Skip to Content

Privacy Policy

Information on the processing of your personal data under the GDPR

Controller

Responsible for data processing

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:

elvinci.de GmbH
Ostendstraße 100
90482 Nürnberg
Germany
Phone: +49 911 4952 7722 Email: [email protected] Represented by: Konstantinos Vasiadis, Managing Director

Data Protection Officer

Name: Daniel Schneider Email: [email protected]
Fundamentals

General information on data processing

Legal bases

Where we obtain consent for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis. For processing personal data required to perform a contract, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. Where processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or of a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis.

Withdrawal of your consent

Many data processing operations are only possible with your express consent. You can withdraw any consent you have already given at any time. The lawfulness of data processing carried out up to the withdrawal remains unaffected.

Right to object (Art. 21 GDPR)

Where your personal data are processed on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you have the right to object to the processing pursuant to Art. 21 GDPR, provided that there are grounds for doing so arising from your particular situation. If personal data are processed for the purpose of direct marketing, you have the right to object to such processing at any time.

Right to lodge a complaint with a supervisory authority

In the event of breaches of the GDPR, data subjects have a right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach, Germany
www.lda.bayern.de

SSL encryption

For security reasons and to protect the transmission of personal data, this website uses SSL (TLS) encryption. You can recognise an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock icon in your browser bar.

Data transfer to third countries

All services and service providers we use process personal data exclusively within the European Union. No transfer of personal data to third countries (states outside the EU/EEA) takes place. Should this change in the future, we will update this privacy policy accordingly and name the appropriate safeguards pursuant to Art. 44 et seq. GDPR.

Obligation to provide personal data

Within the scope of using our website, the provision of certain personal data is neither legally nor contractually required. However, the use of certain features is tied to providing personal data: Without registration data (including proof of business), we cannot set up B2B access. Without an email address, we cannot answer incoming enquiries. Without payment data, an order cannot be processed.

Automated decision-making

Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place.

Data collection

Data collection on this website

Hosting

This website is hosted by an external service provider. The personal data collected on this website is stored on the servers of the host. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names and website accesses.

Provider: Odoo S.A. (OPaaS), Chaussée de Namur 40, 1367 Grand-Rosière, Belgium Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in a secure and efficient provision) Server location: European Union

A data processing agreement (DPA) in accordance with Art. 28 GDPR has been concluded with the host. The host processes data exclusively in accordance with our instructions.

Server log files

The hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits. These include: browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request and IP address.

This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR (legitimate interest in a technically error-free presentation and optimisation of the website). The server log files are automatically deleted after 14 days.

Cookies

This website uses only technically necessary cookies required for the operation of the site (e.g. session cookies for the login area). These cookies are set on the basis of § 25(2)(2) TDDDG and Art. 6(1)(f) GDPR. We have a legitimate interest in storing technically necessary cookies for the technically error-free and optimised provision of our services.

Tracking cookies or cookies for advertising purposes are not used. A separate cookie banner is therefore not required.

Communication

Contact and communication

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.

Data: Name, email address, message content, possibly telephone number Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in processing enquiries) Retention period: Until your enquiry has been completely processed, then for the duration of statutory retention periods

Contact by email or telephone

If you contact us by email or telephone, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of handling your request. The legal basis is the same as for the contact form.

Live chat

We offer a live chat on this website through which you can contact us in real time. The live chat is operated via our Odoo platform and hosted on our own servers within the EU. No data is transferred to third parties.

Data: Message content, name and email if provided, timestamp Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) Retention period: Chat histories are retained for the duration of the business relationship
Customer area

B2B registration and orders

Dealer registration

To use our B2B shop, registration as a business customer is required. As part of the registration, we collect the following data:

  • Company name, legal form
  • Address (business address)
  • Name and contact details of the contact person
  • Email address, telephone number
  • VAT identification number
  • Proof of business (as document upload)
Legal basis: Art. 6(1)(b) GDPR (contract initiation and performance) Retention period: For the duration of the business relationship and beyond in accordance with statutory retention obligations (commercial and tax law: up to 10 years)

Orders and contract processing

We process personal data collected as part of orders (order, address and payment data) to fulfil our contractual obligations. This data is passed on only to the extent necessary to perform the contract, in particular to the payment service provider and to shipping or parcel service providers.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (legal obligation, e.g. tax-related retention)
Payment

Payment processing

We use Stripe for payment processing. For a payment, the required payment data is transmitted to Stripe.

Provider: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland Data: Payment amount, payment method, credit card or account data if applicable (processed exclusively at Stripe and not stored on our servers) Legal basis: Art. 6(1)(b) GDPR (contract performance)

As a payment service provider, Stripe is an independent controller for the processing of payment data. Further information can be found in the Stripe privacy policy.

Newsletter

Newsletter

If you subscribe to the newsletter offered on the website, we process the email address you provide and, if applicable, your name for the purpose of sending the newsletter. Dispatch takes place via our Odoo platform and thus exclusively on our own servers within the EU.

Data: Email address, name if applicable Legal basis: Art. 6(1)(a) GDPR (consent) Withdrawal: You can unsubscribe from the newsletter at any time via the unsubscribe link in any newsletter email or by contacting us by email Retention period: Until you withdraw your consent (unsubscribe)
Analytics

Web analytics

Plausible Analytics

We use Plausible Analytics on this website, a privacy-friendly web analytics tool. Plausible does not collect personal data in the strict sense, does not use cookies and does not store any information on your device.

Provider: Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia Data collected: Page views, referrer, approximate location (country), browser type, operating system, screen size Note: Your IP address is only used to generate a daily rotating, anonymous hash and is not stored. Conclusions about individual persons are not possible. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the anonymous analysis of user behaviour to improve our web offering)

Further information can be found in the Plausible Analytics privacy policy.

Your Rights

Your rights as a data subject

Subject to the respective legal requirements, you have the following rights against us with regard to the personal data concerning you:

  • Right of access to the data stored by us (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure of your data (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

To exercise your rights, please contact our data protection officer Daniel Schneider at [email protected].

In addition, you have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA) in Ansbach.

Note

Note on the business model

elvinci.de GmbH sells exclusively to business customers (B2B). The personal data processed on this website generally relate to contact persons and employees of business customers and prospective customers.

Last updated: March 2026

Standardised Grading
Every product receives one of seven grades. You choose the condition and know exactly what you are getting before you buy.
B2B expertise since 1989
Over 35 years of experience in the returns trade — hundreds of dealers across Europe already trust elvinci.
Europe-wide delivery from 10 appliances
Delivery EU-wide or collection from the warehouse — you only pay the actual shipping costs.
Always here for you
Whether by chatbot, email or support ticket — we respond quickly and ensure your concern is resolved promptly.