Privacy Policy.
I. Name and Contact Details of the Controller.
The Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the European Unions Member States, as well as other data protection provisions, is:
Automotive Consult GmbH
Marc Hessel
Isarstr. 3 / Am Georgenstein
D-82065 Baierbrunn
Tel. +49 89 969 94 098
ac@automotive-consult.com
www.automotive-consult.de
II. General Information on Data Processing.
1. Scope of the Processing of Personal Data.
We generally process personal data of our users only to the extent necessary to provide a functional website and our content and services. Personal data is usually processed only with the user’s consent. An exception applies where prior consent cannot be obtained for practical reasons and the processing is permitted by law.
2. Legal Basis for Processing Personal Data.
Where we obtain consent from the data subject, the legal basis is Art. 6(1)(a) GDPR.
Where processing is necessary for the performance of a contract to which the data subject is a party, the legal basis is Art. 6(1)(b) GDPR. This also applies to processing required for pre-contractual measures.
Where processing is necessary to comply with a legal obligation, the legal basis is Art. 6(1)(c) GDPR.
Where processing is necessary to protect vital interests of the data subject or another natural person, the legal basis is Art. 6(1)(d) GDPR.
Where processing is necessary for the purposes of legitimate interests pursued by the company or a third party, and those interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis is Art. 6(1)(f) GDPR.
3. Data Deletion and Storage Period
Personal data is deleted or blocked as soon as the purpose for storing it no longer applies. Data may be stored beyond this point if required by European or national legislation. Data will also be deleted or blocked when a legally prescribed storage period expires, unless further storage is necessary for concluding or fulfilling a contract.
III. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following data is collected:
(1) Browser type and version
(2) User’s operating system
(3) User’s internet service provider
(4) User’s IP address
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites accessed via our website
This data is also stored in log files. It is not stored together with other personal data of the user.
2. Legal Basis for Data Processing.
The legal basis for temporary storage of data and log files is Art. 6(1)(f) GDPR.
3. Purpose of Data Processing.
Temporary storage of the IP address is necessary to deliver the website to the user’s device. For this purpose, the IP address must remain stored for the duration of the session.
Storage in log files ensures the functionality of the website and helps us optimize it and maintain the security of our IT systems. The data is not used for marketing purposes.
These purposes also constitute our legitimate interest under Art. 6(1)(f) GDPR.
4. Duration of Storage.
Data is deleted once it is no longer required for the purpose for which it was collected.
For website provision, this is when the session ends. Log file data is deleted after no more than seven days. Longer storage is possible, but in such cases IP addresses are deleted or anonymized so that the user can no longer be identified.
Right to Object
Collection of data for website provision and storage in log files is essential for operating the website. Therefore, users have no right to object.
IV. Use of Cookies.
a) Description and Scope of Data Processing.
Our website uses cookies. Cookies are text files stored in the user’s internet browser or on their computer system. When a user accesses a website, a cookie may be stored on their operating system. This cookie contains a unique identifier that allows the browser to be recognized on subsequent visits.
We use cookies to make our website more user-friendly. Some elements of our website require the browser to be recognized even after navigating to another page.
The following data is stored in cookies:
• Login information (only if accessing the admin backend login page; not required for normal website use)
b) Legal Basis.
The legal basis is Art. 6(1)(f) GDPR.
c) Purpose.
Technically necessary cookies simplify website use. Certain features cannot function without cookies, as the browser must be recognized across pages.
Cookies are required for:
(1) Login functionality (only for admin backend access)
Data collected through necessary cookies is not used to create user profiles.p>
These purposes also constitute our legitimate interest in processing personal data in accordance with Art. 6 (1) (f) GDPR.
d) Storage Duration and Control
Cookies are stored on the user’s device and transmitted to our website. Users have full control over their use. You can disable or restrict cookies through your browser settings, and delete stored cookies at any time. If cookies are disabled, some website features may not function properly.
V. Email Contact
1. Description and Scope
You can contact us via the provided email address. In this case, the personal data transmitted with the email will be stored. This data is not shared with third parties and is used exclusively to process the conversation.
2. Legal Basis
Rechtsgrundlage für die Verarbeitung der Daten, die im Zuge einer Übersendung einer E-Mail übermittelt werden, ist Art. 6 Abs. 1 lit. f DSGVO. Zielt der E-Mail-Kontakt auf den Abschluss eines Vertrages ab, so ist zusätzliche Rechtsgrundlage für die Verarbeitung Art. 6 Abs. 1 lit. b DSGVO.
3. Purpose
The legal basis is Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, the additional legal basis is Art. 6(1)(b) GDPR.
4. Storage Duration
Data is deleted once it is no longer needed. For email correspondence, this is when the conversation has ended and the matter has been fully resolved, unless legal retention requirements apply. Additional data collected during sending is deleted after no more than seven days.
5. Right to Withdraw
Users may withdraw consent at any time. If you object to storage of your data, the conversation cannot continue. All personal data collected during contact will be deleted unless legal obligations require longer storage.
VI. Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the Controller:
1. Right of Access
You may request confirmation from the Controller as to whether personal data concerning you is being processed by us.
If such processing takes place, you may request the following information from the Controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information is not possible, the criteria used to determine that period;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to Rectification
You have the right to obtain from the Controller the rectification and/or completion of personal data concerning you if the processed personal data is inaccurate or incomplete. The Controller must carry out the rectification without undue delay.
3. Right to Restriction of Processing
Under the following conditions, you may request restriction of the processing of personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the Controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or
(4) if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the Controller override your grounds.
Where the processing of personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been imposed in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.
4. Right to Erasure
a) Obligation to Erase
You may request the Controller to erase the personal data concerning you without undue delay, and the Controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based according to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
(6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
b) Information to Third Parties
If the Controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, those personal data.
c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defence of legal claims.
5. Right to Notification
If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the Controller about those recipients.
6. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the Controller to whom the personal data was provided, provided that
(1) the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one Controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected thereby.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on those provisions.
The Controller shall no longer process the personal data concerning you unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to Withdraw the Data Protection Consent Declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the Controller,
(2) is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
However, those decisions must not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the Controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
VII. Plugins and Tools
1. Google Web Fonts.
This website uses so-called web fonts provided by Google to ensure consistent font display. We use Google Fonts locally, meaning no data is transmitted to Google.