Privacy Policy
CarMedialab GmbH
We are very pleased about your interest in our company. The protection of your privacy and your personal data is very important to us as CarMedialab GmbH.
The CarMedialab GmbH website can generally be used without providing any personal data. However, if you wish to take advantage of special services offered by our company via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the CarMedialab GmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, the CarMedialab GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
Controller
The party responsible for this website (the “controller”) for purposes of data protection law is CarMedialab GmbH.
Contact Details:
CarMedialab GmbH
Werner-von-Siemens-Str. 2-6
76646 Bruchsal
Germany
Telephone: +49(0)7251 7240-0
Email: info@carmedialab.com
Website: www.carmedialab.com
You may, at any time, contact our Data Protection Officer directly
with all questions and suggestions concerning data protection.
Our Data Protection Officer’s contact details are the following:
mhg protectit
Larissa Haug
Heerweg 19
72116 Mössingen
Telephone: 07473/240940
Email: datenschutz@mhg-protectit.de
Website: www.mhg-protectit.de/
Scope of Application
This Data Privacy Statement applies to all of CarMedialab’s websites,
applications and online services that refer to it.
Principles
‘Personal data’ are any information relating to an identified or identifiable natural person; these are normally names, postal addresses, e-mail addresses, telephone numbers, IP addresses, order details, advertising and contract details, and information about the use of media we offer, e.g. access time on our website or our newsletters and other comparable categories of data. Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there. Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not. Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.
Automate Data
(Server Log Files)
Whenever you use the internet, your browser automatically transfers certain information, which we collect and store in server log files (hereinafter also referred to as “log files”). The information stored in the server log files includes, but is not limited to:
- Your IP address
- Your browser version and type
- Your operating system
- Your referrer URL The hostname of your accessing computer
- Your time of query on our server
- Your internet service provider
Such data is not combined with data from other sources. Thus the anonymous data of the server log files are stored separately from all personal data provided by a person concerned. The basis of data processing is Art. 6(1)(b) GDPR, which permits data to be processed for the purposes of performance of a contract or to take steps prior to entering into a contract. The system needs to store your IP address temporarily to be able to display the website on your computer. For this to happen, your IP address must be stored for the duration of the session. The data stored in the log files are used to ensure the functionality of the website. In addition, the data help us to optimize our website and to maintain the security of our IT systems. These anonymously collected data and information are therefore evaluated by CarMedialab GmbH both statistically and with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. We delete personal data as soon as they are no longer needed for the purposes for which they were collected. Data that is stored in log files will be deleted within 30 days or less. It is possible that data will be stored and combined with other data for analysis and optimization purposes, and to improve the offer of information on our website. In this case, the user’s IP address will be deleted or altered so that it can no longer relate to the accessing client. The collection of data for provisioning the website and storing of data in log files is carried out for the purposes of error analysis. It is absolutely necessary for the operation and the ongoing enhancement of our website. As a result, you, as the user, have no means of objecting to this.
General Collection of Data
Our website continues to collect and store data in an anonymous form for marketing and optimization purposes. This visitor data is saved under a pseudonymous user ID and can be used to generate a usage profile. Cookies may be used for this. These are, however, collected and stored only in pseudonymized form. The data collected are not used to personally identify website visitors and are not combined with the personal data of the person to whom the pseudonym refers. You will find more information on the use of cookies in the section below “Use of Cookies”.
Some of the data are collected to ensure that the website functions properly. Other data are collected for the purposes of analyzing user behaviour.
In addition, personal data are only collected, processed or used if you disclose them to us voluntarily while visiting our website, for example, during a download or while placing an order, while booking a training course, when requesting information or offers from us, when reporting defective software or hardware, when providing us with feedback, subscribing to our newsletter or when applying for a job online. The legal basis for this processing and for sending you our newsletter is that we have received your consent as user (Art. 6 (1) (a) GDPR). You will find more information on subscribing to our newsletter in the section “Newsletter”.
If you order goods or services from us, we will only collect and use your personal data insofar as this is necessary for the establishment, implementation or termination of the contract. The legal basis of this kind of data processing is Art. 6 (1) (b) GDPR, which permits data to be processed for the performance of a contract or to take steps prior to entering into a contract. No further collection or processing can take place without your express consent. The customer information collected will be deleted after the order has been completed or when the business relationship ends. Legal record keeping requirements remain unaffected.
Furthermore, your personal data will only be processed if you, as user, have so consented (Art. 6 (1) (a) GDPR).
Transfer of Personal Data
Your personal data will only be transferred to a third party insofar as this is necessary for the establishment, implementation or termination of a contract with you or for the delivery of goods or services. This applies particularly to the transfer of your data to a shipping company, credit institution or other service company used for performing a contract.
The legal basis of data processing is Art. 6 (1) (b) GDPR, which permits data to be processed for the purposes of performance of a contract or in order to take steps prior to entering into a contract, a legitimate interest on our part in the transfer of personal data, Art. 6 (1) (f) GDPR or your explicit consent.
