Privacy Policy

Privacy Policy

We are committed to protecting your privacy online. We appreciate that you do not want the personal information you provide to us distributed indiscriminately and this policy explains how we collect information about you, what we do with it and what controls you have.

If you visit our website and have set your internet browser to accept our cookies, we assume that you agree to the storage of these cookies.

1. Name and address

The website is owned by MILAN Automotive GmbH. Our office address is:

MILAN Automotive GmbH
Aredstrasse 29
2544 Leobersdorf, Austria


We welcome your questions!

You will find our contact form and other options to contact us here:

2. When and for which purpose is your data collected and used?

When processing your personal data, we comply with the relevant data protection regulations. We use the data only for purposes within the limits of our company purpose. Even if you do not place an order with, we collect data communicated to us by your internet browser (including the name of the retrieved file, date and time of retrieval, amount of data transmitted, status message about the retrieval, type of your internet browser, your screen resolution, your operating system, the language you have set and the domain of the website from which you came). We use this data for statistics with anonymized access so that we can, for example, find out from which countries our visitors are.

The data processing takes place on the basis of the legal regulations of the § 96 exp. 3 TKG as well as article 6 DSGVO (in particular the agreement and / or necessity for the contract fulfillment).

2.1 Registration

If you order articles from our website and create an account, we store all personal data that you provide us during the registration (title, first name, last name, company, street, postal code, city, country, telephone number, E-mail address). We store all your purchases as well as the date and billing information. We also store your IP address when you are shopping to track abuse (for example, ordering under false identity). We store all this data as long as you have a MILAN Automotive customer account. You have the option of changing or deleting your data in the account by sending us a message. Our statutory storage obligations remain unaffected.

We use your personal information only to offer you our goods, to execute your orders and to contact you.

2.2 Website contact options

Due to legal regulations, the website contains information that enables us to contact our company quickly and communicate directly with us, which also includes an e-mail address. If an affected person contacts us by e-mail or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal data, voluntarily transmitted by an individual to us, is stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

3. How and to whom do we pass on your personal data?

Generally, we avoid to give your personal data to anyone. When passing on your personal data is required, we always ensure the highest possible level of security. Therefore, your data will only be forwarded to previously carefully selected and contracted service providers. In addition, these companies have committed themselves to comply with the applicable data protection regulations.

3.1 Data transfer to service companies

MILAN Automotive transmits your personal data to third party service providers who process personal data for MILAN Automotive. Some of these companies work for us through order data processing and may therefore only use the data provided in accordance with our instructions.

3.2 Data transfer to other third parties

To the extent necessary to: (i) comply with a government request, court order or legal requirement, (ii) prevent illegal use of the Sites and Apps or violate our Site and Apps Terms of Use; (iii) to defend us against third party claims; and (iv) assist in the prevention of fraud or investigation (for example, counterfeiting). 

4. PROTECTION and MANAGEMENT of your personal data

The security of your personal data is very important to us. We, therefore, protect your data stored by us through technical and organizational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are required to maintain data secrecy and must comply with it. We also ensure that only legitimate employees in the company gain access to your personal data through their assignment. To protect personal data, they are transmitted in encrypted form.

4.1 Encryption and security:

We use a variety of technical and organizational security measures, such as sophisticated encryption and authentication tools, to ensure the security of your personal information. To protect communication via your internet browser, we use e.g. SSL = Secure Socket Layer. This can be recognized by the lock symbol that your browser displays during an SSL connection. Your personal information is protected by secure networks and is accessible only to a limited number of people who have special access rights to these systems.

4.2 Storage of your data 

The criteria for the storage duration of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if it is no longer required to fulfill the contract or to initiate a contract.

4.3 Routine deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or, as the case may be, by the European directives or regulations or by any other legislator in laws or regulations which the controller was provided for.

If the storage purpose is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.  


The data processing takes place on the basis of the legal regulations of the § 96 exp. 3 TKG as well as of the article 6 DSGVO (in particular consent). Since the privacy of our users is very important to us, the user data is pseudonymized.

5.1 What is a Cookie?

Cookies are files, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.

Cookies can be used by web servers to identify and track users as they navigate different pages on a website, and to identify users returning to a website. Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Depending on their functionality and their purpose, cookies can be incorporated into different categories:

  • Strictly necessary cookies: These are cookies that are essential to the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or use a shopping basket.
  • Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors to our website and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies: These cookies are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region). 
  • Targeting cookies: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.  

5.2 Member-Login

The website uses cookies in connection with the member login. Therefore, the website recognizes that the user has already provided a username and a password.

5.3 Statistic Evaluation (Tracking)

To determine the origin of a user when arriving on a page on this website, for example, if they have arrived onto the product details page from a product grid, from the search browser or from an external website, we are using the following cookies: 

5.4 Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

They allow monitoring the website by means of the Google Analytics tool, which is a service provided by Google to obtain user access information on the website. Some of the data saved are: number of times a user visits the website, dates of the first and last visit, duration of the visits, the page from where the user accessed the website, the search engine the user used to access the website or the link they clicked on, the place in the world from where the user accesses, etc. The configuration of these cookies is predetermined by the service offered by Google and the information generated by the cookie about the use of your website will be transmitted and stored by Google, Inc. Therefore we suggest consulting the privacy page of Google Analytics,, to obtain further information on the cookies it uses and how to disable them. Please remember that we are not responsible for the content or the accuracy of third-party websites.

