tagen gespeichert und danach gelöscht. Daten, deren weitere Aufbewahrung zu Beweiszwecken erforderlich ist, sind bis zur endgültigen Klärung des jeweiligen Vorfalls von der Löschung ausgenommen.

  20. Online presences on social media
    1. We maintain online presences on social networks and platforms in order to communicate with and inform customers, interested parties, and users who are active there about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
    2. Unless specified otherwise within the scope of our privacy policy, users' data is processed insofar as it is communicated to us on the social networks and platforms, e.g. written contributions on our Online Services or messages sent to us.

  21. Cookies and reach measurement
    1. Cookies are information files that are transferred from our web server or third-party web servers to the users' web browsers and stored there for later retrieval. Cookies may be small files or other types of stored information.
    2. We use "session cookies", which are only filed for the duration of the actual visit to our online presence (e.g. to store your login status or your shopping basket configuration, and thus to make the use of our online services possible). In a session cookie, a randomly generated unique identification number is filed: a so-called session ID. Furthermore, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted once you have finished using our online services and logged off or closed your browser.
    3. The users are informed about the use of cookies within the scope of pseudonymised reach measurement in this privacy policy.
    4. If users do not want cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to restrictions on the functionality of these Online Services
    5. 5. You can object to the use of cookies stored for the purpose of reach measurement and marketing by visiting the Network Advertising Initiative's deactivation site ( plus the US website ( or the European website (

  22. Reach analysis with Matomo (formerly PIWIK)
    1. Within the scope of Matomo, the following data is collected and stored: the browser type and browser version that you are using, your country of origin, date and time of the server enquiry, the number of visits, your time spent on the website and the external links that you have used. The user’s IP address is anonymised before it is stored.
    2. Matomo uses cookies, which are stored on the user’s computer and which enable an analysis of how users use our Online Services. Pseudonymised usage profiles for the users can be created using the processed data. The cookies have a storage period of one week. The information generated by the cookies about your use of this website is only stored on our server and is not disclosed to third parties.
    3. Users can object to anonymised data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser, which will prevent Matomo from collecting any session data in the future. However, if users delete their cookies, the opt-out cookie will also be deleted and may need to be reactivated by the users.

  23. Integration of third-party services and content
    1. As part of our Online Services, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our Online Services within the meaning of Art. 6 Subsection 1(f) GDPR [DSGVO]), we use third-party content or services in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content collect users' IP addresses, as they cannot send the content to the user's browser without the IP address. Consequently, the IP address is required to present this content. We endeavour to only use such content whose respective providers only use the IP address for delivery of said content. Furthermore, third-party providers can also use so-called pixel tags (invisible graphics also referred to as "web beacons") for statistical or marketing purposes. With the "pixel tags", information such as visitor traffic on the pages of this website can be evaluated. The pseudonymised information can also be stored in cookies on the user's device and, among other things, contain technical information about the browser and operating system, referral URLs, browsing time and other details about the use of our Online Services, as well as be associated with such information from other sources.
    2. The following description provides an overview of third-party providers and their content, alongside links to their data privacy policies, which contain additional information about processing data and objection opportunities, some of which are already referred to here (so-called opt-out):
  • This website uses Google Maps API in order to visually display geographical information. When using Google Maps, website visitors' data is also collected, processed and used by Google through use of the Maps function. You can see more detailed information about data processing by Google in the Google privacy policy, where you can also change your personal privacy settings in the privacy centre ( Detailed instructions about the administration of personal data in relation to Google products can be found here.
  • We embed YouTube videos on several of our websites. The operator of the respective plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a website with the YouTube plugin, a link will be established to the YouTube servers. YouTube is informed of which websites you visit. If you are logged into your YouTube account, YouTube can personally allocate your surfing behaviour to you. You can prevent this by logging out of your YouTube account beforehand. If a YouTube video is played, the provider uses cookies to collect information about user behaviour. Anyone who has deactivated the storage of cookies for the Google Ad program must also expect such cookies when watching YouTube videos. However, YouTube also files non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser. You can find additional information about privacy on YouTube in the provider's privacy policy at:
  • Externer Code des JavaScript-Frameworks "jQuery", bereitgestellt durch den Dritt-Anbieter jQuery Foundation,
Deutsche Version
English version