Personal data may be transferred to recipients located outside the EEA in third countries only insofar as there is an appropriate level of data protection at the recipient’s location or where you have given your consent to the transfer. If you would like a summary of the recipients in third countries and information about the rules in place to ensure that there is an appropriate level of data protection, please use the information provided in the section headed “Contact”.
Use of Cookies
Use of Google
We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).
The Google Analytics service is used to analyze how our website is used.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.
Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.
The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general.
Google states that it will not connect your IP address to other data.
In addition, Google provides further information with regard to its data protection practices at https://www.google.com/intl/de/policies/privacy/partners including options you can exercise to prevent such use of your data.
In addition, Google offers an opt-out add-on at https://tools.google.com/dlpage/gaoptout?hl=en in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics’ JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics.
However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed here in.
Our website uses Google reCAPTCHA to check and prevent automated servers (“bots”) from accessing and interacting with our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (here in after: Google).
This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar.
Google offers detailed information at https://policies.google.com/privacy concerning the general handling of your user data.
Our website uses Google AdWords and conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (here in after: Google).
We use conversion tracking to provide targeted promotion of our site. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.
If you click on an ad placed by Google, the conversion tracking we use stores a cookie on your device. These so-called conversion cookies expire after 30 days and do not otherwise identify you personally.
If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you clicked on one of our ads placed on Google and that you were then forwarded to our website.
The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. In addition, we receive information about the number of users who clicked on our advertisement(s) as well as about the pages on our site that are subsequently visited. Neither we nor third parties who also use Google AdWords will be able to identify you from this conversion tracking.
You can also prevent or restrict the installation of cookies by making the appropriate settings in your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.
In addition, Google provides further information with regard to its data protection practices at
https://services.google.com/sitestats/de.html
https://www.google.com/policies/technologies/ads/
http://www.google.de/policies/privacy/
in particular information on how you can prevent the use of your data.
Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about Cookies above.
In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=en and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html..
Google also offers further information at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
Our website uses Google Fonts to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our site.
When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.
Google offers detailed information at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
in particular on options for preventing the use of data.
This website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit a page on this website into which a YouTube has been embedded, a connection with YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited.
Furthermore, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account. The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail? contact=true&id=a2zt000000001L5AAI&status=Active
Online Presence on Social Media
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA Privacy Policy: https://policies.google.com/privacy
We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to LinkedIn.
The LinkedIn privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy.
To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform.
On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The data protection officer of Instagram can be reached via this contact form:
https://www.facebook.com/help/contact/540977946302970
We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.
The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.
When accessing our online presence on the Instagram platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).
This data of the user is used for statistical information on the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Instagram based on your interests. If you are logged into Instagram at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.
If you contact us via Instagram, the personal data you provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.
Facebook Ireland Ltd. might also set cookies when processing your data.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Instagram may be fully usable.
Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy:
https://help.instagram.com/519522125107875
It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.
Use of Matomo
Cookie d'exclusion installé. Vos visites sur ce site web ne seront PAS enregistrées par notre outil d'analyse web. Note : si vous nettoyez vos cookies et supprimez le cookie d'exclusion, ou bien si vous changez d'ordinateur et/ou de navigateur, il vous faudra de nouveau effectuer la procédure d'exclusion.
Vous pouvez vous opposer au suivi de votre navigation sur ce site web. Cela protégera votre vie privée, mais empêchera également le propriétaire d'apprendre de vos actions et de créer une meilleure expérience pour vous et les autres utilisateurs.
La fonctionnalité de désactivation du suivi nécessite que les cookies soient autorisés.
Social Media Links via Graphics
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA Privacy Policy: https://policies.google.com/privacy
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. Privacy Policy: https://www.linkedin.com/legal/privacy-policy
To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform.
On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The data protection officer of Instagram can be reached via this contact form:
https://www.facebook.com/help/contact/540977946302970
We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.
The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.
When accessing our online presence on the Instagram platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).
This data of the user is used for statistical information on the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Instagram based on your interests. If you are logged into Instagram at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.
If you contact us via Instagram, the personal data you provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.
Facebook Ireland Ltd. might also set cookies when processing your data.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Instagram may be fully usable.
Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy:
https://help.instagram.com/519522125107875
It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.
Online Applications / Publications of Job Advertisements
We offer you the opportunity to apply for jobs with our company via our website. In the case of these digital applications, we collect your application data electronically in order to process your application.
The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.
If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process, naturally in compliance with further legal obligations.
The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.
If we do not hire you, we will automatically delete the data submitted to us two months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence of equal treatment of applicants, until any legal action is concluded, or four months.
In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR and §24 Para. 1 No. 2 BDSG. Our legitimate interest lies in any legal defense we may have to mount.
If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR. You may withdraw your consent at any time with future effect per Art. 7 Para. 3 GDPR with future effect.
Contact, Feedback and Order Forms
By clicking on the “Send” button on the contact, feedback and order forms and the transfer of your information, you give your consent to our processing and storing of the information which is in the contact form, and in particular of your personal data, for the purposes for which you wish to have it transferred. We will erase such data as soon as it is no longer needed for its intended purpose. The data you supply on the contact, feedback and order forms is thus only processed on the basis of the consent (Art. 6(1)(a) GDPR) given to us when you send the form. You may, at any time, revoke your consent with future effect. All that you need to do is send us an e-mail with an informal notice revoking your consent (unsubscribe@carmedialab.com). This revocation has no effect on the legality of data processing activities carried out prior to the revocation.
Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.
MailerLite
This website uses MailerLite to send newsletters. The provider is UAB “MailerLite”, J. Basanaviciaus 15, LT-03108 Vilnius, Lithuania (herein after referred to as MailerLite). MailerLite is a service that, among other things, can be used to organize and analyze the sending of newsletters. The data you enter to subscribe to the newsletter is stored on MailerLite’s servers. If you do not want MailerLite to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
Data analysis by MailerLite
MailerLite enables us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened, and which links were clicked on, if any. In this way we can determine which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the
newsletter. MailerLite also enables us to divide the newsletter recipients into different categories (“clustering”). The newsletter recipients can be divided according to age, gender, or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.
Detailed information on the functions of MailerLite can be found at the following link:
https://www.mailerlite.com/features.
The MailerLite privacy policy can be found at:
https://www.mailerlite.com/legal/privacy-policy.
Legal basis
Data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time for the future.
Storage period
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR. This does not affect data stored by us for other purposes. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves
both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest in the sense of Art. 6(1)(f) GDPR). There is no time limit on storage in the blacklist. You can object to the storage if your interests outweigh our legitimate interest.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Use of Chatbots
We use chatbots to communicate with you. Chatbots have the capability to respond to your questions and other entries without the assistance of humans. To do this, chatbots analyze your entries and other data to give matching responses (e.g., names, email addresses and other contact information, customer numbers and other identification, orders, and chat progresses). The chatbot can also register your IP address, log files,
location information and other meta data. The data is archived on the servers of the chatbot provider.
It is possible to generate user profiles based on the recorded data. Moreover, the data can be used to display interest-related advertising if the other legal requirements are met (in particular if consent has been obtained). Moreover, it is possible to link chatbots to analytical and advertising tools.
The recorded data can also be used to improve our chatbots and their response patterns (machine learning).
We or the chatbot operator retain the data you enter until you ask us to delete it, revoke your consent to archive it or if the purpose for the data storage is no longer in effect (e.g., once your inquiry has been fully processed). This does not affect mandatory statutory provisions – in particular, retention time frames.
The legal basis for the use of chatbots is Art. 6(1)(b) GDPR, if the chatbot is used to negotiate a contract or in conjunction with the fulfillment of a contract. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time. In all other cases, the use is based on our legitimate interest in the most effective client communication possible (Art. 6(1)(f) GDPR).
We use the chatbot from the following provider: Hubspot. More info at https://www.hubspot.com/
Data Protection Rights
You are entitled as a data subject to the data protection rights described below.
If you wish to assert these rights, please use the information provided in the section “Contact”. Please ensure that you can be clearly identified.
Right to Access, Rectification or Erasure
You are entitled by law to access, at any time, personal data stored about you, its source, recipients and the purpose for which it is stored (Art. 15 GDPR). In addition, you have the right to demand that your data be rectified (Art. 16 GDPR) or erased (Art. 17 GDPR).
Right to Restrict Processing
Where the statutory requirements are met, you may demand that processing be restricted (Art. 18 GDPR).
Right to Data Portability
Furthermore, where the requirements specified in Art. 20 GDPR are met, you have the right to receive the data which you provided to us in a structured, commonly used and machine-readable format.
Right to Object to Processing of Data in an Individual Case
You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you if the processing is not based on a legitimate interest or a weighing of interests on our part (Art. 21 GDPR). We will cease processing your data unless we are able to demonstrate compelling legitimate grounds for continuing to do so.
Right to Object to Processing of Data for Direct Advertising Purposes
In addition, you may, at any time, object to the processing of your personal data for advertising purposes (Art. 21 GDPR). Where you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
Right to Revoke Consent
Insofar as the processing of your personal data is based on your consent, you may, at any time, revoke your consent to such processing with future effect. We will delete your data unless there is a statutory storage and retention period. In such case, your data will be blocked unless a legal basis for processing exists.
Right to Lodge a Complaint with the Competent Authority
If you believe that your data is being processed in breach of the GDPR, you may lodge a complaint with the supervisory authority (Art. 77 GDPR). In addition, you may contact the supervisory authority which is competent for your place of residence / state in which you reside or which is competent for us. The latter is:
The State Commissioner for Data Protection and Freedom of Information of the Federal State of Baden-Württemberg.
Contact
If you would like to contact us, please use the information provided in the section “Controller”. If you wish to exercise your data protection rights, lodge a complaint or if you have any questions about this Data Privacy Statement or on how we handle personal data, please write to our Data Protection Officer, preferably, send an e-mail to: datenschutz@mhg-protectit.de
Links to Third-Party Websites
It is possible that our websites contain links to third-party websites. If you follow the links, you will leave CarMedialab’s websites and the scope of application of this Privacy Policy. CarMedialab GmbH cannot accept any responsibility for the data protection methods or content of such websites