You are able to prevent the data collection generated by the cookie and related to your use of the website as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:

5.4.1 Agreement for Contract Data Processing

We have entered in a contract data processing agreement with Google Inc.

5.5 IP anonymization

We use the function “activation of IP anonymization” on this website. As a result, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

5.6 Social Media Cookies

By default, does not use social media cookies and does not submit any data to social networks. Only an active process in a social media service (“share”, “tweet”, “like” …) is recorded by the service itself. The buttons on the website are links to the company profile of the provider in the respective service. After clicking a button, the terms and conditions of use of the entered service will apply. These can be found in the documentation on the respective websites.

6. Which rights do you have regarding your data?

6.1 Right to basic information

When must an information request be possible?

To get information about your data you are welcome to contact us under:

We will process your request as soon as possible.

In any case, you must be able to prove your identity should any doubts exist (e.g., fantasy e-mail, etc.), either by digital signature or ID card copy. The request can be submitted informally, with proof of identity. 

WHICH information can be requested?

  • Copies of the data
  • the processing purposes
  • the categories of data being processed;
  • the recipients or categories of recipients to whom the data has been or will be shared
  • the planned retention period for the data, or the criteria for determining this duration
  • all available information about the source of the data
  • decisions based on automated processing including profiling
  • the foundations of suitable guarantees for international data transfers

HOW do we contact you?

  • Basically in writing, if there is no doubt about your identity orally. 

WHEN is it possible to refuse your request?

  • The handover of the copy must not interfere with the rights of other persons. 

6.2 Right of rectification

The requirement for the claim is that the data is incorrect and does not match with the reality (eg false date of birth), or that the data is incomplete considering the purpose of the processing. 

6.3 Right to erasure (the “right to be forgotten“)

Prerequisite for the right to erasure is at least one of the following conditions:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed
  • You have revoked your consent to data processing (and there is no other legal basis)
  • You have objected to processing (and there are no legitimate reasons for the processing).
  • The personal data was processed unlawfully
  • The deletion of personal data is required to fulfill a legal obligation under Union or national law
  • The data was collected by a child in connection with an information society service

WHEN is it possible to refuse your request?

The claim may be rejected if processing is required:

  • to exercise the right to freedom of expression and information;
  • to fulfill a legal obligation which requires the processing under the law of the Union or of the Member States to which we are subject;
  • for reasons of public interest in the field of public health;
  • for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes;
  • to assert, exercise or defend legal claims.

6.4 Right to restrict processing

Prerequisite for the right to restrict processing is at least one of the following conditions:

  • You have denied the accuracy of your personal information as long as we verify the accuracy of your personal information
  • The processing is not allowed and you have rejected the deletion of personal data and instead demanded the restriction of the use of your personal data
  • We no longer need your personal information for the purposes of processing, but you are required to assert, exercise or defend your rights
  • You have objected to the processing, as long as it is not certain that our legitimate reasons prevail over yours.

HOW do we contact you?

  • Basically in writing, if there is no doubt about your identity orally. You will also receive a letter on paper if you send us an explicit request.

The right to restriction does not exist if:

  • you have agreed to further processing;
  • the processing is necessary to assert, exercise or defend legal claims;
  • The processing is necessary to protect the rights of another natural or legal person. 

HOW long may the processing of your request take?

Processing must take place within one month of receipt of your request.

WHERE can you enforce your claims?

If you feel that your claims have been infringed, you can lodge a complaint with the Data Protection Authority within one year of becoming aware of the complaining event.

6.5 Right of data portability

Prerequisite for the right of data portability:

Processing is by automated means and is based on their consent or on a contract with them.

HOW do you have to request the data transfer?
The request can be made written or under proof of identity even orally by phone.

For WHICH data can you ask?

All data which you have provided to us.

The handing over of the copy must not interfere with the rights of other persons.

HOW long may the processing of your request take?

Processing must take place within one month of receipt of your request.

WHERE can you enforce your claims?

If you feel that your claims have been infringed, you can lodge a complaint with the Data Protection Authority within one year of becoming aware of the complaining event.

6.6 The right of objection

Requirements for the right of objection:

The right of objection can be asserted in different situations:

  • You provide reasons that arise from your particular situation and which are processed to perform a task of public interest or exercise of public authority or to safeguard the legitimate interests of the controller or a third party, including related profiling.
  • You provide reasons that arise from your particular situation and which are processed for scientific, historical or statistical purposes.

WHAT happens when you claim the right of objection?

We are no longer allowed to process your data.

WHEN is it possible to refuse your request?

In the following cases, we are able to reject your claims:

  • The processing serves the assertion, exercise or defense of legal claims.
  • Processing is for scientific, historical or statistical purposes and is required to fulfill a public interest task.

HOW long may the processing of your request take?

Processing must take place within one month of receipt of your request.

WHERE can you enforce your claims?

If you feel that your claims have been infringed, you can lodge a complaint with the Data Protection Authority within one year of becoming aware of the complaining event.

7. Legal basis for processing data

We process your data only on the basis of statutory provisions (DSGVO, DSG 2018, TKG 2003).

Art. 6 I lit. A DS-GVO serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b DS-GVO. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO.

8. Changes to the privacy policy

We reserve the right to change the privacy policy at any time in order to adapt it to changed legal situations, or changes in the online shop and our data processing. However, this only applies to declarations of data processing. If the consent of the customer is required or components of the privacy policy contain provisions of the contractual relationship with the customer, the changes shall only be made with the consent of the customer.


(Stand: 01.05.2018)